source: asp3_tinet_ecnl_rx/trunk/wolfssl-3.12.2/wolfssl/internal.h@ 337

Last change on this file since 337 was 337, checked in by coas-nagasima, 6 years ago

ASP3版ECNLを追加
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-chdr;charset=UTF-8
File size: 136.6 KB
Line 
1/* internal.h
2 *
3 * Copyright (C) 2006-2017 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23
24#ifndef WOLFSSL_INT_H
25#define WOLFSSL_INT_H
26
27
28#include <wolfssl/wolfcrypt/types.h>
29#include <wolfssl/ssl.h>
30#ifdef HAVE_CRL
31 #include <wolfssl/crl.h>
32#endif
33#include <wolfssl/wolfcrypt/random.h>
34#ifndef NO_DES3
35 #include <wolfssl/wolfcrypt/des3.h>
36#endif
37#ifndef NO_HC128
38 #include <wolfssl/wolfcrypt/hc128.h>
39#endif
40#ifndef NO_RABBIT
41 #include <wolfssl/wolfcrypt/rabbit.h>
42#endif
43#ifdef HAVE_CHACHA
44 #include <wolfssl/wolfcrypt/chacha.h>
45#endif
46#ifndef NO_ASN
47 #include <wolfssl/wolfcrypt/asn.h>
48 #include <wolfssl/wolfcrypt/pkcs12.h>
49#endif
50#ifndef NO_MD5
51 #include <wolfssl/wolfcrypt/md5.h>
52#endif
53#ifndef NO_SHA
54 #include <wolfssl/wolfcrypt/sha.h>
55#endif
56#ifndef NO_AES
57 #include <wolfssl/wolfcrypt/aes.h>
58#endif
59#ifdef HAVE_POLY1305
60 #include <wolfssl/wolfcrypt/poly1305.h>
61#endif
62#ifdef HAVE_CAMELLIA
63 #include <wolfssl/wolfcrypt/camellia.h>
64#endif
65#include <wolfssl/wolfcrypt/logging.h>
66#ifndef NO_HMAC
67 #include <wolfssl/wolfcrypt/hmac.h>
68#endif
69#ifndef NO_RC4
70 #include <wolfssl/wolfcrypt/arc4.h>
71#endif
72#ifdef HAVE_ECC
73 #include <wolfssl/wolfcrypt/ecc.h>
74#endif
75#ifdef HAVE_ED25519
76 #include <wolfssl/wolfcrypt/ed25519.h>
77#endif
78#ifdef HAVE_CURVE25519
79 #include <wolfssl/wolfcrypt/curve25519.h>
80#endif
81#ifndef NO_SHA256
82 #include <wolfssl/wolfcrypt/sha256.h>
83#endif
84#ifdef HAVE_OCSP
85 #include <wolfssl/ocsp.h>
86#endif
87#ifdef WOLFSSL_SHA512
88 #include <wolfssl/wolfcrypt/sha512.h>
89#endif
90#ifdef HAVE_AESGCM
91 #include <wolfssl/wolfcrypt/sha512.h>
92#endif
93#ifdef WOLFSSL_RIPEMD
94 #include <wolfssl/wolfcrypt/ripemd.h>
95#endif
96#ifdef HAVE_IDEA
97 #include <wolfssl/wolfcrypt/idea.h>
98#endif
99#ifndef NO_RSA
100 #include <wolfssl/wolfcrypt/rsa.h>
101#endif
102#ifdef HAVE_ECC
103 #include <wolfssl/wolfcrypt/ecc.h>
104#endif
105#ifndef NO_DH
106 #include <wolfssl/wolfcrypt/dh.h>
107#endif
108
109#include <wolfssl/wolfcrypt/hash.h>
110
111#ifdef WOLFSSL_CALLBACKS
112 #include <wolfssl/callbacks.h>
113 #include <signal.h>
114#endif
115
116#ifdef USE_WINDOWS_API
117 #ifdef WOLFSSL_GAME_BUILD
118 #include "system/xtl.h"
119 #else
120 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
121 /* On WinCE winsock2.h must be included before windows.h */
122 #include <winsock2.h>
123 #endif
124 #include <windows.h>
125 #endif
126#elif defined(THREADX)
127 #ifndef SINGLE_THREADED
128 #include "tx_api.h"
129 #endif
130#elif defined(MICRIUM)
131 /* do nothing, just don't pick Unix */
132#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
133 /* do nothing */
134#elif defined(EBSNET)
135 /* do nothing */
136#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
137 /* do nothing */
138#elif defined(FREESCALE_FREE_RTOS)
139 #include "fsl_os_abstraction.h"
140#elif defined(WOLFSSL_uITRON4)
141 /* do nothing */
142#elif defined(WOLFSSL_uTKERNEL2)
143 /* do nothing */
144#elif defined(WOLFSSL_MDK_ARM)
145 #if defined(WOLFSSL_MDK5)
146 #include "cmsis_os.h"
147 #else
148 #include <rtl.h>
149 #endif
150#elif defined(WOLFSSL_CMSIS_RTOS)
151 #include "cmsis_os.h"
152#elif defined(MBED)
153#elif defined(WOLFSSL_TIRTOS)
154 /* do nothing */
155#elif defined(INTIME_RTOS)
156 #include <rt.h>
157#else
158 #ifndef SINGLE_THREADED
159 #define WOLFSSL_PTHREADS
160 #include <pthread.h>
161 #endif
162 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
163 #include <unistd.h> /* for close of BIO */
164 #endif
165#endif
166
167#ifndef CHAR_BIT
168 /* Needed for DTLS without big math */
169 #include <limits.h>
170#endif
171
172
173#ifdef HAVE_LIBZ
174 #include "zlib.h"
175#endif
176
177#ifdef WOLFSSL_ASYNC_CRYPT
178 #include <wolfssl/wolfcrypt/async.h>
179#endif
180
181#ifdef _MSC_VER
182 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
183 #pragma warning(disable: 4996)
184#endif
185
186#ifdef NO_SHA
187 #define WC_SHA_DIGEST_SIZE 20
188#endif
189
190#ifdef NO_SHA256
191 #define WC_SHA256_DIGEST_SIZE 32
192#endif
193
194#ifdef NO_MD5
195 #define WC_MD5_DIGEST_SIZE 16
196#endif
197
198
199#ifdef __cplusplus
200 extern "C" {
201#endif
202
203/* Define or comment out the cipher suites you'd like to be compiled in
204 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
205
206 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
207
208 Now that there is a maximum strength crypto build, the following BUILD_XXX
209 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
210 Those that do not use Perfect Forward Security and do not use AEAD ciphers
211 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
212 CHACHA-POLY.
213*/
214
215/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
216 * not turned off. */
217#if defined(WOLFSSL_MAX_STRENGTH) && \
218 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
219 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
220 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
221 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
222 !defined(NO_OLD_TLS))
223
224 #error "You are trying to build max strength with requirements disabled."
225#endif
226
227/* Have QSH : Quantum-safe Handshake */
228#if defined(HAVE_QSH)
229 #define BUILD_TLS_QSH
230#endif
231
232#ifndef WOLFSSL_MAX_STRENGTH
233
234 #if !defined(NO_RSA) && !defined(NO_RC4)
235 #if defined(WOLFSSL_STATIC_RSA)
236 #if !defined(NO_SHA)
237 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
238 #endif
239 #if !defined(NO_MD5)
240 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
241 #endif
242 #endif
243 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
244 && defined(WOLFSSL_STATIC_RSA)
245 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
246 #endif
247 #endif
248
249 #if !defined(NO_RSA) && !defined(NO_DES3)
250 #if !defined(NO_SHA)
251 #if defined(WOLFSSL_STATIC_RSA)
252 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
253 #endif
254 #if !defined(NO_TLS) && defined(HAVE_NTRU) \
255 && defined(WOLFSSL_STATIC_RSA)
256 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
257 #endif
258 #endif
259 #endif
260
261 #if !defined(NO_RSA) && defined(HAVE_IDEA)
262 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
263 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
264 #endif
265 #endif
266
267 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
268 #if !defined(NO_SHA)
269 #if defined(WOLFSSL_STATIC_RSA)
270 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
271 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
272 #endif
273 #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
274 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
275 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
276 #endif
277 #endif
278 #if defined(WOLFSSL_STATIC_RSA)
279 #if !defined (NO_SHA256)
280 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
281 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
282 #endif
283 #if defined (HAVE_AESGCM)
284 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
285 #if defined (WOLFSSL_SHA384)
286 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
287 #endif
288 #endif
289 #if defined (HAVE_AESCCM)
290 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
291 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
292 #endif
293 #if defined(HAVE_BLAKE2)
294 #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
295 #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
296 #endif
297 #endif
298 #endif
299
300 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
301 #ifndef NO_RSA
302 #if defined(WOLFSSL_STATIC_RSA)
303 #if !defined(NO_SHA)
304 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
305 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
306 #endif
307 #ifndef NO_SHA256
308 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
309 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
310 #endif
311 #endif
312 #if !defined(NO_DH)
313 #if !defined(NO_SHA)
314 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
315 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
316 #endif
317 #ifndef NO_SHA256
318 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
319 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
320 #endif
321 #endif
322 #endif
323 #endif
324
325#if defined(WOLFSSL_STATIC_PSK)
326 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
327 #if !defined(NO_SHA)
328 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
329 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
330 #endif
331 #ifndef NO_SHA256
332 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
333 #ifdef HAVE_AESGCM
334 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
335 #endif
336 #ifdef HAVE_AESCCM
337 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
338 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
339 #define BUILD_TLS_PSK_WITH_AES_128_CCM
340 #define BUILD_TLS_PSK_WITH_AES_256_CCM
341 #endif
342 #endif
343 #ifdef WOLFSSL_SHA384
344 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
345 #ifdef HAVE_AESGCM
346 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
347 #endif
348 #endif
349 #endif
350#endif
351
352 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
353 #if !defined(NO_RSA)
354 #if defined(WOLFSSL_STATIC_RSA)
355 #if !defined(NO_SHA)
356 #define BUILD_TLS_RSA_WITH_NULL_SHA
357 #endif
358 #ifndef NO_SHA256
359 #define BUILD_TLS_RSA_WITH_NULL_SHA256
360 #endif
361 #endif
362 #endif
363 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
364 #if !defined(NO_SHA)
365 #define BUILD_TLS_PSK_WITH_NULL_SHA
366 #endif
367 #ifndef NO_SHA256
368 #define BUILD_TLS_PSK_WITH_NULL_SHA256
369 #endif
370 #ifdef WOLFSSL_SHA384
371 #define BUILD_TLS_PSK_WITH_NULL_SHA384
372 #endif
373 #endif
374 #endif
375
376#if defined(WOLFSSL_STATIC_RSA)
377 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
378 #ifndef NO_MD5
379 #define BUILD_TLS_RSA_WITH_HC_128_MD5
380 #endif
381 #if !defined(NO_SHA)
382 #define BUILD_TLS_RSA_WITH_HC_128_SHA
383 #endif
384 #if defined(HAVE_BLAKE2)
385 #define BUILD_TLS_RSA_WITH_HC_128_B2B256
386 #endif
387 #endif
388
389 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
390 #if !defined(NO_SHA)
391 #define BUILD_TLS_RSA_WITH_RABBIT_SHA
392 #endif
393 #endif
394#endif
395
396 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
397 !defined(NO_RSA)
398
399 #if !defined(NO_SHA)
400 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
401 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
402 #if !defined(NO_DES3)
403 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
404 #endif
405 #endif
406 #if !defined(NO_SHA256)
407 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
408 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
409 #endif
410 #endif
411
412 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
413 !defined(NO_AES) && !defined(NO_SHA)
414 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
415 #endif
416
417 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
418 #ifndef NO_SHA256
419 #ifndef NO_AES
420 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
421 #endif
422 #ifdef HAVE_NULL_CIPHER
423 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
424 #endif
425 #endif
426 #ifdef WOLFSSL_SHA384
427 #ifndef NO_AES
428 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
429 #endif
430 #ifdef HAVE_NULL_CIPHER
431 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
432 #endif
433 #endif
434 #endif
435
436 #if defined(HAVE_ECC) && !defined(NO_TLS)
437 #if !defined(NO_AES)
438 #if !defined(NO_SHA)
439 #if !defined(NO_RSA)
440 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
441 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
442 #if defined(WOLFSSL_STATIC_DH)
443 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
444 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
445 #endif
446 #endif
447
448 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
449 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
450
451 #if defined(WOLFSSL_STATIC_DH)
452 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
453 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
454 #endif
455 #endif /* NO_SHA */
456 #ifndef NO_SHA256
457 #if !defined(NO_RSA)
458 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
459 #if defined(WOLFSSL_STATIC_DH)
460 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
461 #endif
462 #endif
463 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
464 #if defined(WOLFSSL_STATIC_DH)
465 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
466 #endif
467 #endif
468
469 #ifdef WOLFSSL_SHA384
470 #if !defined(NO_RSA)
471 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
472 #if defined(WOLFSSL_STATIC_DH)
473 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
474 #endif
475 #endif
476 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
477 #if defined(WOLFSSL_STATIC_DH)
478 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
479 #endif
480 #endif
481
482 #if defined (HAVE_AESGCM)
483 #if !defined(NO_RSA)
484 #if defined(WOLFSSL_STATIC_DH)
485 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
486 #endif
487 #if defined(WOLFSSL_SHA384)
488 #if defined(WOLFSSL_STATIC_DH)
489 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
490 #endif
491 #endif
492 #endif
493
494 #if defined(WOLFSSL_STATIC_DH)
495 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
496 #endif
497
498 #if defined(WOLFSSL_SHA384)
499 #if defined(WOLFSSL_STATIC_DH)
500 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
501 #endif
502 #endif
503 #endif
504 #endif /* NO_AES */
505 #if !defined(NO_RC4)
506 #if !defined(NO_SHA)
507 #if !defined(NO_RSA)
508 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
509 #if defined(WOLFSSL_STATIC_DH)
510 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
511 #endif
512 #endif
513
514 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
515 #if defined(WOLFSSL_STATIC_DH)
516 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
517 #endif
518 #endif
519 #endif
520 #if !defined(NO_DES3)
521 #ifndef NO_SHA
522 #if !defined(NO_RSA)
523 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
524 #if defined(WOLFSSL_STATIC_DH)
525 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
526 #endif
527 #endif
528
529 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
530 #if defined(WOLFSSL_STATIC_DH)
531 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
532 #endif
533 #endif /* NO_SHA */
534 #endif
535 #if defined(HAVE_NULL_CIPHER)
536 #if !defined(NO_SHA)
537 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
538 #endif
539 #if !defined(NO_PSK) && !defined(NO_SHA256)
540 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
541 #endif
542 #endif
543 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES)
544 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
545 #endif
546 #endif
547 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
548 #if !defined(NO_OLD_POLY1305)
549 #ifdef HAVE_ECC
550 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
551 #ifndef NO_RSA
552 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
553 #endif
554 #endif
555 #if !defined(NO_DH) && !defined(NO_RSA)
556 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
557 #endif
558 #endif /* NO_OLD_POLY1305 */
559 #if !defined(NO_PSK)
560 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
561 #ifdef HAVE_ECC
562 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
563 #endif
564 #ifndef NO_DH
565 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
566 #endif
567 #endif /* !NO_PSK */
568 #endif
569
570#endif /* !WOLFSSL_MAX_STRENGTH */
571
572#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
573 !defined(NO_RSA) && defined(HAVE_AESGCM)
574
575 #ifndef NO_SHA256
576 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
577 #endif
578
579 #ifdef WOLFSSL_SHA384
580 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
581 #endif
582#endif
583
584#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
585 #ifndef NO_SHA256
586 #ifdef HAVE_AESGCM
587 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
588 #endif
589 #ifdef HAVE_AESCCM
590 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
591 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
592 #endif
593 #endif
594 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
595 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
596 #endif
597#endif
598
599#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
600 #ifdef HAVE_AESGCM
601 #ifndef NO_SHA256
602 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
603 #ifndef NO_RSA
604 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
605 #endif
606 #endif
607 #ifdef WOLFSSL_SHA384
608 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
609 #ifndef NO_RSA
610 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
611 #endif
612 #endif
613 #endif
614 #if defined(HAVE_AESCCM) && !defined(NO_SHA256)
615 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
616 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
617 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
618 #endif
619#endif
620
621#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
622 #ifdef HAVE_ECC
623 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
624 #ifndef NO_RSA
625 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
626 #endif
627 #endif
628 #if !defined(NO_DH) && !defined(NO_RSA)
629 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
630 #endif
631#endif
632
633#if defined(WOLFSSL_TLS13)
634 #ifdef HAVE_AESGCM
635 #ifndef NO_SHA256
636 #define BUILD_TLS_AES_128_GCM_SHA256
637 #endif
638 #ifdef WOLFSSL_SHA384
639 #define BUILD_TLS_AES_256_GCM_SHA384
640 #endif
641 #endif
642
643 #ifdef HAVE_CHACHA
644 #ifndef NO_SHA256
645 #define BUILD_TLS_CHACHA20_POLY1305_SHA256
646 #endif
647 #endif
648
649 #ifdef HAVE_AESCCM
650 #ifndef NO_SHA256
651 #define BUILD_TLS_AES_128_CCM_SHA256
652 #define BUILD_TLS_AES_128_CCM_8_SHA256
653 #endif
654 #endif
655#endif
656
657#ifdef WOLFSSL_MULTICAST
658 #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
659 #define BUILD_WDM_WITH_NULL_SHA256
660 #endif
661#endif
662
663#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
664 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
665 #define BUILD_ARC4
666#endif
667
668#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
669 #define BUILD_DES3
670#endif
671
672#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
673 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
674 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \
675 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
676 #undef BUILD_AES
677 #define BUILD_AES
678#endif
679
680#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
681 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
682 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
683 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
684 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
685 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
686 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
687 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
688 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
689 defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384)
690 #define BUILD_AESGCM
691#endif
692
693#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
694 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
695 defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
696 #define BUILD_HC128
697#endif
698
699#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
700 #define BUILD_RABBIT
701#endif
702
703#ifdef NO_DES3
704 #define DES_BLOCK_SIZE 8
705#else
706 #undef BUILD_DES3
707 #define BUILD_DES3
708#endif
709
710#if defined(NO_AES) || defined(NO_AES_DECRYPT)
711 #define AES_BLOCK_SIZE 16
712 #undef BUILD_AES
713#else
714 #undef BUILD_AES
715 #define BUILD_AES
716#endif
717
718#ifndef NO_RC4
719 #undef BUILD_ARC4
720 #define BUILD_ARC4
721#endif
722
723#ifdef HAVE_CHACHA
724 #define CHACHA20_BLOCK_SIZE 16
725#endif
726
727#if defined(WOLFSSL_MAX_STRENGTH) || \
728 defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
729 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
730
731 #define HAVE_AEAD
732#endif
733
734#if defined(WOLFSSL_MAX_STRENGTH) || \
735 defined(HAVE_ECC) || !defined(NO_DH)
736
737 #define HAVE_PFS
738#endif
739
740#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
741 #define BUILD_IDEA
742#endif
743
744/* actual cipher values, 2nd byte */
745enum {
746 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
747 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
748 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
749 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
750 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
751 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
752 TLS_RSA_WITH_NULL_SHA = 0x02,
753 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
754 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
755 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
756 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
757 TLS_PSK_WITH_NULL_SHA256 = 0xb0,
758 TLS_PSK_WITH_NULL_SHA384 = 0xb1,
759 TLS_PSK_WITH_NULL_SHA = 0x2c,
760 SSL_RSA_WITH_RC4_128_SHA = 0x05,
761 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
762 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
763 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
764
765 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
766 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
767 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
768 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
769 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
770 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
771 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
772 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
773 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
774 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
775 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
776 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
777 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
778 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
779 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
780 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
781
782 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
783 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
784 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
785 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
786 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
787 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
788 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
789 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
790 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
791 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
792 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
793 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
794 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
795
796 /* wolfSSL extension - eSTREAM */
797 TLS_RSA_WITH_HC_128_MD5 = 0xFB,
798 TLS_RSA_WITH_HC_128_SHA = 0xFC,
799 TLS_RSA_WITH_RABBIT_SHA = 0xFD,
800 WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
801
802 /* wolfSSL extension - Blake2b 256 */
803 TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
804 TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
805 TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
806
807 /* wolfSSL extension - NTRU */
808 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
809 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
810 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
811 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
812
813 /* wolfSSL extension - NTRU , Quantum-safe Handshake
814 first byte is 0xD0 (QSH_BYTE) */
815 TLS_QSH = 0x01,
816
817 /* SHA256 */
818 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
819 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
820 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
821 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
822 TLS_RSA_WITH_NULL_SHA256 = 0x3b,
823 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
824 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
825
826 /* SHA384 */
827 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
828 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
829
830 /* AES-GCM */
831 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
832 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
833 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
834 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
835 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
836 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
837 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
838 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
839
840 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
841 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
842 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
843 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
844 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
845 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
846 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
847 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
848 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
849
850 /* AES-CCM, first byte is 0xC0 but isn't ECC,
851 * also, in some of the other AES-CCM suites
852 * there will be second byte number conflicts
853 * with non-ECC AES-GCM */
854 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
855 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
856 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
857 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
858 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
859 TLS_PSK_WITH_AES_128_CCM = 0xa4,
860 TLS_PSK_WITH_AES_256_CCM = 0xa5,
861 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
862 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
863 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
864 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
865
866 /* Camellia */
867 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
868 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
869 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
870 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
871 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
872 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
873 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
874 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
875
876 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
877 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
878 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
879 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
880 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
881 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
882 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
883
884 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
885 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
886 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
887 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
888
889 /* TLS v1.3 cipher suites */
890 TLS_AES_128_GCM_SHA256 = 0x01,
891 TLS_AES_256_GCM_SHA384 = 0x02,
892 TLS_CHACHA20_POLY1305_SHA256 = 0x03,
893 TLS_AES_128_CCM_SHA256 = 0x04,
894 TLS_AES_128_CCM_8_SHA256 = 0x05,
895
896 /* Renegotiation Indication Extension Special Suite */
897 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
898};
899
900
901#ifndef WOLFSSL_SESSION_TIMEOUT
902 #define WOLFSSL_SESSION_TIMEOUT 500
903 /* default session resumption cache timeout in seconds */
904#endif
905
906
907#ifndef WOLFSSL_DTLS_WINDOW_WORDS
908 #define WOLFSSL_DTLS_WINDOW_WORDS 2
909#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
910#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
911#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
912#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
913
914#ifndef WOLFSSL_MULTICAST
915 #define WOLFSSL_DTLS_PEERSEQ_SZ 1
916#else
917 #ifndef WOLFSSL_MULTICAST_PEERS
918 /* max allowed multicast group peers */
919 #define WOLFSSL_MULTICAST_PEERS 100
920 #endif
921 #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS
922#endif /* WOLFSSL_MULTICAST */
923
924#ifndef WOLFSSL_MAX_MTU
925 #define WOLFSSL_MAX_MTU 1500
926#endif /* WOLFSSL_MAX_MTU */
927
928
929
930enum Misc {
931 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
932 QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
933 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
934 TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
935
936 SEND_CERT = 1,
937 SEND_BLANK_CERT = 2,
938
939 DTLS_MAJOR = 0xfe, /* DTLS major version number */
940 DTLS_MINOR = 0xff, /* DTLS minor version number */
941 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
942 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
943 SSLv3_MINOR = 0, /* TLSv1 minor version number */
944 TLSv1_MINOR = 1, /* TLSv1 minor version number */
945 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
946 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
947 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
948 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
949#ifdef WOLFSSL_TLS13_DRAFT_18
950 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
951#else
952 TLS_DRAFT_MINOR = 0x14, /* Minor version number of TLS draft */
953#endif
954 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
955 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
956 NO_COMPRESSION = 0,
957 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
958 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
959 HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
960 SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
961 /* pre RSA and all master */
962#if defined(WOLFSSL_MYSQL_COMPATIBLE)
963 ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
964#else
965 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
966#endif
967 SIZEOF_SENDER = 4, /* clnt or srvr */
968 FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
969 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
970 MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
971 /* max added to msg, mac + pad from */
972 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
973 digest sz + BLOC_SZ (iv) + pad byte (1) */
974 MAX_COMP_EXTRA = 1024, /* max compression extra */
975 MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
976 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
977 MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */
978 MAX_STR_VERSION = 8, /* string rep of protocol version */
979
980 PAD_MD5 = 48, /* pad length for finished */
981 PAD_SHA = 40, /* pad length for finished */
982 MAX_PAD_SIZE = 256, /* maximum length of padding */
983 COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
984 COMPRESS_CONSTANT = 13, /* compression calc constant */
985 COMPRESS_UPPER = 55, /* compression calc numerator */
986 COMPRESS_LOWER = 64, /* compression calc denominator */
987
988 PEM_LINE_LEN = 80, /* PEM line max + fudge */
989 LENGTH_SZ = 2, /* length field for HMAC, data only */
990 VERSION_SZ = 2, /* length of proctocol version */
991 SEQ_SZ = 8, /* 64 bit sequence number */
992 ALERT_SIZE = 2, /* level + description */
993 VERIFY_HEADER = 2, /* always use 2 bytes */
994 EXTS_SZ = 2, /* always use 2 bytes */
995 EXT_ID_SZ = 2, /* always use 2 bytes */
996 MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
997 NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
998 SESSION_HINT_SZ = 4, /* session timeout hint */
999 SESSION_ADD_SZ = 4, /* session age add */
1000 MAX_LIFETIME = 604800, /* maximum ticket lifetime */
1001 MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */
1002
1003 RAN_LEN = 32, /* random length */
1004 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
1005 ID_LEN = 32, /* session id length */
1006 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
1007 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
1008 COOKIE_SZ = 20, /* use a 20 byte cookie */
1009 SUITE_LEN = 2, /* cipher suite sz length */
1010 ENUM_LEN = 1, /* always a byte */
1011 OPAQUE8_LEN = 1, /* 1 byte */
1012 OPAQUE16_LEN = 2, /* 2 bytes */
1013 OPAQUE24_LEN = 3, /* 3 bytes */
1014 OPAQUE32_LEN = 4, /* 4 bytes */
1015 OPAQUE64_LEN = 8, /* 8 bytes */
1016 COMP_LEN = 1, /* compression length */
1017 CURVE_LEN = 2, /* ecc named curve length */
1018 KE_GROUP_LEN = 2, /* key exchange group length */
1019 SERVER_ID_LEN = 20, /* server session id length */
1020
1021 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
1022 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
1023 CERT_HEADER_SZ = 3, /* always 3 bytes */
1024 REQ_HEADER_SZ = 2, /* cert request header sz */
1025 HINT_LEN_SZ = 2, /* length of hint size field */
1026 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
1027 HELLO_EXT_SZ = 4, /* base length of a hello extension */
1028 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
1029 HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
1030 HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
1031 HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
1032
1033 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
1034 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
1035 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
1036 DTLS_RECORD_EXTRA = 8, /* diff from normal */
1037 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
1038 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
1039 DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
1040 DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
1041 DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
1042 DTLS_EXPORT_OPT_SZ = 58, /* amount of bytes used from Options */
1043 DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
1044 DTLS_EXPORT_OPT_SZ_3 = 57, /* amount of bytes used from Options */
1045 DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
1046 /* max amount of bytes used from Keys */
1047 DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
1048 /* min amount of bytes used from Keys */
1049 DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
1050 DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
1051 DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
1052 MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
1053 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
1054 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
1055 EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
1056 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
1057 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
1058 MAX_PRF_HALF = 256, /* Maximum half secret len */
1059 MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
1060 MAX_PRF_DIG = 224, /* Maximum digest len */
1061 PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
1062 MAX_LABEL_SZ = 34, /* Maximum length of a label */
1063 MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
1064 OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
1065 OPAQUE8_LEN + MAX_DIGEST_SIZE,
1066 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
1067 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
1068
1069 RC4_KEY_SIZE = 16, /* always 128bit */
1070 DES_KEY_SIZE = 8, /* des */
1071 DES3_KEY_SIZE = 24, /* 3 des ede */
1072 DES_IV_SIZE = DES_BLOCK_SIZE,
1073 AES_256_KEY_SIZE = 32, /* for 256 bit */
1074 AES_192_KEY_SIZE = 24, /* for 192 bit */
1075 AES_IV_SIZE = 16, /* always block size */
1076 AES_128_KEY_SIZE = 16, /* for 128 bit */
1077
1078 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
1079 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
1080 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
1081 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
1082 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
1083 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
1084 AEAD_NONCE_SZ = 12,
1085 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
1086 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
1087 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
1088
1089 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
1090 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
1091 CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
1092
1093 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
1094
1095 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
1096 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
1097 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
1098 AESCCM_NONCE_SZ = 12,
1099
1100 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
1101 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
1102 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
1103 CAMELLIA_IV_SIZE = 16, /* always block size */
1104
1105 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
1106 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
1107 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
1108
1109 POLY1305_AUTH_SZ = 16, /* 128 bits */
1110
1111 HC_128_KEY_SIZE = 16, /* 128 bits */
1112 HC_128_IV_SIZE = 16, /* also 128 bits */
1113
1114 RABBIT_KEY_SIZE = 16, /* 128 bits */
1115 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
1116
1117 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
1118
1119 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
1120 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
1121 MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
1122
1123 NEW_SA_MAJOR = 8, /* Most signicant byte used with new sig algos */
1124 ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
1125 ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
1126 ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
1127 ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
1128
1129 MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
1130 MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
1131
1132#ifdef HAVE_QSH
1133 /* qsh handshake sends 600+ size keys over hello extensions */
1134 MAX_HELLO_SZ = 2048, /* max client or server hello */
1135#else
1136 MAX_HELLO_SZ = 128, /* max client or server hello */
1137#endif
1138 MAX_CERT_VERIFY_SZ = 1024, /* max */
1139 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
1140 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
1141
1142 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
1143 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
1144 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
1145
1146 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
1147 NULL_TERM_LEN = 1, /* length of null '\0' termination character */
1148 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
1149 MIN_PSK_ID_LEN = 6, /* min length of identities */
1150 MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
1151 MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */
1152
1153 MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
1154
1155#if defined(HAVE_EX_DATA) || defined(FORTRESS)
1156 MAX_EX_DATA = 5, /* allow for five items of ex_data */
1157#endif
1158
1159 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
1160 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
1161 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
1162 will use dynamic buffer if not big enough */
1163
1164 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
1165 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
1166 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
1167 NO_SNIFF = 0, /* not sniffing */
1168 SNIFF = 1, /* currently sniffing */
1169
1170 HASH_SIG_SIZE = 2, /* default SHA1 RSA */
1171
1172 NO_COPY = 0, /* should we copy static buffer for write */
1173 COPY = 1, /* should we copy static buffer for write */
1174
1175 INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */
1176
1177 PREV_ORDER = -1, /* Sequence number is in previous epoch. */
1178 PEER_ORDER = 1, /* Peer sequence number for verify. */
1179 CUR_ORDER = 0 /* Current sequence number. */
1180};
1181
1182
1183/* Set max implicit IV size for AEAD cipher suites */
1184#define AEAD_MAX_IMP_SZ 12
1185
1186/* Set max explicit IV size for AEAD cipher suites */
1187#define AEAD_MAX_EXP_SZ 8
1188
1189
1190#ifndef WOLFSSL_MAX_SUITE_SZ
1191 #define WOLFSSL_MAX_SUITE_SZ 300
1192 /* 150 suites for now! */
1193#endif
1194
1195/* set minimum ECC key size allowed */
1196#ifndef WOLFSSL_MIN_ECC_BITS
1197 #ifdef WOLFSSL_MAX_STRENGTH
1198 #define WOLFSSL_MIN_ECC_BITS 256
1199 #else
1200 #define WOLFSSL_MIN_ECC_BITS 224
1201 #endif
1202#endif /* WOLFSSL_MIN_ECC_BITS */
1203#if (WOLFSSL_MIN_ECC_BITS % 8)
1204 /* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1.
1205 In these cases round down to the nearest value divisable by 8. The
1206 restriction of being divisable by 8 is in place to match wc_ecc_size
1207 function from wolfSSL.
1208 */
1209 #error ECC minimum bit size must be a multiple of 8
1210#endif
1211#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
1212
1213/* set minimum RSA key size allowed */
1214#ifndef WOLFSSL_MIN_RSA_BITS
1215 #ifdef WOLFSSL_MAX_STRENGTH
1216 #define WOLFSSL_MIN_RSA_BITS 2048
1217 #else
1218 #define WOLFSSL_MIN_RSA_BITS 1024
1219 #endif
1220#endif /* WOLFSSL_MIN_RSA_BITS */
1221#if (WOLFSSL_MIN_RSA_BITS % 8)
1222 /* This is to account for the example case of a min size of 2050 bits but
1223 still allows 2049 bit key. So we need the measurment to be in bytes. */
1224 #error RSA minimum bit size must be a multiple of 8
1225#endif
1226#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
1227
1228/* set minimum DH key size allowed */
1229#ifndef WOLFSSL_MIN_DHKEY_BITS
1230 #ifdef WOLFSSL_MAX_STRENGTH
1231 #define WOLFSSL_MIN_DHKEY_BITS 2048
1232 #else
1233 #define WOLFSSL_MIN_DHKEY_BITS 1024
1234 #endif
1235#endif
1236#if (WOLFSSL_MIN_DHKEY_BITS % 8)
1237 #error DH minimum bit size must be multiple of 8
1238#endif
1239#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
1240 #error DH minimum bit size must not be greater than 16000
1241#endif
1242#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
1243
1244
1245#ifdef SESSION_INDEX
1246/* Shift values for making a session index */
1247#define SESSIDX_ROW_SHIFT 4
1248#define SESSIDX_IDX_MASK 0x0F
1249#endif
1250
1251
1252/* max cert chain peer depth */
1253#ifndef MAX_CHAIN_DEPTH
1254 #define MAX_CHAIN_DEPTH 9
1255#endif
1256
1257/* max size of a certificate message payload */
1258/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
1259#ifndef MAX_CERTIFICATE_SZ
1260 #define MAX_CERTIFICATE_SZ \
1261 CERT_HEADER_SZ + \
1262 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
1263#endif
1264
1265/* max size of a handshake message, currently set to the certificate */
1266#ifndef MAX_HANDSHAKE_SZ
1267 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
1268#endif
1269
1270#ifndef SESSION_TICKET_LEN
1271 #define SESSION_TICKET_LEN 256
1272#endif
1273
1274#ifndef SESSION_TICKET_HINT_DEFAULT
1275 #define SESSION_TICKET_HINT_DEFAULT 300
1276#endif
1277
1278
1279/* don't use extra 3/4k stack space unless need to */
1280#ifdef HAVE_NTRU
1281 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
1282#else
1283 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
1284#endif
1285
1286
1287/* states */
1288enum states {
1289 NULL_STATE = 0,
1290
1291 SERVER_HELLOVERIFYREQUEST_COMPLETE,
1292 SERVER_HELLO_COMPLETE,
1293 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
1294 SERVER_CERT_COMPLETE,
1295 SERVER_KEYEXCHANGE_COMPLETE,
1296 SERVER_HELLODONE_COMPLETE,
1297 SERVER_FINISHED_COMPLETE,
1298 SERVER_HELLO_RETRY_REQUEST,
1299
1300 CLIENT_HELLO_COMPLETE,
1301 CLIENT_KEYEXCHANGE_COMPLETE,
1302 CLIENT_FINISHED_COMPLETE,
1303
1304 HANDSHAKE_DONE
1305};
1306
1307
1308#if defined(__GNUC__)
1309 #define WOLFSSL_PACK __attribute__ ((packed))
1310#else
1311 #define WOLFSSL_PACK
1312#endif
1313
1314/* SSL Version */
1315typedef struct ProtocolVersion {
1316 byte major;
1317 byte minor;
1318} WOLFSSL_PACK ProtocolVersion;
1319
1320
1321WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
1322WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
1323WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
1324WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
1325WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
1326
1327#ifdef WOLFSSL_DTLS
1328 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
1329 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
1330
1331 #ifdef WOLFSSL_SESSION_EXPORT
1332 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
1333 word32 sz);
1334 WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
1335 word32 sz);
1336 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
1337 #endif
1338#endif
1339
1340
1341enum BIO_TYPE {
1342 BIO_BUFFER = 1,
1343 BIO_SOCKET = 2,
1344 BIO_SSL = 3,
1345 BIO_MEMORY = 4,
1346 BIO_BIO = 5,
1347 BIO_FILE = 6
1348};
1349
1350
1351/* wolfSSL BIO_METHOD type */
1352struct WOLFSSL_BIO_METHOD {
1353 byte type; /* method type */
1354};
1355
1356
1357/* wolfSSL BIO type */
1358struct WOLFSSL_BIO {
1359 WOLFSSL* ssl; /* possible associated ssl */
1360#ifndef NO_FILESYSTEM
1361 XFILE file;
1362#endif
1363 WOLFSSL_BIO* prev; /* previous in chain */
1364 WOLFSSL_BIO* next; /* next in chain */
1365 WOLFSSL_BIO* pair; /* BIO paired with */
1366 void* heap; /* user heap hint */
1367 byte* mem; /* memory buffer */
1368 int wrSz; /* write buffer size (mem) */
1369 int wrIdx; /* current index for write buffer */
1370 int rdIdx; /* current read index */
1371 int readRq; /* read request */
1372 int memLen; /* memory buffer length */
1373 int fd; /* possible file descriptor */
1374 int eof; /* eof flag */
1375 byte type; /* method type */
1376 byte close; /* close flag */
1377};
1378
1379
1380/* wolfSSL method type */
1381struct WOLFSSL_METHOD {
1382 ProtocolVersion version;
1383 byte side; /* connection side, server or client */
1384 byte downgrade; /* whether to downgrade version, default no */
1385};
1386
1387/* wolfSSL buffer type - internal uses "buffer" type */
1388typedef WOLFSSL_BUFFER_INFO buffer;
1389
1390
1391/* defaults to client */
1392WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
1393
1394/* for sniffer */
1395WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1396 word32 size, word32 totalSz, int sniff);
1397WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
1398/* TLS v1.3 needs these */
1399WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
1400 word32);
1401#ifdef WOLFSSL_TLS13
1402WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
1403 word32* inOutIdx, word32 helloSz);
1404#endif
1405WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
1406 word32);
1407WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
1408WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
1409 word32 hashSigAlgoSz);
1410WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
1411WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
1412WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
1413WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
1414#ifndef NO_CERTS
1415WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
1416#endif
1417WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
1418WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
1419WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
1420 int ivSz);
1421WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
1422#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
1423WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
1424#endif
1425#ifdef WOLFSSL_TLS13
1426WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
1427 word16 sz);
1428WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
1429 word32* inOutIdx, byte type,
1430 word32 size, word32 totalSz);
1431WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
1432 word32* inOutIdx, word32 totalSz);
1433WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
1434 word32* inOutIdx, word32 helloSz);
1435#endif
1436
1437#ifndef NO_CERTS
1438 /* wolfSSL DER buffer */
1439 typedef struct DerBuffer {
1440 byte* buffer;
1441 void* heap;
1442 word32 length;
1443 int type; /* enum CertType */
1444 int dynType; /* DYNAMIC_TYPE_* */
1445 } DerBuffer;
1446#endif /* !NO_CERTS */
1447
1448
1449enum {
1450 FORCED_FREE = 1,
1451 NO_FORCED_FREE = 0
1452};
1453
1454
1455/* only use compression extra if using compression */
1456#ifdef HAVE_LIBZ
1457 #define COMP_EXTRA MAX_COMP_EXTRA
1458#else
1459 #define COMP_EXTRA 0
1460#endif
1461
1462/* only the sniffer needs space in the buffer for extra MTU record(s) */
1463#ifdef WOLFSSL_SNIFFER
1464 #define MTU_EXTRA MAX_MTU * 3
1465#else
1466 #define MTU_EXTRA 0
1467#endif
1468
1469
1470/* embedded callbacks require large static buffers, make sure on */
1471#ifdef WOLFSSL_CALLBACKS
1472 #undef LARGE_STATIC_BUFFERS
1473 #define LARGE_STATIC_BUFFERS
1474#endif
1475
1476
1477/* give user option to use 16K static buffers */
1478#if defined(LARGE_STATIC_BUFFERS)
1479 #define RECORD_SIZE MAX_RECORD_SIZE
1480#else
1481 #ifdef WOLFSSL_DTLS
1482 #define RECORD_SIZE MAX_MTU
1483 #else
1484 #define RECORD_SIZE 128
1485 #endif
1486#endif
1487
1488
1489/* user option to turn off 16K output option */
1490/* if using small static buffers (default) and SSL_write tries to write data
1491 larger than the record we have, dynamically get it, unless user says only
1492 write in static buffer chunks */
1493#ifndef STATIC_CHUNKS_ONLY
1494 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
1495#else
1496 #define OUTPUT_RECORD_SIZE RECORD_SIZE
1497#endif
1498
1499/* wolfSSL input buffer
1500
1501 RFC 2246:
1502
1503 length
1504 The length (in bytes) of the following TLSPlaintext.fragment.
1505 The length should not exceed 2^14.
1506*/
1507#if defined(LARGE_STATIC_BUFFERS)
1508 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
1509 MTU_EXTRA + MAX_MSG_EXTRA
1510#else
1511 /* don't fragment memory from the record header */
1512 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
1513#endif
1514
1515typedef struct {
1516 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
1517 byte* buffer; /* place holder for static or dynamic buffer */
1518 word32 length; /* total buffer length used */
1519 word32 idx; /* idx to part of length already consumed */
1520 word32 bufferSize; /* current buffer size */
1521 byte dynamicFlag; /* dynamic memory currently in use */
1522 byte offset; /* alignment offset attempt */
1523} bufferStatic;
1524
1525/* Cipher Suites holder */
1526typedef struct Suites {
1527 word16 suiteSz; /* suite length in bytes */
1528 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
1529 byte suites[WOLFSSL_MAX_SUITE_SZ];
1530 byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
1531 byte setSuites; /* user set suites from default */
1532 byte hashAlgo; /* selected hash algorithm */
1533 byte sigAlgo; /* selected sig algorithm */
1534} Suites;
1535
1536
1537WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
1538 int haveRSAsig, int haveAnon,
1539 int tls1_2, int keySz);
1540WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
1541 word16, word16, word16, word16, word16, int);
1542WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
1543WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
1544
1545#ifndef PSK_TYPES_DEFINED
1546 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
1547 unsigned int, unsigned char*, unsigned int);
1548 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
1549 unsigned char*, unsigned int);
1550#endif /* PSK_TYPES_DEFINED */
1551#ifdef WOLFSSL_DTLS
1552 typedef int (*wc_dtls_export)(WOLFSSL* ssl,
1553 unsigned char* exportBuffer, unsigned int sz, void* userCtx);
1554#endif
1555
1556
1557/* wolfSSL Cipher type just points back to SSL */
1558struct WOLFSSL_CIPHER {
1559 WOLFSSL* ssl;
1560};
1561
1562
1563typedef struct OcspEntry OcspEntry;
1564
1565#ifdef NO_SHA
1566 #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1567#else
1568 #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1569#endif
1570
1571#ifdef NO_ASN
1572 /* no_asn won't have */
1573 typedef struct CertStatus CertStatus;
1574#endif
1575
1576struct OcspEntry {
1577 OcspEntry* next; /* next entry */
1578 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
1579 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
1580 CertStatus* status; /* OCSP response list */
1581 int totalStatus; /* number on list */
1582};
1583
1584
1585#ifndef HAVE_OCSP
1586 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
1587#endif
1588
1589/* wolfSSL OCSP controller */
1590struct WOLFSSL_OCSP {
1591 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1592 OcspEntry* ocspList; /* OCSP response list */
1593 wolfSSL_Mutex ocspLock; /* OCSP list lock */
1594#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
1595 int(*statusCb)(WOLFSSL*, void*);
1596#endif
1597};
1598
1599#ifndef MAX_DATE_SIZE
1600#define MAX_DATE_SIZE 32
1601#endif
1602
1603typedef struct CRL_Entry CRL_Entry;
1604
1605#ifdef NO_SHA
1606 #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1607#else
1608 #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1609#endif
1610
1611#ifdef NO_ASN
1612 typedef struct RevokedCert RevokedCert;
1613#endif
1614
1615/* Complete CRL */
1616struct CRL_Entry {
1617 CRL_Entry* next; /* next entry */
1618 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
1619 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
1620 /* restore the hash here if needed for optimized comparisons */
1621 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
1622 byte nextDate[MAX_DATE_SIZE]; /* next update date */
1623 byte lastDateFormat; /* last date format */
1624 byte nextDateFormat; /* next date format */
1625 RevokedCert* certs; /* revoked cert list */
1626 int totalCerts; /* number on list */
1627 int verified;
1628 byte* toBeSigned;
1629 word32 tbsSz;
1630 byte* signature;
1631 word32 signatureSz;
1632 word32 signatureOID;
1633#if !defined(NO_SKID) && defined(CRL_SKID_READY)
1634 byte extAuthKeyIdSet;
1635 byte extAuthKeyId[KEYID_SIZE];
1636#endif
1637};
1638
1639
1640typedef struct CRL_Monitor CRL_Monitor;
1641
1642/* CRL directory monitor */
1643struct CRL_Monitor {
1644 char* path; /* full dir path, if valid pointer we're using */
1645 int type; /* PEM or ASN1 type */
1646};
1647
1648
1649#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
1650 #undef HAVE_CRL_MONITOR
1651#endif
1652
1653/* wolfSSL CRL controller */
1654struct WOLFSSL_CRL {
1655 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1656 CRL_Entry* crlList; /* our CRL list */
1657#ifdef HAVE_CRL_IO
1658 CbCrlIO crlIOCb;
1659#endif
1660 wolfSSL_Mutex crlLock; /* CRL list lock */
1661 CRL_Monitor monitors[2]; /* PEM and DER possible */
1662#ifdef HAVE_CRL_MONITOR
1663 pthread_cond_t cond; /* condition to signal setup */
1664 pthread_t tid; /* monitoring thread */
1665 int mfd; /* monitor fd, -1 if no init yet */
1666 int setup; /* thread is setup predicate */
1667#endif
1668 void* heap; /* heap hint for dynamic memory */
1669};
1670
1671
1672#ifdef NO_ASN
1673 typedef struct Signer Signer;
1674#ifdef WOLFSSL_TRUST_PEER_CERT
1675 typedef struct TrustedPeerCert TrustedPeerCert;
1676#endif
1677#endif
1678
1679
1680#ifndef CA_TABLE_SIZE
1681 #define CA_TABLE_SIZE 11
1682#endif
1683#ifdef WOLFSSL_TRUST_PEER_CERT
1684 #define TP_TABLE_SIZE 11
1685#endif
1686
1687/* wolfSSL Certificate Manager */
1688struct WOLFSSL_CERT_MANAGER {
1689 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
1690 void* heap; /* heap helper */
1691#ifdef WOLFSSL_TRUST_PEER_CERT
1692 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
1693 wolfSSL_Mutex tpLock; /* trusted peer list lock */
1694#endif
1695 WOLFSSL_CRL* crl; /* CRL checker */
1696 WOLFSSL_OCSP* ocsp; /* OCSP checker */
1697#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
1698 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
1699 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
1700#endif
1701 char* ocspOverrideURL; /* use this responder */
1702 void* ocspIOCtx; /* I/O callback CTX */
1703 CallbackCACache caCacheCallback; /* CA cache addition callback */
1704 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
1705 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
1706 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
1707 wolfSSL_Mutex caLock; /* CA list lock */
1708 byte crlEnabled; /* is CRL on ? */
1709 byte crlCheckAll; /* always leaf, but all ? */
1710 byte ocspEnabled; /* is OCSP on ? */
1711 byte ocspCheckAll; /* always leaf, but all ? */
1712 byte ocspSendNonce; /* send the OCSP nonce ? */
1713 byte ocspUseOverrideURL; /* ignore cert's responder, override */
1714 byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
1715
1716#ifndef NO_RSA
1717 short minRsaKeySz; /* minimum allowed RSA key size */
1718#endif
1719#if defined(HAVE_ECC) || defined(HAVE_ED25519)
1720 short minEccKeySz; /* minimum allowed ECC key size */
1721#endif
1722};
1723
1724WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
1725WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*);
1726WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
1727WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
1728WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
1729
1730/* wolfSSL Sock Addr */
1731struct WOLFSSL_SOCKADDR {
1732 unsigned int sz; /* sockaddr size */
1733 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
1734};
1735
1736typedef struct WOLFSSL_DTLS_CTX {
1737 WOLFSSL_SOCKADDR peer;
1738 int rfd;
1739 int wfd;
1740} WOLFSSL_DTLS_CTX;
1741
1742
1743typedef struct WOLFSSL_DTLS_PEERSEQ {
1744 word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
1745 /* Sliding window for current epoch */
1746 word16 nextEpoch; /* Expected epoch in next record */
1747 word16 nextSeq_hi; /* Expected sequence in next record */
1748 word32 nextSeq_lo;
1749
1750 word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
1751 /* Sliding window for old epoch */
1752 word32 prevSeq_lo;
1753 word16 prevSeq_hi; /* Next sequence in allowed old epoch */
1754
1755#ifdef WOLFSSL_MULTICAST
1756 word16 peerId;
1757 word32 highwaterMark;
1758#endif
1759} WOLFSSL_DTLS_PEERSEQ;
1760
1761
1762#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
1763
1764/* keys and secrets
1765 * keep as a constant size (no additional ifdefs) for session export */
1766typedef struct Keys {
1767 byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
1768 byte server_write_MAC_secret[MAX_DIGEST_SIZE];
1769 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
1770 byte server_write_key[AES_256_KEY_SIZE];
1771 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
1772 byte server_write_IV[MAX_WRITE_IV_SZ];
1773#if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT)
1774 byte aead_exp_IV[AEAD_MAX_EXP_SZ];
1775 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
1776 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
1777#endif
1778
1779 word32 peer_sequence_number_hi;
1780 word32 peer_sequence_number_lo;
1781 word32 sequence_number_hi;
1782 word32 sequence_number_lo;
1783
1784#ifdef WOLFSSL_DTLS
1785 word16 curEpoch; /* Received epoch in current record */
1786 word16 curSeq_hi; /* Received sequence in current record */
1787 word32 curSeq_lo;
1788#ifdef WOLFSSL_MULTICAST
1789 byte curPeerId; /* Received peer group ID in current record */
1790#endif
1791 WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ];
1792
1793 word16 dtls_peer_handshake_number;
1794 word16 dtls_expected_peer_handshake_number;
1795
1796 word16 dtls_epoch; /* Current epoch */
1797 word16 dtls_sequence_number_hi; /* Current epoch */
1798 word32 dtls_sequence_number_lo;
1799 word16 dtls_prev_sequence_number_hi; /* Previous epoch */
1800 word32 dtls_prev_sequence_number_lo;
1801 word16 dtls_handshake_number; /* Current tx handshake seq */
1802#endif
1803
1804 word32 encryptSz; /* last size of encrypted data */
1805 word32 padSz; /* how much to advance after decrypt part */
1806 byte encryptionOn; /* true after change cipher spec */
1807 byte decryptedCur; /* only decrypt current record once */
1808#ifdef WOLFSSL_TLS13
1809 byte updateResponseReq:1; /* KeyUpdate response from peer required. */
1810 byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
1811#endif
1812} Keys;
1813
1814
1815
1816/** TLS Extensions - RFC 6066 */
1817#ifdef HAVE_TLS_EXTENSIONS
1818
1819typedef enum {
1820 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
1821 TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
1822 TLSX_TRUNCATED_HMAC = 0x0004,
1823 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
1824 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
1825 TLSX_EC_POINT_FORMATS = 0x000b,
1826 TLSX_SIGNATURE_ALGORITHMS = 0x000d,
1827 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
1828 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
1829 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
1830 TLSX_SESSION_TICKET = 0x0023,
1831#ifdef WOLFSSL_TLS13
1832 TLSX_KEY_SHARE = 0x0028,
1833 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
1834 TLSX_PRE_SHARED_KEY = 0x0029,
1835 #endif
1836 #ifdef WOLFSSL_EARLY_DATA
1837 TLSX_EARLY_DATA = 0x002a,
1838 #endif
1839 TLSX_SUPPORTED_VERSIONS = 0x002b,
1840 TLSX_COOKIE = 0x002c,
1841 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
1842 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
1843 #endif
1844 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
1845 TLSX_POST_HANDSHAKE_AUTH = 0x0031,
1846 #endif
1847#endif
1848 TLSX_RENEGOTIATION_INFO = 0xff01
1849} TLSX_Type;
1850
1851typedef struct TLSX {
1852 TLSX_Type type; /* Extension Type */
1853 void* data; /* Extension Data */
1854 word32 val; /* Extension Value */
1855 byte resp; /* IsResponse Flag */
1856 struct TLSX* next; /* List Behavior */
1857} TLSX;
1858
1859WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
1860WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
1861WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
1862WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
1863
1864#ifndef NO_WOLFSSL_CLIENT
1865WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType);
1866WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
1867 byte msgType);
1868#endif
1869
1870#ifndef NO_WOLFSSL_SERVER
1871WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType);
1872WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output,
1873 byte msgType);
1874#endif
1875
1876WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
1877 byte msgType, Suites *suites);
1878
1879#elif defined(HAVE_SNI) \
1880 || defined(HAVE_MAX_FRAGMENT) \
1881 || defined(HAVE_TRUNCATED_HMAC) \
1882 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
1883 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
1884 || defined(HAVE_SUPPORTED_CURVES) \
1885 || defined(HAVE_ALPN) \
1886 || defined(HAVE_QSH) \
1887 || defined(HAVE_SESSION_TICKET) \
1888 || defined(HAVE_SECURE_RENEGOTIATION) \
1889 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
1890
1891#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
1892
1893#endif /* HAVE_TLS_EXTENSIONS */
1894
1895/** Server Name Indication - RFC 6066 (session 3) */
1896#ifdef HAVE_SNI
1897
1898typedef struct SNI {
1899 byte type; /* SNI Type */
1900 union { char* host_name; } data; /* SNI Data */
1901 struct SNI* next; /* List Behavior */
1902#ifndef NO_WOLFSSL_SERVER
1903 byte options; /* Behavior options */
1904 byte status; /* Matching result */
1905#endif
1906} SNI;
1907
1908WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
1909 word16 size, void* heap);
1910
1911#ifndef NO_WOLFSSL_SERVER
1912WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
1913 byte options);
1914WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
1915WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
1916 void** data);
1917WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
1918 byte type, byte* sni, word32* inOutSz);
1919#endif
1920
1921#endif /* HAVE_SNI */
1922
1923/* Application-Layer Protocol Negotiation - RFC 7301 */
1924#ifdef HAVE_ALPN
1925typedef struct ALPN {
1926 char* protocol_name; /* ALPN protocol name */
1927 struct ALPN* next; /* List Behavior */
1928 byte options; /* Behavior options */
1929 byte negotiated; /* ALPN protocol negotiated or not */
1930} ALPN;
1931
1932WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
1933 void** data, word16 *dataSz);
1934
1935WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
1936 word16 size, byte options, void* heap);
1937
1938WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
1939
1940#endif /* HAVE_ALPN */
1941
1942/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
1943#ifdef HAVE_MAX_FRAGMENT
1944
1945WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
1946
1947#endif /* HAVE_MAX_FRAGMENT */
1948
1949/** Truncated HMAC - RFC 6066 (session 7) */
1950#ifdef HAVE_TRUNCATED_HMAC
1951
1952WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
1953
1954#endif /* HAVE_TRUNCATED_HMAC */
1955
1956/** Certificate Status Request - RFC 6066 (session 8) */
1957#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
1958
1959typedef struct {
1960 byte status_type;
1961 byte options;
1962 union {
1963 OcspRequest ocsp;
1964 } request;
1965} CertificateStatusRequest;
1966
1967WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
1968 byte status_type, byte options, void* heap, int devId);
1969#ifndef NO_CERTS
1970WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
1971 void* heap);
1972#endif
1973WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
1974WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
1975
1976#endif
1977
1978/** Certificate Status Request v2 - RFC 6961 */
1979#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
1980
1981typedef struct CSRIv2 {
1982 byte status_type;
1983 byte options;
1984 word16 requests;
1985 union {
1986 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
1987 } request;
1988 struct CSRIv2* next;
1989} CertificateStatusRequestItemV2;
1990
1991WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
1992 byte status_type, byte options, void* heap, int devId);
1993#ifndef NO_CERTS
1994WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
1995 byte isPeer, void* heap);
1996#endif
1997WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
1998 byte index);
1999WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
2000
2001#endif
2002
2003/** Supported Elliptic Curves - RFC 4492 (session 4) */
2004#ifdef HAVE_SUPPORTED_CURVES
2005
2006typedef struct SupportedCurve {
2007 word16 name; /* Curve Names */
2008 struct SupportedCurve* next; /* List Behavior */
2009} SupportedCurve;
2010
2011typedef struct PointFormat {
2012 byte format; /* PointFormat */
2013 struct PointFormat* next; /* List Behavior */
2014} PointFormat;
2015
2016WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
2017 void* heap);
2018
2019WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
2020 void* heap);
2021
2022#ifndef NO_WOLFSSL_SERVER
2023WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first,
2024 byte second);
2025#endif
2026
2027#endif /* HAVE_SUPPORTED_CURVES */
2028
2029/** Renegotiation Indication - RFC 5746 */
2030#if defined(HAVE_SECURE_RENEGOTIATION) \
2031 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2032
2033enum key_cache_state {
2034 SCR_CACHE_NULL = 0, /* empty / begin state */
2035 SCR_CACHE_NEEDED, /* need to cache keys */
2036 SCR_CACHE_COPY, /* we have a cached copy */
2037 SCR_CACHE_PARTIAL, /* partial restore to real keys */
2038 SCR_CACHE_COMPLETE /* complete restore to real keys */
2039};
2040
2041/* Additional Connection State according to rfc5746 section 3.1 */
2042typedef struct SecureRenegotiation {
2043 byte enabled; /* secure_renegotiation flag in rfc */
2044 byte startScr; /* server requested client to start scr */
2045 enum key_cache_state cache_status; /* track key cache state */
2046 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
2047 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
2048 byte subject_hash[WC_SHA_DIGEST_SIZE]; /* peer cert hash */
2049 Keys tmp_keys; /* can't overwrite real keys yet */
2050} SecureRenegotiation;
2051
2052WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
2053
2054#ifdef HAVE_SERVER_RENEGOTIATION_INFO
2055WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
2056#endif
2057
2058#endif /* HAVE_SECURE_RENEGOTIATION */
2059
2060/** Session Ticket - RFC 5077 (session 3.2) */
2061#ifdef HAVE_SESSION_TICKET
2062
2063typedef struct SessionTicket {
2064 word32 lifetime;
2065#ifdef WOLFSSL_TLS13
2066 word64 seen;
2067 word32 ageAdd;
2068#endif
2069 byte* data;
2070 word16 size;
2071} SessionTicket;
2072
2073WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
2074 SessionTicket* ticket, void* heap);
2075WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
2076 byte* data, word16 size, void* heap);
2077WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
2078
2079#endif /* HAVE_SESSION_TICKET */
2080
2081/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
2082#ifdef HAVE_QSH
2083
2084typedef struct QSHScheme {
2085 struct QSHScheme* next; /* List Behavior */
2086 byte* PK;
2087 word16 name; /* QSHScheme Names */
2088 word16 PKLen;
2089} QSHScheme;
2090
2091typedef struct QSHkey {
2092 struct QSHKey* next;
2093 word16 name;
2094 buffer pub;
2095 buffer pri;
2096} QSHKey;
2097
2098typedef struct QSHSecret {
2099 QSHScheme* list;
2100 buffer* SerSi;
2101 buffer* CliSi;
2102} QSHSecret;
2103
2104/* used in key exchange during handshake */
2105WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
2106 word16 length, byte isServer);
2107WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
2108WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
2109
2110/* used by api for setting a specific QSH scheme */
2111WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
2112 byte* pKey, word16 pKeySz, void* heap);
2113
2114/* used when parsing in QSHCipher structs */
2115WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
2116 byte* out, word16* szOut);
2117#ifndef NO_WOLFSSL_SERVER
2118WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
2119#endif
2120
2121#endif /* HAVE_QSH */
2122
2123#ifdef WOLFSSL_TLS13
2124/* Cookie extension information - cookie data. */
2125typedef struct Cookie {
2126 word16 len;
2127 byte data;
2128} Cookie;
2129
2130WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len,
2131 byte* mac, byte macSz, int resp);
2132
2133
2134/* Key Share - TLS v1.3 Specification */
2135
2136/* The KeyShare extension information - entry in a linked list. */
2137typedef struct KeyShareEntry {
2138 word16 group; /* NamedGroup */
2139 byte* ke; /* Key exchange data */
2140 word32 keLen; /* Key exchange data length */
2141 void* key; /* Private key */
2142 word32 keyLen; /* Private key length */
2143 struct KeyShareEntry* next; /* List pointer */
2144} KeyShareEntry;
2145
2146WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
2147 byte* data, KeyShareEntry **kse);
2148WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
2149WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
2150
2151
2152#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2153/* The PreSharedKey extension information - entry in a linked list. */
2154typedef struct PreSharedKey {
2155 word16 identityLen; /* Length of identity */
2156 byte* identity; /* PSK identity */
2157 word32 ticketAge; /* Age of the ticket */
2158 byte cipherSuite0; /* Cipher Suite */
2159 byte cipherSuite; /* Cipher Suite */
2160 word32 binderLen; /* Length of HMAC */
2161 byte binder[MAX_DIGEST_SIZE]; /* HMAC of hanshake */
2162 byte hmac; /* HMAC algorithm */
2163 byte resumption:1; /* Resumption PSK */
2164 byte chosen:1; /* Server's choice */
2165 struct PreSharedKey* next; /* List pointer */
2166} PreSharedKey;
2167
2168WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
2169 byte* output, byte msgType);
2170WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
2171 byte msgType);
2172WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
2173 word16 len, word32 age, byte hmac,
2174 byte cipherSuite0, byte cipherSuite,
2175 byte resumption,
2176 PreSharedKey **preSharedKey);
2177
2178/* The possible Pre-Shared Key key exchange modes. */
2179enum PskKeyExchangeMode {
2180 PSK_KE,
2181 PSK_DHE_KE
2182};
2183
2184/* User can define this. */
2185#ifndef WOLFSSL_DEF_PSK_CIPHER
2186#define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256
2187#endif
2188
2189WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
2190
2191#ifdef WOLFSSL_EARLY_DATA
2192WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max);
2193#endif
2194#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2195
2196
2197/* The types of keys to derive for. */
2198enum DeriveKeyType {
2199 no_key,
2200 early_data_key,
2201 handshake_key,
2202 traffic_key,
2203 update_traffic_key
2204};
2205
2206/* The key update request values for KeyUpdate message. */
2207enum KeyUpdateRequest {
2208 update_not_requested,
2209 update_requested
2210};
2211#endif /* WOLFSSL_TLS13 */
2212
2213
2214/* wolfSSL context type */
2215struct WOLFSSL_CTX {
2216 WOLFSSL_METHOD* method;
2217#ifdef SINGLE_THREADED
2218 WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
2219#endif
2220 wolfSSL_Mutex countMutex; /* reference count mutex */
2221 int refCount; /* reference count */
2222 int err; /* error code in case of mutex not created */
2223#ifndef NO_DH
2224 buffer serverDH_P;
2225 buffer serverDH_G;
2226#endif
2227#ifndef NO_CERTS
2228 DerBuffer* certificate;
2229 DerBuffer* certChain;
2230 /* chain after self, in DER, with leading size for each cert */
2231 #ifdef OPENSSL_EXTRA
2232 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
2233 #endif
2234 #if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
2235 WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
2236 #endif
2237#ifdef WOLFSSL_TLS13
2238 int certChainCnt;
2239#endif
2240 DerBuffer* privateKey;
2241 byte privateKeyType;
2242 int privateKeySz;
2243 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
2244#endif
2245#ifdef KEEP_OUR_CERT
2246 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
2247 int ownOurCert; /* Dispose of certificate if we own */
2248#endif
2249 Suites* suites; /* make dynamic, user may not need/set */
2250 void* heap; /* for user memory overrides */
2251 byte verifyPeer;
2252 byte verifyNone;
2253 byte failNoCert;
2254 byte failNoCertxPSK; /* fail if no cert with the exception of PSK*/
2255 byte sessionCacheOff;
2256 byte sessionCacheFlushOff;
2257#ifdef HAVE_EXT_CACHE
2258 byte internalCacheOff;
2259#endif
2260 byte sendVerify; /* for client side */
2261 byte haveRSA; /* RSA available */
2262 byte haveECC; /* ECC available */
2263 byte haveDH; /* server DH parms set by user */
2264 byte haveNTRU; /* server private NTRU key loaded */
2265 byte haveECDSAsig; /* server cert signed w/ ECDSA */
2266 byte haveStaticECC; /* static server ECC private key */
2267 byte partialWrite; /* only one msg per write call */
2268 byte quietShutdown; /* don't send close notify */
2269 byte groupMessages; /* group handshake messages before sending */
2270 byte minDowngrade; /* minimum downgrade version */
2271 byte haveEMS; /* have extended master secret extension */
2272 byte useClientOrder:1; /* Use client's cipher preference order */
2273#ifdef WOLFSSL_TLS13
2274 byte noTicketTls13:1; /* Server won't create new Ticket */
2275 byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
2276#endif
2277#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
2278 byte postHandshakeAuth:1; /* Post-handshake auth supported. */
2279#endif
2280#ifdef WOLFSSL_MULTICAST
2281 byte haveMcast; /* multicast requested */
2282 byte mcastID; /* multicast group ID */
2283#endif
2284#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
2285 byte dtlsSctp; /* DTLS-over-SCTP mode */
2286 word16 dtlsMtuSz; /* DTLS MTU size */
2287#endif
2288#ifndef NO_DH
2289 word16 minDhKeySz; /* minimum DH key size */
2290#endif
2291#ifndef NO_RSA
2292 short minRsaKeySz; /* minimum RSA key size */
2293#endif
2294#if defined(HAVE_ECC) || defined(HAVE_ED25519)
2295 short minEccKeySz; /* minimum ECC key size */
2296#endif
2297#ifdef OPENSSL_EXTRA
2298 word32 disabledCurves; /* curves disabled by user */
2299 byte verifyDepth; /* maximum verification depth */
2300 unsigned long mask; /* store SSL_OP_ flags */
2301#endif
2302 CallbackIORecv CBIORecv;
2303 CallbackIOSend CBIOSend;
2304#ifdef WOLFSSL_DTLS
2305 CallbackGenCookie CBIOCookie; /* gen cookie callback */
2306 wc_dtls_export dtls_export; /* export function for DTLS session */
2307#ifdef WOLFSSL_SESSION_EXPORT
2308 CallbackGetPeer CBGetPeer;
2309 CallbackSetPeer CBSetPeer;
2310#endif
2311#endif /* WOLFSSL_DTLS */
2312 VerifyCallback verifyCallback; /* cert verification callback */
2313 word32 timeout; /* session timeout */
2314#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
2315 word32 ecdhCurveOID; /* curve Ecc_Sum */
2316#endif
2317#ifdef HAVE_ECC
2318 word16 eccTempKeySz; /* in octets 20 - 66 */
2319 word32 pkCurveOID; /* curve Ecc_Sum */
2320#endif
2321#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2322 byte havePSK; /* psk key set by user */
2323 wc_psk_client_callback client_psk_cb; /* client callback */
2324 wc_psk_server_callback server_psk_cb; /* server callback */
2325 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
2326#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2327#ifdef WOLFSSL_EARLY_DATA
2328 word32 maxEarlyDataSz;
2329#endif
2330#ifdef HAVE_ANON
2331 byte haveAnon; /* User wants to allow Anon suites */
2332#endif /* HAVE_ANON */
2333#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
2334 pem_password_cb* passwd_cb;
2335 void* userdata;
2336 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
2337 byte readAhead;
2338 void* userPRFArg; /* passed to prf callback */
2339#endif /* OPENSSL_EXTRA */
2340#ifdef HAVE_EX_DATA
2341 void* ex_data[MAX_EX_DATA];
2342#endif
2343#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
2344 CallbackALPNSelect alpnSelect;
2345 void* alpnSelectArg;
2346#endif
2347#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
2348 CallbackSniRecv sniRecvCb;
2349 void* sniRecvCbArg;
2350#endif
2351#if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
2352 CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
2353 word32 mcastFirstSeq; /* first trigger level */
2354 word32 mcastSecondSeq; /* second tigger level */
2355 word32 mcastMaxSeq; /* max level */
2356#endif
2357#ifdef HAVE_OCSP
2358 WOLFSSL_OCSP ocsp;
2359#endif
2360 int devId; /* async device id to use */
2361#ifdef HAVE_TLS_EXTENSIONS
2362 TLSX* extensions; /* RFC 6066 TLS Extensions data */
2363 #ifndef NO_WOLFSSL_SERVER
2364 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2365 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2366 OcspRequest* certOcspRequest;
2367 #endif
2368 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2369 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
2370 #endif
2371 #endif
2372 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
2373 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
2374 void* ticketEncCtx; /* session encrypt context */
2375 int ticketHint; /* ticket hint in seconds */
2376 #endif
2377 #ifdef HAVE_SUPPORTED_CURVES
2378 byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
2379 #endif
2380#endif
2381#ifdef ATOMIC_USER
2382 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
2383 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
2384#endif
2385#ifdef HAVE_PK_CALLBACKS
2386 #ifdef HAVE_ECC
2387 CallbackEccSign EccSignCb; /* User EccSign Callback handler */
2388 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
2389 CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
2390 #ifdef HAVE_ED25519
2391 /* User Ed25519Sign Callback handler */
2392 CallbackEd25519Sign Ed25519SignCb;
2393 /* User Ed25519Verify Callback handler */
2394 CallbackEd25519Verify Ed25519VerifyCb;
2395 #endif
2396 #ifdef HAVE_CURVE25519
2397 /* User EccSharedSecret Callback handler */
2398 CallbackX25519SharedSecret X25519SharedSecretCb;
2399 #endif
2400 #endif /* HAVE_ECC */
2401 #ifndef NO_RSA
2402 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
2403 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
2404 #ifdef WC_RSA_PSS
2405 CallbackRsaPssSign RsaPssSignCb; /* User RsaPssSign */
2406 CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaPssVerify */
2407 #endif
2408 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
2409 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
2410 #endif /* NO_RSA */
2411#endif /* HAVE_PK_CALLBACKS */
2412#ifdef HAVE_WOLF_EVENT
2413 WOLF_EVENT_QUEUE event_queue;
2414#endif /* HAVE_WOLF_EVENT */
2415#ifdef HAVE_EXT_CACHE
2416 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*);
2417 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
2418 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
2419#endif
2420};
2421
2422
2423WOLFSSL_LOCAL
2424WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
2425WOLFSSL_LOCAL
2426int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
2427WOLFSSL_LOCAL
2428void FreeSSL_Ctx(WOLFSSL_CTX*);
2429WOLFSSL_LOCAL
2430void SSL_CtxResourceFree(WOLFSSL_CTX*);
2431
2432WOLFSSL_LOCAL
2433int DeriveTlsKeys(WOLFSSL* ssl);
2434WOLFSSL_LOCAL
2435int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
2436 word32 inSz, word16 sz);
2437
2438#ifndef NO_CERTS
2439 WOLFSSL_LOCAL
2440 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
2441 WOLFSSL_LOCAL
2442 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
2443#ifdef WOLFSSL_TRUST_PEER_CERT
2444 WOLFSSL_LOCAL
2445 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
2446 WOLFSSL_LOCAL
2447 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
2448#endif
2449#endif
2450
2451/* All cipher suite related info
2452 * Keep as a constant size (no ifdefs) for session export */
2453typedef struct CipherSpecs {
2454 word16 key_size;
2455 word16 iv_size;
2456 word16 block_size;
2457 word16 aead_mac_size;
2458 byte bulk_cipher_algorithm;
2459 byte cipher_type; /* block, stream, or aead */
2460 byte mac_algorithm;
2461 byte kea; /* key exchange algo */
2462 byte sig_algo;
2463 byte hash_size;
2464 byte pad_size;
2465 byte static_ecdh;
2466} CipherSpecs;
2467
2468
2469void InitCipherSpecs(CipherSpecs* cs);
2470
2471
2472/* Supported Message Authentication Codes from page 43 */
2473enum MACAlgorithm {
2474 no_mac,
2475 md5_mac,
2476 sha_mac,
2477 sha224_mac,
2478 sha256_mac, /* needs to match external KDF_MacAlgorithm */
2479 sha384_mac,
2480 sha512_mac,
2481 rmd_mac,
2482 blake2b_mac
2483};
2484
2485
2486/* Supported Key Exchange Protocols */
2487enum KeyExchangeAlgorithm {
2488 no_kea,
2489 rsa_kea,
2490 diffie_hellman_kea,
2491 fortezza_kea,
2492 psk_kea,
2493 dhe_psk_kea,
2494 ecdhe_psk_kea,
2495 ntru_kea,
2496 ecc_diffie_hellman_kea,
2497 ecc_static_diffie_hellman_kea /* for verify suite only */
2498};
2499
2500
2501/* Supported Authentication Schemes */
2502enum SignatureAlgorithm {
2503 anonymous_sa_algo = 0,
2504 rsa_sa_algo = 1,
2505 dsa_sa_algo = 2,
2506 ecc_dsa_sa_algo = 3,
2507 rsa_pss_sa_algo = 8,
2508 ed25519_sa_algo = 9
2509};
2510
2511
2512/* Supprted ECC Curve Types */
2513enum EccCurves {
2514 named_curve = 3
2515};
2516
2517
2518/* Valid client certificate request types from page 27 */
2519enum ClientCertificateType {
2520 rsa_sign = 1,
2521 dss_sign = 2,
2522 rsa_fixed_dh = 3,
2523 dss_fixed_dh = 4,
2524 rsa_ephemeral_dh = 5,
2525 dss_ephemeral_dh = 6,
2526 fortezza_kea_cert = 20,
2527 ecdsa_sign = 64,
2528 rsa_fixed_ecdh = 65,
2529 ecdsa_fixed_ecdh = 66
2530};
2531
2532
2533enum CipherType { stream, block, aead };
2534
2535
2536
2537
2538
2539
2540/* cipher for now */
2541typedef struct Ciphers {
2542#ifdef BUILD_ARC4
2543 Arc4* arc4;
2544#endif
2545#ifdef BUILD_DES3
2546 Des3* des3;
2547#endif
2548#if defined(BUILD_AES) || defined(BUILD_AESGCM)
2549 Aes* aes;
2550 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(WOLFSSL_TLS13)
2551 byte* additional;
2552 byte* nonce;
2553 #endif
2554#endif
2555#ifdef HAVE_CAMELLIA
2556 Camellia* cam;
2557#endif
2558#ifdef HAVE_CHACHA
2559 ChaCha* chacha;
2560#endif
2561#ifdef HAVE_HC128
2562 HC128* hc128;
2563#endif
2564#ifdef BUILD_RABBIT
2565 Rabbit* rabbit;
2566#endif
2567#ifdef HAVE_IDEA
2568 Idea* idea;
2569#endif
2570 byte state;
2571 byte setup; /* have we set it up flag for detection */
2572} Ciphers;
2573
2574
2575#ifdef HAVE_ONE_TIME_AUTH
2576/* Ciphers for one time authentication such as poly1305 */
2577typedef struct OneTimeAuth {
2578#ifdef HAVE_POLY1305
2579 Poly1305* poly1305;
2580#endif
2581 byte setup; /* flag for if a cipher has been set */
2582
2583} OneTimeAuth;
2584#endif
2585
2586
2587WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
2588WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
2589
2590
2591/* hashes type */
2592typedef struct Hashes {
2593 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
2594 byte md5[WC_MD5_DIGEST_SIZE];
2595 #endif
2596 #if !defined(NO_SHA)
2597 byte sha[WC_SHA_DIGEST_SIZE];
2598 #endif
2599 #ifndef NO_SHA256
2600 byte sha256[WC_SHA256_DIGEST_SIZE];
2601 #endif
2602 #ifdef WOLFSSL_SHA384
2603 byte sha384[WC_SHA384_DIGEST_SIZE];
2604 #endif
2605 #ifdef WOLFSSL_SHA512
2606 byte sha512[WC_SHA512_DIGEST_SIZE];
2607 #endif
2608} Hashes;
2609
2610WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
2611
2612#ifdef WOLFSSL_TLS13
2613typedef union Digest {
2614#ifndef NO_WOLFSSL_SHA256
2615 wc_Sha256 sha256;
2616#endif
2617#ifdef WOLFSSL_SHA384
2618 wc_Sha384 sha384;
2619#endif
2620#ifdef WOLFSSL_SHA512
2621 wc_Sha512 sha512;
2622#endif
2623} Digest;
2624#endif
2625
2626/* Static x509 buffer */
2627typedef struct x509_buffer {
2628 int length; /* actual size */
2629 byte buffer[MAX_X509_SIZE]; /* max static cert size */
2630} x509_buffer;
2631
2632
2633/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
2634struct WOLFSSL_X509_CHAIN {
2635 int count; /* total number in chain */
2636 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
2637};
2638
2639
2640/* wolfSSL session type */
2641struct WOLFSSL_SESSION {
2642 word32 bornOn; /* create time in seconds */
2643 word32 timeout; /* timeout in seconds */
2644 byte sessionID[ID_LEN]; /* id for protocol */
2645 byte sessionIDSz;
2646 byte masterSecret[SECRET_LEN]; /* stored secret */
2647 word16 haveEMS; /* ext master secret flag */
2648#ifdef SESSION_CERTS
2649 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
2650 #ifdef WOLFSSL_ALT_CERT_CHAINS
2651 WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
2652 #endif
2653#endif
2654#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
2655 defined(HAVE_SESSION_TICKET))
2656 ProtocolVersion version; /* which version was used */
2657 byte cipherSuite0; /* first byte, normally 0 */
2658 byte cipherSuite; /* 2nd byte, actual suite */
2659#endif
2660#ifndef NO_CLIENT_CACHE
2661 word16 idLen; /* serverID length */
2662 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
2663#endif
2664#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2665 #ifdef WOLFSSL_TLS13
2666 byte namedGroup;
2667 word32 ticketSeen; /* Time ticket seen (ms) */
2668 word32 ticketAdd; /* Added by client */
2669 #endif
2670 #ifdef WOLFSSL_EARLY_DATA
2671 word32 maxEarlyDataSz;
2672 #endif
2673 byte* ticket;
2674 word16 ticketLen;
2675 byte staticTicket[SESSION_TICKET_LEN];
2676 byte isDynamic;
2677#endif
2678#ifdef HAVE_EXT_CACHE
2679 byte isAlloced;
2680#endif
2681#ifdef HAVE_EX_DATA
2682 void* ex_data[MAX_EX_DATA];
2683#endif
2684};
2685
2686
2687WOLFSSL_LOCAL
2688WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
2689WOLFSSL_LOCAL
2690int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
2691
2692typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int);
2693
2694#ifndef NO_CLIENT_CACHE
2695 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
2696#endif
2697
2698/* client connect state for nonblocking restart */
2699enum ConnectState {
2700 CONNECT_BEGIN = 0,
2701 CLIENT_HELLO_SENT,
2702 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
2703 HELLO_AGAIN_REPLY,
2704 FIRST_REPLY_DONE,
2705 FIRST_REPLY_FIRST,
2706 FIRST_REPLY_SECOND,
2707 FIRST_REPLY_THIRD,
2708 FIRST_REPLY_FOURTH,
2709 FINISHED_DONE,
2710 SECOND_REPLY_DONE
2711};
2712
2713
2714/* server accept state for nonblocking restart */
2715enum AcceptState {
2716 ACCEPT_BEGIN = 0,
2717 ACCEPT_CLIENT_HELLO_DONE,
2718 ACCEPT_HELLO_RETRY_REQUEST_DONE,
2719 ACCEPT_FIRST_REPLY_DONE,
2720 SERVER_HELLO_SENT,
2721 SERVER_EXTENSIONS_SENT,
2722 CERT_SENT,
2723 CERT_VERIFY_SENT,
2724 CERT_STATUS_SENT,
2725 KEY_EXCHANGE_SENT,
2726 CERT_REQ_SENT,
2727 SERVER_HELLO_DONE,
2728 ACCEPT_SECOND_REPLY_DONE,
2729 TICKET_SENT,
2730 CHANGE_CIPHER_SENT,
2731 ACCEPT_FINISHED_DONE,
2732 ACCEPT_THIRD_REPLY_DONE
2733};
2734
2735/* buffers for struct WOLFSSL */
2736typedef struct Buffers {
2737 bufferStatic inputBuffer;
2738 bufferStatic outputBuffer;
2739 buffer domainName; /* for client check */
2740 buffer clearOutputBuffer;
2741 buffer sig; /* signature data */
2742 buffer digest; /* digest data */
2743 int prevSent; /* previous plain text bytes sent
2744 when got WANT_WRITE */
2745 int plainSz; /* plain text bytes in buffer to send
2746 when got WANT_WRITE */
2747 byte weOwnCert; /* SSL own cert flag */
2748 byte weOwnCertChain; /* SSL own cert chain flag */
2749 byte weOwnKey; /* SSL own key flag */
2750 byte weOwnDH; /* SSL own dh (p,g) flag */
2751#ifndef NO_DH
2752 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
2753 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
2754 buffer serverDH_Pub;
2755 buffer serverDH_Priv;
2756 DhKey* serverDH_Key;
2757#endif
2758#ifndef NO_CERTS
2759 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
2760 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
2761 byte keyType; /* Type of key: RSA, ECC, Ed25519 */
2762 int keySz; /* Size of RSA key */
2763 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
2764 /* chain after self, in DER, with leading size for each cert */
2765#ifdef WOLFSSL_TLS13
2766 int certChainCnt;
2767#endif
2768#endif
2769#ifdef WOLFSSL_SEND_HRR_COOKIE
2770 buffer tls13CookieSecret; /* HRR cookie secret */
2771#endif
2772#ifdef WOLFSSL_DTLS
2773 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
2774 #ifndef NO_WOLFSSL_SERVER
2775 buffer dtlsCookieSecret; /* DTLS cookie secret */
2776 #endif /* NO_WOLFSSL_SERVER */
2777#endif
2778#ifdef HAVE_PK_CALLBACKS
2779 #ifdef HAVE_ECC
2780 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
2781 #endif /* HAVE_ECC */
2782 #ifdef HAVE_ED25519
2783 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
2784 #endif /* HAVE_ED25519 */
2785 #ifndef NO_RSA
2786 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
2787 #endif /* NO_RSA */
2788#endif /* HAVE_PK_CALLBACKS */
2789} Buffers;
2790
2791/* sub-states for send/do key share (key exchange) */
2792enum asyncState {
2793 TLS_ASYNC_BEGIN = 0,
2794 TLS_ASYNC_BUILD,
2795 TLS_ASYNC_DO,
2796 TLS_ASYNC_VERIFY,
2797 TLS_ASYNC_FINALIZE,
2798 TLS_ASYNC_END
2799};
2800
2801/* sub-states for build message */
2802enum buildMsgState {
2803 BUILD_MSG_BEGIN = 0,
2804 BUILD_MSG_SIZE,
2805 BUILD_MSG_HASH,
2806 BUILD_MSG_VERIFY_MAC,
2807 BUILD_MSG_ENCRYPT,
2808};
2809
2810/* sub-states for cipher operations */
2811enum cipherState {
2812 CIPHER_STATE_BEGIN = 0,
2813 CIPHER_STATE_DO,
2814 CIPHER_STATE_END,
2815};
2816
2817typedef struct Options {
2818#ifndef NO_PSK
2819 wc_psk_client_callback client_psk_cb;
2820 wc_psk_server_callback server_psk_cb;
2821#endif /* NO_PSK */
2822#ifdef OPENSSL_EXTRA
2823 unsigned long mask; /* store SSL_OP_ flags */
2824#endif
2825
2826 /* on/off or small bit flags, optimize layout */
2827#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2828 word16 havePSK:1; /* psk key set by user */
2829#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2830 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
2831 word16 sessionCacheOff:1;
2832 word16 sessionCacheFlushOff:1;
2833#ifdef HAVE_EXT_CACHE
2834 word16 internalCacheOff:1;
2835#endif
2836 word16 side:1; /* client or server end */
2837 word16 verifyPeer:1;
2838 word16 verifyNone:1;
2839 word16 failNoCert:1;
2840 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
2841 word16 downgrade:1; /* allow downgrade of versions */
2842 word16 resuming:1;
2843 word16 haveSessionId:1; /* server may not send */
2844 word16 tls:1; /* using TLS ? */
2845 word16 tls1_1:1; /* using TLSv1.1+ ? */
2846 word16 tls1_3:1; /* using TLSv1.3+ ? */
2847 word16 dtls:1; /* using datagrams ? */
2848 word16 connReset:1; /* has the peer reset */
2849 word16 isClosed:1; /* if we consider conn closed */
2850 word16 closeNotify:1; /* we've received a close notify */
2851 word16 sentNotify:1; /* we've sent a close notify */
2852 word16 usingCompression:1; /* are we using compression */
2853 word16 haveRSA:1; /* RSA available */
2854 word16 haveECC:1; /* ECC available */
2855 word16 haveDH:1; /* server DH parms set by user */
2856 word16 haveNTRU:1; /* server NTRU private key loaded */
2857 word16 haveQSH:1; /* have QSH ability */
2858 word16 haveECDSAsig:1; /* server ECDSA signed cert */
2859 word16 haveStaticECC:1; /* static server ECC private key */
2860 word16 havePeerCert:1; /* do we have peer's cert */
2861 word16 havePeerVerify:1; /* and peer's cert verify */
2862 word16 usingPSK_cipher:1; /* are using psk as cipher */
2863 word16 usingAnon_cipher:1; /* are we using an anon cipher */
2864 word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
2865 word16 sendAlertState:1; /* nonblocking resume */
2866 word16 partialWrite:1; /* only one msg per write call */
2867 word16 quietShutdown:1; /* don't send close notify */
2868 word16 certOnly:1; /* stop once we get cert */
2869 word16 groupMessages:1; /* group handshake messages */
2870 word16 usingNonblock:1; /* are we using nonblocking socket */
2871 word16 saveArrays:1; /* save array Memory for user get keys
2872 or psk */
2873 word16 weOwnRng:1; /* will be true unless CTX owns */
2874 word16 haveEMS:1; /* using extended master secret */
2875#ifdef HAVE_POLY1305
2876 word16 oldPoly:1; /* set when to use old rfc way of poly*/
2877#endif
2878#ifdef HAVE_ANON
2879 word16 haveAnon:1; /* User wants to allow Anon suites */
2880#endif
2881#ifdef HAVE_SESSION_TICKET
2882 word16 createTicket:1; /* Server to create new Ticket */
2883 word16 useTicket:1; /* Use Ticket not session cache */
2884 word16 rejectTicket:1; /* Callback rejected ticket */
2885#ifdef WOLFSSL_TLS13
2886 word16 noTicketTls13:1; /* Server won't create new Ticket */
2887#endif
2888#endif
2889#ifdef WOLFSSL_DTLS
2890 word16 dtlsHsRetain:1; /* DTLS retaining HS data */
2891 word16 haveMcast:1; /* using multicast ? */
2892#ifdef WOLFSSL_SCTP
2893 word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
2894#endif
2895#endif
2896#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
2897 word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
2898#endif
2899 word16 keepResources:1; /* Keep resources after handshake */
2900 word16 useClientOrder:1; /* Use client's cipher order */
2901#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
2902 word16 postHandshakeAuth:1;/* Client send post_handshake_auth
2903 * extendion. */
2904#endif
2905#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
2906 word16 sendCookie:1; /* Server creates a Cookie in HRR */
2907#endif
2908#ifdef WOLFSSL_ALT_CERT_CHAINS
2909 word16 usingAltCertChain:1;/* Alternate cert chain was used */
2910#endif
2911
2912 /* need full byte values for this section */
2913 byte processReply; /* nonblocking resume */
2914 byte cipherSuite0; /* first byte, normally 0 */
2915 byte cipherSuite; /* second byte, actual suite */
2916 byte serverState;
2917 byte clientState;
2918 byte handShakeState;
2919 byte handShakeDone; /* at least one handshake complete */
2920 byte minDowngrade; /* minimum downgrade version */
2921 byte connectState; /* nonblocking resume */
2922 byte acceptState; /* nonblocking resume */
2923 byte asyncState; /* sub-state for enum asyncState */
2924 byte buildMsgState; /* sub-state for enum buildMsgState */
2925 byte alertCount; /* detect warning dos attempt */
2926#ifdef WOLFSSL_MULTICAST
2927 word16 mcastID; /* Multicast group ID */
2928#endif
2929#ifndef NO_DH
2930 word16 minDhKeySz; /* minimum DH key size */
2931 word16 dhKeySz; /* actual DH key size */
2932#endif
2933#ifndef NO_RSA
2934 short minRsaKeySz; /* minimum RSA key size */
2935#endif
2936#if defined(HAVE_ECC) || defined(HAVE_ED25519)
2937 short minEccKeySz; /* minimum ECC key size */
2938#endif
2939#ifdef OPENSSL_EXTRA
2940 byte verifyDepth; /* maximum verification depth */
2941#endif
2942#ifdef WOLFSSL_EARLY_DATA
2943 word32 maxEarlyDataSz;
2944#endif
2945
2946} Options;
2947
2948typedef struct Arrays {
2949 byte* pendingMsg; /* defrag buffer */
2950 byte* preMasterSecret;
2951 word32 preMasterSz; /* differs for DH, actual size */
2952 word32 pendingMsgSz; /* defrag buffer size */
2953 word32 pendingMsgOffset; /* current offset into defrag buffer */
2954#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2955 word32 psk_keySz; /* actual size */
2956 char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
2957 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
2958 byte psk_key[MAX_PSK_KEY_LEN];
2959#endif
2960 byte clientRandom[RAN_LEN];
2961 byte serverRandom[RAN_LEN];
2962 byte sessionID[ID_LEN];
2963 byte sessionIDSz;
2964#ifdef WOLFSSL_TLS13
2965 byte clientSecret[SECRET_LEN];
2966 byte serverSecret[SECRET_LEN];
2967 byte secret[SECRET_LEN];
2968#endif
2969 byte masterSecret[SECRET_LEN];
2970#ifdef WOLFSSL_DTLS
2971 byte cookie[MAX_COOKIE_LEN];
2972 byte cookieSz;
2973#endif
2974 byte pendingMsgType; /* defrag buffer message type */
2975} Arrays;
2976
2977#ifndef ASN_NAME_MAX
2978#define ASN_NAME_MAX 256
2979#endif
2980
2981#ifndef MAX_DATE_SZ
2982#define MAX_DATE_SZ 32
2983#endif
2984
2985struct WOLFSSL_STACK {
2986 unsigned long num; /* number of nodes in stack
2987 * (saftey measure for freeing and shortcut for count) */
2988 union {
2989 WOLFSSL_X509* x509;
2990 WOLFSSL_X509_NAME* name;
2991 WOLFSSL_BIO* bio;
2992 WOLFSSL_ASN1_OBJECT* obj;
2993 char* string;
2994 } data;
2995 WOLFSSL_STACK* next;
2996};
2997
2998
2999struct WOLFSSL_X509_NAME {
3000 char *name;
3001 char staticName[ASN_NAME_MAX];
3002 int dynamicName;
3003 int sz;
3004#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
3005 DecodedName fullName;
3006 WOLFSSL_X509_NAME_ENTRY cnEntry;
3007 WOLFSSL_X509* x509; /* x509 that struct belongs to */
3008#endif /* OPENSSL_EXTRA */
3009#ifdef WOLFSSL_NGINX
3010 byte raw[ASN_NAME_MAX];
3011 int rawLen;
3012#endif
3013};
3014
3015#ifndef EXTERNAL_SERIAL_SIZE
3016 #define EXTERNAL_SERIAL_SIZE 32
3017#endif
3018
3019#ifdef NO_ASN
3020 typedef struct DNS_entry DNS_entry;
3021#endif
3022
3023struct WOLFSSL_X509 {
3024 int version;
3025 WOLFSSL_X509_NAME issuer;
3026 WOLFSSL_X509_NAME subject;
3027 int serialSz;
3028 byte serial[EXTERNAL_SERIAL_SIZE];
3029 char subjectCN[ASN_NAME_MAX]; /* common name short cut */
3030#ifdef WOLFSSL_SEP
3031 int deviceTypeSz;
3032 byte deviceType[EXTERNAL_SERIAL_SIZE];
3033 int hwTypeSz;
3034 byte hwType[EXTERNAL_SERIAL_SIZE];
3035 int hwSerialNumSz;
3036 byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
3037 #ifdef OPENSSL_EXTRA
3038 byte certPolicySet;
3039 byte certPolicyCrit;
3040 #endif /* OPENSSL_EXTRA */
3041#endif
3042 int notBeforeSz;
3043 byte notBefore[MAX_DATE_SZ];
3044 int notAfterSz;
3045 byte notAfter[MAX_DATE_SZ];
3046 int sigOID;
3047 buffer sig;
3048 int pubKeyOID;
3049 buffer pubKey;
3050 #ifdef HAVE_ECC
3051 word32 pkCurveOID;
3052 #endif /* HAVE_ECC */
3053 #ifndef NO_CERTS
3054 DerBuffer* derCert; /* may need */
3055 #endif
3056 DNS_entry* altNames; /* alt names list */
3057 DNS_entry* altNamesNext; /* hint for retrieval */
3058 void* heap; /* heap hint */
3059 byte dynamicMemory; /* dynamic memory flag */
3060 byte isCa;
3061#ifdef WOLFSSL_CERT_EXT
3062 char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
3063 int certPoliciesNb;
3064#endif /* WOLFSSL_CERT_EXT */
3065#ifdef OPENSSL_EXTRA
3066#ifdef HAVE_EX_DATA
3067 void* ex_data[MAX_EX_DATA];
3068#endif
3069 word32 pathLength;
3070 word16 keyUsage;
3071 byte CRLdistSet;
3072 byte CRLdistCrit;
3073 byte* CRLInfo;
3074 int CRLInfoSz;
3075 byte authInfoSet;
3076 byte authInfoCrit;
3077 byte* authInfo;
3078 int authInfoSz;
3079 byte basicConstSet;
3080 byte basicConstCrit;
3081 byte basicConstPlSet;
3082 byte subjAltNameSet;
3083 byte subjAltNameCrit;
3084 byte authKeyIdSet;
3085 byte authKeyIdCrit;
3086 byte* authKeyId;
3087 word32 authKeyIdSz;
3088 byte subjKeyIdSet;
3089 byte subjKeyIdCrit;
3090 byte* subjKeyId;
3091 word32 subjKeyIdSz;
3092 byte keyUsageSet;
3093 byte keyUsageCrit;
3094 byte extKeyUsageCrit;
3095 byte* extKeyUsageSrc;
3096 word32 extKeyUsageSz;
3097 word32 extKeyUsageCount;
3098#endif /* OPENSSL_EXTRA */
3099};
3100
3101
3102/* record layer header for PlainText, Compressed, and CipherText */
3103typedef struct RecordLayerHeader {
3104 byte type;
3105 byte pvMajor;
3106 byte pvMinor;
3107 byte length[2];
3108} RecordLayerHeader;
3109
3110
3111/* record layer header for DTLS PlainText, Compressed, and CipherText */
3112typedef struct DtlsRecordLayerHeader {
3113 byte type;
3114 byte pvMajor;
3115 byte pvMinor;
3116 byte sequence_number[8]; /* per record */
3117 byte length[2];
3118} DtlsRecordLayerHeader;
3119
3120
3121typedef struct DtlsFrag {
3122 word32 begin;
3123 word32 end;
3124 struct DtlsFrag* next;
3125} DtlsFrag;
3126
3127
3128typedef struct DtlsMsg {
3129 struct DtlsMsg* next;
3130 byte* buf;
3131 byte* msg;
3132 DtlsFrag* fragList;
3133 word32 fragSz; /* Length of fragments received */
3134 word32 seq; /* Handshake sequence number */
3135 word32 sz; /* Length of whole mesage */
3136 byte type;
3137} DtlsMsg;
3138
3139
3140#ifdef HAVE_NETX
3141
3142 /* NETX I/O Callback default */
3143 typedef struct NetX_Ctx {
3144 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
3145 NX_PACKET* nxPacket; /* incoming packet handle for short reads */
3146 ULONG nxOffset; /* offset already read from nxPacket */
3147 ULONG nxWait; /* wait option flag */
3148 } NetX_Ctx;
3149
3150#endif
3151
3152
3153/* Handshake messages received from peer (plus change cipher */
3154typedef struct MsgsReceived {
3155 word16 got_hello_request:1;
3156 word16 got_client_hello:2;
3157 word16 got_server_hello:1;
3158 word16 got_hello_verify_request:1;
3159 word16 got_session_ticket:1;
3160 word16 got_end_of_early_data:1;
3161 word16 got_hello_retry_request:1;
3162 word16 got_encrypted_extensions:1;
3163 word16 got_certificate:1;
3164 word16 got_certificate_status:1;
3165 word16 got_server_key_exchange:1;
3166 word16 got_certificate_request:1;
3167 word16 got_server_hello_done:1;
3168 word16 got_certificate_verify:1;
3169 word16 got_client_key_exchange:1;
3170 word16 got_finished:1;
3171 word16 got_key_update:1;
3172 word16 got_change_cipher:1;
3173} MsgsReceived;
3174
3175
3176/* Handshake hashes */
3177typedef struct HS_Hashes {
3178 Hashes verifyHashes;
3179 Hashes certHashes; /* for cert verify */
3180#ifndef NO_SHA
3181 wc_Sha hashSha; /* sha hash of handshake msgs */
3182#endif
3183#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
3184 wc_Md5 hashMd5; /* md5 hash of handshake msgs */
3185#endif
3186#ifndef NO_SHA256
3187 wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */
3188#endif
3189#ifdef WOLFSSL_SHA384
3190 wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */
3191#endif
3192#ifdef WOLFSSL_SHA512
3193 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
3194#endif
3195} HS_Hashes;
3196
3197
3198#ifdef WOLFSSL_ASYNC_CRYPT
3199 #define MAX_ASYNC_ARGS 18
3200 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
3201
3202 struct WOLFSSL_ASYNC {
3203 WC_ASYNC_DEV* dev;
3204 FreeArgsCb freeArgs; /* function pointer to cleanup args */
3205 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
3206 };
3207#endif
3208
3209#ifdef HAVE_WRITE_DUP
3210
3211 #define WRITE_DUP_SIDE 1
3212 #define READ_DUP_SIDE 2
3213
3214 typedef struct WriteDup {
3215 wolfSSL_Mutex dupMutex; /* reference count mutex */
3216 int dupCount; /* reference count */
3217 int dupErr; /* under dupMutex, pass to other side */
3218 } WriteDup;
3219
3220 WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
3221 WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
3222#endif /* HAVE_WRITE_DUP */
3223
3224#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3225typedef struct CertReqCtx CertReqCtx;
3226
3227struct CertReqCtx {
3228 CertReqCtx* next;
3229 byte len;
3230 byte ctx;
3231};
3232#endif
3233
3234/* wolfSSL ssl type */
3235struct WOLFSSL {
3236 WOLFSSL_CTX* ctx;
3237 Suites* suites; /* only need during handshake */
3238 Arrays* arrays;
3239 HS_Hashes* hsHashes;
3240 void* IOCB_ReadCtx;
3241 void* IOCB_WriteCtx;
3242 WC_RNG* rng;
3243 void* verifyCbCtx; /* cert verify callback user ctx*/
3244 VerifyCallback verifyCallback; /* cert verification callback */
3245 void* heap; /* for user overrides */
3246#ifdef HAVE_WRITE_DUP
3247 WriteDup* dupWrite; /* valid pointer indicates ON */
3248 /* side that decrements dupCount to zero frees overall structure */
3249 byte dupSide; /* write side or read side */
3250#endif
3251#ifdef WOLFSSL_STATIC_MEMORY
3252 WOLFSSL_HEAP_HINT heap_hint;
3253#endif
3254#ifndef NO_HANDSHAKE_DONE_CB
3255 HandShakeDoneCb hsDoneCb; /* notify user handshake done */
3256 void* hsDoneCtx; /* user handshake cb context */
3257#endif
3258#ifdef WOLFSSL_ASYNC_CRYPT
3259 struct WOLFSSL_ASYNC async;
3260#endif
3261 void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
3262 word32 hsType; /* Type of Handshake key (hsKey) */
3263 WOLFSSL_CIPHER cipher;
3264 hmacfp hmac;
3265 Ciphers encrypt;
3266 Ciphers decrypt;
3267 Buffers buffers;
3268 WOLFSSL_SESSION session;
3269#ifdef HAVE_EXT_CACHE
3270 WOLFSSL_SESSION* extSession;
3271#endif
3272 WOLFSSL_ALERT_HISTORY alert_history;
3273 int error;
3274 int rfd; /* read file descriptor */
3275 int wfd; /* write file descriptor */
3276 int rflags; /* user read flags */
3277 int wflags; /* user write flags */
3278 word32 timeout; /* session timeout */
3279 word32 fragOffset; /* fragment offset */
3280 word16 curSize;
3281 RecordLayerHeader curRL;
3282 MsgsReceived msgsReceived; /* peer messages received */
3283 ProtocolVersion version; /* negotiated version */
3284 ProtocolVersion chVersion; /* client hello version */
3285 CipherSpecs specs;
3286 Keys keys;
3287 Options options;
3288#ifdef OPENSSL_EXTRA
3289 WOLFSSL_BIO* biord; /* socket bio read to free/close */
3290 WOLFSSL_BIO* biowr; /* socket bio write to free/close */
3291 unsigned long peerVerifyRet;
3292 byte readAhead;
3293#ifdef HAVE_PK_CALLBACKS
3294 void* loggingCtx; /* logging callback argument */
3295#endif
3296#endif
3297#ifndef NO_RSA
3298 RsaKey* peerRsaKey;
3299 byte peerRsaKeyPresent;
3300#endif
3301#ifdef HAVE_QSH
3302 QSHKey* QSH_Key;
3303 QSHKey* peerQSHKey;
3304 QSHSecret* QSH_secret;
3305 byte isQSH; /* is the handshake a QSH? */
3306 byte sendQSHKeys; /* flag for if the client should sen
3307 public keys */
3308 byte peerQSHKeyPresent;
3309 byte minRequest;
3310 byte maxRequest;
3311 byte user_set_QSHSchemes;
3312#endif
3313#ifdef WOLFSSL_TLS13
3314 word16 namedGroup;
3315#endif
3316 byte pssAlgo;
3317#ifdef HAVE_NTRU
3318 word16 peerNtruKeyLen;
3319 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
3320 byte peerNtruKeyPresent;
3321#endif
3322#if defined(HAVE_ECC) || defined(HAVE_ED25519)
3323 int eccVerifyRes;
3324#endif
3325#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
3326 word32 ecdhCurveOID; /* curve Ecc_Sum */
3327 ecc_key* eccTempKey; /* private ECDHE key */
3328 byte eccTempKeyPresent; /* also holds type */
3329 byte peerEccKeyPresent;
3330#endif
3331#ifdef HAVE_ECC
3332 ecc_key* peerEccKey; /* peer's ECDHE key */
3333 ecc_key* peerEccDsaKey; /* peer's ECDSA key */
3334 word32 pkCurveOID; /* curve Ecc_Sum */
3335 word16 eccTempKeySz; /* in octets 20 - 66 */
3336 byte peerEccDsaKeyPresent;
3337#endif
3338#ifdef HAVE_ED25519
3339 ed25519_key* peerEd25519Key;
3340 byte peerEd25519KeyPresent;
3341#endif
3342#ifdef HAVE_CURVE25519
3343 curve25519_key* peerX25519Key;
3344 byte peerX25519KeyPresent;
3345#endif
3346#ifdef HAVE_LIBZ
3347 z_stream c_stream; /* compression stream */
3348 z_stream d_stream; /* decompression stream */
3349 byte didStreamInit; /* for stream init and end */
3350#endif
3351#ifdef WOLFSSL_DTLS
3352 int dtls_timeout_init; /* starting timeout value */
3353 int dtls_timeout_max; /* maximum timeout value */
3354 int dtls_timeout; /* current timeout value, changes */
3355 word32 dtls_tx_msg_list_sz;
3356 word32 dtls_rx_msg_list_sz;
3357 DtlsMsg* dtls_tx_msg_list;
3358 DtlsMsg* dtls_rx_msg_list;
3359 void* IOCB_CookieCtx; /* gen cookie ctx */
3360 word32 dtls_expected_rx;
3361 wc_dtls_export dtls_export; /* export function for session */
3362#ifdef WOLFSSL_SCTP
3363 word16 dtlsMtuSz;
3364#endif /* WOLFSSL_SCTP */
3365#ifdef WOLFSSL_MULTICAST
3366 void* mcastHwCbCtx; /* Multicast highwater callback ctx */
3367#endif /* WOLFSSL_MULTICAST */
3368#ifdef WOLFSSL_DTLS_DROP_STATS
3369 word32 macDropCount;
3370 word32 replayDropCount;
3371#endif /* WOLFSSL_DTLS_DROP_STATS */
3372#endif /* WOLFSSL_DTLS */
3373#ifdef WOLFSSL_CALLBACKS
3374 HandShakeInfo handShakeInfo; /* info saved during handshake */
3375 TimeoutInfo timeoutInfo; /* info saved during handshake */
3376 byte hsInfoOn; /* track handshake info */
3377 byte toInfoOn; /* track timeout info */
3378#endif
3379#ifdef HAVE_FUZZER
3380 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
3381 void* fuzzerCtx; /* user defined pointer */
3382#endif
3383#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3384 CertReqCtx* certReqCtx;
3385#endif
3386#ifdef KEEP_PEER_CERT
3387 WOLFSSL_X509 peerCert; /* X509 peer cert */
3388#endif
3389#ifdef KEEP_OUR_CERT
3390 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
3391 points to ctx if not owned (owned
3392 flag found in buffers.weOwnCert) */
3393#endif
3394 byte keepCert; /* keep certificate after handshake */
3395#if defined(HAVE_EX_DATA) || defined(FORTRESS)
3396 void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
3397#endif
3398 int devId; /* async device id to use */
3399#ifdef HAVE_ONE_TIME_AUTH
3400 OneTimeAuth auth;
3401#endif
3402#ifdef HAVE_TLS_EXTENSIONS
3403 TLSX* extensions; /* RFC 6066 TLS Extensions data */
3404 #ifdef HAVE_MAX_FRAGMENT
3405 word16 max_fragment;
3406 #endif
3407 #ifdef HAVE_TRUNCATED_HMAC
3408 byte truncated_hmac;
3409 #endif
3410 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
3411 byte status_request;
3412 #endif
3413 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
3414 byte status_request_v2;
3415 #endif
3416 #if defined(HAVE_SECURE_RENEGOTIATION) \
3417 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
3418 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
3419 #endif /* user turned on */
3420 #ifdef HAVE_ALPN
3421 char* alpn_client_list; /* keep the client's list */
3422 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3423 CallbackALPNSelect alpnSelect;
3424 void* alpnSelectArg;
3425 #endif
3426 #endif /* of accepted protocols */
3427 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
3428 CallbackSessionTicket session_ticket_cb;
3429 void* session_ticket_ctx;
3430 byte expect_session_ticket;
3431 #endif
3432#endif /* HAVE_TLS_EXTENSIONS */
3433#ifdef HAVE_OCSP
3434 void* ocspIOCtx;
3435 #ifdef OPENSSL_EXTRA
3436 byte* ocspResp;
3437 int ocspRespSz;
3438 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3439 char* url;
3440 #endif
3441 #endif
3442#endif
3443#ifdef HAVE_NETX
3444 NetX_Ctx nxCtx; /* NetX IO Context */
3445#endif
3446#ifdef SESSION_INDEX
3447 int sessionIndex; /* Session's location in the cache. */
3448#endif
3449#ifdef ATOMIC_USER
3450 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
3451 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
3452#endif
3453#ifdef HAVE_PK_CALLBACKS
3454 #ifdef HAVE_ECC
3455 void* EccSignCtx; /* Ecc Sign Callback Context */
3456 void* EccVerifyCtx; /* Ecc Verify Callback Context */
3457 void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
3458 #ifdef HAVE_ED25519
3459 void* Ed25519SignCtx; /* ED25519 Sign Callback Context */
3460 void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */
3461 #endif
3462 #ifdef HAVE_CURVE25519
3463 void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
3464 #endif
3465 #endif /* HAVE_ECC */
3466 #ifndef NO_RSA
3467 void* RsaSignCtx; /* Rsa Sign Callback Context */
3468 void* RsaVerifyCtx; /* Rsa Verify Callback Context */
3469 #ifdef WC_RSA_PSS
3470 void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */
3471 void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */
3472 #endif
3473 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
3474 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
3475 #endif /* NO_RSA */
3476#endif /* HAVE_PK_CALLBACKS */
3477#ifdef HAVE_SECRET_CALLBACK
3478 SessionSecretCb sessionSecretCb;
3479 void* sessionSecretCtx;
3480#endif /* HAVE_SECRET_CALLBACK */
3481#ifdef WOLFSSL_JNI
3482 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
3483#endif /* WOLFSSL_JNI */
3484#ifdef WOLFSSL_EARLY_DATA
3485 int earlyData;
3486 word32 earlyDataSz;
3487#endif
3488};
3489
3490
3491WOLFSSL_LOCAL
3492int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
3493WOLFSSL_LOCAL
3494int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
3495WOLFSSL_LOCAL
3496void FreeSSL(WOLFSSL*, void* heap);
3497WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
3498
3499
3500enum {
3501 IV_SZ = 32, /* max iv sz */
3502 NAME_SZ = 80 /* max one line */
3503};
3504
3505
3506typedef struct EncryptedInfo {
3507 char name[NAME_SZ]; /* encryption name */
3508 byte iv[IV_SZ]; /* encrypted IV */
3509 word32 ivSz; /* encrypted IV size */
3510 long consumed; /* tracks PEM bytes consumed */
3511 byte set; /* if encryption set */
3512 WOLFSSL_CTX* ctx; /* CTX owner */
3513} EncryptedInfo;
3514
3515
3516#ifndef NO_CERTS
3517
3518 WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
3519 WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
3520
3521 WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
3522 DerBuffer** pDer, void* heap, EncryptedInfo* info,
3523 int* eccKey);
3524
3525 WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
3526 long sz, int format, int type, WOLFSSL* ssl,
3527 long* used, int userChain);
3528 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
3529 int type, WOLFSSL* ssl, int userChain,
3530 WOLFSSL_CRL* crl);
3531
3532 #ifdef OPENSSL_EXTRA
3533 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
3534 size_t domainNameLen);
3535 #endif
3536#endif
3537
3538
3539#ifdef WOLFSSL_CALLBACKS
3540 WOLFSSL_LOCAL
3541 void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*);
3542 WOLFSSL_LOCAL
3543 void FinishHandShakeInfo(HandShakeInfo*);
3544 WOLFSSL_LOCAL
3545 void AddPacketName(const char*, HandShakeInfo*);
3546
3547 WOLFSSL_LOCAL
3548 void InitTimeoutInfo(TimeoutInfo*);
3549 WOLFSSL_LOCAL
3550 void FreeTimeoutInfo(TimeoutInfo*, void*);
3551 WOLFSSL_LOCAL
3552 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
3553 WOLFSSL_LOCAL
3554 void AddLateName(const char*, TimeoutInfo*);
3555 WOLFSSL_LOCAL
3556 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
3557#endif
3558
3559
3560/* Record Layer Header identifier from page 12 */
3561enum ContentType {
3562 no_type = 0,
3563 change_cipher_spec = 20,
3564 alert = 21,
3565 handshake = 22,
3566 application_data = 23
3567};
3568
3569
3570/* handshake header, same for each message type, pgs 20/21 */
3571typedef struct HandShakeHeader {
3572 byte type;
3573 word24 length;
3574} HandShakeHeader;
3575
3576
3577/* DTLS handshake header, same for each message type */
3578typedef struct DtlsHandShakeHeader {
3579 byte type;
3580 word24 length;
3581 byte message_seq[2]; /* start at 0, retransmit gets same # */
3582 word24 fragment_offset; /* bytes in previous fragments */
3583 word24 fragment_length; /* length of this fragment */
3584} DtlsHandShakeHeader;
3585
3586
3587enum HandShakeType {
3588 hello_request = 0,
3589 client_hello = 1,
3590 server_hello = 2,
3591 hello_verify_request = 3, /* DTLS addition */
3592 session_ticket = 4,
3593 end_of_early_data = 5,
3594 hello_retry_request = 6,
3595 encrypted_extensions = 8,
3596 certificate = 11,
3597 server_key_exchange = 12,
3598 certificate_request = 13,
3599 server_hello_done = 14,
3600 certificate_verify = 15,
3601 client_key_exchange = 16,
3602 finished = 20,
3603 certificate_status = 22,
3604 key_update = 24,
3605 change_cipher_hs = 55, /* simulate unique handshake type for sanity
3606 checks. record layer change_cipher
3607 conflicts with handshake finished */
3608 message_hash = 254, /* synthetic message type for TLS v1.3 */
3609 no_shake = 255 /* used to initialize the DtlsMsg record */
3610};
3611
3612enum ProvisionSide {
3613 PROVISION_CLIENT = 1,
3614 PROVISION_SERVER = 2,
3615 PROVISION_CLIENT_SERVER = 3
3616};
3617
3618
3619static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
3620static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
3621
3622static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
3623static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
3624
3625
3626/* internal functions */
3627WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
3628WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
3629WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
3630WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
3631#ifdef WOLFSSL_TLS13
3632WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
3633#endif
3634WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
3635WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
3636WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
3637WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
3638WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
3639WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
3640WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
3641WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
3642WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
3643
3644WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
3645WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
3646
3647WOLFSSL_LOCAL int AddSession(WOLFSSL*);
3648WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
3649WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
3650
3651WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
3652WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
3653WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
3654
3655WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
3656WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
3657WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
3658
3659WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
3660
3661WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
3662
3663#ifndef NO_CERTS
3664 #ifndef NO_RSA
3665 #ifdef WC_RSA_PSS
3666 WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
3667 byte* out, word32 sigSz,
3668 enum wc_HashType hashType);
3669 WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf);
3670 #endif
3671 WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl,
3672 byte* verifySig, word32 sigSz,
3673 const byte* plain, word32 plainSz,
3674 int sigAlgo, int hashAlgo,
3675 RsaKey* key);
3676 WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
3677 byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
3678 const byte* keyBuf, word32 keySz, void* ctx);
3679 WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
3680 byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
3681 const byte* keyBuf, word32 keySz, void* ctx);
3682 WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
3683 word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
3684 WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
3685 word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
3686 #endif /* !NO_RSA */
3687
3688 #ifdef HAVE_ECC
3689 WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
3690 byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz,
3691 void* ctx);
3692 WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
3693 const byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
3694 void* ctx);
3695 WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
3696 ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
3697 word32* outlen, int side, void* ctx);
3698 #endif /* HAVE_ECC */
3699 #ifdef HAVE_ED25519
3700 WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
3701 byte* out, word32* outSz, ed25519_key* key, byte* keyBuf,
3702 word32 keySz, void* ctx);
3703 WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in,
3704 word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
3705 byte* keyBuf, word32 keySz, void* ctx);
3706 #endif /* HAVE_ED25519 */
3707
3708
3709 #ifdef WOLFSSL_TRUST_PEER_CERT
3710
3711 /* options for searching hash table for a matching trusted peer cert */
3712 #define WC_MATCH_SKID 0
3713 #define WC_MATCH_NAME 1
3714
3715 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
3716 int type);
3717 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
3718 DecodedCert* cert);
3719 #endif
3720
3721 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
3722 #ifndef NO_SKID
3723 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
3724 #endif
3725#endif /* !NO_CERTS */
3726WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
3727 word32* hashLen);
3728WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
3729 const byte* sender);
3730WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
3731WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
3732WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
3733
3734#ifndef NO_TLS
3735 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
3736 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
3737 word32 sz, int content, int verify);
3738#endif
3739
3740#ifndef NO_WOLFSSL_CLIENT
3741 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
3742 #ifdef WOLFSSL_TLS13
3743 WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
3744 #endif
3745 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
3746 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
3747#endif /* NO_WOLFSSL_CLIENT */
3748
3749#ifndef NO_WOLFSSL_SERVER
3750 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
3751 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
3752#endif /* NO_WOLFSSL_SERVER */
3753
3754#ifdef WOLFSSL_DTLS
3755 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
3756 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
3757 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
3758 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
3759 word32, word32, void*);
3760 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
3761 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,
3762 byte, word32, word32, void*);
3763 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
3764
3765 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32);
3766 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
3767 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
3768 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
3769 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
3770#endif /* WOLFSSL_DTLS */
3771
3772#ifndef NO_TLS
3773
3774
3775#endif /* NO_TLS */
3776
3777#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
3778 WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
3779#endif
3780WOLFSSL_LOCAL word32 LowResTimer(void);
3781
3782#ifndef NO_CERTS
3783 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
3784 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
3785 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
3786 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
3787 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
3788#endif
3789
3790WOLFSSL_LOCAL const char* const* GetCipherNames(void);
3791WOLFSSL_LOCAL int GetCipherNamesSize(void);
3792WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite);
3793WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
3794WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite(
3795 const unsigned char cipherSuite, const unsigned char cipherSuite0);
3796
3797enum encrypt_side {
3798 ENCRYPT_SIDE_ONLY = 1,
3799 DECRYPT_SIDE_ONLY,
3800 ENCRYPT_AND_DECRYPT_SIDE
3801};
3802
3803WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
3804
3805
3806#ifndef NO_DH
3807 WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
3808 byte* priv, word32* privSz,
3809 byte* pub, word32* pubSz);
3810 WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
3811 const byte* priv, word32 privSz,
3812 const byte* otherPub, word32 otherPubSz,
3813 byte* agree, word32* agreeSz);
3814#endif /* !NO_DH */
3815
3816#ifdef HAVE_ECC
3817 WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
3818#endif
3819
3820WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
3821WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
3822
3823WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
3824 const byte* input, int inSz, int type, int hashOutput,
3825 int sizeOnly, int asyncOkay);
3826
3827#ifdef WOLFSSL_TLS13
3828int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
3829 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
3830#endif
3831
3832WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
3833WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
3834
3835#ifdef WOLFSSL_ASYNC_CRYPT
3836 WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags);
3837 WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
3838 WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
3839#endif
3840
3841
3842#ifdef __cplusplus
3843 } /* extern "C" */
3844#endif
3845
3846#endif /* wolfSSL_INT_H */
Note: See TracBrowser for help on using the repository browser.