source: azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfssl/internal.h

Last change on this file was 464, checked in by coas-nagasima, 3 years ago

WolfSSLとAzure IoT SDKを更新
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-chdr;charset=UTF-8
File size: 176.5 KB
Line 
1/* internal.h
2 *
3 * Copyright (C) 2006-2020 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23
24#ifndef WOLFSSL_INT_H
25#define WOLFSSL_INT_H
26
27
28#include <wolfssl/wolfcrypt/types.h>
29#include <wolfssl/ssl.h>
30#ifdef HAVE_CRL
31 #include <wolfssl/crl.h>
32#endif
33#include <wolfssl/wolfcrypt/random.h>
34#ifndef NO_DES3
35 #include <wolfssl/wolfcrypt/des3.h>
36#endif
37#ifndef NO_HC128
38 #include <wolfssl/wolfcrypt/hc128.h>
39#endif
40#ifndef NO_RABBIT
41 #include <wolfssl/wolfcrypt/rabbit.h>
42#endif
43#ifdef HAVE_CHACHA
44 #include <wolfssl/wolfcrypt/chacha.h>
45#endif
46#ifndef NO_ASN
47 #include <wolfssl/wolfcrypt/asn.h>
48 #include <wolfssl/wolfcrypt/pkcs12.h>
49#endif
50#ifndef NO_MD5
51 #include <wolfssl/wolfcrypt/md5.h>
52#endif
53#ifndef NO_SHA
54 #include <wolfssl/wolfcrypt/sha.h>
55#endif
56#ifndef NO_AES
57 #include <wolfssl/wolfcrypt/aes.h>
58#endif
59#ifdef HAVE_POLY1305
60 #include <wolfssl/wolfcrypt/poly1305.h>
61#endif
62#ifdef HAVE_CAMELLIA
63 #include <wolfssl/wolfcrypt/camellia.h>
64#endif
65#include <wolfssl/wolfcrypt/logging.h>
66#ifndef NO_HMAC
67 #include <wolfssl/wolfcrypt/hmac.h>
68#endif
69#ifndef NO_RC4
70 #include <wolfssl/wolfcrypt/arc4.h>
71#endif
72#ifndef NO_SHA256
73 #include <wolfssl/wolfcrypt/sha256.h>
74#endif
75#if defined(WOLFSSL_SHA384)
76 #include <wolfssl/wolfcrypt/sha512.h>
77#endif
78#ifdef HAVE_OCSP
79 #include <wolfssl/ocsp.h>
80#endif
81#ifdef WOLFSSL_SHA384
82 #include <wolfssl/wolfcrypt/sha512.h>
83#endif
84#ifdef WOLFSSL_SHA512
85 #include <wolfssl/wolfcrypt/sha512.h>
86#endif
87#ifdef HAVE_AESGCM
88 #include <wolfssl/wolfcrypt/sha512.h>
89#endif
90#ifdef WOLFSSL_RIPEMD
91 #include <wolfssl/wolfcrypt/ripemd.h>
92#endif
93#ifdef HAVE_IDEA
94 #include <wolfssl/wolfcrypt/idea.h>
95#endif
96#ifndef NO_RSA
97 #include <wolfssl/wolfcrypt/rsa.h>
98#endif
99#ifdef HAVE_ECC
100 #include <wolfssl/wolfcrypt/ecc.h>
101#endif
102#ifndef NO_DH
103 #include <wolfssl/wolfcrypt/dh.h>
104#endif
105#ifdef HAVE_ED25519
106 #include <wolfssl/wolfcrypt/ed25519.h>
107#endif
108#ifdef HAVE_CURVE25519
109 #include <wolfssl/wolfcrypt/curve25519.h>
110#endif
111#ifdef HAVE_ED448
112 #include <wolfssl/wolfcrypt/ed448.h>
113#endif
114#ifdef HAVE_CURVE448
115 #include <wolfssl/wolfcrypt/curve448.h>
116#endif
117#ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB
118 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
119 !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \
120 !defined(WOLFSSL_TICKET_ENC_AES256_GCM)
121 #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
122 #else
123 #include <wolfssl/wolfcrypt/aes.h>
124 #endif
125#endif
126
127#include <wolfssl/wolfcrypt/wc_encrypt.h>
128#include <wolfssl/wolfcrypt/hash.h>
129
130#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
131 #include <wolfssl/callbacks.h>
132#endif
133#ifdef WOLFSSL_CALLBACKS
134 #include <signal.h>
135#endif
136
137#ifdef USE_WINDOWS_API
138 #ifdef WOLFSSL_GAME_BUILD
139 #include "system/xtl.h"
140 #else
141 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
142 /* On WinCE winsock2.h must be included before windows.h */
143 #include <winsock2.h>
144 #endif
145 #include <windows.h>
146 #endif
147#elif defined(THREADX)
148 #ifndef SINGLE_THREADED
149 #include "tx_api.h"
150 #endif
151
152#elif defined(WOLFSSL_DEOS)
153 /* do nothing, just don't pick Unix */
154#elif defined(MICRIUM)
155 /* do nothing, just don't pick Unix */
156#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
157 /* do nothing */
158#elif defined(RTTHREAD)
159 /* do nothing */
160#elif defined(EBSNET)
161 /* do nothing */
162#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
163 /* do nothing */
164#elif defined(FREESCALE_FREE_RTOS)
165 #include "fsl_os_abstraction.h"
166#elif defined(WOLFSSL_uITRON4)
167 /* do nothing */
168#elif defined(WOLFSSL_uTKERNEL2)
169 /* do nothing */
170#elif defined(WOLFSSL_CMSIS_RTOS)
171 #include "cmsis_os.h"
172#elif defined(WOLFSSL_CMSIS_RTOSv2)
173 #include "cmsis_os2.h"
174#elif defined(WOLFSSL_MDK_ARM)
175 #if defined(WOLFSSL_MDK5)
176 #include "cmsis_os.h"
177 #else
178 #include <rtl.h>
179 #endif
180#elif defined(MBED)
181#elif defined(WOLFSSL_TIRTOS)
182 /* do nothing */
183#elif defined(INTIME_RTOS)
184 #include <rt.h>
185#elif defined(WOLFSSL_NUCLEUS_1_2)
186 /* do nothing */
187#elif defined(WOLFSSL_APACHE_MYNEWT)
188 #if !defined(WOLFSSL_LWIP)
189 void mynewt_ctx_clear(void *ctx);
190 void* mynewt_ctx_new();
191 #endif
192#elif defined(WOLFSSL_ZEPHYR)
193 #ifndef SINGLE_THREADED
194 #include <kernel.h>
195 #endif
196#elif defined(WOLFSSL_TELIT_M2MB)
197 /* do nothing */
198#else
199 #ifndef SINGLE_THREADED
200 #if defined(WOLFSSL_LINUXKM)
201 #define WOLFSSL_KTHREADS
202 #include <linux/kthread.h>
203 #elif defined(WOLFSSL_USER_MUTEX)
204 /* do nothing */
205 #else
206 #define WOLFSSL_PTHREADS
207 #include <pthread.h>
208 #endif
209 #endif
210 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
211 #ifdef FUSION_RTOS
212 #include <fclunistd.h>
213 #else
214 #include <unistd.h> /* for close of BIO */
215 #endif
216 #endif
217#endif
218
219#ifndef CHAR_BIT
220 /* Needed for DTLS without big math */
221 #include <limits.h>
222#endif
223
224
225#ifdef HAVE_LIBZ
226 #include "zlib.h"
227#endif
228
229#ifdef WOLFSSL_ASYNC_CRYPT
230 #include <wolfssl/wolfcrypt/async.h>
231#endif
232
233#ifdef OPENSSL_EXTRA
234 #ifdef WOLFCRYPT_HAVE_SRP
235 #include <wolfssl/wolfcrypt/srp.h>
236 #endif
237#endif
238
239#ifdef _MSC_VER
240 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
241 #pragma warning(disable: 4996)
242#endif
243
244#ifdef NO_SHA
245 #define WC_SHA_DIGEST_SIZE 20
246#endif
247
248#ifdef NO_SHA256
249 #define WC_SHA256_DIGEST_SIZE 32
250#endif
251
252#ifdef NO_MD5
253 #define WC_MD5_DIGEST_SIZE 16
254#endif
255
256
257#ifdef __cplusplus
258 extern "C" {
259#endif
260
261/* Define or comment out the cipher suites you'd like to be compiled in
262 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
263
264 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
265
266 Now that there is a maximum strength crypto build, the following BUILD_XXX
267 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
268 Those that do not use Perfect Forward Security and do not use AEAD ciphers
269 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
270 CHACHA-POLY.
271*/
272
273/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
274 * not turned off. */
275#if defined(WOLFSSL_MAX_STRENGTH) && \
276 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
277 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
278 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
279 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
280 !defined(NO_OLD_TLS))
281
282 #error "You are trying to build max strength with requirements disabled."
283#endif
284
285/* Have QSH : Quantum-safe Handshake */
286#if defined(HAVE_QSH)
287 #define BUILD_TLS_QSH
288#endif
289
290#ifndef WOLFSSL_NO_TLS12
291
292#ifndef WOLFSSL_MAX_STRENGTH
293
294#ifdef WOLFSSL_AEAD_ONLY
295 /* AES CBC ciphers are not allowed in AEAD only mode */
296 #undef HAVE_AES_CBC
297#endif
298
299#ifndef WOLFSSL_AEAD_ONLY
300 #if !defined(NO_RSA) && !defined(NO_RC4)
301 #if defined(WOLFSSL_STATIC_RSA)
302 #if !defined(NO_SHA)
303 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
304 #endif
305 #if !defined(NO_MD5)
306 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
307 #endif
308 #endif
309 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
310 && defined(WOLFSSL_STATIC_RSA)
311 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
312 #endif
313 #endif
314
315 #if !defined(NO_RSA) && !defined(NO_DES3)
316 #if !defined(NO_SHA)
317 #if defined(WOLFSSL_STATIC_RSA)
318 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
319 #endif
320 #if !defined(NO_TLS) && defined(HAVE_NTRU) \
321 && defined(WOLFSSL_STATIC_RSA)
322 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
323 #endif
324 #endif
325 #endif
326
327 #if !defined(NO_RSA) && defined(HAVE_IDEA)
328 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
329 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
330 #endif
331 #endif
332#endif /* !WOLFSSL_AEAD_ONLY */
333
334 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
335 #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
336 #if defined(WOLFSSL_STATIC_RSA)
337 #ifdef WOLFSSL_AES_128
338 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
339 #endif
340 #ifdef WOLFSSL_AES_256
341 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
342 #endif
343 #endif
344 #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
345 #ifdef WOLFSSL_AES_128
346 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
347 #endif
348 #ifdef WOLFSSL_AES_256
349 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
350 #endif
351 #endif
352 #endif
353 #if defined(WOLFSSL_STATIC_RSA)
354 #if !defined (NO_SHA256) && defined(HAVE_AES_CBC)
355 #ifdef WOLFSSL_AES_128
356 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
357 #endif
358 #ifdef WOLFSSL_AES_256
359 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
360 #endif
361 #endif
362 #if defined (HAVE_AESGCM)
363 #ifdef WOLFSSL_AES_128
364 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
365 #endif
366 #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
367 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
368 #endif
369 #endif
370 #if defined (HAVE_AESCCM)
371 #ifdef WOLFSSL_AES_128
372 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
373 #endif
374 #ifdef WOLFSSL_AES_256
375 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
376 #endif
377 #endif
378 #endif
379 #endif
380
381 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC)
382 #ifndef NO_RSA
383 #if defined(WOLFSSL_STATIC_RSA)
384 #if !defined(NO_SHA)
385 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
386 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
387 #endif
388 #ifndef NO_SHA256
389 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
390 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
391 #endif
392 #endif
393 #if !defined(NO_DH)
394 #if !defined(NO_SHA)
395 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
396 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
397 #endif
398 #ifndef NO_SHA256
399 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
400 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
401 #endif
402 #endif
403 #endif
404 #endif
405
406#if defined(WOLFSSL_STATIC_PSK)
407 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
408 #if !defined(NO_SHA)
409 #ifdef WOLFSSL_AES_128
410 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
411 #endif
412 #ifdef WOLFSSL_AES_256
413 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
414 #endif
415 #endif
416 #ifndef NO_SHA256
417 #ifdef WOLFSSL_AES_128
418 #ifdef HAVE_AES_CBC
419 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
420 #endif
421 #ifdef HAVE_AESGCM
422 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
423 #endif
424 #endif /* WOLFSSL_AES_128 */
425 #ifdef HAVE_AESCCM
426 #ifdef WOLFSSL_AES_128
427 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
428 #define BUILD_TLS_PSK_WITH_AES_128_CCM
429 #endif
430 #ifdef WOLFSSL_AES_256
431 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
432 #define BUILD_TLS_PSK_WITH_AES_256_CCM
433 #endif
434 #endif
435 #endif
436 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
437 #ifdef HAVE_AES_CBC
438 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
439 #endif
440 #ifdef HAVE_AESGCM
441 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
442 #endif
443 #endif
444 #endif
445#endif
446
447 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
448 #if !defined(NO_RSA)
449 #if defined(WOLFSSL_STATIC_RSA)
450 #ifndef NO_MD5
451 #define BUILD_TLS_RSA_WITH_NULL_MD5
452 #endif
453 #if !defined(NO_SHA)
454 #define BUILD_TLS_RSA_WITH_NULL_SHA
455 #endif
456 #ifndef NO_SHA256
457 #define BUILD_TLS_RSA_WITH_NULL_SHA256
458 #endif
459 #endif
460 #endif
461 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
462 #if !defined(NO_SHA)
463 #define BUILD_TLS_PSK_WITH_NULL_SHA
464 #endif
465 #ifndef NO_SHA256
466 #define BUILD_TLS_PSK_WITH_NULL_SHA256
467 #endif
468 #ifdef WOLFSSL_SHA384
469 #define BUILD_TLS_PSK_WITH_NULL_SHA384
470 #endif
471 #endif
472 #endif
473
474#if defined(WOLFSSL_STATIC_RSA)
475 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
476 #ifndef NO_MD5
477 #define BUILD_TLS_RSA_WITH_HC_128_MD5
478 #endif
479 #if !defined(NO_SHA)
480 #define BUILD_TLS_RSA_WITH_HC_128_SHA
481 #endif
482 #endif
483
484 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
485 #if !defined(NO_SHA)
486 #define BUILD_TLS_RSA_WITH_RABBIT_SHA
487 #endif
488 #endif
489#endif
490
491 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
492 !defined(NO_RSA)
493
494 #if !defined(NO_SHA)
495 #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
496 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
497 #endif
498 #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
499 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
500 #endif
501 #if !defined(NO_DES3)
502 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
503 #endif
504 #endif
505 #if !defined(NO_SHA256) && defined(HAVE_AES_CBC)
506 #ifdef WOLFSSL_AES_128
507 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
508 #endif
509 #ifdef WOLFSSL_AES_256
510 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
511 #endif
512 #endif
513 #endif
514
515 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
516 !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
517 #ifdef HAVE_AES_CBC
518 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
519 #endif
520
521 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
522 #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
523 #endif
524 #endif
525
526 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
527 #ifndef NO_SHA256
528 #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \
529 defined(HAVE_AES_CBC)
530 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
531 #endif
532 #ifdef HAVE_NULL_CIPHER
533 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
534 #endif
535 #endif
536 #ifdef WOLFSSL_SHA384
537 #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \
538 defined(HAVE_AES_CBC)
539 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
540 #endif
541 #ifdef HAVE_NULL_CIPHER
542 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
543 #endif
544 #endif
545 #endif
546
547 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
548 defined(HAVE_CURVE448)) && !defined(NO_TLS)
549 #if !defined(NO_AES)
550 #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
551 #if !defined(NO_RSA)
552 #ifdef WOLFSSL_AES_128
553 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
554 #endif
555 #ifdef WOLFSSL_AES_256
556 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
557 #endif
558 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
559 #ifdef WOLFSSL_AES_128
560 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
561 #endif
562 #ifdef WOLFSSL_AES_256
563 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
564 #endif
565 #endif
566 #endif
567
568 #if defined(HAVE_ECC) || \
569 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
570 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
571 #ifdef WOLFSSL_AES_128
572 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
573 #endif
574 #ifdef WOLFSSL_AES_256
575 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
576 #endif
577 #endif
578
579 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
580 #ifdef WOLFSSL_AES_128
581 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
582 #endif
583 #ifdef WOLFSSL_AES_256
584 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
585 #endif
586 #endif
587 #endif /* NO_SHA */
588 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
589 defined(HAVE_AES_CBC)
590 #if !defined(NO_RSA)
591 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
592 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
593 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
594 #endif
595 #endif
596 #if defined(HAVE_ECC) || \
597 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
598 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
599 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
600 #endif
601 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
602 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
603 #endif
604 #endif
605
606 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
607 defined(HAVE_AES_CBC)
608 #if !defined(NO_RSA)
609 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
610 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
611 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
612 #endif
613 #endif
614 #if defined(HAVE_ECC) || \
615 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
616 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
617 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
618 #endif
619 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
620 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
621 #endif
622 #endif
623
624 #if defined (HAVE_AESGCM)
625 #if !defined(NO_RSA)
626 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
627 #ifdef WOLFSSL_AES_128
628 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
629 #endif
630 #endif
631 #if defined(WOLFSSL_SHA384)
632 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
633 #ifdef WOLFSSL_AES_256
634 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
635 #endif
636 #endif
637 #endif
638 #endif
639
640 #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \
641 defined(HAVE_ECC)
642 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
643 #endif
644
645 #if defined(WOLFSSL_SHA384)
646 #if defined(WOLFSSL_STATIC_DH) && \
647 defined(WOLFSSL_AES_256) && defined(HAVE_ECC)
648 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
649 #endif
650 #endif
651 #endif
652 #endif /* NO_AES */
653 #if !defined(NO_RC4)
654 #if !defined(NO_SHA)
655 #if !defined(NO_RSA)
656 #ifndef WOLFSSL_AEAD_ONLY
657 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
658 #endif
659 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
660 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
661 #endif
662 #endif
663
664 #if defined(HAVE_ECC) || \
665 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
666 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
667 #ifndef WOLFSSL_AEAD_ONLY
668 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
669 #endif
670 #endif
671 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
672 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
673 #endif
674 #endif
675 #endif
676 #if !defined(NO_DES3)
677 #ifndef NO_SHA
678 #if !defined(NO_RSA)
679 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
680 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
681 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
682 #endif
683 #endif
684
685 #if defined(HAVE_ECC) || \
686 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
687 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
688 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
689 #endif
690 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
691 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
692 #endif
693 #endif /* NO_SHA */
694 #endif
695 #if defined(HAVE_NULL_CIPHER)
696 #if !defined(NO_SHA)
697 #if defined(HAVE_ECC) || \
698 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
699 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
700 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
701 #endif
702 #endif
703 #if !defined(NO_PSK) && !defined(NO_SHA256)
704 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
705 #endif
706 #endif
707 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
708 defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
709 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
710 #endif
711 #endif
712 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
713 #if !defined(NO_OLD_POLY1305)
714 #if defined(HAVE_ECC) || \
715 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
716 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
717 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
718 #endif
719 #if !defined(NO_RSA) && defined(HAVE_ECC)
720 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
721 #endif
722 #if !defined(NO_DH) && !defined(NO_RSA)
723 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
724 #endif
725 #endif /* NO_OLD_POLY1305 */
726 #if !defined(NO_PSK)
727 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
728 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \
729 defined(HAVE_ED448)
730 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
731 #endif
732 #ifndef NO_DH
733 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
734 #endif
735 #endif /* !NO_PSK */
736 #endif
737
738#endif /* !WOLFSSL_MAX_STRENGTH */
739
740#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
741 !defined(NO_RSA) && defined(HAVE_AESGCM)
742
743 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
744 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
745 #endif
746
747 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
748 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
749 #endif
750#endif
751
752#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
753 #ifndef NO_SHA256
754 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
755 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
756 #endif
757 #ifdef HAVE_AESCCM
758 #ifdef WOLFSSL_AES_128
759 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
760 #endif
761 #ifdef WOLFSSL_AES_256
762 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
763 #endif
764 #endif
765 #endif
766 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \
767 defined(WOLFSSL_AES_256)
768 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
769 #endif
770#endif
771
772#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \
773 && !defined(NO_TLS) && !defined(NO_AES)
774 #ifdef HAVE_AESGCM
775 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
776 #if defined(HAVE_ECC) || \
777 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
778 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
779 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
780 #endif
781 #ifndef NO_RSA
782 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
783 #endif
784 #endif
785 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
786 #if defined(HAVE_ECC) || \
787 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
788 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
789 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
790 #endif
791 #ifndef NO_RSA
792 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
793 #endif
794 #endif
795 #endif
796 #if defined(HAVE_AESCCM) && !defined(NO_SHA256)
797 #if defined(HAVE_ECC) || \
798 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
799 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
800 #ifdef WOLFSSL_AES_128
801 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
802 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
803 #endif
804 #ifdef WOLFSSL_AES_256
805 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
806 #endif
807 #endif
808 #endif
809#endif
810
811#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
812 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
813 #if defined(HAVE_ECC) || \
814 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
815 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
816 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
817 #endif
818 #ifndef NO_RSA
819 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
820 #endif
821 #endif
822 #if !defined(NO_DH) && !defined(NO_RSA)
823 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
824 #endif
825#endif
826
827#endif
828
829#if defined(WOLFSSL_TLS13)
830 #ifdef HAVE_AESGCM
831 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
832 #define BUILD_TLS_AES_128_GCM_SHA256
833 #endif
834 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
835 #define BUILD_TLS_AES_256_GCM_SHA384
836 #endif
837 #endif
838
839 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
840 #ifndef NO_SHA256
841 #define BUILD_TLS_CHACHA20_POLY1305_SHA256
842 #endif
843 #endif
844
845 #ifdef HAVE_AESCCM
846 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
847 #define BUILD_TLS_AES_128_CCM_SHA256
848 #define BUILD_TLS_AES_128_CCM_8_SHA256
849 #endif
850 #endif
851 #ifdef HAVE_NULL_CIPHER
852 #ifndef NO_SHA256
853 #define BUILD_TLS_SHA256_SHA256
854 #endif
855 #ifdef WOLFSSL_SHA384
856 #define BUILD_TLS_SHA384_SHA384
857 #endif
858 #endif
859#endif
860
861#ifdef WOLFSSL_MULTICAST
862 #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
863 #define BUILD_WDM_WITH_NULL_SHA256
864 #endif
865#endif
866
867#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
868 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
869 #define BUILD_ARC4
870#endif
871
872#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
873 #define BUILD_DES3
874#endif
875
876#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
877 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
878 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \
879 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
880 #undef BUILD_AES
881 #define BUILD_AES
882#endif
883
884#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
885 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
886 defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
887 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
888 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
889 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
890 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
891 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
892 defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
893 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
894 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
895 defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \
896 defined(BUILD_TLS_AES_128_GCM_SHA256) || \
897 defined(BUILD_TLS_AES_256_GCM_SHA384)
898 #define BUILD_AESGCM
899#else
900 /* No AES-GCM cipher suites available with build */
901 #define NO_AESGCM_AEAD
902#endif
903
904#if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
905 defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
906 defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
907 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \
908 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
909 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
910 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
911 defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
912 defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
913 defined(BUILD_TLS_CHACHA20_POLY1305_SHA256)
914 /* Have an available ChaCha Poly cipher suite */
915#else
916 /* No ChaCha Poly cipher suites available with build */
917 #define NO_CHAPOL_AEAD
918#endif
919
920#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
921 defined(BUILD_TLS_RSA_WITH_HC_128_MD5)
922 #define BUILD_HC128
923#endif
924
925#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
926 #define BUILD_RABBIT
927#endif
928
929#ifdef NO_DES3
930 #define DES_BLOCK_SIZE 8
931#else
932 #undef BUILD_DES3
933 #define BUILD_DES3
934#endif
935
936#if defined(NO_AES) || !defined(HAVE_AES_DECRYPT)
937 #define AES_BLOCK_SIZE 16
938 #undef BUILD_AES
939#else
940 #undef BUILD_AES
941 #define BUILD_AES
942#endif
943
944#ifndef NO_RC4
945 #undef BUILD_ARC4
946 #define BUILD_ARC4
947#endif
948
949#ifdef HAVE_CHACHA
950 #define CHACHA20_BLOCK_SIZE 16
951#endif
952
953#if defined(WOLFSSL_MAX_STRENGTH) || \
954 (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \
955 defined(HAVE_AESCCM) || \
956 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
957 !defined(NO_CHAPOL_AEAD)) || \
958 (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER))
959
960 #define HAVE_AEAD
961#endif
962
963#if defined(WOLFSSL_MAX_STRENGTH) || \
964 defined(HAVE_ECC) || !defined(NO_DH)
965
966 #define HAVE_PFS
967#endif
968
969#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
970 #define BUILD_IDEA
971#endif
972
973/* actual cipher values, 2nd byte */
974enum {
975 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
976 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
977 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
978 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
979 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
980 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
981 TLS_RSA_WITH_NULL_MD5 = 0x01,
982 TLS_RSA_WITH_NULL_SHA = 0x02,
983 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
984 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
985 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
986 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
987 TLS_PSK_WITH_NULL_SHA256 = 0xb0,
988 TLS_PSK_WITH_NULL_SHA384 = 0xb1,
989 TLS_PSK_WITH_NULL_SHA = 0x2c,
990 SSL_RSA_WITH_RC4_128_SHA = 0x05,
991 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
992 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
993 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
994
995 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
996 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
997 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
998 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
999 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
1000 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
1001 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
1002 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
1003 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
1004 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
1005 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
1006 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
1007 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
1008 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
1009 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
1010 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
1011
1012 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
1013 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
1014 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
1015 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
1016 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
1017 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
1018 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
1019 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
1020 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
1021 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
1022 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
1023 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
1024 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
1025
1026 /* wolfSSL extension - eSTREAM */
1027 TLS_RSA_WITH_HC_128_MD5 = 0xFB,
1028 TLS_RSA_WITH_HC_128_SHA = 0xFC,
1029 TLS_RSA_WITH_RABBIT_SHA = 0xFD,
1030 WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
1031
1032 /* wolfSSL extension - NTRU */
1033 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
1034 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
1035 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
1036 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
1037
1038 /* wolfSSL extension - NTRU , Quantum-safe Handshake
1039 first byte is 0xD0 (QSH_BYTE) */
1040 TLS_QSH = 0x01,
1041
1042 /* SHA256 */
1043 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
1044 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
1045 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
1046 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
1047 TLS_RSA_WITH_NULL_SHA256 = 0x3b,
1048 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
1049 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
1050
1051 /* SHA384 */
1052 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
1053 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
1054
1055 /* AES-GCM */
1056 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
1057 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
1058 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
1059 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
1060 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
1061 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
1062 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
1063 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
1064 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
1065
1066 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
1067 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
1068 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
1069 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
1070 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
1071 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
1072 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
1073 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
1074 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
1075
1076 /* AES-CCM, first byte is 0xC0 but isn't ECC,
1077 * also, in some of the other AES-CCM suites
1078 * there will be second byte number conflicts
1079 * with non-ECC AES-GCM */
1080 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
1081 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
1082 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
1083 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
1084 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
1085 TLS_PSK_WITH_AES_128_CCM = 0xa4,
1086 TLS_PSK_WITH_AES_256_CCM = 0xa5,
1087 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
1088 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
1089 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
1090 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
1091
1092 /* Camellia */
1093 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
1094 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
1095 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
1096 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
1097 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
1098 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
1099 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
1100 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
1101
1102 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
1103 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
1104 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
1105 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
1106 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
1107 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
1108 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
1109
1110 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
1111 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
1112 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
1113 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
1114
1115 /* TLS v1.3 cipher suites */
1116 TLS_AES_128_GCM_SHA256 = 0x01,
1117 TLS_AES_256_GCM_SHA384 = 0x02,
1118 TLS_CHACHA20_POLY1305_SHA256 = 0x03,
1119 TLS_AES_128_CCM_SHA256 = 0x04,
1120 TLS_AES_128_CCM_8_SHA256 = 0x05,
1121
1122 /* TLS v1.3 Integity only cipher suites - 0xC0 (ECC) first byte */
1123 TLS_SHA256_SHA256 = 0xB4,
1124 TLS_SHA384_SHA384 = 0xB5,
1125
1126 /* Fallback SCSV (Signaling Cipher Suite Value) */
1127 TLS_FALLBACK_SCSV = 0x56,
1128 /* Renegotiation Indication Extension Special Suite */
1129 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
1130};
1131
1132
1133#ifndef WOLFSSL_SESSION_TIMEOUT
1134 #define WOLFSSL_SESSION_TIMEOUT 500
1135 /* default session resumption cache timeout in seconds */
1136#endif
1137
1138
1139#ifndef WOLFSSL_DTLS_WINDOW_WORDS
1140 #define WOLFSSL_DTLS_WINDOW_WORDS 2
1141#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
1142#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
1143#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
1144#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
1145
1146#ifndef WOLFSSL_MULTICAST
1147 #define WOLFSSL_DTLS_PEERSEQ_SZ 1
1148#else
1149 #ifndef WOLFSSL_MULTICAST_PEERS
1150 /* max allowed multicast group peers */
1151 #define WOLFSSL_MULTICAST_PEERS 100
1152 #endif
1153 #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS
1154#endif /* WOLFSSL_MULTICAST */
1155
1156#ifndef WOLFSSL_MAX_MTU
1157 #define WOLFSSL_MAX_MTU 1500
1158#endif /* WOLFSSL_MAX_MTU */
1159
1160
1161/* set minimum DH key size allowed */
1162#ifndef WOLFSSL_MIN_DHKEY_BITS
1163 #ifdef WOLFSSL_MAX_STRENGTH
1164 #define WOLFSSL_MIN_DHKEY_BITS 2048
1165 #else
1166 #define WOLFSSL_MIN_DHKEY_BITS 1024
1167 #endif
1168#endif
1169#if (WOLFSSL_MIN_DHKEY_BITS % 8)
1170 #error DH minimum bit size must be multiple of 8
1171#endif
1172#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
1173 #error DH minimum bit size must not be greater than 16000
1174#endif
1175#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
1176/* set maximum DH key size allowed */
1177#ifndef WOLFSSL_MAX_DHKEY_BITS
1178 #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
1179 #define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2)
1180 #else
1181 #define WOLFSSL_MAX_DHKEY_BITS 4096
1182 #endif
1183#endif
1184#if (WOLFSSL_MAX_DHKEY_BITS % 8)
1185 #error DH maximum bit size must be multiple of 8
1186#endif
1187#if (WOLFSSL_MAX_DHKEY_BITS > 16000)
1188 #error DH maximum bit size must not be greater than 16000
1189#endif
1190#define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
1191
1192#ifndef MAX_PSK_ID_LEN
1193 /* max psk identity/hint supported */
1194 #if defined(WOLFSSL_TLS13)
1195 /* OpenSSL has a 1472 byte sessiont ticket */
1196 #define MAX_PSK_ID_LEN 1536
1197 #else
1198 #define MAX_PSK_ID_LEN 128
1199 #endif
1200#endif
1201
1202#ifndef MAX_EARLY_DATA_SZ
1203 /* maximum early data size */
1204 #define MAX_EARLY_DATA_SZ 4096
1205#endif
1206
1207#ifndef WOLFSSL_MAX_RSA_BITS
1208 #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
1209 #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2)
1210 #else
1211 #define WOLFSSL_MAX_RSA_BITS 4096
1212 #endif
1213#endif
1214#if (WOLFSSL_MAX_RSA_BITS % 8)
1215 #error RSA maximum bit size must be multiple of 8
1216#endif
1217
1218enum Misc {
1219 CIPHER_BYTE = 0x00, /* Default ciphers */
1220 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
1221 QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
1222 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
1223 TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
1224
1225 SEND_CERT = 1,
1226 SEND_BLANK_CERT = 2,
1227
1228 DTLS_MAJOR = 0xfe, /* DTLS major version number */
1229 DTLS_MINOR = 0xff, /* DTLS minor version number */
1230 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
1231 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
1232 SSLv3_MINOR = 0, /* TLSv1 minor version number */
1233 TLSv1_MINOR = 1, /* TLSv1 minor version number */
1234 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
1235 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
1236 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
1237 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
1238 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
1239 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
1240 NO_COMPRESSION = 0,
1241 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
1242 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
1243 HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
1244 SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
1245 /* pre RSA and all master */
1246#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
1247 (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
1248#ifndef NO_PSK
1249 ENCRYPT_LEN = (FP_MAX_BITS / 2 / 8) + MAX_PSK_ID_LEN + 2,
1250#else
1251 ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */
1252#endif
1253#else
1254#ifndef NO_PSK
1255 ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */
1256#else
1257 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
1258#endif
1259#endif
1260 SIZEOF_SENDER = 4, /* clnt or srvr */
1261 FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
1262 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
1263 MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */
1264 MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */
1265#ifdef WOLFSSL_TLS13
1266 MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */
1267 MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */
1268#endif
1269 MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
1270 /* max added to msg, mac + pad from */
1271 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
1272 digest sz + BLOC_SZ (iv) + pad byte (1) */
1273 MAX_COMP_EXTRA = 1024, /* max compression extra */
1274 MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
1275 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
1276 MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */
1277 /* 4096 p, pub, g + 2 byte size for each */
1278 MAX_STR_VERSION = 8, /* string rep of protocol version */
1279
1280 PAD_MD5 = 48, /* pad length for finished */
1281 PAD_SHA = 40, /* pad length for finished */
1282 MAX_PAD_SIZE = 256, /* maximum length of padding */
1283
1284 LENGTH_SZ = 2, /* length field for HMAC, data only */
1285 VERSION_SZ = 2, /* length of proctocol version */
1286 SEQ_SZ = 8, /* 64 bit sequence number */
1287 ALERT_SIZE = 2, /* level + description */
1288 VERIFY_HEADER = 2, /* always use 2 bytes */
1289 EXTS_SZ = 2, /* always use 2 bytes */
1290 EXT_ID_SZ = 2, /* always use 2 bytes */
1291 MAX_DH_SIZE = MAX_DHKEY_SZ+1,
1292 /* Max size plus possible leading 0 */
1293 NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
1294 MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */
1295 MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */
1296 SESSION_HINT_SZ = 4, /* session timeout hint */
1297 SESSION_ADD_SZ = 4, /* session age add */
1298 TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
1299 DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
1300 MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */
1301 MAX_LIFETIME = 604800, /* maximum ticket lifetime */
1302
1303 RAN_LEN = 32, /* random length */
1304 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
1305 ID_LEN = 32, /* session id length */
1306 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
1307 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
1308 COOKIE_SZ = 20, /* use a 20 byte cookie */
1309 SUITE_LEN = 2, /* cipher suite sz length */
1310 ENUM_LEN = 1, /* always a byte */
1311 OPAQUE8_LEN = 1, /* 1 byte */
1312 OPAQUE16_LEN = 2, /* 2 bytes */
1313 OPAQUE24_LEN = 3, /* 3 bytes */
1314 OPAQUE32_LEN = 4, /* 4 bytes */
1315 OPAQUE64_LEN = 8, /* 8 bytes */
1316 COMP_LEN = 1, /* compression length */
1317 CURVE_LEN = 2, /* ecc named curve length */
1318 KE_GROUP_LEN = 2, /* key exchange group length */
1319 SERVER_ID_LEN = 20, /* server session id length */
1320
1321 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
1322 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
1323 CERT_HEADER_SZ = 3, /* always 3 bytes */
1324 REQ_HEADER_SZ = 2, /* cert request header sz */
1325 HINT_LEN_SZ = 2, /* length of hint size field */
1326 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
1327 HELLO_EXT_SZ = 4, /* base length of a hello extension */
1328 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
1329 HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
1330 HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
1331
1332 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
1333 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
1334 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
1335 DTLS_RECORD_EXTRA = 8, /* diff from normal */
1336 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
1337 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
1338 DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
1339 DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
1340 DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */
1341 DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
1342 DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */
1343 DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
1344 DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */
1345 DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
1346 /* max amount of bytes used from Keys */
1347 DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2),
1348 /* min amount of bytes used from Keys */
1349 DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
1350 DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
1351 DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
1352 MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
1353 MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN),
1354 /* max size of buffer for exporting state */
1355 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
1356 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
1357 EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
1358 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
1359 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
1360 PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
1361 MAX_LABEL_SZ = 34, /* Maximum length of a label */
1362 MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
1363 OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
1364 OPAQUE8_LEN + WC_MAX_DIGEST_SIZE,
1365 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
1366 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
1367 TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */
1368
1369#if defined(HAVE_FIPS) && \
1370 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
1371 MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
1372#else
1373 #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
1374 #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48
1375 MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE,
1376 #elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32
1377 MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE,
1378 #else
1379 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
1380 #endif
1381 #else
1382 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
1383 #endif
1384#endif
1385
1386#if defined(HAVE_SELFTEST) && \
1387 (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
1388 #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
1389 #define WOLFSSL_AES_KEY_SIZE_ENUM
1390 AES_IV_SIZE = 16,
1391 AES_128_KEY_SIZE = 16,
1392 AES_192_KEY_SIZE = 24,
1393 AES_256_KEY_SIZE = 32,
1394 #endif
1395#endif
1396
1397 MAX_IV_SZ = AES_BLOCK_SIZE,
1398
1399 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
1400 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
1401 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
1402 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
1403 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
1404 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
1405 AEAD_NONCE_SZ = 12,
1406 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
1407 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
1408 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
1409
1410 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
1411 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
1412 CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
1413
1414 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
1415
1416 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
1417 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
1418 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
1419 AESCCM_NONCE_SZ = 12,
1420
1421 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
1422 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
1423 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
1424 CAMELLIA_IV_SIZE = 16, /* always block size */
1425
1426 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
1427 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
1428 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
1429
1430 POLY1305_AUTH_SZ = 16, /* 128 bits */
1431
1432 HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */
1433
1434 HC_128_KEY_SIZE = 16, /* 128 bits */
1435 HC_128_IV_SIZE = 16, /* also 128 bits */
1436
1437 RABBIT_KEY_SIZE = 16, /* 128 bits */
1438 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
1439
1440 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
1441
1442#ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */
1443 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
1444#endif
1445 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
1446 MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
1447
1448 NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */
1449 ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
1450 ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
1451 ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
1452 ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
1453
1454 MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
1455 MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
1456
1457#ifndef NO_RSA
1458 MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */
1459#elif defined(HAVE_ECC)
1460 MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */
1461#elif defined(HAVE_ED448)
1462 MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */
1463#elif defined(HAVE_ED25519)
1464 MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */
1465#else
1466 MAX_CERT_VERIFY_SZ = 1024, /* max default */
1467#endif
1468 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
1469 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
1470
1471 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
1472 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
1473 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
1474
1475 NULL_TERM_LEN = 1, /* length of null '\0' termination character */
1476 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
1477 MIN_PSK_ID_LEN = 6, /* min length of identities */
1478 MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
1479 MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */
1480
1481#ifndef MAX_WOLFSSL_FILE_SIZE
1482 MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */
1483#endif
1484
1485 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
1486 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
1487
1488 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
1489 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
1490 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
1491 NO_SNIFF = 0, /* not sniffing */
1492 SNIFF = 1, /* currently sniffing */
1493
1494 HASH_SIG_SIZE = 2, /* default SHA1 RSA */
1495
1496 NO_COPY = 0, /* should we copy static buffer for write */
1497 COPY = 1, /* should we copy static buffer for write */
1498
1499 INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */
1500
1501 PREV_ORDER = -1, /* Sequence number is in previous epoch. */
1502 PEER_ORDER = 1, /* Peer sequence number for verify. */
1503 CUR_ORDER = 0, /* Current sequence number. */
1504 WRITE_PROTO = 1, /* writing a protocol message */
1505 READ_PROTO = 0 /* reading a protocol message */
1506};
1507
1508/* minimum Downgrade Minor version */
1509#ifndef WOLFSSL_MIN_DOWNGRADE
1510 #ifndef NO_OLD_TLS
1511 #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
1512 #else
1513 #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
1514 #endif
1515#endif
1516
1517/* Set max implicit IV size for AEAD cipher suites */
1518#define AEAD_MAX_IMP_SZ 12
1519
1520/* Set max explicit IV size for AEAD cipher suites */
1521#define AEAD_MAX_EXP_SZ 8
1522
1523
1524#ifndef WOLFSSL_MAX_SUITE_SZ
1525 #define WOLFSSL_MAX_SUITE_SZ 300
1526 /* 150 suites for now! */
1527#endif
1528
1529/* number of items in the signature algo list */
1530#ifndef WOLFSSL_MAX_SIGALGO
1531 #define WOLFSSL_MAX_SIGALGO 36
1532#endif
1533
1534
1535/* set minimum ECC key size allowed */
1536#ifndef WOLFSSL_MIN_ECC_BITS
1537 #ifdef WOLFSSL_MAX_STRENGTH
1538 #define WOLFSSL_MIN_ECC_BITS 256
1539 #else
1540 #define WOLFSSL_MIN_ECC_BITS 224
1541 #endif
1542#endif /* WOLFSSL_MIN_ECC_BITS */
1543#if (WOLFSSL_MIN_ECC_BITS % 8)
1544 /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1.
1545 In these cases round down to the nearest value divisible by 8. The
1546 restriction of being divisible by 8 is in place to match wc_ecc_size
1547 function from wolfSSL.
1548 */
1549 #error ECC minimum bit size must be a multiple of 8
1550#endif
1551#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
1552
1553/* set minimum RSA key size allowed */
1554#ifndef WOLFSSL_MIN_RSA_BITS
1555 #ifdef WOLFSSL_MAX_STRENGTH
1556 #define WOLFSSL_MIN_RSA_BITS 2048
1557 #else
1558 #define WOLFSSL_MIN_RSA_BITS 1024
1559 #endif
1560#endif /* WOLFSSL_MIN_RSA_BITS */
1561#if (WOLFSSL_MIN_RSA_BITS % 8)
1562 /* This is to account for the example case of a min size of 2050 bits but
1563 still allows 2049 bit key. So we need the measurement to be in bytes. */
1564 #error RSA minimum bit size must be a multiple of 8
1565#endif
1566#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
1567
1568#ifdef SESSION_INDEX
1569/* Shift values for making a session index */
1570#define SESSIDX_ROW_SHIFT 4
1571#define SESSIDX_IDX_MASK 0x0F
1572#endif
1573
1574
1575/* max cert chain peer depth */
1576#ifndef MAX_CHAIN_DEPTH
1577 #define MAX_CHAIN_DEPTH 9
1578#endif
1579
1580/* max size of a certificate message payload */
1581/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
1582#ifndef MAX_CERTIFICATE_SZ
1583 #define MAX_CERTIFICATE_SZ \
1584 CERT_HEADER_SZ + \
1585 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
1586#endif
1587
1588/* max size of a handshake message, currently set to the certificate */
1589#ifndef MAX_HANDSHAKE_SZ
1590 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
1591#endif
1592
1593#ifndef SESSION_TICKET_LEN
1594 #define SESSION_TICKET_LEN 256
1595#endif
1596
1597#ifndef SESSION_TICKET_HINT_DEFAULT
1598 #define SESSION_TICKET_HINT_DEFAULT 300
1599#endif
1600
1601#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER)
1602 /* Check chosen encryption is available. */
1603 #if !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) && \
1604 defined(WOLFSSL_TICKET_ENC_CHACHA20_POLY1305)
1605 #error "ChaCha20-Poly1305 not availble for default ticket encryption"
1606 #endif
1607 #if !defined(HAVE_AESGCM) && (defined(WOLFSSL_TICKET_ENC_AES128_GCM) || \
1608 defined(WOLFSSL_TICKET_ENC_AES256_GCM))
1609 #error "AES-GCM not availble for default ticket encryption"
1610 #endif
1611
1612 #ifndef WOLFSSL_TICKET_KEY_LIFETIME
1613 /* Default lifetime is 1 hour from issue of first ticket with key. */
1614 #define WOLFSSL_TICKET_KEY_LIFETIME (60 * 60)
1615 #endif
1616 #if WOLFSSL_TICKET_KEY_LIFETIME <= SESSION_TICKET_HINT_DEFAULT
1617 #error "Ticket Key lifetime must be longer than ticket life hint."
1618 #endif
1619#endif
1620
1621
1622/* don't use extra 3/4k stack space unless need to */
1623#ifdef HAVE_NTRU
1624 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
1625#else
1626 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
1627#endif
1628
1629
1630/* states */
1631enum states {
1632 NULL_STATE = 0,
1633
1634 SERVER_HELLOVERIFYREQUEST_COMPLETE,
1635 SERVER_HELLO_RETRY_REQUEST_COMPLETE,
1636 SERVER_HELLO_COMPLETE,
1637 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
1638 SERVER_CERT_COMPLETE,
1639 SERVER_CERT_VERIFY_COMPLETE,
1640 SERVER_KEYEXCHANGE_COMPLETE,
1641 SERVER_HELLODONE_COMPLETE,
1642 SERVER_CHANGECIPHERSPEC_COMPLETE,
1643 SERVER_FINISHED_COMPLETE,
1644
1645 CLIENT_HELLO_RETRY,
1646 CLIENT_HELLO_COMPLETE,
1647 CLIENT_KEYEXCHANGE_COMPLETE,
1648 CLIENT_CHANGECIPHERSPEC_COMPLETE,
1649 CLIENT_FINISHED_COMPLETE,
1650
1651 HANDSHAKE_DONE
1652};
1653
1654/* SSL Version */
1655typedef struct ProtocolVersion {
1656 byte major;
1657 byte minor;
1658} WOLFSSL_PACK ProtocolVersion;
1659
1660
1661WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
1662WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
1663WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
1664WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
1665WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
1666
1667#ifdef WOLFSSL_DTLS
1668 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
1669 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
1670
1671 #ifdef WOLFSSL_SESSION_EXPORT
1672 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, const byte* buf,
1673 word32 sz);
1674 WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
1675 word32 sz);
1676 WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl,
1677 byte* buf, word32 sz);
1678 WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl,
1679 const byte* buf, word32 sz);
1680 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
1681 #endif
1682#endif
1683
1684
1685/* wolfSSL method type */
1686struct WOLFSSL_METHOD {
1687 ProtocolVersion version;
1688 byte side; /* connection side, server or client */
1689 byte downgrade; /* whether to downgrade version, default no */
1690};
1691
1692/* wolfSSL buffer type - internal uses "buffer" type */
1693typedef WOLFSSL_BUFFER_INFO buffer;
1694
1695typedef struct Suites Suites;
1696
1697
1698/* defaults to client */
1699WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
1700
1701WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
1702WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
1703
1704/* for sniffer */
1705WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1706 word32 size, word32 totalSz, int sniff);
1707#ifdef WOLFSSL_TLS13
1708WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1709 word32 size, word32 totalSz, int sniff);
1710#endif
1711WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
1712/* TLS v1.3 needs these */
1713WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
1714 Suites* clSuites);
1715#ifdef WOLFSSL_TLS13
1716WOLFSSL_LOCAL int FindSuite(Suites* suites, byte first, byte second);
1717#endif
1718WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
1719 word32);
1720#ifdef WOLFSSL_TLS13
1721WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
1722 word32* inOutIdx, word32 helloSz);
1723#endif
1724WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
1725 word32);
1726WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
1727WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
1728WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
1729 word32 hashSigAlgoSz);
1730#ifdef WOLF_CRYPTO_CB
1731WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* buffer, word32 length,
1732 int hsType, int label, int id,
1733 void* heap, int devId);
1734#endif
1735WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
1736#ifdef HAVE_PK_CALLBACKS
1737WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
1738#ifndef NO_ASN
1739 WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
1740#endif
1741#endif
1742WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
1743WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
1744WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
1745WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
1746#ifndef NO_CERTS
1747WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN);
1748WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc);
1749#endif
1750WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
1751WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* output, int sz);
1752WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
1753 int ivSz);
1754WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
1755
1756#ifdef HAVE_SNI
1757#ifndef NO_WOLFSSL_SERVER
1758WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
1759#endif
1760#endif
1761#ifdef WOLFSSL_TLS13
1762WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
1763 word16 sz, const byte* aad, word16 aadSz);
1764WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
1765 word32* inOutIdx, byte type,
1766 word32 size, word32 totalSz);
1767WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
1768 word32* inOutIdx, word32 totalSz);
1769WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
1770 word32* inOutIdx, word32 helloSz,
1771 byte* extMsgType);
1772WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl);
1773#endif
1774int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
1775 int pLen, int content);
1776
1777
1778enum {
1779 FORCED_FREE = 1,
1780 NO_FORCED_FREE = 0
1781};
1782
1783
1784/* only use compression extra if using compression */
1785#ifdef HAVE_LIBZ
1786 #define COMP_EXTRA MAX_COMP_EXTRA
1787#else
1788 #define COMP_EXTRA 0
1789#endif
1790
1791/* only the sniffer needs space in the buffer for extra MTU record(s) */
1792#ifdef WOLFSSL_SNIFFER
1793 #define MTU_EXTRA MAX_MTU * 3
1794#else
1795 #define MTU_EXTRA 0
1796#endif
1797
1798
1799/* embedded callbacks require large static buffers, make sure on */
1800#ifdef WOLFSSL_CALLBACKS
1801 #undef LARGE_STATIC_BUFFERS
1802 #define LARGE_STATIC_BUFFERS
1803#endif
1804
1805
1806/* give user option to use 16K static buffers */
1807#if defined(LARGE_STATIC_BUFFERS)
1808 #define RECORD_SIZE MAX_RECORD_SIZE
1809#else
1810 #ifdef WOLFSSL_DTLS
1811 #define RECORD_SIZE MAX_MTU
1812 #else
1813 #define RECORD_SIZE 128
1814 #endif
1815#endif
1816
1817
1818/* user option to turn off 16K output option */
1819/* if using small static buffers (default) and SSL_write tries to write data
1820 larger than the record we have, dynamically get it, unless user says only
1821 write in static buffer chunks */
1822#ifndef STATIC_CHUNKS_ONLY
1823 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
1824#else
1825 #define OUTPUT_RECORD_SIZE RECORD_SIZE
1826#endif
1827
1828/* wolfSSL input buffer
1829
1830 RFC 2246:
1831
1832 length
1833 The length (in bytes) of the following TLSPlaintext.fragment.
1834 The length should not exceed 2^14.
1835*/
1836#if defined(LARGE_STATIC_BUFFERS)
1837 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
1838 MTU_EXTRA + MAX_MSG_EXTRA
1839#else
1840 /* don't fragment memory from the record header */
1841 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
1842#endif
1843
1844typedef struct {
1845 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
1846 byte* buffer; /* place holder for static or dynamic buffer */
1847 word32 length; /* total buffer length used */
1848 word32 idx; /* idx to part of length already consumed */
1849 word32 bufferSize; /* current buffer size */
1850 byte dynamicFlag; /* dynamic memory currently in use */
1851 byte offset; /* alignment offset attempt */
1852} bufferStatic;
1853
1854/* Cipher Suites holder */
1855struct Suites {
1856 word16 suiteSz; /* suite length in bytes */
1857 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
1858 byte suites[WOLFSSL_MAX_SUITE_SZ];
1859 byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
1860 byte setSuites; /* user set suites from default */
1861 byte hashAlgo; /* selected hash algorithm */
1862 byte sigAlgo; /* selected sig algorithm */
1863#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1864 WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */
1865#endif
1866};
1867
1868
1869WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
1870 int haveRSAsig, int haveAnon,
1871 int tls1_2, int keySz);
1872WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
1873 word16, word16, word16, word16, word16, int);
1874WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
1875WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
1876
1877#ifndef PSK_TYPES_DEFINED
1878 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
1879 unsigned int, unsigned char*, unsigned int);
1880 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
1881 unsigned char*, unsigned int);
1882#ifdef WOLFSSL_TLS13
1883 typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
1884 char*, unsigned int, unsigned char*, unsigned int,
1885 const char**);
1886 typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
1887 unsigned char*, unsigned int, const char**);
1888#endif
1889#endif /* PSK_TYPES_DEFINED */
1890#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
1891 !defined(WOLFSSL_DTLS_EXPORT_TYPES)
1892 typedef int (*wc_dtls_export)(WOLFSSL* ssl,
1893 unsigned char* exportBuffer, unsigned int sz, void* userCtx);
1894#define WOLFSSL_DTLS_EXPORT_TYPES
1895#endif /* WOLFSSL_DTLS_EXPORT_TYPES */
1896
1897
1898#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
1899#define MAX_DESCRIPTION_SZ 255
1900#endif
1901struct WOLFSSL_CIPHER {
1902 byte cipherSuite0;
1903 byte cipherSuite;
1904 const WOLFSSL* ssl;
1905#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
1906 char description[MAX_DESCRIPTION_SZ];
1907 unsigned long offset;
1908 unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */
1909 int bits;
1910#endif
1911};
1912
1913
1914#ifdef NO_ASN
1915 /* no_asn won't have */
1916 typedef struct CertStatus CertStatus;
1917#endif
1918
1919#ifndef HAVE_OCSP
1920 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
1921#endif
1922
1923/* wolfSSL OCSP controller */
1924#ifdef HAVE_OCSP
1925struct WOLFSSL_OCSP {
1926 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1927 OcspEntry* ocspList; /* OCSP response list */
1928 wolfSSL_Mutex ocspLock; /* OCSP list lock */
1929 int error;
1930#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
1931 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1932 int(*statusCb)(WOLFSSL*, void*);
1933#endif
1934};
1935#endif
1936
1937#ifndef MAX_DATE_SIZE
1938#define MAX_DATE_SIZE 32
1939#endif
1940
1941typedef struct CRL_Entry CRL_Entry;
1942
1943#ifdef NO_SHA
1944 #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1945#else
1946 #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1947#endif
1948
1949#ifdef NO_ASN
1950 typedef struct RevokedCert RevokedCert;
1951#endif
1952
1953/* Complete CRL */
1954struct CRL_Entry {
1955 CRL_Entry* next; /* next entry */
1956 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
1957 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
1958 /* restore the hash here if needed for optimized comparisons */
1959 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
1960 byte nextDate[MAX_DATE_SIZE]; /* next update date */
1961 byte lastDateFormat; /* last date format */
1962 byte nextDateFormat; /* next date format */
1963 RevokedCert* certs; /* revoked cert list */
1964 int totalCerts; /* number on list */
1965 int verified;
1966 byte* toBeSigned;
1967 word32 tbsSz;
1968 byte* signature;
1969 word32 signatureSz;
1970 word32 signatureOID;
1971#if !defined(NO_SKID) && !defined(NO_ASN)
1972 byte extAuthKeyIdSet;
1973 byte extAuthKeyId[KEYID_SIZE];
1974#endif
1975};
1976
1977
1978typedef struct CRL_Monitor CRL_Monitor;
1979
1980/* CRL directory monitor */
1981struct CRL_Monitor {
1982 char* path; /* full dir path, if valid pointer we're using */
1983 int type; /* PEM or ASN1 type */
1984};
1985
1986
1987#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
1988 #undef HAVE_CRL_MONITOR
1989#endif
1990
1991/* wolfSSL CRL controller */
1992struct WOLFSSL_CRL {
1993 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1994 CRL_Entry* crlList; /* our CRL list */
1995#ifdef HAVE_CRL_IO
1996 CbCrlIO crlIOCb;
1997#endif
1998 wolfSSL_Mutex crlLock; /* CRL list lock */
1999 CRL_Monitor monitors[2]; /* PEM and DER possible */
2000#ifdef HAVE_CRL_MONITOR
2001 pthread_cond_t cond; /* condition to signal setup */
2002 pthread_t tid; /* monitoring thread */
2003 int mfd; /* monitor fd, -1 if no init yet */
2004 int setup; /* thread is setup predicate */
2005#endif
2006 void* heap; /* heap hint for dynamic memory */
2007};
2008
2009
2010#ifdef NO_ASN
2011 typedef struct Signer Signer;
2012#ifdef WOLFSSL_TRUST_PEER_CERT
2013 typedef struct TrustedPeerCert TrustedPeerCert;
2014#endif
2015#endif
2016
2017
2018#ifndef CA_TABLE_SIZE
2019 #define CA_TABLE_SIZE 11
2020#endif
2021#ifdef WOLFSSL_TRUST_PEER_CERT
2022 #define TP_TABLE_SIZE 11
2023#endif
2024
2025/* wolfSSL Certificate Manager */
2026struct WOLFSSL_CERT_MANAGER {
2027 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
2028 void* heap; /* heap helper */
2029#ifdef WOLFSSL_TRUST_PEER_CERT
2030 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
2031 wolfSSL_Mutex tpLock; /* trusted peer list lock */
2032#endif
2033 WOLFSSL_CRL* crl; /* CRL checker */
2034 WOLFSSL_OCSP* ocsp; /* OCSP checker */
2035#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2036 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
2037 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
2038#endif
2039 char* ocspOverrideURL; /* use this responder */
2040 void* ocspIOCtx; /* I/O callback CTX */
2041#ifndef NO_WOLFSSL_CM_VERIFY
2042 VerifyCallback verifyCallback; /* Verify callback */
2043#endif
2044 CallbackCACache caCacheCallback; /* CA cache addition callback */
2045 CbMissingCRL cbMissingCRL; /* notify thru cb of missing crl */
2046 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
2047 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
2048 wolfSSL_Mutex caLock; /* CA list lock */
2049 byte crlEnabled:1; /* is CRL on ? */
2050 byte crlCheckAll:1; /* always leaf, but all ? */
2051 byte ocspEnabled:1; /* is OCSP on ? */
2052 byte ocspCheckAll:1; /* always leaf, but all ? */
2053 byte ocspSendNonce:1; /* send the OCSP nonce ? */
2054 byte ocspUseOverrideURL:1; /* ignore cert responder, override */
2055 byte ocspStaplingEnabled:1; /* is OCSP Stapling on ? */
2056#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2057|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2058 byte ocspMustStaple:1; /* server must respond with staple */
2059#endif
2060
2061#ifndef NO_RSA
2062 short minRsaKeySz; /* minimum allowed RSA key size */
2063#endif
2064#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
2065 short minEccKeySz; /* minimum allowed ECC key size */
2066#endif
2067 wolfSSL_Mutex refMutex; /* reference count mutex */
2068 int refCount; /* reference count */
2069};
2070
2071WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
2072WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*);
2073WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
2074WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
2075WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
2076WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
2077 long sz, int format, int err_val);
2078
2079
2080#ifndef NO_CERTS
2081#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
2082typedef struct ProcPeerCertArgs {
2083 buffer* certs;
2084#ifdef WOLFSSL_TLS13
2085 buffer* exts; /* extensions */
2086#endif
2087 DecodedCert* dCert;
2088 word32 idx;
2089 word32 begin;
2090 int totalCerts; /* number of certs in certs buffer */
2091 int count;
2092 int certIdx;
2093 int lastErr;
2094#ifdef WOLFSSL_TLS13
2095 byte ctxSz;
2096#endif
2097#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
2098 char untrustedDepth;
2099#endif
2100 word16 fatal:1;
2101 word16 verifyErr:1;
2102 word16 dCertInit:1;
2103#ifdef WOLFSSL_TRUST_PEER_CERT
2104 word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */
2105#endif
2106} ProcPeerCertArgs;
2107WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
2108 int ret, ProcPeerCertArgs* args);
2109#endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */
2110#endif /* !defined NO_CERTS */
2111
2112/* wolfSSL Sock Addr */
2113struct WOLFSSL_SOCKADDR {
2114 unsigned int sz; /* sockaddr size */
2115 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
2116};
2117
2118typedef struct WOLFSSL_DTLS_CTX {
2119 WOLFSSL_SOCKADDR peer;
2120 int rfd;
2121 int wfd;
2122} WOLFSSL_DTLS_CTX;
2123
2124
2125typedef struct WOLFSSL_DTLS_PEERSEQ {
2126 word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
2127 /* Sliding window for current epoch */
2128 word16 nextEpoch; /* Expected epoch in next record */
2129 word16 nextSeq_hi; /* Expected sequence in next record */
2130 word32 nextSeq_lo;
2131
2132 word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
2133 /* Sliding window for old epoch */
2134 word32 prevSeq_lo;
2135 word16 prevSeq_hi; /* Next sequence in allowed old epoch */
2136
2137#ifdef WOLFSSL_MULTICAST
2138 word16 peerId;
2139 word32 highwaterMark;
2140#endif
2141} WOLFSSL_DTLS_PEERSEQ;
2142
2143
2144#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
2145
2146/* keys and secrets
2147 * keep as a constant size (no additional ifdefs) for session export */
2148typedef struct Keys {
2149#if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13)
2150 byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */
2151 byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
2152#endif
2153 byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */
2154 byte server_write_key[MAX_SYM_KEY_SIZE];
2155 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
2156 byte server_write_IV[MAX_WRITE_IV_SZ];
2157#if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT)
2158 byte aead_exp_IV[AEAD_MAX_EXP_SZ];
2159 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
2160 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
2161#endif
2162
2163 word32 peer_sequence_number_hi;
2164 word32 peer_sequence_number_lo;
2165 word32 sequence_number_hi;
2166 word32 sequence_number_lo;
2167
2168#ifdef WOLFSSL_DTLS
2169 word16 curEpoch; /* Received epoch in current record */
2170 word16 curSeq_hi; /* Received sequence in current record */
2171 word32 curSeq_lo;
2172#ifdef WOLFSSL_MULTICAST
2173 byte curPeerId; /* Received peer group ID in current record */
2174#endif
2175 WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ];
2176
2177 word16 dtls_peer_handshake_number;
2178 word16 dtls_expected_peer_handshake_number;
2179
2180 word16 dtls_epoch; /* Current epoch */
2181 word16 dtls_sequence_number_hi; /* Current epoch */
2182 word32 dtls_sequence_number_lo;
2183 word16 dtls_prev_sequence_number_hi; /* Previous epoch */
2184 word32 dtls_prev_sequence_number_lo;
2185 word16 dtls_handshake_number; /* Current tx handshake seq */
2186#endif
2187
2188 word32 encryptSz; /* last size of encrypted data */
2189 word32 padSz; /* how much to advance after decrypt part */
2190 byte encryptionOn; /* true after change cipher spec */
2191 byte decryptedCur; /* only decrypt current record once */
2192#ifdef WOLFSSL_TLS13
2193 byte updateResponseReq:1; /* KeyUpdate response from peer required. */
2194 byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
2195#endif
2196#ifdef WOLFSSL_RENESAS_TSIP_TLS
2197
2198 tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret;
2199 tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret;
2200
2201#endif
2202} Keys;
2203
2204
2205
2206/** TLS Extensions - RFC 6066 */
2207#ifdef HAVE_TLS_EXTENSIONS
2208
2209typedef enum {
2210#ifdef HAVE_SNI
2211 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
2212#endif
2213 TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
2214 TLSX_TRUSTED_CA_KEYS = 0x0003,
2215 TLSX_TRUNCATED_HMAC = 0x0004,
2216 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
2217 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
2218 TLSX_EC_POINT_FORMATS = 0x000b,
2219#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
2220 TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */
2221#endif
2222 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
2223 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
2224#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
2225 TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
2226#endif
2227 TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */
2228 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
2229 TLSX_SESSION_TICKET = 0x0023,
2230#ifdef WOLFSSL_TLS13
2231 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2232 TLSX_PRE_SHARED_KEY = 0x0029,
2233 #endif
2234 #ifdef WOLFSSL_EARLY_DATA
2235 TLSX_EARLY_DATA = 0x002a,
2236 #endif
2237 TLSX_SUPPORTED_VERSIONS = 0x002b,
2238 #ifdef WOLFSSL_SEND_HRR_COOKIE
2239 TLSX_COOKIE = 0x002c,
2240 #endif
2241 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2242 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
2243 #endif
2244 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
2245 TLSX_POST_HANDSHAKE_AUTH = 0x0031,
2246 #endif
2247 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
2248 TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
2249 #endif
2250 TLSX_KEY_SHARE = 0x0033,
2251#endif
2252 TLSX_RENEGOTIATION_INFO = 0xff01
2253} TLSX_Type;
2254
2255typedef struct TLSX {
2256 TLSX_Type type; /* Extension Type */
2257 void* data; /* Extension Data */
2258 word32 val; /* Extension Value */
2259 byte resp; /* IsResponse Flag */
2260 struct TLSX* next; /* List Behavior */
2261} TLSX;
2262
2263WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
2264WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap);
2265WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
2266WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
2267WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
2268
2269#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
2270WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
2271 word16* pLength);
2272WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
2273 byte msgType, word16* pOffset);
2274#endif
2275
2276#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
2277/* TLS 1.3 Certificate messages have extensions. */
2278WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
2279 word16* pLength);
2280WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType,
2281 word16* pOffset);
2282#endif
2283
2284WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length,
2285 byte msgType, int* found);
2286WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
2287 byte msgType, Suites *suites);
2288
2289#elif defined(HAVE_SNI) \
2290 || defined(HAVE_MAX_FRAGMENT) \
2291 || defined(HAVE_TRUSTED_CA) \
2292 || defined(HAVE_TRUNCATED_HMAC) \
2293 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2294 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
2295 || defined(HAVE_SUPPORTED_CURVES) \
2296 || defined(HAVE_ALPN) \
2297 || defined(HAVE_QSH) \
2298 || defined(HAVE_SESSION_TICKET) \
2299 || defined(HAVE_SECURE_RENEGOTIATION) \
2300 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2301
2302#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
2303
2304#endif /* HAVE_TLS_EXTENSIONS */
2305
2306/** Server Name Indication - RFC 6066 (session 3) */
2307#ifdef HAVE_SNI
2308
2309typedef struct SNI {
2310 byte type; /* SNI Type */
2311 union { char* host_name; } data; /* SNI Data */
2312 struct SNI* next; /* List Behavior */
2313 byte status; /* Matching result */
2314#ifndef NO_WOLFSSL_SERVER
2315 byte options; /* Behavior options */
2316#endif
2317} SNI;
2318
2319WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
2320 word16 size, void* heap);
2321WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
2322WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
2323 void** data);
2324
2325#ifndef NO_WOLFSSL_SERVER
2326WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
2327 byte options);
2328WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
2329 byte type, byte* sni, word32* inOutSz);
2330#endif
2331
2332#endif /* HAVE_SNI */
2333
2334/* Trusted CA Key Indication - RFC 6066 (section 6) */
2335#ifdef HAVE_TRUSTED_CA
2336
2337typedef struct TCA {
2338 byte type; /* TCA Type */
2339 byte* id; /* TCA identifier */
2340 word16 idSz; /* TCA identifier size */
2341 struct TCA* next; /* List Behavior */
2342} TCA;
2343
2344WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type,
2345 const byte* id, word16 idSz, void* heap);
2346
2347#endif /* HAVE_TRUSTED_CA */
2348
2349/* Application-Layer Protocol Negotiation - RFC 7301 */
2350#ifdef HAVE_ALPN
2351typedef struct ALPN {
2352 char* protocol_name; /* ALPN protocol name */
2353 struct ALPN* next; /* List Behavior */
2354 byte options; /* Behavior options */
2355 byte negotiated; /* ALPN protocol negotiated or not */
2356} ALPN;
2357
2358WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
2359 void** data, word16 *dataSz);
2360
2361WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
2362 word16 size, byte options, void* heap);
2363
2364WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
2365
2366#endif /* HAVE_ALPN */
2367
2368/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
2369#ifdef HAVE_MAX_FRAGMENT
2370
2371WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
2372
2373#endif /* HAVE_MAX_FRAGMENT */
2374
2375/** Truncated HMAC - RFC 6066 (session 7) */
2376#ifdef HAVE_TRUNCATED_HMAC
2377
2378WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
2379
2380#endif /* HAVE_TRUNCATED_HMAC */
2381
2382/** Certificate Status Request - RFC 6066 (session 8) */
2383#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
2384
2385typedef struct {
2386 byte status_type;
2387 byte options;
2388 WOLFSSL* ssl;
2389 union {
2390 OcspRequest ocsp;
2391 } request;
2392#if defined(WOLFSSL_TLS13)
2393 buffer response;
2394#endif
2395} CertificateStatusRequest;
2396
2397WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
2398 byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId);
2399#ifndef NO_CERTS
2400WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
2401 void* heap);
2402#endif
2403WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
2404WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
2405
2406#endif
2407
2408/** Certificate Status Request v2 - RFC 6961 */
2409#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
2410
2411typedef struct CSRIv2 {
2412 byte status_type;
2413 byte options;
2414 word16 requests;
2415 union {
2416 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
2417 } request;
2418 struct CSRIv2* next;
2419} CertificateStatusRequestItemV2;
2420
2421WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
2422 byte status_type, byte options, void* heap, int devId);
2423#ifndef NO_CERTS
2424WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
2425 byte isPeer, void* heap);
2426#endif
2427WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
2428 byte index);
2429WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
2430
2431#endif
2432
2433/** Supported Elliptic Curves - RFC 4492 (session 4) */
2434#ifdef HAVE_SUPPORTED_CURVES
2435
2436typedef struct SupportedCurve {
2437 word16 name; /* Curve Names */
2438 struct SupportedCurve* next; /* List Behavior */
2439} SupportedCurve;
2440
2441typedef struct PointFormat {
2442 byte format; /* PointFormat */
2443 struct PointFormat* next; /* List Behavior */
2444} PointFormat;
2445
2446WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
2447 void* heap);
2448
2449WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
2450 void* heap);
2451
2452#ifndef NO_WOLFSSL_SERVER
2453WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first,
2454 byte second);
2455WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
2456WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
2457#endif
2458WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
2459 int checkSupported);
2460
2461#endif /* HAVE_SUPPORTED_CURVES */
2462
2463/** Renegotiation Indication - RFC 5746 */
2464#if defined(HAVE_SECURE_RENEGOTIATION) \
2465 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2466
2467enum key_cache_state {
2468 SCR_CACHE_NULL = 0, /* empty / begin state */
2469 SCR_CACHE_NEEDED, /* need to cache keys */
2470 SCR_CACHE_COPY, /* we have a cached copy */
2471 SCR_CACHE_PARTIAL, /* partial restore to real keys */
2472 SCR_CACHE_COMPLETE /* complete restore to real keys */
2473};
2474
2475/* Additional Connection State according to rfc5746 section 3.1 */
2476typedef struct SecureRenegotiation {
2477 byte enabled; /* secure_renegotiation flag in rfc */
2478 byte verifySet;
2479 byte startScr; /* server requested client to start scr */
2480 enum key_cache_state cache_status; /* track key cache state */
2481 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
2482 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
2483 byte subject_hash_set; /* if peer cert hash is set */
2484 byte subject_hash[KEYID_SIZE]; /* peer cert hash */
2485 Keys tmp_keys; /* can't overwrite real keys yet */
2486} SecureRenegotiation;
2487
2488WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
2489
2490#ifdef HAVE_SERVER_RENEGOTIATION_INFO
2491WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
2492#endif
2493
2494#endif /* HAVE_SECURE_RENEGOTIATION */
2495
2496/** Session Ticket - RFC 5077 (session 3.2) */
2497#ifdef HAVE_SESSION_TICKET
2498
2499typedef struct SessionTicket {
2500 word32 lifetime;
2501#ifdef WOLFSSL_TLS13
2502 word64 seen;
2503 word32 ageAdd;
2504#endif
2505 byte* data;
2506 word16 size;
2507} SessionTicket;
2508
2509#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER)
2510
2511/* Data passed to default SessionTicket enc/dec callback. */
2512typedef struct TicketEncCbCtx {
2513 /* Name for this context. */
2514 byte name[WOLFSSL_TICKET_NAME_SZ];
2515 /* Current keys - current and next. */
2516 byte key[2][WOLFSSL_TICKET_KEY_SZ];
2517 /* Expirary date of keys. */
2518 word32 expirary[2];
2519 /* Random number generator to use for generating name, keys and IV. */
2520 WC_RNG rng;
2521#ifndef SINGLE_THREADED
2522 /* Mutex for access to changing keys. */
2523 wolfSSL_Mutex mutex;
2524#endif
2525 /* Pointer back to SSL_CTX. */
2526 WOLFSSL_CTX* ctx;
2527} TicketEncCbCtx;
2528
2529#endif /* !WOLFSSL_NO_DEF_TICKET_ENC_CB && !WOLFSSL_NO_SERVER */
2530
2531WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
2532 SessionTicket* ticket, void* heap);
2533WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
2534 byte* data, word16 size, void* heap);
2535WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
2536
2537#endif /* HAVE_SESSION_TICKET */
2538
2539/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
2540#ifdef HAVE_QSH
2541
2542typedef struct QSHScheme {
2543 struct QSHScheme* next; /* List Behavior */
2544 byte* PK;
2545 word16 name; /* QSHScheme Names */
2546 word16 PKLen;
2547} QSHScheme;
2548
2549typedef struct QSHkey {
2550 struct QSHKey* next;
2551 word16 name;
2552 buffer pub;
2553 buffer pri;
2554} QSHKey;
2555
2556typedef struct QSHSecret {
2557 QSHScheme* list;
2558 buffer* SerSi;
2559 buffer* CliSi;
2560} QSHSecret;
2561
2562/* used in key exchange during handshake */
2563WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
2564 word16 length, byte isServer);
2565WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
2566WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
2567
2568/* used by api for setting a specific QSH scheme */
2569WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
2570 byte* pKey, word16 pKeySz, void* heap);
2571
2572/* used when parsing in QSHCipher structs */
2573WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
2574 byte* out, word16* szOut);
2575#ifndef NO_WOLFSSL_SERVER
2576WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
2577#endif
2578
2579#endif /* HAVE_QSH */
2580
2581#ifdef WOLFSSL_TLS13
2582/* Cookie extension information - cookie data. */
2583typedef struct Cookie {
2584 word16 len;
2585 byte data;
2586} Cookie;
2587
2588WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len,
2589 byte* mac, byte macSz, int resp);
2590
2591
2592/* Key Share - TLS v1.3 Specification */
2593
2594/* The KeyShare extension information - entry in a linked list. */
2595typedef struct KeyShareEntry {
2596 word16 group; /* NamedGroup */
2597 byte* ke; /* Key exchange data */
2598 word32 keLen; /* Key exchange data length */
2599 void* key; /* Private key */
2600 word32 keyLen; /* Private key length */
2601 byte* pubKey; /* Public key */
2602 word32 pubKeyLen; /* Public key length */
2603 struct KeyShareEntry* next; /* List pointer */
2604} KeyShareEntry;
2605
2606WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
2607 byte* data, KeyShareEntry **kse);
2608WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
2609WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
2610WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
2611
2612
2613#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2614/* Ticket nonce - for deriving PSK.
2615 * Length allowed to be: 1..255. Only support 4 bytes.
2616 */
2617typedef struct TicketNonce {
2618 byte len;
2619 byte data[MAX_TICKET_NONCE_SZ];
2620} TicketNonce;
2621
2622/* The PreSharedKey extension information - entry in a linked list. */
2623typedef struct PreSharedKey {
2624 word16 identityLen; /* Length of identity */
2625 byte* identity; /* PSK identity */
2626 word32 ticketAge; /* Age of the ticket */
2627 byte cipherSuite0; /* Cipher Suite */
2628 byte cipherSuite; /* Cipher Suite */
2629 word32 binderLen; /* Length of HMAC */
2630 byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */
2631 byte hmac; /* HMAC algorithm */
2632 byte resumption:1; /* Resumption PSK */
2633 byte chosen:1; /* Server's choice */
2634 struct PreSharedKey* next; /* List pointer */
2635} PreSharedKey;
2636
2637WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
2638 byte* output, byte msgType,
2639 word16* pSz);
2640WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
2641 byte msgType, word16* pSz);
2642WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
2643 word16 len, word32 age, byte hmac,
2644 byte cipherSuite0, byte cipherSuite,
2645 byte resumption,
2646 PreSharedKey **preSharedKey);
2647
2648/* The possible Pre-Shared Key key exchange modes. */
2649enum PskKeyExchangeMode {
2650 PSK_KE,
2651 PSK_DHE_KE
2652};
2653
2654/* User can define this. */
2655#ifndef WOLFSSL_DEF_PSK_CIPHER
2656#define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256
2657#endif
2658
2659WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
2660
2661#ifdef WOLFSSL_EARLY_DATA
2662WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max);
2663#endif
2664#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2665
2666
2667/* The types of keys to derive for. */
2668enum DeriveKeyType {
2669 no_key,
2670 early_data_key,
2671 handshake_key,
2672 traffic_key,
2673 update_traffic_key
2674};
2675
2676WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl);
2677WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl);
2678WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store);
2679WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl);
2680WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret);
2681WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key);
2682
2683WOLFSSL_LOCAL int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
2684 const char *label, size_t labelLen,
2685 const unsigned char *context, size_t contextLen);
2686
2687/* The key update request values for KeyUpdate message. */
2688enum KeyUpdateRequest {
2689 update_not_requested,
2690 update_requested
2691};
2692#endif /* WOLFSSL_TLS13 */
2693
2694
2695#ifdef OPENSSL_EXTRA
2696enum SetCBIO {
2697 WOLFSSL_CBIO_NONE = 0,
2698 WOLFSSL_CBIO_RECV = 0x1,
2699 WOLFSSL_CBIO_SEND = 0x2,
2700};
2701#endif
2702
2703#ifdef WOLFSSL_STATIC_EPHEMERAL
2704/* contains static ephemeral keys */
2705typedef struct {
2706#ifndef NO_DH
2707 DerBuffer* dhKey;
2708#endif
2709#ifdef HAVE_ECC
2710 DerBuffer* ecKey;
2711#endif
2712} StaticKeyExchangeInfo_t;
2713#endif
2714
2715
2716/* wolfSSL context type */
2717struct WOLFSSL_CTX {
2718 WOLFSSL_METHOD* method;
2719#ifdef SINGLE_THREADED
2720 WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
2721#endif
2722 wolfSSL_Mutex countMutex; /* reference count mutex */
2723 int refCount; /* reference count */
2724 int err; /* error code in case of mutex not created */
2725#ifndef NO_DH
2726 buffer serverDH_P;
2727 buffer serverDH_G;
2728#endif
2729#ifndef NO_CERTS
2730 DerBuffer* certificate;
2731 DerBuffer* certChain;
2732 /* chain after self, in DER, with leading size for each cert */
2733 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
2734 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
2735 #endif
2736 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
2737 defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
2738 WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
2739 client_cert_cb CBClientCert; /* client certificate callback */
2740 #endif
2741#ifdef WOLFSSL_TLS13
2742 int certChainCnt;
2743#endif
2744 DerBuffer* privateKey;
2745 byte privateKeyType:6;
2746 byte privateKeyId:1;
2747 byte privateKeyLabel:1;
2748 int privateKeySz;
2749 int privateKeyDevId;
2750 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
2751#endif
2752#ifdef KEEP_OUR_CERT
2753 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
2754 int ownOurCert; /* Dispose of certificate if we own */
2755#endif
2756 Suites* suites; /* make dynamic, user may not need/set */
2757 void* heap; /* for user memory overrides */
2758 byte verifyDepth;
2759 byte verifyPeer:1;
2760 byte verifyNone:1;
2761 byte failNoCert:1;
2762 byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/
2763 byte sessionCacheOff:1;
2764 byte sessionCacheFlushOff:1;
2765#ifdef HAVE_EXT_CACHE
2766 byte internalCacheOff:1;
2767#endif
2768 byte sendVerify:2; /* for client side (can not be single bit) */
2769 byte haveRSA:1; /* RSA available */
2770 byte haveECC:1; /* ECC available */
2771 byte haveDH:1; /* server DH parms set by user */
2772 byte haveNTRU:1; /* server private NTRU key loaded */
2773 byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
2774 byte haveStaticECC:1; /* static server ECC private key */
2775 byte partialWrite:1; /* only one msg per write call */
2776 byte quietShutdown:1; /* don't send close notify */
2777 byte groupMessages:1; /* group handshake messages before sending */
2778 byte minDowngrade; /* minimum downgrade version */
2779 byte haveEMS:1; /* have extended master secret extension */
2780 byte useClientOrder:1; /* Use client's cipher preference order */
2781#if defined(HAVE_SESSION_TICKET)
2782 byte noTicketTls12:1; /* TLS 1.2 server won't send ticket */
2783#endif
2784#ifdef WOLFSSL_TLS13
2785 byte noTicketTls13:1; /* TLS 1.3 Server won't create new Ticket */
2786 byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
2787#endif
2788 byte mutualAuth:1; /* Mutual authentication required */
2789#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
2790 byte postHandshakeAuth:1; /* Post-handshake auth supported. */
2791#endif
2792#ifndef NO_DH
2793 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
2794 !defined(HAVE_SELFTEST)
2795 byte dhKeyTested:1; /* Set when key has been tested. */
2796 #endif
2797#endif
2798#ifdef HAVE_SECURE_RENEGOTIATION
2799 byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */
2800#endif
2801#ifdef HAVE_ENCRYPT_THEN_MAC
2802 byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
2803#endif
2804#ifdef WOLFSSL_STATIC_MEMORY
2805 byte onHeap:1; /* whether the ctx/method is put on heap hint */
2806#endif
2807#ifdef WOLFSSL_MULTICAST
2808 byte haveMcast; /* multicast requested */
2809 byte mcastID; /* multicast group ID */
2810#endif
2811#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
2812 byte dtlsSctp; /* DTLS-over-SCTP mode */
2813#endif
2814#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
2815 defined(WOLFSSL_DTLS)
2816 word16 dtlsMtuSz; /* DTLS MTU size */
2817#endif
2818#ifndef NO_DH
2819 word16 minDhKeySz; /* minimum DH key size */
2820 word16 maxDhKeySz; /* maximum DH key size */
2821#endif
2822#ifndef NO_RSA
2823 short minRsaKeySz; /* minimum RSA key size */
2824#endif
2825#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
2826 short minEccKeySz; /* minimum ECC key size */
2827#endif
2828 unsigned long mask; /* store SSL_OP_ flags */
2829#ifdef OPENSSL_EXTRA
2830 byte sessionCtx[ID_LEN]; /* app session context ID */
2831 word32 disabledCurves; /* curves disabled by user */
2832 const unsigned char *alpn_cli_protos;/* ALPN client protocol list */
2833 unsigned int alpn_cli_protos_len;
2834 byte sessionCtxSz;
2835 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
2836 CallbackInfoState* CBIS; /* used to get info about SSL state */
2837#endif
2838 CallbackIORecv CBIORecv;
2839 CallbackIOSend CBIOSend;
2840#ifdef WOLFSSL_DTLS
2841 CallbackGenCookie CBIOCookie; /* gen cookie callback */
2842#ifdef WOLFSSL_SESSION_EXPORT
2843 wc_dtls_export dtls_export; /* export function for DTLS session */
2844 CallbackGetPeer CBGetPeer;
2845 CallbackSetPeer CBSetPeer;
2846#endif
2847#endif /* WOLFSSL_DTLS */
2848 VerifyCallback verifyCallback; /* cert verification callback */
2849#ifdef OPENSSL_ALL
2850 CertVerifyCallback verifyCertCb;
2851 void* verifyCertCbArg;
2852#endif /* OPENSSL_ALL */
2853 word32 timeout; /* session timeout */
2854#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448)
2855 word32 ecdhCurveOID; /* curve Ecc_Sum */
2856#endif
2857#ifdef HAVE_ECC
2858 word16 eccTempKeySz; /* in octets 20 - 66 */
2859#endif
2860#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
2861 word32 pkCurveOID; /* curve Ecc_Sum */
2862#endif
2863#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2864 byte havePSK; /* psk key set by user */
2865 wc_psk_client_callback client_psk_cb; /* client callback */
2866 wc_psk_server_callback server_psk_cb; /* server callback */
2867#ifdef WOLFSSL_TLS13
2868 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
2869 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
2870#endif
2871 void* psk_ctx;
2872 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
2873#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2874#ifdef WOLFSSL_TLS13
2875 word16 group[WOLFSSL_MAX_GROUP_COUNT];
2876 byte numGroups;
2877#endif
2878#ifdef WOLFSSL_EARLY_DATA
2879 word32 maxEarlyDataSz;
2880#endif
2881#ifdef HAVE_ANON
2882 byte haveAnon; /* User wants to allow Anon suites */
2883#endif /* HAVE_ANON */
2884#ifdef WOLFSSL_ENCRYPTED_KEYS
2885 pem_password_cb* passwd_cb;
2886 void* passwd_userdata;
2887#endif
2888#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
2889 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
2890 WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
2891 byte readAhead;
2892 void* userPRFArg; /* passed to prf callback */
2893#endif
2894#ifdef HAVE_EX_DATA
2895 WOLFSSL_CRYPTO_EX_DATA ex_data;
2896#endif
2897#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY))
2898 CallbackALPNSelect alpnSelect;
2899 void* alpnSelectArg;
2900#endif
2901#ifdef HAVE_SNI
2902 CallbackSniRecv sniRecvCb;
2903 void* sniRecvCbArg;
2904#endif
2905#if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
2906 CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
2907 word32 mcastFirstSeq; /* first trigger level */
2908 word32 mcastSecondSeq; /* second trigger level */
2909 word32 mcastMaxSeq; /* max level */
2910#endif
2911#ifdef HAVE_OCSP
2912 WOLFSSL_OCSP ocsp;
2913#endif
2914 int devId; /* async device id to use */
2915#ifdef HAVE_TLS_EXTENSIONS
2916 TLSX* extensions; /* RFC 6066 TLS Extensions data */
2917 #ifndef NO_WOLFSSL_SERVER
2918 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2919 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2920 OcspRequest* certOcspRequest;
2921 #endif
2922 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2923 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
2924 #endif
2925 #endif
2926 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
2927 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
2928 void* ticketEncCtx; /* session encrypt context */
2929 int ticketHint; /* ticket hint in seconds */
2930 #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB
2931 TicketEncCbCtx ticketKeyCtx;
2932 #endif
2933 #endif
2934 #ifdef HAVE_SUPPORTED_CURVES
2935 byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
2936 #endif
2937#endif
2938#ifdef ATOMIC_USER
2939 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
2940 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
2941 #ifdef HAVE_ENCRYPT_THEN_MAC
2942 CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */
2943 CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */
2944 #endif
2945#endif
2946#ifdef HAVE_PK_CALLBACKS
2947 #ifdef HAVE_ECC
2948 CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */
2949 CallbackEccSign EccSignCb; /* User EccSign Callback handler */
2950 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
2951 CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
2952 #ifdef HAVE_ED25519
2953 /* User Ed25519Sign Callback handler */
2954 CallbackEd25519Sign Ed25519SignCb;
2955 /* User Ed25519Verify Callback handler */
2956 CallbackEd25519Verify Ed25519VerifyCb;
2957 #endif
2958 #ifdef HAVE_CURVE25519
2959 /* User X25519 KeyGen Callback Handler */
2960 CallbackX25519KeyGen X25519KeyGenCb;
2961 /* User X25519 SharedSecret Callback handler */
2962 CallbackX25519SharedSecret X25519SharedSecretCb;
2963 #endif
2964 #ifdef HAVE_ED448
2965 /* User Ed448Sign Callback handler */
2966 CallbackEd448Sign Ed448SignCb;
2967 /* User Ed448Verify Callback handler */
2968 CallbackEd448Verify Ed448VerifyCb;
2969 #endif
2970 #ifdef HAVE_CURVE448
2971 /* User X448 KeyGen Callback Handler */
2972 CallbackX448KeyGen X448KeyGenCb;
2973 /* User X448 SharedSecret Callback handler */
2974 CallbackX448SharedSecret X448SharedSecretCb;
2975 #endif
2976 #endif /* HAVE_ECC */
2977 #ifndef NO_DH
2978 CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */
2979 #endif
2980 #ifndef NO_RSA
2981 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */
2982 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */
2983 CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */
2984 #ifdef WC_RSA_PSS
2985 CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */
2986 CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */
2987 CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */
2988 #endif
2989 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
2990 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
2991 #endif /* NO_RSA */
2992#endif /* HAVE_PK_CALLBACKS */
2993#ifdef HAVE_WOLF_EVENT
2994 WOLF_EVENT_QUEUE event_queue;
2995#endif /* HAVE_WOLF_EVENT */
2996#ifdef HAVE_EXT_CACHE
2997 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*);
2998 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
2999 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
3000#endif
3001#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256)
3002 Srp* srp; /* TLS Secure Remote Password Protocol*/
3003 byte* srp_password;
3004#endif
3005#ifdef WOLFSSL_STATIC_EPHEMERAL
3006 StaticKeyExchangeInfo_t staticKE;
3007#endif
3008};
3009
3010WOLFSSL_LOCAL
3011int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
3012WOLFSSL_LOCAL
3013void FreeSSL_Ctx(WOLFSSL_CTX*);
3014WOLFSSL_LOCAL
3015void SSL_CtxResourceFree(WOLFSSL_CTX*);
3016
3017WOLFSSL_LOCAL
3018int DeriveTlsKeys(WOLFSSL* ssl);
3019WOLFSSL_LOCAL
3020int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3021 word32 inSz, word16 sz);
3022
3023#ifndef NO_CERTS
3024 WOLFSSL_LOCAL
3025 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
3026 WOLFSSL_LOCAL
3027 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
3028#ifdef WOLFSSL_TRUST_PEER_CERT
3029 WOLFSSL_LOCAL
3030 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
3031 WOLFSSL_LOCAL
3032 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
3033#endif
3034#endif
3035
3036/* All cipher suite related info
3037 * Keep as a constant size (no ifdefs) for session export */
3038typedef struct CipherSpecs {
3039 word16 key_size;
3040 word16 iv_size;
3041 word16 block_size;
3042 word16 aead_mac_size;
3043 byte bulk_cipher_algorithm;
3044 byte cipher_type; /* block, stream, or aead */
3045 byte mac_algorithm;
3046 byte kea; /* key exchange algo */
3047 byte sig_algo;
3048 byte hash_size;
3049 byte pad_size;
3050 byte static_ecdh;
3051} CipherSpecs;
3052
3053
3054void InitCipherSpecs(CipherSpecs* cs);
3055
3056
3057/* Supported Key Exchange Protocols */
3058enum KeyExchangeAlgorithm {
3059 no_kea,
3060 rsa_kea,
3061 diffie_hellman_kea,
3062 fortezza_kea,
3063 psk_kea,
3064 dhe_psk_kea,
3065 ecdhe_psk_kea,
3066 ntru_kea,
3067 ecc_diffie_hellman_kea,
3068 ecc_static_diffie_hellman_kea /* for verify suite only */
3069};
3070
3071/* Supported Authentication Schemes */
3072enum SignatureAlgorithm {
3073 anonymous_sa_algo = 0,
3074 rsa_sa_algo = 1,
3075 dsa_sa_algo = 2,
3076 ecc_dsa_sa_algo = 3,
3077 rsa_pss_sa_algo = 8,
3078 ed25519_sa_algo = 9,
3079 rsa_pss_pss_algo = 10,
3080 ed448_sa_algo = 11
3081};
3082
3083#define PSS_RSAE_TO_PSS_PSS(macAlgo) \
3084 (macAlgo + (pss_sha256 - sha256_mac))
3085
3086#define PSS_PSS_HASH_TO_MAC(macAlgo) \
3087 (macAlgo - (pss_sha256 - sha256_mac))
3088
3089enum SigAlgRsaPss {
3090 pss_sha256 = 0x09,
3091 pss_sha384 = 0x0a,
3092 pss_sha512 = 0x0b,
3093};
3094
3095
3096/* Supprted ECC Curve Types */
3097enum EccCurves {
3098 named_curve = 3
3099};
3100
3101
3102/* Valid client certificate request types from page 27 */
3103enum ClientCertificateType {
3104 rsa_sign = 1,
3105 dss_sign = 2,
3106 rsa_fixed_dh = 3,
3107 dss_fixed_dh = 4,
3108 rsa_ephemeral_dh = 5,
3109 dss_ephemeral_dh = 6,
3110 fortezza_kea_cert = 20,
3111 ecdsa_sign = 64,
3112 rsa_fixed_ecdh = 65,
3113 ecdsa_fixed_ecdh = 66
3114};
3115
3116
3117#ifndef WOLFSSL_AEAD_ONLY
3118enum CipherType { stream, block, aead };
3119#else
3120enum CipherType { aead };
3121#endif
3122
3123
3124#if defined(BUILD_AES) || defined(BUILD_AESGCM) || (defined(HAVE_CHACHA) && \
3125 defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13)
3126 #define CIPHER_NONCE
3127#endif
3128
3129#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
3130enum CipherSrc {
3131 KEYS_NOT_SET = 0,
3132 KEYS, /* keys from ssl->keys are loaded */
3133 SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */
3134};
3135#endif
3136
3137/* cipher for now */
3138typedef struct Ciphers {
3139#ifdef BUILD_ARC4
3140 Arc4* arc4;
3141#endif
3142#ifdef BUILD_DES3
3143 Des3* des3;
3144#endif
3145#if defined(BUILD_AES) || defined(BUILD_AESGCM)
3146 Aes* aes;
3147 #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \
3148 !defined(WOLFSSL_NO_TLS12)
3149 byte* additional;
3150 #endif
3151#endif
3152#ifdef CIPHER_NONCE
3153 byte* nonce;
3154#endif
3155#ifdef HAVE_CAMELLIA
3156 Camellia* cam;
3157#endif
3158#ifdef HAVE_CHACHA
3159 ChaCha* chacha;
3160#endif
3161#ifdef HAVE_HC128
3162 HC128* hc128;
3163#endif
3164#ifdef BUILD_RABBIT
3165 Rabbit* rabbit;
3166#endif
3167#ifdef HAVE_IDEA
3168 Idea* idea;
3169#endif
3170#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
3171 Hmac* hmac;
3172#endif
3173 byte state;
3174 byte setup; /* have we set it up flag for detection */
3175#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
3176 enum CipherSrc src; /* DTLS uses this to determine which keys
3177 * are currently loaded */
3178#endif
3179} Ciphers;
3180
3181
3182#ifdef HAVE_ONE_TIME_AUTH
3183/* Ciphers for one time authentication such as poly1305 */
3184typedef struct OneTimeAuth {
3185#ifdef HAVE_POLY1305
3186 Poly1305* poly1305;
3187#endif
3188 byte setup; /* flag for if a cipher has been set */
3189
3190} OneTimeAuth;
3191#endif
3192
3193
3194WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
3195WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
3196
3197
3198/* hashes type */
3199typedef struct Hashes {
3200 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
3201 byte md5[WC_MD5_DIGEST_SIZE];
3202 #endif
3203 #if !defined(NO_SHA)
3204 byte sha[WC_SHA_DIGEST_SIZE];
3205 #endif
3206 #ifndef NO_SHA256
3207 byte sha256[WC_SHA256_DIGEST_SIZE];
3208 #endif
3209 #ifdef WOLFSSL_SHA384
3210 byte sha384[WC_SHA384_DIGEST_SIZE];
3211 #endif
3212 #ifdef WOLFSSL_SHA512
3213 byte sha512[WC_SHA512_DIGEST_SIZE];
3214 #endif
3215} Hashes;
3216
3217WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
3218
3219#ifdef WOLFSSL_TLS13
3220typedef union Digest {
3221#ifndef NO_WOLFSSL_SHA256
3222 wc_Sha256 sha256;
3223#endif
3224#ifdef WOLFSSL_SHA384
3225 wc_Sha384 sha384;
3226#endif
3227#ifdef WOLFSSL_SHA512
3228 wc_Sha512 sha512;
3229#endif
3230} Digest;
3231#endif
3232
3233/* Static x509 buffer */
3234typedef struct x509_buffer {
3235 int length; /* actual size */
3236 byte buffer[MAX_X509_SIZE]; /* max static cert size */
3237} x509_buffer;
3238
3239
3240/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
3241struct WOLFSSL_X509_CHAIN {
3242 int count; /* total number in chain */
3243 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
3244};
3245
3246
3247/* wolfSSL session type */
3248struct WOLFSSL_SESSION {
3249 word32 bornOn; /* create time in seconds */
3250 word32 timeout; /* timeout in seconds */
3251 byte sessionID[ID_LEN]; /* id for protocol */
3252 byte sessionIDSz;
3253 byte masterSecret[SECRET_LEN]; /* stored secret */
3254 word16 haveEMS; /* ext master secret flag */
3255#ifdef SESSION_CERTS
3256#ifdef OPENSSL_EXTRA
3257 WOLFSSL_X509* peer; /* peer cert */
3258#endif
3259 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
3260 #ifdef WOLFSSL_ALT_CERT_CHAINS
3261 WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
3262 #endif
3263#endif
3264#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
3265 defined(HAVE_SESSION_TICKET))
3266 ProtocolVersion version; /* which version was used */
3267#endif
3268#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
3269 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
3270 byte cipherSuite0; /* first byte, normally 0 */
3271 byte cipherSuite; /* 2nd byte, actual suite */
3272#endif
3273#ifndef NO_CLIENT_CACHE
3274 word16 idLen; /* serverID length */
3275 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
3276#endif
3277#ifdef OPENSSL_EXTRA
3278 byte sessionCtxSz; /* sessionCtx length */
3279 byte sessionCtx[ID_LEN]; /* app specific context id */
3280 wolfSSL_Mutex refMutex; /* ref count mutex */
3281 int refCount; /* reference count */
3282#endif
3283#ifdef WOLFSSL_TLS13
3284 word16 namedGroup;
3285#endif
3286#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3287 #ifdef WOLFSSL_TLS13
3288 word32 ticketSeen; /* Time ticket seen (ms) */
3289 word32 ticketAdd; /* Added by client */
3290 TicketNonce ticketNonce; /* Nonce used to derive PSK */
3291 #endif
3292 #ifdef WOLFSSL_EARLY_DATA
3293 word32 maxEarlyDataSz;
3294 #endif
3295#endif
3296#ifdef HAVE_SESSION_TICKET
3297 byte* ticket;
3298 word16 ticketLen;
3299 byte staticTicket[SESSION_TICKET_LEN];
3300 byte isDynamic;
3301#endif
3302#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA)
3303 byte isAlloced;
3304#endif
3305#ifdef HAVE_EX_DATA
3306 WOLFSSL_CRYPTO_EX_DATA ex_data;
3307#endif
3308 byte side; /* Either WOLFSSL_CLIENT_END or
3309 WOLFSSL_SERVER_END */
3310};
3311
3312
3313WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
3314WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
3315WOLFSSL_LOCAL void FreeSession(WOLFSSL_SESSION*, int);
3316
3317typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
3318
3319#ifndef NO_CLIENT_CACHE
3320 WOLFSSL_LOCAL
3321 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
3322#endif
3323
3324/* client connect state for nonblocking restart */
3325enum ConnectState {
3326 CONNECT_BEGIN = 0,
3327 CLIENT_HELLO_SENT,
3328 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
3329 HELLO_AGAIN_REPLY,
3330 FIRST_REPLY_DONE,
3331 FIRST_REPLY_FIRST,
3332 FIRST_REPLY_SECOND,
3333 FIRST_REPLY_THIRD,
3334 FIRST_REPLY_FOURTH,
3335 FINISHED_DONE,
3336 SECOND_REPLY_DONE
3337};
3338
3339
3340/* server accept state for nonblocking restart */
3341enum AcceptState {
3342 ACCEPT_BEGIN = 0,
3343 ACCEPT_BEGIN_RENEG,
3344 ACCEPT_CLIENT_HELLO_DONE,
3345 ACCEPT_HELLO_RETRY_REQUEST_DONE,
3346 ACCEPT_FIRST_REPLY_DONE,
3347 SERVER_HELLO_SENT,
3348 SERVER_EXTENSIONS_SENT,
3349 CERT_SENT,
3350 CERT_VERIFY_SENT,
3351 CERT_STATUS_SENT,
3352 KEY_EXCHANGE_SENT,
3353 CERT_REQ_SENT,
3354 SERVER_HELLO_DONE,
3355 ACCEPT_SECOND_REPLY_DONE,
3356 TICKET_SENT,
3357 CHANGE_CIPHER_SENT,
3358 ACCEPT_FINISHED_DONE,
3359 ACCEPT_THIRD_REPLY_DONE
3360};
3361
3362/* TLS 1.3 server accept state for nonblocking restart */
3363enum AcceptStateTls13 {
3364 TLS13_ACCEPT_BEGIN = 0,
3365 TLS13_ACCEPT_BEGIN_RENEG,
3366 TLS13_ACCEPT_CLIENT_HELLO_DONE,
3367 TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE,
3368 TLS13_ACCEPT_FIRST_REPLY_DONE,
3369 TLS13_ACCEPT_SECOND_REPLY_DONE,
3370 TLS13_SERVER_HELLO_SENT,
3371 TLS13_ACCEPT_THIRD_REPLY_DONE,
3372 TLS13_SERVER_EXTENSIONS_SENT,
3373 TLS13_CERT_REQ_SENT,
3374 TLS13_CERT_SENT,
3375 TLS13_CERT_VERIFY_SENT,
3376 TLS13_ACCEPT_FINISHED_SENT,
3377 TLS13_PRE_TICKET_SENT,
3378 TLS13_ACCEPT_FINISHED_DONE,
3379 TLS13_TICKET_SENT
3380};
3381
3382/* buffers for struct WOLFSSL */
3383typedef struct Buffers {
3384 bufferStatic inputBuffer;
3385 bufferStatic outputBuffer;
3386 buffer domainName; /* for client check */
3387 buffer clearOutputBuffer;
3388 buffer sig; /* signature data */
3389 buffer digest; /* digest data */
3390 int prevSent; /* previous plain text bytes sent
3391 when got WANT_WRITE */
3392 int plainSz; /* plain text bytes in buffer to send
3393 when got WANT_WRITE */
3394 byte weOwnCert; /* SSL own cert flag */
3395 byte weOwnCertChain; /* SSL own cert chain flag */
3396 byte weOwnKey; /* SSL own key flag */
3397 byte weOwnDH; /* SSL own dh (p,g) flag */
3398#ifndef NO_DH
3399 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
3400 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
3401 buffer serverDH_Pub;
3402 buffer serverDH_Priv;
3403 DhKey* serverDH_Key;
3404#endif
3405#ifndef NO_CERTS
3406 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
3407 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
3408 byte keyType:6; /* Type of key: RSA, ECC, Ed25519 */
3409 byte keyId:1; /* Key data is an id not data */
3410 byte keyLabel:1; /* Key data is a label not data */
3411 int keySz; /* Size of RSA key */
3412 int keyDevId; /* Device Id for key */
3413 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
3414 /* chain after self, in DER, with leading size for each cert */
3415#ifdef WOLFSSL_TLS13
3416 int certChainCnt;
3417 DerBuffer* certExts;
3418#endif
3419#endif
3420#ifdef WOLFSSL_SEND_HRR_COOKIE
3421 buffer tls13CookieSecret; /* HRR cookie secret */
3422#endif
3423#ifdef WOLFSSL_DTLS
3424 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
3425 #ifndef NO_WOLFSSL_SERVER
3426 buffer dtlsCookieSecret; /* DTLS cookie secret */
3427 #endif /* NO_WOLFSSL_SERVER */
3428#endif
3429#ifdef HAVE_PK_CALLBACKS
3430 #ifdef HAVE_ECC
3431 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
3432 #endif /* HAVE_ECC */
3433 #ifdef HAVE_ED25519
3434 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
3435 #endif /* HAVE_ED25519 */
3436 #ifdef HAVE_ED448
3437 buffer peerEd448Key; /* for Ed448 Verify Callbacks */
3438 #endif /* HAVE_ED448 */
3439 #ifndef NO_RSA
3440 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
3441 #endif /* NO_RSA */
3442#endif /* HAVE_PK_CALLBACKS */
3443} Buffers;
3444
3445/* sub-states for send/do key share (key exchange) */
3446enum asyncState {
3447 TLS_ASYNC_BEGIN = 0,
3448 TLS_ASYNC_BUILD,
3449 TLS_ASYNC_DO,
3450 TLS_ASYNC_VERIFY,
3451 TLS_ASYNC_FINALIZE,
3452 TLS_ASYNC_END
3453};
3454
3455/* sub-states for build message */
3456enum buildMsgState {
3457 BUILD_MSG_BEGIN = 0,
3458 BUILD_MSG_SIZE,
3459 BUILD_MSG_HASH,
3460 BUILD_MSG_VERIFY_MAC,
3461 BUILD_MSG_ENCRYPT,
3462 BUILD_MSG_ENCRYPTED_VERIFY_MAC,
3463};
3464
3465/* sub-states for cipher operations */
3466enum cipherState {
3467 CIPHER_STATE_BEGIN = 0,
3468 CIPHER_STATE_DO,
3469 CIPHER_STATE_END,
3470};
3471
3472typedef struct Options {
3473#ifndef NO_PSK
3474 wc_psk_client_callback client_psk_cb;
3475 wc_psk_server_callback server_psk_cb;
3476#ifdef WOLFSSL_TLS13
3477 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
3478 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
3479#endif
3480 void* psk_ctx;
3481#endif /* NO_PSK */
3482#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
3483 unsigned long mask; /* store SSL_OP_ flags */
3484#endif
3485
3486 /* on/off or small bit flags, optimize layout */
3487#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3488 word16 havePSK:1; /* psk key set by user */
3489#endif /* HAVE_SESSION_TICKET || !NO_PSK */
3490 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
3491 word16 sessionCacheOff:1;
3492 word16 sessionCacheFlushOff:1;
3493#ifdef HAVE_EXT_CACHE
3494 word16 internalCacheOff:1;
3495#endif
3496 word16 side:2; /* client, server or neither end */
3497 word16 verifyPeer:1;
3498 word16 verifyNone:1;
3499 word16 failNoCert:1;
3500 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
3501 word16 downgrade:1; /* allow downgrade of versions */
3502 word16 resuming:1;
3503 word16 haveSessionId:1; /* server may not send */
3504 word16 tls:1; /* using TLS ? */
3505 word16 tls1_1:1; /* using TLSv1.1+ ? */
3506 word16 tls1_3:1; /* using TLSv1.3+ ? */
3507 word16 dtls:1; /* using datagrams ? */
3508 word16 connReset:1; /* has the peer reset */
3509 word16 isClosed:1; /* if we consider conn closed */
3510 word16 closeNotify:1; /* we've received a close notify */
3511 word16 sentNotify:1; /* we've sent a close notify */
3512 word16 usingCompression:1; /* are we using compression */
3513 word16 haveRSA:1; /* RSA available */
3514 word16 haveECC:1; /* ECC available */
3515 word16 haveDH:1; /* server DH parms set by user */
3516 word16 haveNTRU:1; /* server NTRU private key loaded */
3517 word16 haveQSH:1; /* have QSH ability */
3518 word16 haveECDSAsig:1; /* server ECDSA signed cert */
3519 word16 haveStaticECC:1; /* static server ECC private key */
3520 word16 havePeerCert:1; /* do we have peer's cert */
3521 word16 havePeerVerify:1; /* and peer's cert verify */
3522 word16 usingPSK_cipher:1; /* are using psk as cipher */
3523 word16 usingAnon_cipher:1; /* are we using an anon cipher */
3524 word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
3525 word16 sendAlertState:1; /* nonblocking resume */
3526 word16 partialWrite:1; /* only one msg per write call */
3527 word16 quietShutdown:1; /* don't send close notify */
3528 word16 certOnly:1; /* stop once we get cert */
3529 word16 groupMessages:1; /* group handshake messages */
3530 word16 saveArrays:1; /* save array Memory for user get keys
3531 or psk */
3532 word16 weOwnRng:1; /* will be true unless CTX owns */
3533 word16 haveEMS:1; /* using extended master secret */
3534#ifdef HAVE_POLY1305
3535 word16 oldPoly:1; /* set when to use old rfc way of poly*/
3536#endif
3537#ifdef HAVE_ANON
3538 word16 haveAnon:1; /* User wants to allow Anon suites */
3539#endif
3540#ifdef HAVE_SESSION_TICKET
3541 word16 createTicket:1; /* Server to create new Ticket */
3542 word16 useTicket:1; /* Use Ticket not session cache */
3543 word16 rejectTicket:1; /* Callback rejected ticket */
3544 word16 noTicketTls12:1; /* TLS 1.2 server won't send ticket */
3545#ifdef WOLFSSL_TLS13
3546 word16 noTicketTls13:1; /* Server won't create new Ticket */
3547#endif
3548#endif
3549#ifdef WOLFSSL_DTLS
3550 word16 dtlsUseNonblock:1; /* are we using nonblocking socket */
3551 word16 dtlsHsRetain:1; /* DTLS retaining HS data */
3552 word16 haveMcast:1; /* using multicast ? */
3553#ifdef WOLFSSL_SCTP
3554 word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
3555#endif
3556#endif
3557#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
3558 word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
3559#endif
3560 word16 keepResources:1; /* Keep resources after handshake */
3561 word16 useClientOrder:1; /* Use client's cipher order */
3562 word16 mutualAuth:1; /* Mutual authentication is rquired */
3563#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3564 word16 postHandshakeAuth:1;/* Client send post_handshake_auth
3565 * extension */
3566#endif
3567#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
3568 word16 sendCookie:1; /* Server creates a Cookie in HRR */
3569#endif
3570#ifdef WOLFSSL_ALT_CERT_CHAINS
3571 word16 usingAltCertChain:1;/* Alternate cert chain was used */
3572#endif
3573#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
3574 word16 sentChangeCipher:1; /* Change Cipher Spec sent */
3575#endif
3576#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
3577 ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
3578 (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
3579 word16 cacheMessages:1; /* Cache messages for sign/verify */
3580#endif
3581#ifndef NO_DH
3582 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
3583 !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
3584 word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */
3585 word16 dhKeyTested:1; /* Set when key has been tested. */
3586 #endif
3587#endif
3588#ifdef SINGLE_THREADED
3589 word16 ownSuites:1; /* if suites are malloced in ssl object */
3590#endif
3591#ifdef HAVE_ENCRYPT_THEN_MAC
3592 word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
3593 word16 encThenMac:1; /* Doing Encrypt-Then-MAC */
3594 word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */
3595 word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */
3596#endif
3597
3598 /* need full byte values for this section */
3599 byte processReply; /* nonblocking resume */
3600 byte cipherSuite0; /* first byte, normally 0 */
3601 byte cipherSuite; /* second byte, actual suite */
3602 byte serverState;
3603 byte clientState;
3604 byte handShakeState;
3605 byte handShakeDone; /* at least one handshake complete */
3606 byte minDowngrade; /* minimum downgrade version */
3607 byte connectState; /* nonblocking resume */
3608 byte acceptState; /* nonblocking resume */
3609 byte asyncState; /* sub-state for enum asyncState */
3610 byte buildMsgState; /* sub-state for enum buildMsgState */
3611 byte alertCount; /* detect warning dos attempt */
3612#ifdef WOLFSSL_MULTICAST
3613 word16 mcastID; /* Multicast group ID */
3614#endif
3615#ifndef NO_DH
3616 word16 minDhKeySz; /* minimum DH key size */
3617 word16 maxDhKeySz; /* minimum DH key size */
3618 word16 dhKeySz; /* actual DH key size */
3619#endif
3620#ifndef NO_RSA
3621 short minRsaKeySz; /* minimum RSA key size */
3622#endif
3623#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
3624 short minEccKeySz; /* minimum ECC key size */
3625#endif
3626#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3627 byte verifyDepth; /* maximum verification depth */
3628#endif
3629#ifdef WOLFSSL_EARLY_DATA
3630 word16 pskIdIndex;
3631 word32 maxEarlyDataSz;
3632#endif
3633#ifdef WOLFSSL_TLS13
3634 byte oldMinor; /* client preferred version < TLS 1.3 */
3635#endif
3636} Options;
3637
3638typedef struct Arrays {
3639 byte* pendingMsg; /* defrag buffer */
3640 byte* preMasterSecret;
3641 word32 preMasterSz; /* differs for DH, actual size */
3642 word32 pendingMsgSz; /* defrag buffer size */
3643 word32 pendingMsgOffset; /* current offset into defrag buffer */
3644#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3645 word32 psk_keySz; /* actual size */
3646 char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
3647 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
3648 byte psk_key[MAX_PSK_KEY_LEN];
3649#endif
3650 byte clientRandom[RAN_LEN];
3651 byte serverRandom[RAN_LEN];
3652 byte sessionID[ID_LEN];
3653 byte sessionIDSz;
3654#ifdef WOLFSSL_TLS13
3655 byte secret[SECRET_LEN];
3656#endif
3657#ifdef HAVE_KEYING_MATERIAL
3658 byte exporterSecret[WC_MAX_DIGEST_SIZE];
3659#endif
3660 byte masterSecret[SECRET_LEN];
3661#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
3662 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
3663 byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE];
3664#endif
3665#ifdef WOLFSSL_DTLS
3666 byte cookie[MAX_COOKIE_LEN];
3667 byte cookieSz;
3668#endif
3669 byte pendingMsgType; /* defrag buffer message type */
3670} Arrays;
3671
3672#ifndef ASN_NAME_MAX
3673#define ASN_NAME_MAX 256
3674#endif
3675
3676#ifndef MAX_DATE_SZ
3677#define MAX_DATE_SZ 32
3678#endif
3679
3680#define STACK_TYPE_X509 0
3681#define STACK_TYPE_GEN_NAME 1
3682#define STACK_TYPE_BIO 2
3683#define STACK_TYPE_OBJ 3
3684#define STACK_TYPE_STRING 4
3685#define STACK_TYPE_CIPHER 5
3686#define STACK_TYPE_ACCESS_DESCRIPTION 6
3687#define STACK_TYPE_X509_EXT 7
3688#define STACK_TYPE_NULL 8
3689#define STACK_TYPE_X509_NAME 9
3690#define STACK_TYPE_CONF_VALUE 10
3691#define STACK_TYPE_X509_INFO 11
3692
3693struct WOLFSSL_STACK {
3694 unsigned long num; /* number of nodes in stack
3695 * (safety measure for freeing and shortcut for count) */
3696 #if defined(OPENSSL_ALL)
3697 wolf_sk_compare_cb comp;
3698 wolf_sk_hash_cb hash_fn;
3699 unsigned long hash;
3700 #endif
3701
3702 union {
3703 WOLFSSL_X509* x509;
3704 WOLFSSL_X509_NAME* name;
3705 WOLFSSL_X509_INFO* info;
3706 WOLFSSL_BIO* bio;
3707 WOLFSSL_ASN1_OBJECT* obj;
3708 WOLFSSL_CIPHER cipher;
3709 WOLFSSL_ACCESS_DESCRIPTION* access;
3710 WOLFSSL_X509_EXTENSION* ext;
3711#ifdef OPENSSL_EXTRA
3712 WOLFSSL_CONF_VALUE* conf;
3713#endif
3714 void* generic;
3715 char* string;
3716 WOLFSSL_GENERAL_NAME* gn;
3717 } data;
3718 void* heap; /* memory heap hint */
3719 WOLFSSL_STACK* next;
3720 byte type; /* Identifies type of stack. */
3721};
3722
3723struct WOLFSSL_X509_NAME {
3724 char *name;
3725 int dynamicName;
3726 int sz;
3727 char staticName[ASN_NAME_MAX];
3728#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
3729 !defined(NO_ASN)
3730 int entrySz; /* number of entries */
3731 WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
3732 WOLFSSL_X509* x509; /* x509 that struct belongs to */
3733#endif /* OPENSSL_EXTRA */
3734#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
3735 byte raw[ASN_NAME_MAX];
3736 int rawLen;
3737#endif
3738 void* heap;
3739};
3740
3741#ifndef EXTERNAL_SERIAL_SIZE
3742 #define EXTERNAL_SERIAL_SIZE 32
3743#endif
3744
3745#ifdef NO_ASN
3746 typedef struct DNS_entry DNS_entry;
3747#endif
3748
3749struct WOLFSSL_X509 {
3750 int version;
3751 int serialSz;
3752#ifdef WOLFSSL_SEP
3753 int deviceTypeSz;
3754 int hwTypeSz;
3755 byte deviceType[EXTERNAL_SERIAL_SIZE];
3756 byte hwType[EXTERNAL_SERIAL_SIZE];
3757 int hwSerialNumSz;
3758 byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
3759#endif /* WOLFSSL_SEP */
3760#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \
3761 (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
3762 byte certPolicySet;
3763 byte certPolicyCrit;
3764#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
3765#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
3766 WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
3767 WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
3768 WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
3769#endif /* WOLFSSL_QT || OPENSSL_ALL */
3770#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
3771 WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
3772#endif
3773 WOLFSSL_ASN1_TIME notBefore;
3774 WOLFSSL_ASN1_TIME notAfter;
3775 buffer sig;
3776 int sigOID;
3777 DNS_entry* altNames; /* alt names list */
3778 buffer pubKey;
3779 int pubKeyOID;
3780 DNS_entry* altNamesNext; /* hint for retrieval */
3781#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
3782 word32 pkCurveOID;
3783#endif /* HAVE_ECC */
3784#ifndef NO_CERTS
3785 DerBuffer* derCert; /* may need */
3786#endif
3787 void* heap; /* heap hint */
3788 byte dynamicMemory; /* dynamic memory flag */
3789 byte isCa:1;
3790#ifdef WOLFSSL_CERT_EXT
3791 char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
3792 int certPoliciesNb;
3793#endif /* WOLFSSL_CERT_EXT */
3794#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
3795 wolfSSL_Mutex refMutex; /* ref count mutex */
3796 int refCount; /* reference count */
3797#endif
3798#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3799#ifdef HAVE_EX_DATA
3800 WOLFSSL_CRYPTO_EX_DATA ex_data;
3801#endif
3802 byte* authKeyId;
3803 byte* subjKeyId;
3804 byte* extKeyUsageSrc;
3805 const byte* CRLInfo;
3806 byte* authInfo;
3807#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
3808 byte* authInfoCaIssuer;
3809 int authInfoCaIssuerSz;
3810#endif
3811 word32 pathLength;
3812 word16 keyUsage;
3813 int CRLInfoSz;
3814 int authInfoSz;
3815 word32 authKeyIdSz;
3816 word32 subjKeyIdSz;
3817 word32 extKeyUsageSz;
3818 word32 extKeyUsageCount;
3819
3820 byte CRLdistSet:1;
3821 byte CRLdistCrit:1;
3822 byte authInfoSet:1;
3823 byte authInfoCrit:1;
3824 byte keyUsageSet:1;
3825 byte keyUsageCrit:1;
3826 byte extKeyUsageCrit:1;
3827 byte subjKeyIdSet:1;
3828
3829 byte subjKeyIdCrit:1;
3830 byte basicConstSet:1;
3831 byte basicConstCrit:1;
3832 byte basicConstPlSet:1;
3833 byte subjAltNameSet:1;
3834 byte subjAltNameCrit:1;
3835 byte authKeyIdSet:1;
3836 byte authKeyIdCrit:1;
3837 byte issuerSet:1;
3838#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
3839#ifdef WOLFSSL_CERT_REQ
3840 byte isCSR:1;
3841#endif
3842 byte serial[EXTERNAL_SERIAL_SIZE];
3843 char subjectCN[ASN_NAME_MAX]; /* common name short cut */
3844#ifdef WOLFSSL_CERT_REQ
3845#ifdef OPENSSL_ALL
3846 WOLFSSL_X509_ATTRIBUTE* challengePwAttr;
3847#endif
3848 char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
3849#endif
3850 WOLFSSL_X509_NAME issuer;
3851 WOLFSSL_X509_NAME subject;
3852#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
3853 WOLFSSL_X509_ALGOR algor;
3854 WOLFSSL_X509_PUBKEY key;
3855#endif
3856#if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \
3857 defined(SESSION_CERTS)
3858 byte notBeforeData[CTC_DATE_SIZE];
3859 byte notAfterData[CTC_DATE_SIZE];
3860#endif
3861};
3862
3863
3864/* record layer header for PlainText, Compressed, and CipherText */
3865typedef struct RecordLayerHeader {
3866 byte type;
3867 byte pvMajor;
3868 byte pvMinor;
3869 byte length[2];
3870} RecordLayerHeader;
3871
3872
3873/* record layer header for DTLS PlainText, Compressed, and CipherText */
3874typedef struct DtlsRecordLayerHeader {
3875 byte type;
3876 byte pvMajor;
3877 byte pvMinor;
3878 byte sequence_number[8]; /* per record */
3879 byte length[2];
3880} DtlsRecordLayerHeader;
3881
3882
3883typedef struct DtlsFrag {
3884 word32 begin;
3885 word32 end;
3886 struct DtlsFrag* next;
3887} DtlsFrag;
3888
3889
3890typedef struct DtlsMsg {
3891 struct DtlsMsg* next;
3892 byte* buf;
3893 byte* msg;
3894 DtlsFrag* fragList;
3895 word32 fragSz; /* Length of fragments received */
3896 word16 epoch; /* Epoch that this message belongs to */
3897 word32 seq; /* Handshake sequence number */
3898 word32 sz; /* Length of whole message */
3899 byte type;
3900} DtlsMsg;
3901
3902
3903#ifdef HAVE_NETX
3904
3905 /* NETX I/O Callback default */
3906 typedef struct NetX_Ctx {
3907 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
3908 NX_PACKET* nxPacket; /* incoming packet handle for short reads */
3909 ULONG nxOffset; /* offset already read from nxPacket */
3910 ULONG nxWait; /* wait option flag */
3911 } NetX_Ctx;
3912
3913#endif
3914
3915/* Handshake messages received from peer (plus change cipher */
3916typedef struct MsgsReceived {
3917 word16 got_hello_request:1;
3918 word16 got_client_hello:2;
3919 word16 got_server_hello:2;
3920 word16 got_hello_verify_request:1;
3921 word16 got_session_ticket:1;
3922 word16 got_end_of_early_data:1;
3923 word16 got_hello_retry_request:1;
3924 word16 got_encrypted_extensions:1;
3925 word16 got_certificate:1;
3926 word16 got_certificate_status:1;
3927 word16 got_server_key_exchange:1;
3928 word16 got_certificate_request:1;
3929 word16 got_server_hello_done:1;
3930 word16 got_certificate_verify:1;
3931 word16 got_client_key_exchange:1;
3932 word16 got_finished:1;
3933 word16 got_key_update:1;
3934 word16 got_change_cipher:1;
3935} MsgsReceived;
3936
3937
3938/* Handshake hashes */
3939typedef struct HS_Hashes {
3940 Hashes verifyHashes;
3941 Hashes certHashes; /* for cert verify */
3942#ifndef NO_SHA
3943 wc_Sha hashSha; /* sha hash of handshake msgs */
3944#endif
3945#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
3946 wc_Md5 hashMd5; /* md5 hash of handshake msgs */
3947#endif
3948#ifndef NO_SHA256
3949 wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */
3950#endif
3951#ifdef WOLFSSL_SHA384
3952 wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */
3953#endif
3954#ifdef WOLFSSL_SHA512
3955 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
3956#endif
3957#if (defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
3958 !defined(WOLFSSL_NO_CLIENT_AUTH)
3959 byte* messages; /* handshake messages */
3960 int length; /* length of handshake messages' data */
3961 int prevLen; /* length of messages but last */
3962#endif
3963} HS_Hashes;
3964
3965
3966#ifndef WOLFSSL_NO_TLS12
3967/* Persistable BuildMessage arguments */
3968typedef struct BuildMsgArgs {
3969 word32 digestSz;
3970 word32 sz;
3971 word32 pad;
3972 word32 idx;
3973 word32 headerSz;
3974 word16 size;
3975 word32 ivSz; /* TLSv1.1 IV */
3976 byte* iv;
3977} BuildMsgArgs;
3978#endif
3979
3980#ifdef WOLFSSL_ASYNC_CRYPT
3981 #define MAX_ASYNC_ARGS 18
3982 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
3983
3984 struct WOLFSSL_ASYNC {
3985 WC_ASYNC_DEV* dev;
3986 FreeArgsCb freeArgs; /* function pointer to cleanup args */
3987 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
3988 BuildMsgArgs buildArgs; /* holder for current BuildMessage args */
3989 };
3990#endif
3991
3992#ifdef HAVE_WRITE_DUP
3993
3994 #define WRITE_DUP_SIDE 1
3995 #define READ_DUP_SIDE 2
3996
3997 typedef struct WriteDup {
3998 wolfSSL_Mutex dupMutex; /* reference count mutex */
3999 int dupCount; /* reference count */
4000 int dupErr; /* under dupMutex, pass to other side */
4001 } WriteDup;
4002
4003 WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
4004 WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
4005#endif /* HAVE_WRITE_DUP */
4006
4007#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
4008typedef struct CertReqCtx CertReqCtx;
4009
4010struct CertReqCtx {
4011 CertReqCtx* next;
4012 byte len;
4013 byte ctx;
4014};
4015#endif
4016
4017#ifdef WOLFSSL_EARLY_DATA
4018typedef enum EarlyDataState {
4019 no_early_data,
4020 early_data_ext,
4021 expecting_early_data,
4022 process_early_data,
4023 done_early_data
4024} EarlyDataState;
4025#endif
4026
4027/* wolfSSL ssl type */
4028struct WOLFSSL {
4029 WOLFSSL_CTX* ctx;
4030 Suites* suites; /* only need during handshake */
4031 Arrays* arrays;
4032#ifdef WOLFSSL_TLS13
4033 byte clientSecret[SECRET_LEN];
4034 byte serverSecret[SECRET_LEN];
4035#endif
4036 HS_Hashes* hsHashes;
4037 void* IOCB_ReadCtx;
4038 void* IOCB_WriteCtx;
4039 WC_RNG* rng;
4040 void* verifyCbCtx; /* cert verify callback user ctx*/
4041 VerifyCallback verifyCallback; /* cert verification callback */
4042 void* heap; /* for user overrides */
4043#ifdef HAVE_WRITE_DUP
4044 WriteDup* dupWrite; /* valid pointer indicates ON */
4045 /* side that decrements dupCount to zero frees overall structure */
4046 byte dupSide; /* write side or read side */
4047#endif
4048#ifdef OPENSSL_EXTRA
4049 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
4050#endif
4051 CallbackIORecv CBIORecv;
4052 CallbackIOSend CBIOSend;
4053#ifdef WOLFSSL_STATIC_MEMORY
4054 WOLFSSL_HEAP_HINT heap_hint;
4055#endif
4056#ifndef NO_HANDSHAKE_DONE_CB
4057 HandShakeDoneCb hsDoneCb; /* notify user handshake done */
4058 void* hsDoneCtx; /* user handshake cb context */
4059#endif
4060#ifdef WOLFSSL_ASYNC_CRYPT
4061 struct WOLFSSL_ASYNC async;
4062#elif defined(WOLFSSL_NONBLOCK_OCSP)
4063 void* nonblockarg; /* dynamic arg for handling non-block resume */
4064#endif
4065 void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
4066 word32 hsType; /* Type of Handshake key (hsKey) */
4067 WOLFSSL_CIPHER cipher;
4068#ifndef WOLFSSL_AEAD_ONLY
4069 hmacfp hmac;
4070#endif
4071 Ciphers encrypt;
4072 Ciphers decrypt;
4073 Buffers buffers;
4074 WOLFSSL_SESSION session;
4075#ifdef HAVE_EXT_CACHE
4076 WOLFSSL_SESSION* extSession;
4077#endif
4078 WOLFSSL_ALERT_HISTORY alert_history;
4079 int error;
4080 int rfd; /* read file descriptor */
4081 int wfd; /* write file descriptor */
4082 int rflags; /* user read flags */
4083 int wflags; /* user write flags */
4084 word32 timeout; /* session timeout */
4085 word32 fragOffset; /* fragment offset */
4086 word16 curSize;
4087 byte verifyDepth;
4088 RecordLayerHeader curRL;
4089 MsgsReceived msgsReceived; /* peer messages received */
4090 ProtocolVersion version; /* negotiated version */
4091 ProtocolVersion chVersion; /* client hello version */
4092 CipherSpecs specs;
4093 Keys keys;
4094 Options options;
4095#ifdef OPENSSL_EXTRA
4096 CallbackInfoState* CBIS; /* used to get info about SSL state */
4097 int cbmode; /* read or write on info callback */
4098 int cbtype; /* event type in info callback */
4099 WOLFSSL_BIO* biord; /* socket bio read to free/close */
4100 WOLFSSL_BIO* biowr; /* socket bio write to free/close */
4101 byte sessionCtx[ID_LEN]; /* app session context ID */
4102 WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
4103#endif
4104#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
4105 unsigned long peerVerifyRet;
4106#endif
4107#ifdef OPENSSL_EXTRA
4108 byte readAhead;
4109 byte sessionCtxSz; /* size of sessionCtx stored */
4110#ifdef HAVE_PK_CALLBACKS
4111 void* loggingCtx; /* logging callback argument */
4112#endif
4113#endif /* OPENSSL_EXTRA */
4114#ifndef NO_RSA
4115 RsaKey* peerRsaKey;
4116#ifdef WOLFSSL_RENESAS_TSIP_TLS
4117 byte *peerTsipEncRsaKeyIndex;
4118#endif
4119 byte peerRsaKeyPresent;
4120#endif
4121#ifdef HAVE_QSH
4122 QSHKey* QSH_Key;
4123 QSHKey* peerQSHKey;
4124 QSHSecret* QSH_secret;
4125 byte isQSH; /* is the handshake a QSH? */
4126 byte sendQSHKeys; /* flag for if the client should sen
4127 public keys */
4128 byte peerQSHKeyPresent;
4129 byte minRequest;
4130 byte maxRequest;
4131 byte user_set_QSHSchemes;
4132#endif
4133#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
4134 word16 namedGroup;
4135#endif
4136#ifdef WOLFSSL_TLS13
4137 word16 group[WOLFSSL_MAX_GROUP_COUNT];
4138 byte numGroups;
4139#endif
4140 word16 pssAlgo;
4141#ifdef WOLFSSL_TLS13
4142 word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
4143 byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
4144 * offer */
4145#endif
4146#ifdef HAVE_NTRU
4147 word16 peerNtruKeyLen;
4148 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
4149 byte peerNtruKeyPresent;
4150#endif
4151#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
4152 int eccVerifyRes;
4153#endif
4154#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
4155 word32 ecdhCurveOID; /* curve Ecc_Sum */
4156 ecc_key* eccTempKey; /* private ECDHE key */
4157 byte eccTempKeyPresent; /* also holds type */
4158 byte peerEccKeyPresent;
4159#endif
4160#ifdef HAVE_ECC
4161 ecc_key* peerEccKey; /* peer's ECDHE key */
4162 ecc_key* peerEccDsaKey; /* peer's ECDSA key */
4163 word16 eccTempKeySz; /* in octets 20 - 66 */
4164 byte peerEccDsaKeyPresent;
4165#endif
4166#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE448)
4167 word32 pkCurveOID; /* curve Ecc_Sum */
4168#endif
4169#ifdef HAVE_ED25519
4170 ed25519_key* peerEd25519Key;
4171 byte peerEd25519KeyPresent;
4172#endif
4173#ifdef HAVE_CURVE25519
4174 curve25519_key* peerX25519Key;
4175 byte peerX25519KeyPresent;
4176#endif
4177#ifdef HAVE_ED448
4178 ed448_key* peerEd448Key;
4179 byte peerEd448KeyPresent;
4180#endif
4181#ifdef HAVE_CURVE448
4182 curve448_key* peerX448Key;
4183 byte peerX448KeyPresent;
4184#endif
4185#ifdef HAVE_LIBZ
4186 z_stream c_stream; /* compression stream */
4187 z_stream d_stream; /* decompression stream */
4188 byte didStreamInit; /* for stream init and end */
4189#endif
4190#ifdef WOLFSSL_DTLS
4191 int dtls_timeout_init; /* starting timeout value */
4192 int dtls_timeout_max; /* maximum timeout value */
4193 int dtls_timeout; /* current timeout value, changes */
4194#ifndef NO_ASN_TIME
4195 word32 dtls_start_timeout;
4196#endif /* !NO_ASN_TIME */
4197 word32 dtls_tx_msg_list_sz;
4198 word32 dtls_rx_msg_list_sz;
4199 DtlsMsg* dtls_tx_msg_list;
4200 DtlsMsg* dtls_tx_msg;
4201 DtlsMsg* dtls_rx_msg_list;
4202 void* IOCB_CookieCtx; /* gen cookie ctx */
4203 word32 dtls_expected_rx;
4204#ifdef WOLFSSL_SESSION_EXPORT
4205 wc_dtls_export dtls_export; /* export function for session */
4206#endif
4207#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
4208 word16 dtlsMtuSz;
4209#endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */
4210#ifdef WOLFSSL_MULTICAST
4211 void* mcastHwCbCtx; /* Multicast highwater callback ctx */
4212#endif /* WOLFSSL_MULTICAST */
4213#ifdef WOLFSSL_DTLS_DROP_STATS
4214 word32 macDropCount;
4215 word32 replayDropCount;
4216#endif /* WOLFSSL_DTLS_DROP_STATS */
4217#endif /* WOLFSSL_DTLS */
4218#ifdef WOLFSSL_CALLBACKS
4219 TimeoutInfo timeoutInfo; /* info saved during handshake */
4220 HandShakeInfo handShakeInfo; /* info saved during handshake */
4221#endif
4222#ifdef OPENSSL_EXTRA
4223 SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
4224 void* protoMsgCtx; /* user set context with msg callback */
4225#endif
4226#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
4227 byte hsInfoOn; /* track handshake info */
4228 byte toInfoOn; /* track timeout info */
4229#endif
4230#ifdef HAVE_FUZZER
4231 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
4232 void* fuzzerCtx; /* user defined pointer */
4233#endif
4234#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
4235 CertReqCtx* certReqCtx;
4236#endif
4237#ifdef KEEP_PEER_CERT
4238 WOLFSSL_X509 peerCert; /* X509 peer cert */
4239#endif
4240#ifdef KEEP_OUR_CERT
4241 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
4242 points to ctx if not owned (owned
4243 flag found in buffers.weOwnCert) */
4244#endif
4245 byte keepCert; /* keep certificate after handshake */
4246#if defined(HAVE_EX_DATA) || defined(FORTRESS)
4247 WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */
4248#endif
4249 int devId; /* async device id to use */
4250#ifdef HAVE_ONE_TIME_AUTH
4251 OneTimeAuth auth;
4252#endif
4253#ifdef HAVE_TLS_EXTENSIONS
4254 TLSX* extensions; /* RFC 6066 TLS Extensions data */
4255 #ifdef HAVE_MAX_FRAGMENT
4256 word16 max_fragment;
4257 #endif
4258 #ifdef HAVE_TRUNCATED_HMAC
4259 byte truncated_hmac;
4260 #endif
4261 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
4262 byte status_request;
4263 #endif
4264 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
4265 byte status_request_v2;
4266 #endif
4267 #if defined(HAVE_SECURE_RENEGOTIATION) \
4268 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
4269 int secure_rene_count; /* how many times */
4270 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
4271 #endif /* user turned on */
4272 #ifdef HAVE_ALPN
4273 char* alpn_client_list; /* keep the client's list */
4274 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
4275 CallbackALPNSelect alpnSelect;
4276 void* alpnSelectArg;
4277 #endif
4278 #endif /* of accepted protocols */
4279 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
4280 CallbackSessionTicket session_ticket_cb;
4281 void* session_ticket_ctx;
4282 byte expect_session_ticket;
4283 #endif
4284#endif /* HAVE_TLS_EXTENSIONS */
4285#ifdef HAVE_OCSP
4286 void* ocspIOCtx;
4287 byte ocspProducedDate[MAX_DATE_SZ];
4288 int ocspProducedDateFormat;
4289 #ifdef OPENSSL_EXTRA
4290 byte* ocspResp;
4291 int ocspRespSz;
4292 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
4293 char* url;
4294 #endif
4295 #endif
4296#endif
4297#ifdef HAVE_NETX
4298 NetX_Ctx nxCtx; /* NetX IO Context */
4299#endif
4300#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
4301 void* mnCtx; /* mynewt mn_socket IO Context */
4302#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
4303#ifdef WOLFSSL_GNRC
4304 struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */
4305#endif
4306#ifdef SESSION_INDEX
4307 int sessionIndex; /* Session's location in the cache. */
4308#endif
4309#ifdef ATOMIC_USER
4310 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
4311 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
4312 #ifdef HAVE_ENCRYPT_THEN_MAC
4313 void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */
4314 void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */
4315 #endif
4316#endif
4317#ifdef HAVE_PK_CALLBACKS
4318 #ifdef HAVE_ECC
4319 void* EccKeyGenCtx; /* EccKeyGen Callback Context */
4320 void* EccSignCtx; /* Ecc Sign Callback Context */
4321 void* EccVerifyCtx; /* Ecc Verify Callback Context */
4322 void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
4323 #ifdef HAVE_ED25519
4324 void* Ed25519SignCtx; /* ED25519 Sign Callback Context */
4325 void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */
4326 #endif
4327 #ifdef HAVE_CURVE25519
4328 void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */
4329 void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
4330 #endif
4331 #ifdef HAVE_ED448
4332 void* Ed448SignCtx; /* ED448 Sign Callback Context */
4333 void* Ed448VerifyCtx; /* ED448 Verify Callback Context */
4334 #endif
4335 #ifdef HAVE_CURVE448
4336 void* X448KeyGenCtx; /* X448 KeyGen Callback Context */
4337 void* X448SharedSecretCtx; /* X448 Pms Callback Context */
4338 #endif
4339 #endif /* HAVE_ECC */
4340 #ifndef NO_DH
4341 void* DhAgreeCtx; /* DH Pms Callback Context */
4342 #endif /* !NO_DH */
4343 #ifndef NO_RSA
4344 void* RsaSignCtx; /* Rsa Sign Callback Context */
4345 void* RsaVerifyCtx; /* Rsa Verify Callback Context */
4346 #ifdef WC_RSA_PSS
4347 void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */
4348 void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */
4349 #endif
4350 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
4351 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
4352 #endif /* NO_RSA */
4353#endif /* HAVE_PK_CALLBACKS */
4354#ifdef HAVE_SECRET_CALLBACK
4355 SessionSecretCb sessionSecretCb;
4356 void* sessionSecretCtx;
4357 #ifdef WOLFSSL_TLS13
4358 Tls13SecretCb tls13SecretCb;
4359 void* tls13SecretCtx;
4360 #endif
4361#endif /* HAVE_SECRET_CALLBACK */
4362#ifdef WOLFSSL_JNI
4363 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
4364#endif /* WOLFSSL_JNI */
4365#ifdef WOLFSSL_EARLY_DATA
4366 EarlyDataState earlyData;
4367 word32 earlyDataSz;
4368#endif
4369#ifdef OPENSSL_ALL
4370 long verifyCallbackResult;
4371#endif
4372#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
4373 WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
4374 WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
4375#endif
4376#ifdef WOLFSSL_STATIC_EPHEMERAL
4377 StaticKeyExchangeInfo_t staticKE;
4378#endif
4379#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
4380 /* Added in libest port: allow applications to get the 'tls-unique' Channel
4381 * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is
4382 * used in the EST protocol to bind an enrollment to a TLS session through
4383 * 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4
4384 * and https://tools.ietf.org/html/rfc7030#section-3.5). */
4385 byte clientFinished[TLS_FINISHED_SZ];
4386 byte serverFinished[TLS_FINISHED_SZ];
4387#endif
4388};
4389
4390
4391WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr);
4392WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
4393WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
4394WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap);
4395WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
4396
4397
4398#ifndef NO_CERTS
4399
4400 WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
4401 long sz, int format, int type, WOLFSSL* ssl,
4402 long* used, int userChain, int verify);
4403 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
4404 int type, WOLFSSL* ssl, int userChain,
4405 WOLFSSL_CRL* crl, int verify);
4406
4407 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
4408 size_t domainNameLen);
4409#endif
4410
4411
4412#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
4413 WOLFSSL_LOCAL
4414 void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*);
4415 WOLFSSL_LOCAL
4416 void FinishHandShakeInfo(HandShakeInfo*);
4417 WOLFSSL_LOCAL
4418 void AddPacketName(WOLFSSL* ssl, const char* name);
4419
4420 WOLFSSL_LOCAL
4421 void InitTimeoutInfo(TimeoutInfo*);
4422 WOLFSSL_LOCAL
4423 void FreeTimeoutInfo(TimeoutInfo*, void*);
4424 WOLFSSL_LOCAL
4425 void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
4426 const byte* data, int sz, int write, void* heap);
4427 WOLFSSL_LOCAL
4428 void AddLateName(const char*, TimeoutInfo*);
4429 WOLFSSL_LOCAL
4430 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
4431#endif
4432
4433
4434/* Record Layer Header identifier from page 12 */
4435enum ContentType {
4436 no_type = 0,
4437 change_cipher_spec = 20,
4438 alert = 21,
4439 handshake = 22,
4440 application_data = 23
4441};
4442
4443
4444/* handshake header, same for each message type, pgs 20/21 */
4445typedef struct HandShakeHeader {
4446 byte type;
4447 word24 length;
4448} HandShakeHeader;
4449
4450
4451/* DTLS handshake header, same for each message type */
4452typedef struct DtlsHandShakeHeader {
4453 byte type;
4454 word24 length;
4455 byte message_seq[2]; /* start at 0, retransmit gets same # */
4456 word24 fragment_offset; /* bytes in previous fragments */
4457 word24 fragment_length; /* length of this fragment */
4458} DtlsHandShakeHeader;
4459
4460
4461enum HandShakeType {
4462 hello_request = 0,
4463 client_hello = 1,
4464 server_hello = 2,
4465 hello_verify_request = 3, /* DTLS addition */
4466 session_ticket = 4,
4467 end_of_early_data = 5,
4468 hello_retry_request = 6,
4469 encrypted_extensions = 8,
4470 certificate = 11,
4471 server_key_exchange = 12,
4472 certificate_request = 13,
4473 server_hello_done = 14,
4474 certificate_verify = 15,
4475 client_key_exchange = 16,
4476 finished = 20,
4477 certificate_status = 22,
4478 key_update = 24,
4479 change_cipher_hs = 55, /* simulate unique handshake type for sanity
4480 checks. record layer change_cipher
4481 conflicts with handshake finished */
4482 message_hash = 254, /* synthetic message type for TLS v1.3 */
4483 no_shake = 255 /* used to initialize the DtlsMsg record */
4484};
4485
4486enum ProvisionSide {
4487 PROVISION_CLIENT = 1,
4488 PROVISION_SERVER = 2,
4489 PROVISION_CLIENT_SERVER = 3
4490};
4491
4492
4493static const byte client[SIZEOF_SENDER+1] = { 0x43, 0x4C, 0x4E, 0x54, 0x00 }; /* CLNT */
4494static const byte server[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* SRVR */
4495
4496static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
4497static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
4498
4499#ifdef OPENSSL_EXTRA
4500typedef struct {
4501 int name_len;
4502 const char *name;
4503 int nid;
4504} WOLF_EC_NIST_NAME;
4505extern const WOLF_EC_NIST_NAME kNistCurves[];
4506/* This is the longest and shortest curve name in the kNistCurves list */
4507#define kNistCurves_MIN_NAME_LEN 5
4508#define kNistCurves_MAX_NAME_LEN 7
4509#endif
4510
4511/* internal functions */
4512WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
4513WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
4514WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
4515WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
4516#ifdef WOLFSSL_TLS13
4517WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
4518#endif
4519WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
4520WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
4521#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
4522 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
4523WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*);
4524#endif
4525#if defined(HAVE_SECURE_RENEGOTIATION) && \
4526 defined(HAVE_SERVER_RENEGOTIATION_INFO)
4527WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*);
4528#endif
4529WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
4530WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
4531WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
4532WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
4533WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
4534WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
4535WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
4536
4537WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
4538WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
4539
4540WOLFSSL_LOCAL int AddSession(WOLFSSL*);
4541WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
4542WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
4543
4544WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
4545WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
4546WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
4547WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl);
4548
4549WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
4550WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
4551WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
4552
4553WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
4554
4555WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
4556WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
4557
4558#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
4559WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey);
4560WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey);
4561#endif
4562
4563WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
4564 int *initTmpRng);
4565
4566#ifndef NO_CERTS
4567 #ifndef NO_RSA
4568 #ifdef WC_RSA_PSS
4569 WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
4570 byte* out, word32 sigSz, enum wc_HashType hashType);
4571 WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
4572 enum wc_HashType* hashType, int* mgf);
4573 #endif
4574 WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
4575 word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo,
4576 int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo);
4577 WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
4578 byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
4579 DerBuffer* keyBufInfo);
4580 WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
4581 byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
4582 buffer* keyBufInfo);
4583 WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
4584 word32* outSz, RsaKey* key, DerBuffer* keyBufInfo);
4585 WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
4586 word32* outSz, RsaKey* key, buffer* keyBufInfo);
4587 #endif /* !NO_RSA */
4588
4589 #ifdef HAVE_ECC
4590 WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
4591 byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo);
4592 WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
4593 const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo);
4594 WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
4595 ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
4596 word32* outlen, int side);
4597 #endif /* HAVE_ECC */
4598 #ifdef HAVE_ED25519
4599 WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl);
4600 WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
4601 byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo);
4602 WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in,
4603 word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
4604 buffer* keyBufInfo);
4605 #endif /* HAVE_ED25519 */
4606 #ifdef HAVE_ED448
4607 WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl);
4608 WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
4609 byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo);
4610 WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in,
4611 word32 inSz, const byte* msg, word32 msgSz, ed448_key* key,
4612 buffer* keyBufInfo);
4613 #endif /* HAVE_ED448 */
4614
4615
4616 #ifdef WOLFSSL_TRUST_PEER_CERT
4617
4618 /* options for searching hash table for a matching trusted peer cert */
4619 #define WC_MATCH_SKID 0
4620 #define WC_MATCH_NAME 1
4621
4622 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
4623 int type);
4624 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
4625 DecodedCert* cert);
4626 #endif
4627
4628 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
4629 #ifndef NO_SKID
4630 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
4631 #endif
4632#endif /* !NO_CERTS */
4633WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
4634 word32* hashLen);
4635WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
4636 const byte* sender);
4637WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
4638WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
4639WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
4640
4641#ifndef NO_TLS
4642 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
4643#ifndef WOLFSSL_AEAD_ONLY
4644 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
4645 word32 sz, int padSz, int content, int verify, int epochOrder);
4646#endif
4647#endif
4648
4649#ifndef NO_WOLFSSL_CLIENT
4650 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
4651 #ifdef WOLFSSL_TLS13
4652 WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
4653 #endif
4654 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
4655 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
4656#endif /* NO_WOLFSSL_CLIENT */
4657
4658#ifndef NO_WOLFSSL_SERVER
4659 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
4660 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
4661#endif /* NO_WOLFSSL_SERVER */
4662
4663#ifdef WOLFSSL_DTLS
4664 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
4665 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
4666 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
4667 WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl);
4668 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte,
4669 word32, word32, void*);
4670 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32);
4671 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32,
4672 byte, word32, word32, void*);
4673 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
4674
4675 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType);
4676 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
4677 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
4678 WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head);
4679 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
4680 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
4681#endif /* WOLFSSL_DTLS */
4682
4683#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
4684 WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl);
4685 WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl);
4686 WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl);
4687 WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order);
4688#endif
4689 WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl);
4690
4691 WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out);
4692
4693#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
4694 WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
4695#endif
4696WOLFSSL_LOCAL word32 LowResTimer(void);
4697
4698#ifndef NO_CERTS
4699 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*);
4700 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
4701 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
4702 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
4703 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
4704#endif
4705
4706#ifndef MAX_CIPHER_NAME
4707#define MAX_CIPHER_NAME 50
4708#endif
4709
4710#ifdef WOLFSSL_NAMES_STATIC
4711typedef char cipher_name[MAX_CIPHER_NAME];
4712#else
4713typedef const char* cipher_name;
4714#endif
4715
4716typedef struct CipherSuiteInfo {
4717 cipher_name name;
4718#ifndef NO_ERROR_STRINGS
4719 cipher_name name_iana;
4720#endif
4721 byte cipherSuite0;
4722 byte cipherSuite;
4723#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
4724 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
4725 byte minor;
4726 byte major;
4727#endif
4728 byte flags;
4729} CipherSuiteInfo;
4730
4731WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
4732WOLFSSL_LOCAL int GetCipherNamesSize(void);
4733WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite);
4734#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
4735/* used in wolfSSL_sk_CIPHER_description */
4736#define MAX_SEGMENTS 5
4737#define MAX_SEGMENT_SZ 20
4738WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*);
4739WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor);
4740WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]);
4741WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]);
4742WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]);
4743WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]);
4744WOLFSSL_LOCAL int SetCipherBits(const char* enc);
4745#endif
4746WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite);
4747WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
4748WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
4749WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
4750 byte* cipherSuite, int* flags);
4751
4752
4753enum encrypt_side {
4754 ENCRYPT_SIDE_ONLY = 1,
4755 DECRYPT_SIDE_ONLY,
4756 ENCRYPT_AND_DECRYPT_SIDE
4757};
4758
4759WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
4760
4761/* Set*Internal and Set*External functions */
4762WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
4763WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
4764#ifndef HAVE_USER_RSA
4765WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
4766WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa);
4767#endif
4768WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh);
4769WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
4770
4771#ifndef NO_DH
4772 WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
4773 byte* priv, word32* privSz,
4774 byte* pub, word32* pubSz);
4775 WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
4776 const byte* priv, word32 privSz,
4777 const byte* otherPub, word32 otherPubSz,
4778 byte* agree, word32* agreeSz);
4779#endif /* !NO_DH */
4780
4781#ifdef HAVE_ECC
4782 WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
4783 WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum);
4784#endif
4785
4786WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
4787WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
4788
4789
4790#ifndef WOLFSSL_NO_TLS12
4791WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args);
4792#endif
4793WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
4794 const byte* input, int inSz, int type, int hashOutput,
4795 int sizeOnly, int asyncOkay, int epochOrder);
4796
4797#ifdef WOLFSSL_TLS13
4798int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
4799 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
4800#endif
4801
4802WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
4803WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
4804
4805#ifdef WOLFSSL_ASYNC_CRYPT
4806 WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags);
4807 WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
4808 WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
4809#endif
4810
4811
4812#ifdef __cplusplus
4813 } /* extern "C" */
4814#endif
4815
4816#endif /* wolfSSL_INT_H */
Note: See TracBrowser for help on using the repository browser.