- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfssl/internal.h
r457 r464 73 73 #include <wolfssl/wolfcrypt/sha256.h> 74 74 #endif 75 #if defined(WOLFSSL_SHA384) 76 #include <wolfssl/wolfcrypt/sha512.h> 77 #endif 75 78 #ifdef HAVE_OCSP 76 79 #include <wolfssl/ocsp.h> … … 111 114 #ifdef HAVE_CURVE448 112 115 #include <wolfssl/wolfcrypt/curve448.h> 116 #endif 117 #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB 118 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ 119 !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ 120 !defined(WOLFSSL_TICKET_ENC_AES256_GCM) 121 #include <wolfssl/wolfcrypt/chacha20_poly1305.h> 122 #else 123 #include <wolfssl/wolfcrypt/aes.h> 124 #endif 113 125 #endif 114 126 … … 143 155 /* do nothing, just don't pick Unix */ 144 156 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) 157 /* do nothing */ 158 #elif defined(RTTHREAD) 145 159 /* do nothing */ 146 160 #elif defined(EBSNET) … … 184 198 #else 185 199 #ifndef SINGLE_THREADED 186 #define WOLFSSL_PTHREADS 187 #include <pthread.h> 200 #if defined(WOLFSSL_LINUXKM) 201 #define WOLFSSL_KTHREADS 202 #include <linux/kthread.h> 203 #elif defined(WOLFSSL_USER_MUTEX) 204 /* do nothing */ 205 #else 206 #define WOLFSSL_PTHREADS 207 #include <pthread.h> 208 #endif 188 209 #endif 189 210 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) 190 #include <unistd.h> /* for close of BIO */ 211 #ifdef FUSION_RTOS 212 #include <fclunistd.h> 213 #else 214 #include <unistd.h> /* for close of BIO */ 215 #endif 191 216 #endif 192 217 #endif … … 859 884 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ 860 885 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ 886 defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \ 861 887 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ 862 888 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ … … 864 890 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ 865 891 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ 892 defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \ 866 893 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ 867 894 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ … … 907 934 #endif 908 935 909 #if defined(NO_AES) || defined(NO_AES_DECRYPT)936 #if defined(NO_AES) || !defined(HAVE_AES_DECRYPT) 910 937 #define AES_BLOCK_SIZE 16 911 938 #undef BUILD_AES … … 1150 1177 #ifndef WOLFSSL_MAX_DHKEY_BITS 1151 1178 #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) 1152 #define WOLFSSL_MAX_DHKEY_BITS 81921179 #define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2) 1153 1180 #else 1154 1181 #define WOLFSSL_MAX_DHKEY_BITS 4096 … … 1166 1193 /* max psk identity/hint supported */ 1167 1194 #if defined(WOLFSSL_TLS13) 1168 #define MAX_PSK_ID_LEN 256 1195 /* OpenSSL has a 1472 byte sessiont ticket */ 1196 #define MAX_PSK_ID_LEN 1536 1169 1197 #else 1170 1198 #define MAX_PSK_ID_LEN 128 … … 1175 1203 /* maximum early data size */ 1176 1204 #define MAX_EARLY_DATA_SZ 4096 1205 #endif 1206 1207 #ifndef WOLFSSL_MAX_RSA_BITS 1208 #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) 1209 #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2) 1210 #else 1211 #define WOLFSSL_MAX_RSA_BITS 4096 1212 #endif 1213 #endif 1214 #if (WOLFSSL_MAX_RSA_BITS % 8) 1215 #error RSA maximum bit size must be multiple of 8 1177 1216 #endif 1178 1217 … … 1197 1236 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ 1198 1237 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ 1199 #ifdef WOLFSSL_TLS13_DRAFT1200 #ifdef WOLFSSL_TLS13_DRAFT_181201 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */1202 #elif defined(WOLFSSL_TLS13_DRAFT_22)1203 TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */1204 #elif defined(WOLFSSL_TLS13_DRAFT_23)1205 TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */1206 #elif defined(WOLFSSL_TLS13_DRAFT_26)1207 TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */1208 #else1209 TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */1210 #endif1211 #endif1212 1238 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ 1213 1239 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ … … 1219 1245 /* pre RSA and all master */ 1220 1246 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ 1221 (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)1247 (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) 1222 1248 #ifndef NO_PSK 1223 ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */1249 ENCRYPT_LEN = (FP_MAX_BITS / 2 / 8) + MAX_PSK_ID_LEN + 2, 1224 1250 #else 1225 1251 ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ … … 1345 1371 MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, 1346 1372 #else 1347 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, 1348 #endif 1349 1350 #ifdef HAVE_SELFTEST 1373 #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13) 1374 #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48 1375 MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE, 1376 #elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32 1377 MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE, 1378 #else 1379 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, 1380 #endif 1381 #else 1382 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, 1383 #endif 1384 #endif 1385 1386 #if defined(HAVE_SELFTEST) && \ 1387 (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) 1351 1388 #ifndef WOLFSSL_AES_KEY_SIZE_ENUM 1352 1389 #define WOLFSSL_AES_KEY_SIZE_ENUM … … 1419 1456 1420 1457 #ifndef NO_RSA 1421 MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */1458 MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */ 1422 1459 #elif defined(HAVE_ECC) 1423 1460 MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */ … … 1492 1529 /* number of items in the signature algo list */ 1493 1530 #ifndef WOLFSSL_MAX_SIGALGO 1494 #define WOLFSSL_MAX_SIGALGO 3 21531 #define WOLFSSL_MAX_SIGALGO 36 1495 1532 #endif 1496 1533 … … 1562 1599 #endif 1563 1600 1601 #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER) 1602 /* Check chosen encryption is available. */ 1603 #if !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) && \ 1604 defined(WOLFSSL_TICKET_ENC_CHACHA20_POLY1305) 1605 #error "ChaCha20-Poly1305 not availble for default ticket encryption" 1606 #endif 1607 #if !defined(HAVE_AESGCM) && (defined(WOLFSSL_TICKET_ENC_AES128_GCM) || \ 1608 defined(WOLFSSL_TICKET_ENC_AES256_GCM)) 1609 #error "AES-GCM not availble for default ticket encryption" 1610 #endif 1611 1612 #ifndef WOLFSSL_TICKET_KEY_LIFETIME 1613 /* Default lifetime is 1 hour from issue of first ticket with key. */ 1614 #define WOLFSSL_TICKET_KEY_LIFETIME (60 * 60) 1615 #endif 1616 #if WOLFSSL_TICKET_KEY_LIFETIME <= SESSION_TICKET_HINT_DEFAULT 1617 #error "Ticket Key lifetime must be longer than ticket life hint." 1618 #endif 1619 #endif 1620 1564 1621 1565 1622 /* don't use extra 3/4k stack space unless need to */ … … 1580 1637 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, 1581 1638 SERVER_CERT_COMPLETE, 1639 SERVER_CERT_VERIFY_COMPLETE, 1582 1640 SERVER_KEYEXCHANGE_COMPLETE, 1583 1641 SERVER_HELLODONE_COMPLETE, … … 1612 1670 1613 1671 #ifdef WOLFSSL_SESSION_EXPORT 1614 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,1672 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, const byte* buf, 1615 1673 word32 sz); 1616 1674 WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, … … 1619 1677 byte* buf, word32 sz); 1620 1678 WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, 1621 1679 const byte* buf, word32 sz); 1622 1680 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); 1623 1681 #endif … … 1647 1705 WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 1648 1706 word32 size, word32 totalSz, int sniff); 1707 #ifdef WOLFSSL_TLS13 1708 WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 1709 word32 size, word32 totalSz, int sniff); 1710 #endif 1649 1711 WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); 1650 1712 /* TLS v1.3 needs these */ … … 1666 1728 WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, 1667 1729 word32 hashSigAlgoSz); 1730 #ifdef WOLF_CRYPTO_CB 1731 WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* buffer, word32 length, 1732 int hsType, int label, int id, 1733 void* heap, int devId); 1734 #endif 1668 1735 WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); 1669 1736 #ifdef HAVE_PK_CALLBACKS … … 1678 1745 WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); 1679 1746 #ifndef NO_CERTS 1680 WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); 1681 #ifdef OPENSSL_EXTRA 1682 WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc); 1683 #endif 1747 WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN); 1748 WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc); 1684 1749 #endif 1685 1750 WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); 1686 WOLFSSL_LOCAL int Hash OutputRaw(WOLFSSL* ssl, const byte* output, int sz);1751 WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* output, int sz); 1687 1752 WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, 1688 1753 int ivSz); 1689 1754 WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); 1690 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 1755 1756 #ifdef HAVE_SNI 1757 #ifndef NO_WOLFSSL_SERVER 1691 1758 WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); 1759 #endif 1692 1760 #endif 1693 1761 #ifdef WOLFSSL_TLS13 … … 1702 1770 word32* inOutIdx, word32 helloSz, 1703 1771 byte* extMsgType); 1772 WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl); 1704 1773 #endif 1705 1774 int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, … … 1830 1899 #define MAX_DESCRIPTION_SZ 255 1831 1900 #endif 1832 /* wolfSSL Cipher type just points back to SSL */1833 1901 struct WOLFSSL_CIPHER { 1834 1902 byte cipherSuite0; 1835 1903 byte cipherSuite; 1836 WOLFSSL* ssl;1904 const WOLFSSL* ssl; 1837 1905 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 1838 1906 char description[MAX_DESCRIPTION_SZ]; … … 1974 2042 VerifyCallback verifyCallback; /* Verify callback */ 1975 2043 #endif 1976 CallbackCACache caCacheCallback; /* CA cache addition callback */ 1977 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ 1978 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ 1979 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ 1980 wolfSSL_Mutex caLock; /* CA list lock */ 1981 byte crlEnabled; /* is CRL on ? */ 1982 byte crlCheckAll; /* always leaf, but all ? */ 1983 byte ocspEnabled; /* is OCSP on ? */ 1984 byte ocspCheckAll; /* always leaf, but all ? */ 1985 byte ocspSendNonce; /* send the OCSP nonce ? */ 1986 byte ocspUseOverrideURL; /* ignore cert's responder, override */ 1987 byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ 2044 CallbackCACache caCacheCallback; /* CA cache addition callback */ 2045 CbMissingCRL cbMissingCRL; /* notify thru cb of missing crl */ 2046 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ 2047 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ 2048 wolfSSL_Mutex caLock; /* CA list lock */ 2049 byte crlEnabled:1; /* is CRL on ? */ 2050 byte crlCheckAll:1; /* always leaf, but all ? */ 2051 byte ocspEnabled:1; /* is OCSP on ? */ 2052 byte ocspCheckAll:1; /* always leaf, but all ? */ 2053 byte ocspSendNonce:1; /* send the OCSP nonce ? */ 2054 byte ocspUseOverrideURL:1; /* ignore cert responder, override */ 2055 byte ocspStaplingEnabled:1; /* is OCSP Stapling on ? */ 2056 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 2057 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 2058 byte ocspMustStaple:1; /* server must respond with staple */ 2059 #endif 1988 2060 1989 2061 #ifndef NO_RSA … … 1993 2065 short minEccKeySz; /* minimum allowed ECC key size */ 1994 2066 #endif 2067 wolfSSL_Mutex refMutex; /* reference count mutex */ 2068 int refCount; /* reference count */ 1995 2069 }; 1996 2070 … … 2005 2079 2006 2080 #ifndef NO_CERTS 2007 #if !defined NOCERTS &&\ 2008 (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) 2081 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) 2009 2082 typedef struct ProcPeerCertArgs { 2010 2083 buffer* certs; … … 2122 2195 #endif 2123 2196 #ifdef WOLFSSL_RENESAS_TSIP_TLS 2124 byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; 2125 byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; 2197 2198 tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret; 2199 tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret; 2200 2126 2201 #endif 2127 2202 } Keys; … … 2133 2208 2134 2209 typedef enum { 2210 #ifdef HAVE_SNI 2135 2211 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ 2212 #endif 2136 2213 TLSX_MAX_FRAGMENT_LENGTH = 0x0001, 2137 2214 TLSX_TRUSTED_CA_KEYS = 0x0003, … … 2140 2217 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ 2141 2218 TLSX_EC_POINT_FORMATS = 0x000b, 2142 #if !defined( WOLFSSL_NO_SIGALG)2143 TLSX_SIGNATURE_ALGORITHMS = 0x000d, 2219 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 2220 TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */ 2144 2221 #endif 2145 2222 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ … … 2148 2225 TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ 2149 2226 #endif 2227 TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */ 2150 2228 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ 2151 2229 TLSX_SESSION_TICKET = 0x0023, … … 2158 2236 #endif 2159 2237 TLSX_SUPPORTED_VERSIONS = 0x002b, 2238 #ifdef WOLFSSL_SEND_HRR_COOKIE 2160 2239 TLSX_COOKIE = 0x002c, 2240 #endif 2161 2241 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 2162 2242 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, … … 2165 2245 TLSX_POST_HANDSHAKE_AUTH = 0x0031, 2166 2246 #endif 2167 #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22) 2168 TLSX_KEY_SHARE = 0x0028, 2169 #else 2247 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 2170 2248 TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, 2249 #endif 2171 2250 TLSX_KEY_SHARE = 0x0033, 2172 #endif2173 2251 #endif 2174 2252 TLSX_RENEGOTIATION_INFO = 0xff01 … … 2312 2390 OcspRequest ocsp; 2313 2391 } request; 2314 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)2392 #if defined(WOLFSSL_TLS13) 2315 2393 buffer response; 2316 2394 #endif … … 2429 2507 } SessionTicket; 2430 2508 2509 #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER) 2510 2511 /* Data passed to default SessionTicket enc/dec callback. */ 2512 typedef struct TicketEncCbCtx { 2513 /* Name for this context. */ 2514 byte name[WOLFSSL_TICKET_NAME_SZ]; 2515 /* Current keys - current and next. */ 2516 byte key[2][WOLFSSL_TICKET_KEY_SZ]; 2517 /* Expirary date of keys. */ 2518 word32 expirary[2]; 2519 /* Random number generator to use for generating name, keys and IV. */ 2520 WC_RNG rng; 2521 #ifndef SINGLE_THREADED 2522 /* Mutex for access to changing keys. */ 2523 wolfSSL_Mutex mutex; 2524 #endif 2525 /* Pointer back to SSL_CTX. */ 2526 WOLFSSL_CTX* ctx; 2527 } TicketEncCbCtx; 2528 2529 #endif /* !WOLFSSL_NO_DEF_TICKET_ENC_CB && !WOLFSSL_NO_SERVER */ 2530 2431 2531 WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, 2432 2532 SessionTicket* ticket, void* heap); … … 2512 2612 2513 2613 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 2514 #ifndef WOLFSSL_TLS13_DRAFT_182515 2614 /* Ticket nonce - for deriving PSK. 2516 2615 * Length allowed to be: 1..255. Only support 4 bytes. … … 2520 2619 byte data[MAX_TICKET_NONCE_SZ]; 2521 2620 } TicketNonce; 2522 #endif2523 2621 2524 2622 /* The PreSharedKey extension information - entry in a linked list. */ … … 2576 2674 }; 2577 2675 2676 WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl); 2677 WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl); 2678 WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store); 2679 WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl); 2680 WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret); 2681 WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key); 2682 2683 WOLFSSL_LOCAL int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen, 2684 const char *label, size_t labelLen, 2685 const unsigned char *context, size_t contextLen); 2686 2578 2687 /* The key update request values for KeyUpdate message. */ 2579 2688 enum KeyUpdateRequest { … … 2592 2701 #endif 2593 2702 2703 #ifdef WOLFSSL_STATIC_EPHEMERAL 2704 /* contains static ephemeral keys */ 2705 typedef struct { 2706 #ifndef NO_DH 2707 DerBuffer* dhKey; 2708 #endif 2709 #ifdef HAVE_ECC 2710 DerBuffer* ecKey; 2711 #endif 2712 } StaticKeyExchangeInfo_t; 2713 #endif 2714 2715 2594 2716 /* wolfSSL context type */ 2595 2717 struct WOLFSSL_CTX { … … 2609 2731 DerBuffer* certChain; 2610 2732 /* chain after self, in DER, with leading size for each cert */ 2611 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) 2733 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) 2612 2734 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; 2613 2735 #endif … … 2621 2743 #endif 2622 2744 DerBuffer* privateKey; 2623 byte privateKeyType: 7;2745 byte privateKeyType:6; 2624 2746 byte privateKeyId:1; 2747 byte privateKeyLabel:1; 2625 2748 int privateKeySz; 2626 2749 int privateKeyDevId; … … 2656 2779 byte haveEMS:1; /* have extended master secret extension */ 2657 2780 byte useClientOrder:1; /* Use client's cipher preference order */ 2781 #if defined(HAVE_SESSION_TICKET) 2782 byte noTicketTls12:1; /* TLS 1.2 server won't send ticket */ 2783 #endif 2658 2784 #ifdef WOLFSSL_TLS13 2659 byte noTicketTls13:1; /* Server won't create new Ticket */2785 byte noTicketTls13:1; /* TLS 1.3 Server won't create new Ticket */ 2660 2786 byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ 2661 2787 #endif … … 2700 2826 short minEccKeySz; /* minimum ECC key size */ 2701 2827 #endif 2702 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)2703 2828 unsigned long mask; /* store SSL_OP_ flags */ 2704 #endif2705 2829 #ifdef OPENSSL_EXTRA 2706 2830 byte sessionCtx[ID_LEN]; /* app session context ID */ … … 2745 2869 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ 2746 2870 #endif 2871 void* psk_ctx; 2747 2872 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 2748 2873 #endif /* HAVE_SESSION_TICKET || !NO_PSK */ … … 2761 2886 void* passwd_userdata; 2762 2887 #endif 2763 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 2888 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) 2764 2889 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ 2765 2890 WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ … … 2770 2895 WOLFSSL_CRYPTO_EX_DATA ex_data; 2771 2896 #endif 2772 #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) )2897 #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) 2773 2898 CallbackALPNSelect alpnSelect; 2774 2899 void* alpnSelectArg; 2775 2900 #endif 2776 #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ 2777 defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ 2778 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) )) 2901 #ifdef HAVE_SNI 2779 2902 CallbackSniRecv sniRecvCb; 2780 2903 void* sniRecvCbArg; … … 2805 2928 void* ticketEncCtx; /* session encrypt context */ 2806 2929 int ticketHint; /* ticket hint in seconds */ 2930 #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB 2931 TicketEncCbCtx ticketKeyCtx; 2932 #endif 2807 2933 #endif 2808 2934 #ifdef HAVE_SUPPORTED_CURVES … … 2866 2992 #endif /* HAVE_PK_CALLBACKS */ 2867 2993 #ifdef HAVE_WOLF_EVENT 2868 2994 WOLF_EVENT_QUEUE event_queue; 2869 2995 #endif /* HAVE_WOLF_EVENT */ 2870 2996 #ifdef HAVE_EXT_CACHE 2871 2872 2873 2997 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*); 2998 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); 2999 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); 2874 3000 #endif 2875 3001 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) 2876 Srp* srp; /* TLS Secure Remote Password Protocol*/ 2877 byte* srp_password; 3002 Srp* srp; /* TLS Secure Remote Password Protocol*/ 3003 byte* srp_password; 3004 #endif 3005 #ifdef WOLFSSL_STATIC_EPHEMERAL 3006 StaticKeyExchangeInfo_t staticKE; 2878 3007 #endif 2879 3008 }; … … 2940 3069 }; 2941 3070 2942 2943 3071 /* Supported Authentication Schemes */ 2944 3072 enum SignatureAlgorithm { … … 2999 3127 #endif 3000 3128 3129 #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) 3130 enum CipherSrc { 3131 KEYS_NOT_SET = 0, 3132 KEYS, /* keys from ssl->keys are loaded */ 3133 SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */ 3134 }; 3135 #endif 3001 3136 3002 3137 /* cipher for now */ … … 3038 3173 byte state; 3039 3174 byte setup; /* have we set it up flag for detection */ 3175 #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) 3176 enum CipherSrc src; /* DTLS uses this to determine which keys 3177 * are currently loaded */ 3178 #endif 3040 3179 } Ciphers; 3041 3180 … … 3139 3278 byte sessionCtxSz; /* sessionCtx length */ 3140 3279 byte sessionCtx[ID_LEN]; /* app specific context id */ 3280 wolfSSL_Mutex refMutex; /* ref count mutex */ 3281 int refCount; /* reference count */ 3141 3282 #endif 3142 3283 #ifdef WOLFSSL_TLS13 … … 3147 3288 word32 ticketSeen; /* Time ticket seen (ms) */ 3148 3289 word32 ticketAdd; /* Added by client */ 3149 #ifndef WOLFSSL_TLS13_DRAFT_183150 3290 TicketNonce ticketNonce; /* Nonce used to derive PSK */ 3151 #endif3152 3291 #endif 3153 3292 #ifdef WOLFSSL_EARLY_DATA … … 3161 3300 byte isDynamic; 3162 3301 #endif 3163 #if def HAVE_EXT_CACHE3302 #if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA) 3164 3303 byte isAlloced; 3165 3304 #endif … … 3167 3306 WOLFSSL_CRYPTO_EX_DATA ex_data; 3168 3307 #endif 3308 byte side; /* Either WOLFSSL_CLIENT_END or 3309 WOLFSSL_SERVER_END */ 3169 3310 }; 3170 3311 3171 3312 3172 WOLFSSL_LOCAL 3173 WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); 3174 WOLFSSL_LOCAL 3175 int SetSession(WOLFSSL*, WOLFSSL_SESSION*); 3176 3177 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); 3313 WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); 3314 WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); 3315 WOLFSSL_LOCAL void FreeSession(WOLFSSL_SESSION*, int); 3316 3317 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int); 3178 3318 3179 3319 #ifndef NO_CLIENT_CACHE 3320 WOLFSSL_LOCAL 3180 3321 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); 3181 3322 #endif … … 3265 3406 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ 3266 3407 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ 3267 byte keyType: 7; /* Type of key: RSA, ECC, Ed25519 */3408 byte keyType:6; /* Type of key: RSA, ECC, Ed25519 */ 3268 3409 byte keyId:1; /* Key data is an id not data */ 3410 byte keyLabel:1; /* Key data is a label not data */ 3269 3411 int keySz; /* Size of RSA key */ 3270 3412 int keyDevId; /* Device Id for key */ … … 3336 3478 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ 3337 3479 #endif 3480 void* psk_ctx; 3338 3481 #endif /* NO_PSK */ 3339 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 3482 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) 3340 3483 unsigned long mask; /* store SSL_OP_ flags */ 3341 3484 #endif … … 3399 3542 word16 useTicket:1; /* Use Ticket not session cache */ 3400 3543 word16 rejectTicket:1; /* Callback rejected ticket */ 3544 word16 noTicketTls12:1; /* TLS 1.2 server won't send ticket */ 3401 3545 #ifdef WOLFSSL_TLS13 3402 3546 word16 noTicketTls13:1; /* Server won't create new Ticket */ … … 3511 3655 byte secret[SECRET_LEN]; 3512 3656 #endif 3657 #ifdef HAVE_KEYING_MATERIAL 3658 byte exporterSecret[WC_MAX_DIGEST_SIZE]; 3659 #endif 3513 3660 byte masterSecret[SECRET_LEN]; 3514 3661 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ … … 3549 3696 #if defined(OPENSSL_ALL) 3550 3697 wolf_sk_compare_cb comp; 3698 wolf_sk_hash_cb hash_fn; 3699 unsigned long hash; 3551 3700 #endif 3552 3701 … … 3560 3709 WOLFSSL_ACCESS_DESCRIPTION* access; 3561 3710 WOLFSSL_X509_EXTENSION* ext; 3711 #ifdef OPENSSL_EXTRA 3562 3712 WOLFSSL_CONF_VALUE* conf; 3713 #endif 3563 3714 void* generic; 3564 3715 char* string; … … 3577 3728 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 3578 3729 !defined(NO_ASN) 3579 DecodedName fullName; 3580 WOLFSSL_X509_NAME_ENTRY cnEntry; 3581 WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */ 3730 int entrySz; /* number of entries */ 3731 WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ 3582 3732 WOLFSSL_X509* x509; /* x509 that struct belongs to */ 3583 3733 #endif /* OPENSSL_EXTRA */ 3584 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 3734 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) 3585 3735 byte raw[ASN_NAME_MAX]; 3586 3736 int rawLen; 3587 3737 #endif 3738 void* heap; 3588 3739 }; 3589 3740 … … 3614 3765 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 3615 3766 WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ 3767 WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */ 3616 3768 WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ 3617 3769 #endif /* WOLFSSL_QT || OPENSSL_ALL */ 3618 #if def OPENSSL_EXTRA3770 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) 3619 3771 WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ 3620 3772 #endif … … 3683 3835 byte authKeyIdSet:1; 3684 3836 byte authKeyIdCrit:1; 3837 byte issuerSet:1; 3685 3838 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 3839 #ifdef WOLFSSL_CERT_REQ 3840 byte isCSR:1; 3841 #endif 3686 3842 byte serial[EXTERNAL_SERIAL_SIZE]; 3687 3843 char subjectCN[ASN_NAME_MAX]; /* common name short cut */ 3688 3844 #ifdef WOLFSSL_CERT_REQ 3845 #ifdef OPENSSL_ALL 3846 WOLFSSL_X509_ATTRIBUTE* challengePwAttr; 3847 #endif 3689 3848 char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ 3690 3849 #endif … … 3695 3854 WOLFSSL_X509_PUBKEY key; 3696 3855 #endif 3697 byte issuerSet:1; 3856 #if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \ 3857 defined(SESSION_CERTS) 3858 byte notBeforeData[CTC_DATE_SIZE]; 3859 byte notAfterData[CTC_DATE_SIZE]; 3860 #endif 3698 3861 }; 3699 3862 … … 3731 3894 DtlsFrag* fragList; 3732 3895 word32 fragSz; /* Length of fragments received */ 3896 word16 epoch; /* Epoch that this message belongs to */ 3733 3897 word32 seq; /* Handshake sequence number */ 3734 3898 word32 sz; /* Length of whole message */ … … 3800 3964 3801 3965 3966 #ifndef WOLFSSL_NO_TLS12 3967 /* Persistable BuildMessage arguments */ 3968 typedef struct BuildMsgArgs { 3969 word32 digestSz; 3970 word32 sz; 3971 word32 pad; 3972 word32 idx; 3973 word32 headerSz; 3974 word16 size; 3975 word32 ivSz; /* TLSv1.1 IV */ 3976 byte* iv; 3977 } BuildMsgArgs; 3978 #endif 3979 3802 3980 #ifdef WOLFSSL_ASYNC_CRYPT 3803 3981 #define MAX_ASYNC_ARGS 18 … … 3808 3986 FreeArgsCb freeArgs; /* function pointer to cleanup args */ 3809 3987 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ 3988 BuildMsgArgs buildArgs; /* holder for current BuildMessage args */ 3810 3989 }; 3811 3990 #endif … … 3961 4140 word16 pssAlgo; 3962 4141 #ifdef WOLFSSL_TLS13 3963 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)3964 4142 word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ 3965 4143 byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to 3966 4144 * offer */ 3967 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */3968 4145 #endif 3969 4146 #ifdef HAVE_NTRU … … 4015 4192 int dtls_timeout_max; /* maximum timeout value */ 4016 4193 int dtls_timeout; /* current timeout value, changes */ 4194 #ifndef NO_ASN_TIME 4195 word32 dtls_start_timeout; 4196 #endif /* !NO_ASN_TIME */ 4017 4197 word32 dtls_tx_msg_list_sz; 4018 4198 word32 dtls_rx_msg_list_sz; … … 4105 4285 #ifdef HAVE_OCSP 4106 4286 void* ocspIOCtx; 4287 byte ocspProducedDate[MAX_DATE_SZ]; 4288 int ocspProducedDateFormat; 4107 4289 #ifdef OPENSSL_EXTRA 4108 4290 byte* ocspResp; … … 4192 4374 WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ 4193 4375 #endif 4376 #ifdef WOLFSSL_STATIC_EPHEMERAL 4377 StaticKeyExchangeInfo_t staticKE; 4378 #endif 4379 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) 4380 /* Added in libest port: allow applications to get the 'tls-unique' Channel 4381 * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is 4382 * used in the EST protocol to bind an enrollment to a TLS session through 4383 * 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4 4384 * and https://tools.ietf.org/html/rfc7030#section-3.5). */ 4385 byte clientFinished[TLS_FINISHED_SZ]; 4386 byte serverFinished[TLS_FINISHED_SZ]; 4387 #endif 4194 4388 }; 4195 4389 … … 4211 4405 WOLFSSL_CRL* crl, int verify); 4212 4406 4213 #ifdef OPENSSL_EXTRA 4214 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName, 4407 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName, 4215 4408 size_t domainNameLen); 4216 #endif4217 4409 #endif 4218 4410 … … 4299 4491 4300 4492 4301 static const byte client[SIZEOF_SENDER ] = { 0x43, 0x4C, 0x4E, 0x54 };4302 static const byte server[SIZEOF_SENDER ] = { 0x53, 0x52, 0x56, 0x52 };4493 static const byte client[SIZEOF_SENDER+1] = { 0x43, 0x4C, 0x4E, 0x54, 0x00 }; /* CLNT */ 4494 static const byte server[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* SRVR */ 4303 4495 4304 4496 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; … … 4323 4515 WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); 4324 4516 #ifdef WOLFSSL_TLS13 4325 #ifdef WOLFSSL_TLS13_DRAFT_184326 WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);4327 #else4328 4517 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); 4329 #endif4330 4518 #endif 4331 4519 WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); … … 4357 4545 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); 4358 4546 WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); 4547 WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl); 4359 4548 4360 4549 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); … … 4454 4643 #ifndef WOLFSSL_AEAD_ONLY 4455 4644 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, 4456 word32 sz, int padSz, int content, int verify );4645 word32 sz, int padSz, int content, int verify, int epochOrder); 4457 4646 #endif 4458 4647 #endif … … 4476 4665 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); 4477 4666 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); 4478 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, 4667 WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl); 4668 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte, 4479 4669 word32, word32, void*); 4480 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32 );4481 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,4670 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32); 4671 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32, 4482 4672 byte, word32, word32, void*); 4483 4673 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); 4484 4674 4485 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32 );4675 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType); 4486 4676 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); 4487 4677 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); 4678 WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head); 4488 4679 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); 4489 4680 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); 4490 4681 #endif /* WOLFSSL_DTLS */ 4491 4682 4492 #ifndef NO_TLS 4493 4494 4495 #endif /* NO_TLS */ 4683 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) 4684 WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl); 4685 WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl); 4686 WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl); 4687 WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order); 4688 #endif 4689 WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl); 4690 4691 WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); 4496 4692 4497 4693 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) … … 4501 4697 4502 4698 #ifndef NO_CERTS 4503 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int );4504 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name , void* heap);4699 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*); 4700 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); 4505 4701 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); 4506 4702 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); … … 4525 4721 byte cipherSuite0; 4526 4722 byte cipherSuite; 4527 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 4723 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ 4724 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) 4528 4725 byte minor; 4529 4726 byte major; 4530 4727 #endif 4728 byte flags; 4531 4729 } CipherSuiteInfo; 4532 4730 … … 4550 4748 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); 4551 4749 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, 4552 byte* cipherSuite); 4750 byte* cipherSuite, int* flags); 4751 4553 4752 4554 4753 enum encrypt_side { … … 4588 4787 WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); 4589 4788 4789 4790 #ifndef WOLFSSL_NO_TLS12 4791 WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args); 4792 #endif 4590 4793 WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, 4591 4794 const byte* input, int inSz, int type, int hashOutput, 4592 int sizeOnly, int asyncOkay );4795 int sizeOnly, int asyncOkay, int epochOrder); 4593 4796 4594 4797 #ifdef WOLFSSL_TLS13
Note:
See TracChangeset
for help on using the changeset viewer.