wolf SSL
/
wolfSSL-TLS13-Beta
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
internal.h
00001 /* internal.h 00002 * 00003 * Copyright (C) 2006-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 00024 #ifndef WOLFSSL_INT_H 00025 #define WOLFSSL_INT_H 00026 00027 00028 #include <wolfssl/wolfcrypt/types.h> 00029 #include <wolfssl/ssl.h> 00030 #ifdef HAVE_CRL 00031 #include <wolfssl/crl.h> 00032 #endif 00033 #include <wolfssl/wolfcrypt/random.h> 00034 #ifndef NO_DES3 00035 #include <wolfssl/wolfcrypt/des3.h> 00036 #endif 00037 #ifndef NO_HC128 00038 #include <wolfssl/wolfcrypt/hc128.h> 00039 #endif 00040 #ifndef NO_RABBIT 00041 #include <wolfssl/wolfcrypt/rabbit.h> 00042 #endif 00043 #ifdef HAVE_CHACHA 00044 #include <wolfssl/wolfcrypt/chacha.h> 00045 #endif 00046 #ifndef NO_ASN 00047 #include <wolfssl/wolfcrypt/asn.h> 00048 #include <wolfssl/wolfcrypt/pkcs12.h> 00049 #endif 00050 #ifndef NO_MD5 00051 #include <wolfssl/wolfcrypt/md5.h> 00052 #endif 00053 #ifndef NO_SHA 00054 #include <wolfssl/wolfcrypt/sha.h> 00055 #endif 00056 #ifndef NO_AES 00057 #include <wolfssl/wolfcrypt/aes.h> 00058 #endif 00059 #ifdef HAVE_POLY1305 00060 #include <wolfssl/wolfcrypt/poly1305.h> 00061 #endif 00062 #ifdef HAVE_CAMELLIA 00063 #include <wolfssl/wolfcrypt/camellia.h> 00064 #endif 00065 #include <wolfssl/wolfcrypt/logging.h> 00066 #ifndef NO_HMAC 00067 #include <wolfssl/wolfcrypt/hmac.h> 00068 #endif 00069 #ifndef NO_RC4 00070 #include <wolfssl/wolfcrypt/arc4.h> 00071 #endif 00072 #ifdef HAVE_ECC 00073 #include <wolfssl/wolfcrypt/ecc.h> 00074 #endif 00075 #ifndef NO_SHA256 00076 #include <wolfssl/wolfcrypt/sha256.h> 00077 #endif 00078 #ifdef HAVE_OCSP 00079 #include <wolfssl/ocsp.h> 00080 #endif 00081 #ifdef WOLFSSL_SHA512 00082 #include <wolfssl/wolfcrypt/sha512.h> 00083 #endif 00084 #ifdef HAVE_AESGCM 00085 #include <wolfssl/wolfcrypt/sha512.h> 00086 #endif 00087 #ifdef WOLFSSL_RIPEMD 00088 #include <wolfssl/wolfcrypt/ripemd.h> 00089 #endif 00090 #ifdef HAVE_IDEA 00091 #include <wolfssl/wolfcrypt/idea.h> 00092 #endif 00093 #ifndef NO_RSA 00094 #include <wolfssl/wolfcrypt/rsa.h> 00095 #endif 00096 #ifdef HAVE_ECC 00097 #include <wolfssl/wolfcrypt/ecc.h> 00098 #endif 00099 #ifndef NO_DH 00100 #include <wolfssl/wolfcrypt/dh.h> 00101 #endif 00102 00103 #include <wolfssl/wolfcrypt/hash.h> 00104 00105 #ifdef WOLFSSL_CALLBACKS 00106 #include <wolfssl/callbacks.h> 00107 #include <signal.h> 00108 #endif 00109 00110 #ifdef USE_WINDOWS_API 00111 #ifdef WOLFSSL_GAME_BUILD 00112 #include "system/xtl.h" 00113 #else 00114 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) 00115 /* On WinCE winsock2.h must be included before windows.h */ 00116 #include <winsock2.h> 00117 #endif 00118 #include <windows.h> 00119 #endif 00120 #elif defined(THREADX) 00121 #ifndef SINGLE_THREADED 00122 #include "tx_api.h" 00123 #endif 00124 #elif defined(MICRIUM) 00125 /* do nothing, just don't pick Unix */ 00126 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) 00127 /* do nothing */ 00128 #elif defined(EBSNET) 00129 /* do nothing */ 00130 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 00131 /* do nothing */ 00132 #elif defined(FREESCALE_FREE_RTOS) 00133 #include "fsl_os_abstraction.h" 00134 #elif defined(WOLFSSL_uITRON4) 00135 /* do nothing */ 00136 #elif defined(WOLFSSL_uTKERNEL2) 00137 /* do nothing */ 00138 #elif defined(WOLFSSL_MDK_ARM) 00139 #if defined(WOLFSSL_MDK5) 00140 #include "cmsis_os.h" 00141 #else 00142 #include <rtl.h> 00143 #endif 00144 #elif defined(WOLFSSL_CMSIS_RTOS) 00145 #include "cmsis_os.h" 00146 #elif defined(MBED) 00147 #elif defined(WOLFSSL_TIRTOS) 00148 /* do nothing */ 00149 #elif defined(INTIME_RTOS) 00150 #include <rt.h> 00151 #else 00152 #ifndef SINGLE_THREADED 00153 #define WOLFSSL_PTHREADS 00154 #include <pthread.h> 00155 #endif 00156 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) 00157 #include <unistd.h> /* for close of BIO */ 00158 #endif 00159 #endif 00160 00161 #ifndef CHAR_BIT 00162 /* Needed for DTLS without big math */ 00163 #include <limits.h> 00164 #endif 00165 00166 00167 #ifdef HAVE_LIBZ 00168 #include "zlib.h" 00169 #endif 00170 00171 #ifdef WOLFSSL_ASYNC_CRYPT 00172 #include <wolfssl/wolfcrypt/async.h> 00173 #endif 00174 00175 #ifdef _MSC_VER 00176 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ 00177 #pragma warning(disable: 4996) 00178 #endif 00179 00180 #ifdef NO_SHA 00181 #define SHA_DIGEST_SIZE 20 00182 #endif 00183 00184 #ifdef NO_SHA256 00185 #define SHA256_DIGEST_SIZE 32 00186 #endif 00187 00188 #ifdef NO_MD5 00189 #define MD5_DIGEST_SIZE 16 00190 #endif 00191 00192 00193 #ifdef __cplusplus 00194 extern "C" { 00195 #endif 00196 00197 00198 typedef byte word24[3]; 00199 00200 /* Define or comment out the cipher suites you'd like to be compiled in 00201 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined 00202 00203 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx 00204 00205 Now that there is a maximum strength crypto build, the following BUILD_XXX 00206 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. 00207 Those that do not use Perfect Forward Security and do not use AEAD ciphers 00208 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or 00209 CHACHA-POLY. 00210 */ 00211 00212 /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are 00213 * not turned off. */ 00214 #if defined(WOLFSSL_MAX_STRENGTH) && \ 00215 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ 00216 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ 00217 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ 00218 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ 00219 !defined(NO_OLD_TLS)) 00220 00221 #error "You are trying to build max strength with requirements disabled." 00222 #endif 00223 00224 /* Have QSH : Quantum-safe Handshake */ 00225 #if defined(HAVE_QSH) 00226 #define BUILD_TLS_QSH 00227 #endif 00228 00229 #ifndef WOLFSSL_MAX_STRENGTH 00230 00231 #if !defined(NO_RSA) && !defined(NO_RC4) 00232 #if defined(WOLFSSL_STATIC_RSA) 00233 #if !defined(NO_SHA) 00234 #define BUILD_SSL_RSA_WITH_RC4_128_SHA 00235 #endif 00236 #if !defined(NO_MD5) 00237 #define BUILD_SSL_RSA_WITH_RC4_128_MD5 00238 #endif 00239 #endif 00240 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \ 00241 && defined(WOLFSSL_STATIC_RSA) 00242 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 00243 #endif 00244 #endif 00245 00246 #if !defined(NO_RSA) && !defined(NO_DES3) 00247 #if !defined(NO_SHA) 00248 #if defined(WOLFSSL_STATIC_RSA) 00249 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 00250 #endif 00251 #if !defined(NO_TLS) && defined(HAVE_NTRU) \ 00252 && defined(WOLFSSL_STATIC_RSA) 00253 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 00254 #endif 00255 #endif 00256 #endif 00257 00258 #if !defined(NO_RSA) && defined(HAVE_IDEA) 00259 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA) 00260 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 00261 #endif 00262 #endif 00263 00264 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) 00265 #if !defined(NO_SHA) 00266 #if defined(WOLFSSL_STATIC_RSA) 00267 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 00268 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 00269 #endif 00270 #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) 00271 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 00272 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 00273 #endif 00274 #endif 00275 #if defined(WOLFSSL_STATIC_RSA) 00276 #if !defined (NO_SHA256) 00277 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 00278 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 00279 #endif 00280 #if defined (HAVE_AESGCM) 00281 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 00282 #if defined (WOLFSSL_SHA384) 00283 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 00284 #endif 00285 #endif 00286 #if defined (HAVE_AESCCM) 00287 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 00288 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 00289 #endif 00290 #if defined(HAVE_BLAKE2) 00291 #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 00292 #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 00293 #endif 00294 #endif 00295 #endif 00296 00297 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) 00298 #ifndef NO_RSA 00299 #if defined(WOLFSSL_STATIC_RSA) 00300 #if !defined(NO_SHA) 00301 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00302 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00303 #endif 00304 #ifndef NO_SHA256 00305 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00306 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00307 #endif 00308 #endif 00309 #if !defined(NO_DH) 00310 #if !defined(NO_SHA) 00311 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00312 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00313 #endif 00314 #ifndef NO_SHA256 00315 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00316 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00317 #endif 00318 #endif 00319 #endif 00320 #endif 00321 00322 #if defined(WOLFSSL_STATIC_PSK) 00323 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) 00324 #if !defined(NO_SHA) 00325 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 00326 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 00327 #endif 00328 #ifndef NO_SHA256 00329 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 00330 #ifdef HAVE_AESGCM 00331 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 00332 #endif 00333 #ifdef HAVE_AESCCM 00334 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 00335 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 00336 #define BUILD_TLS_PSK_WITH_AES_128_CCM 00337 #define BUILD_TLS_PSK_WITH_AES_256_CCM 00338 #endif 00339 #endif 00340 #ifdef WOLFSSL_SHA384 00341 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 00342 #ifdef HAVE_AESGCM 00343 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 00344 #endif 00345 #endif 00346 #endif 00347 #endif 00348 00349 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) 00350 #if !defined(NO_RSA) 00351 #if defined(WOLFSSL_STATIC_RSA) 00352 #if !defined(NO_SHA) 00353 #define BUILD_TLS_RSA_WITH_NULL_SHA 00354 #endif 00355 #ifndef NO_SHA256 00356 #define BUILD_TLS_RSA_WITH_NULL_SHA256 00357 #endif 00358 #endif 00359 #endif 00360 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) 00361 #if !defined(NO_SHA) 00362 #define BUILD_TLS_PSK_WITH_NULL_SHA 00363 #endif 00364 #ifndef NO_SHA256 00365 #define BUILD_TLS_PSK_WITH_NULL_SHA256 00366 #endif 00367 #ifdef WOLFSSL_SHA384 00368 #define BUILD_TLS_PSK_WITH_NULL_SHA384 00369 #endif 00370 #endif 00371 #endif 00372 00373 #if defined(WOLFSSL_STATIC_RSA) 00374 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) 00375 #ifndef NO_MD5 00376 #define BUILD_TLS_RSA_WITH_HC_128_MD5 00377 #endif 00378 #if !defined(NO_SHA) 00379 #define BUILD_TLS_RSA_WITH_HC_128_SHA 00380 #endif 00381 #if defined(HAVE_BLAKE2) 00382 #define BUILD_TLS_RSA_WITH_HC_128_B2B256 00383 #endif 00384 #endif 00385 00386 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) 00387 #if !defined(NO_SHA) 00388 #define BUILD_TLS_RSA_WITH_RABBIT_SHA 00389 #endif 00390 #endif 00391 #endif 00392 00393 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 00394 !defined(NO_RSA) 00395 00396 #if !defined(NO_SHA) 00397 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00398 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00399 #if !defined(NO_DES3) 00400 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00401 #endif 00402 #endif 00403 #if !defined(NO_SHA256) 00404 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00405 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00406 #endif 00407 #endif 00408 00409 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ 00410 !defined(NO_AES) && !defined(NO_SHA) 00411 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 00412 #endif 00413 00414 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) 00415 #ifndef NO_SHA256 00416 #ifndef NO_AES 00417 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00418 #endif 00419 #ifdef HAVE_NULL_CIPHER 00420 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 00421 #endif 00422 #endif 00423 #ifdef WOLFSSL_SHA384 00424 #ifndef NO_AES 00425 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00426 #endif 00427 #ifdef HAVE_NULL_CIPHER 00428 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 00429 #endif 00430 #endif 00431 #endif 00432 00433 #if defined(HAVE_ECC) && !defined(NO_TLS) 00434 #if !defined(NO_AES) 00435 #if !defined(NO_SHA) 00436 #if !defined(NO_RSA) 00437 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00438 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00439 #if defined(WOLFSSL_STATIC_DH) 00440 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00441 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00442 #endif 00443 #endif 00444 00445 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00446 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00447 00448 #if defined(WOLFSSL_STATIC_DH) 00449 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00450 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00451 #endif 00452 #endif /* NO_SHA */ 00453 #ifndef NO_SHA256 00454 #if !defined(NO_RSA) 00455 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00456 #if defined(WOLFSSL_STATIC_DH) 00457 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00458 #endif 00459 #endif 00460 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00461 #if defined(WOLFSSL_STATIC_DH) 00462 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00463 #endif 00464 #endif 00465 00466 #ifdef WOLFSSL_SHA384 00467 #if !defined(NO_RSA) 00468 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00469 #if defined(WOLFSSL_STATIC_DH) 00470 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00471 #endif 00472 #endif 00473 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00474 #if defined(WOLFSSL_STATIC_DH) 00475 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00476 #endif 00477 #endif 00478 00479 #if defined (HAVE_AESGCM) 00480 #if !defined(NO_RSA) 00481 #if defined(WOLFSSL_STATIC_DH) 00482 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00483 #endif 00484 #if defined(WOLFSSL_SHA384) 00485 #if defined(WOLFSSL_STATIC_DH) 00486 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00487 #endif 00488 #endif 00489 #endif 00490 00491 #if defined(WOLFSSL_STATIC_DH) 00492 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00493 #endif 00494 00495 #if defined(WOLFSSL_SHA384) 00496 #if defined(WOLFSSL_STATIC_DH) 00497 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00498 #endif 00499 #endif 00500 #endif 00501 #endif /* NO_AES */ 00502 #if !defined(NO_RC4) 00503 #if !defined(NO_SHA) 00504 #if !defined(NO_RSA) 00505 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00506 #if defined(WOLFSSL_STATIC_DH) 00507 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 00508 #endif 00509 #endif 00510 00511 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00512 #if defined(WOLFSSL_STATIC_DH) 00513 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00514 #endif 00515 #endif 00516 #endif 00517 #if !defined(NO_DES3) 00518 #ifndef NO_SHA 00519 #if !defined(NO_RSA) 00520 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00521 #if defined(WOLFSSL_STATIC_DH) 00522 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00523 #endif 00524 #endif 00525 00526 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00527 #if defined(WOLFSSL_STATIC_DH) 00528 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00529 #endif 00530 #endif /* NO_SHA */ 00531 #endif 00532 #if defined(HAVE_NULL_CIPHER) 00533 #if !defined(NO_SHA) 00534 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00535 #endif 00536 #if !defined(NO_PSK) && !defined(NO_SHA256) 00537 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 00538 #endif 00539 #endif 00540 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) 00541 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00542 #endif 00543 #endif 00544 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) 00545 #if !defined(NO_OLD_POLY1305) 00546 #ifdef HAVE_ECC 00547 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00548 #ifndef NO_RSA 00549 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00550 #endif 00551 #endif 00552 #if !defined(NO_DH) && !defined(NO_RSA) 00553 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00554 #endif 00555 #endif /* NO_OLD_POLY1305 */ 00556 #if !defined(NO_PSK) 00557 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 00558 #ifdef HAVE_ECC 00559 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00560 #endif 00561 #ifndef NO_DH 00562 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00563 #endif 00564 #endif /* !NO_PSK */ 00565 #endif 00566 00567 #endif /* !WOLFSSL_MAX_STRENGTH */ 00568 00569 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 00570 !defined(NO_RSA) && defined(HAVE_AESGCM) 00571 00572 #ifndef NO_SHA256 00573 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00574 #endif 00575 00576 #ifdef WOLFSSL_SHA384 00577 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00578 #endif 00579 #endif 00580 00581 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) 00582 #ifndef NO_SHA256 00583 #ifdef HAVE_AESGCM 00584 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00585 #endif 00586 #ifdef HAVE_AESCCM 00587 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM 00588 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM 00589 #endif 00590 #endif 00591 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) 00592 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00593 #endif 00594 #endif 00595 00596 #if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES) 00597 #ifdef HAVE_AESGCM 00598 #ifndef NO_SHA256 00599 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00600 #ifndef NO_RSA 00601 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00602 #endif 00603 #endif 00604 #ifdef WOLFSSL_SHA384 00605 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00606 #ifndef NO_RSA 00607 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00608 #endif 00609 #endif 00610 #endif 00611 #if defined(HAVE_AESCCM) && !defined(NO_SHA256) 00612 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 00613 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 00614 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 00615 #endif 00616 #endif 00617 00618 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) 00619 #ifdef HAVE_ECC 00620 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 00621 #ifndef NO_RSA 00622 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00623 #endif 00624 #endif 00625 #if !defined(NO_DH) && !defined(NO_RSA) 00626 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00627 #endif 00628 #endif 00629 00630 #if defined(WOLFSSL_TLS13) 00631 #ifdef HAVE_AESGCM 00632 #ifndef NO_SHA256 00633 #define BUILD_TLS_AES_128_GCM_SHA256 00634 #endif 00635 #ifdef WOLFSSL_SHA384 00636 #define BUILD_TLS_AES_256_GCM_SHA384 00637 #endif 00638 #endif 00639 00640 #ifdef HAVE_CHACHA 00641 #ifndef NO_SHA256 00642 #define BUILD_TLS_CHACHA20_POLY1305_SHA256 00643 #endif 00644 #endif 00645 00646 #ifdef HAVE_AESCCM 00647 #ifndef NO_SHA256 00648 #define BUILD_TLS_AES_128_CCM_SHA256 00649 #define BUILD_TLS_AES_128_CCM_8_SHA256 00650 #endif 00651 #endif 00652 #endif 00653 00654 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ 00655 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) 00656 #define BUILD_ARC4 00657 #endif 00658 00659 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) 00660 #define BUILD_DES3 00661 #endif 00662 00663 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ 00664 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ 00665 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ 00666 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) 00667 #undef BUILD_AES 00668 #define BUILD_AES 00669 #endif 00670 00671 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ 00672 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ 00673 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ 00674 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ 00675 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ 00676 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ 00677 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ 00678 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ 00679 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ 00680 defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) 00681 #define BUILD_AESGCM 00682 #endif 00683 00684 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ 00685 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ 00686 defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) 00687 #define BUILD_HC128 00688 #endif 00689 00690 #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) 00691 #define BUILD_RABBIT 00692 #endif 00693 00694 #ifdef NO_DES3 00695 #define DES_BLOCK_SIZE 8 00696 #else 00697 #undef BUILD_DES3 00698 #define BUILD_DES3 00699 #endif 00700 00701 #if defined(NO_AES) || defined(NO_AES_DECRYPT) 00702 #define AES_BLOCK_SIZE 16 00703 #undef BUILD_AES 00704 #else 00705 #undef BUILD_AES 00706 #define BUILD_AES 00707 #endif 00708 00709 #ifndef NO_RC4 00710 #undef BUILD_ARC4 00711 #define BUILD_ARC4 00712 #endif 00713 00714 #ifdef HAVE_CHACHA 00715 #define CHACHA20_BLOCK_SIZE 16 00716 #endif 00717 00718 #if defined(WOLFSSL_MAX_STRENGTH) || \ 00719 defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ 00720 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) 00721 00722 #define HAVE_AEAD 00723 #endif 00724 00725 #if defined(WOLFSSL_MAX_STRENGTH) || \ 00726 defined(HAVE_ECC) || !defined(NO_DH) 00727 00728 #define HAVE_PFS 00729 #endif 00730 00731 #if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA) 00732 #define BUILD_IDEA 00733 #endif 00734 00735 /* actual cipher values, 2nd byte */ 00736 enum { 00737 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, 00738 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, 00739 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, 00740 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, 00741 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, 00742 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, 00743 TLS_RSA_WITH_NULL_SHA = 0x02, 00744 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, 00745 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, 00746 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, 00747 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, 00748 TLS_PSK_WITH_NULL_SHA256 = 0xb0, 00749 TLS_PSK_WITH_NULL_SHA384 = 0xb1, 00750 TLS_PSK_WITH_NULL_SHA = 0x2c, 00751 SSL_RSA_WITH_RC4_128_SHA = 0x05, 00752 SSL_RSA_WITH_RC4_128_MD5 = 0x04, 00753 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, 00754 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07, 00755 00756 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ 00757 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, 00758 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, 00759 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, 00760 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, 00761 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, 00762 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, 00763 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, 00764 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, 00765 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, 00766 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, 00767 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, 00768 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, 00769 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06, 00770 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a, 00771 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37, 00772 00773 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ 00774 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, 00775 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, 00776 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, 00777 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, 00778 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, 00779 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, 00780 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, 00781 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, 00782 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, 00783 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, 00784 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, 00785 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, 00786 00787 /* wolfSSL extension - eSTREAM */ 00788 TLS_RSA_WITH_HC_128_MD5 = 0xFB, 00789 TLS_RSA_WITH_HC_128_SHA = 0xFC, 00790 TLS_RSA_WITH_RABBIT_SHA = 0xFD, 00791 00792 /* wolfSSL extension - Blake2b 256 */ 00793 TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, 00794 TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, 00795 TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ 00796 00797 /* wolfSSL extension - NTRU */ 00798 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, 00799 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, 00800 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ 00801 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, 00802 00803 /* wolfSSL extension - NTRU , Quantum-safe Handshake 00804 first byte is 0xD0 (QSH_BYTE) */ 00805 TLS_QSH = 0x01, 00806 00807 /* SHA256 */ 00808 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, 00809 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, 00810 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, 00811 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, 00812 TLS_RSA_WITH_NULL_SHA256 = 0x3b, 00813 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, 00814 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, 00815 00816 /* SHA384 */ 00817 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, 00818 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, 00819 00820 /* AES-GCM */ 00821 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, 00822 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, 00823 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, 00824 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, 00825 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, 00826 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, 00827 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, 00828 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, 00829 00830 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ 00831 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, 00832 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, 00833 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, 00834 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, 00835 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, 00836 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, 00837 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, 00838 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, 00839 00840 /* AES-CCM, first byte is 0xC0 but isn't ECC, 00841 * also, in some of the other AES-CCM suites 00842 * there will be second byte number conflicts 00843 * with non-ECC AES-GCM */ 00844 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, 00845 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, 00846 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac, 00847 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, 00848 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, 00849 TLS_PSK_WITH_AES_128_CCM = 0xa4, 00850 TLS_PSK_WITH_AES_256_CCM = 0xa5, 00851 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, 00852 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, 00853 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, 00854 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, 00855 00856 /* Camellia */ 00857 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, 00858 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, 00859 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, 00860 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, 00861 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, 00862 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, 00863 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, 00864 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, 00865 00866 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ 00867 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8, 00868 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9, 00869 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa, 00870 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac, 00871 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab, 00872 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad, 00873 00874 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ 00875 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13, 00876 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14, 00877 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15, 00878 00879 /* TLS v1.3 cipher suites */ 00880 TLS_AES_128_GCM_SHA256 = 0x01, 00881 TLS_AES_256_GCM_SHA384 = 0x02, 00882 TLS_CHACHA20_POLY1305_SHA256 = 0x03, 00883 TLS_AES_128_CCM_SHA256 = 0x04, 00884 TLS_AES_128_CCM_8_SHA256 = 0x05, 00885 00886 /* Renegotiation Indication Extension Special Suite */ 00887 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff 00888 }; 00889 00890 00891 #ifndef WOLFSSL_SESSION_TIMEOUT 00892 #define WOLFSSL_SESSION_TIMEOUT 500 00893 /* default session resumption cache timeout in seconds */ 00894 #endif 00895 00896 00897 #ifndef WOLFSSL_DTLS_WINDOW_WORDS 00898 #define WOLFSSL_DTLS_WINDOW_WORDS 2 00899 #endif /* WOLFSSL_DTLS_WINDOW_WORDS */ 00900 #define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT) 00901 #define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS) 00902 #define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS) 00903 00904 00905 enum Misc { 00906 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ 00907 QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */ 00908 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ 00909 TLS13_BYTE = 0x13, /* TLS v.13 first byte of cipher suite */ 00910 00911 SEND_CERT = 1, 00912 SEND_BLANK_CERT = 2, 00913 00914 DTLS_MAJOR = 0xfe, /* DTLS major version number */ 00915 DTLS_MINOR = 0xff, /* DTLS minor version number */ 00916 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ 00917 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ 00918 SSLv3_MINOR = 0, /* TLSv1 minor version number */ 00919 TLSv1_MINOR = 1, /* TLSv1 minor version number */ 00920 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ 00921 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ 00922 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ 00923 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ 00924 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ 00925 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ 00926 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ 00927 NO_COMPRESSION = 0, 00928 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ 00929 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ 00930 HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ 00931 SECRET_LEN = 48, /* pre RSA and all master */ 00932 #if defined(WOLFSSL_MYSQL_COMPATIBLE) 00933 ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */ 00934 #else 00935 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ 00936 #endif 00937 SIZEOF_SENDER = 4, /* clnt or srvr */ 00938 FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */ 00939 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ 00940 MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE, 00941 /* max added to msg, mac + pad from */ 00942 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max 00943 digest sz + BLOC_SZ (iv) + pad byte (1) */ 00944 MAX_COMP_EXTRA = 1024, /* max compression extra */ 00945 MAX_MTU = 1500, /* max expected MTU */ 00946 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ 00947 MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */ 00948 MAX_STR_VERSION = 8, /* string rep of protocol version */ 00949 00950 PAD_MD5 = 48, /* pad length for finished */ 00951 PAD_SHA = 40, /* pad length for finished */ 00952 MAX_PAD_SIZE = 256, /* maximum length of padding */ 00953 COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ 00954 COMPRESS_CONSTANT = 13, /* compression calc constant */ 00955 COMPRESS_UPPER = 55, /* compression calc numerator */ 00956 COMPRESS_LOWER = 64, /* compression calc denominator */ 00957 00958 PEM_LINE_LEN = 80, /* PEM line max + fudge */ 00959 LENGTH_SZ = 2, /* length field for HMAC, data only */ 00960 VERSION_SZ = 2, /* length of proctocol version */ 00961 SEQ_SZ = 8, /* 64 bit sequence number */ 00962 ALERT_SIZE = 2, /* level + description */ 00963 VERIFY_HEADER = 2, /* always use 2 bytes */ 00964 EXTS_SZ = 2, /* always use 2 bytes */ 00965 EXT_ID_SZ = 2, /* always use 2 bytes */ 00966 MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ 00967 NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */ 00968 SESSION_HINT_SZ = 4, /* session timeout hint */ 00969 SESSION_ADD_SZ = 4, /* session age add */ 00970 MAX_LIFETIME = 604800, /* maximum ticket lifetime */ 00971 00972 RAN_LEN = 32, /* random length */ 00973 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ 00974 ID_LEN = 32, /* session id length */ 00975 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */ 00976 MAX_COOKIE_LEN = 32, /* max dtls cookie size */ 00977 COOKIE_SZ = 20, /* use a 20 byte cookie */ 00978 SUITE_LEN = 2, /* cipher suite sz length */ 00979 ENUM_LEN = 1, /* always a byte */ 00980 OPAQUE8_LEN = 1, /* 1 byte */ 00981 OPAQUE16_LEN = 2, /* 2 bytes */ 00982 OPAQUE24_LEN = 3, /* 3 bytes */ 00983 OPAQUE32_LEN = 4, /* 4 bytes */ 00984 OPAQUE64_LEN = 8, /* 8 bytes */ 00985 COMP_LEN = 1, /* compression length */ 00986 CURVE_LEN = 2, /* ecc named curve length */ 00987 KE_GROUP_LEN = 2, /* key exchange group length */ 00988 SERVER_ID_LEN = 20, /* server session id length */ 00989 00990 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ 00991 RECORD_HEADER_SZ = 5, /* type + version + len(2) */ 00992 CERT_HEADER_SZ = 3, /* always 3 bytes */ 00993 REQ_HEADER_SZ = 2, /* cert request header sz */ 00994 HINT_LEN_SZ = 2, /* length of hint size field */ 00995 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ 00996 HELLO_EXT_SZ = 4, /* base length of a hello extension */ 00997 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ 00998 HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */ 00999 HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */ 01000 HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */ 01001 01002 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ 01003 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ 01004 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ 01005 DTLS_RECORD_EXTRA = 8, /* diff from normal */ 01006 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ 01007 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ 01008 DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */ 01009 DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ 01010 DTLS_EXPORT_VERSION = 3, /* wolfSSL version for serialized session */ 01011 DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */ 01012 DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), 01013 /* max amount of bytes used from Keys */ 01014 DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2), 01015 /* min amount of bytes used from Keys */ 01016 DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ 01017 DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ 01018 DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ 01019 MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ 01020 FINISHED_LABEL_SZ = 15, /* TLS finished label size */ 01021 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ 01022 EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */ 01023 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ 01024 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ 01025 MAX_PRF_HALF = 256, /* Maximum half secret len */ 01026 MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ 01027 MAX_PRF_DIG = 224, /* Maximum digest len */ 01028 PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */ 01029 MAX_LABEL_SZ = 34, /* Maximum length of a label */ 01030 MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + 01031 OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ + 01032 OPAQUE8_LEN + MAX_DIGEST_SIZE, 01033 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ 01034 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ 01035 01036 RC4_KEY_SIZE = 16, /* always 128bit */ 01037 DES_KEY_SIZE = 8, /* des */ 01038 DES3_KEY_SIZE = 24, /* 3 des ede */ 01039 DES_IV_SIZE = DES_BLOCK_SIZE, 01040 AES_256_KEY_SIZE = 32, /* for 256 bit */ 01041 AES_192_KEY_SIZE = 24, /* for 192 bit */ 01042 AES_IV_SIZE = 16, /* always block size */ 01043 AES_128_KEY_SIZE = 16, /* for 128 bit */ 01044 01045 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ 01046 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ 01047 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ 01048 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ 01049 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ 01050 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ 01051 AEAD_NONCE_SZ = 12, 01052 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ 01053 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ 01054 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, 01055 01056 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ 01057 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ 01058 CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ 01059 01060 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ 01061 01062 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ 01063 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ 01064 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ 01065 AESCCM_NONCE_SZ = 12, 01066 01067 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ 01068 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ 01069 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ 01070 CAMELLIA_IV_SIZE = 16, /* always block size */ 01071 01072 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ 01073 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ 01074 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */ 01075 01076 POLY1305_AUTH_SZ = 16, /* 128 bits */ 01077 01078 HC_128_KEY_SIZE = 16, /* 128 bits */ 01079 HC_128_IV_SIZE = 16, /* also 128 bits */ 01080 01081 RABBIT_KEY_SIZE = 16, /* 128 bits */ 01082 RABBIT_IV_SIZE = 8, /* 64 bits for iv */ 01083 01084 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ 01085 01086 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ 01087 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ 01088 01089 #ifdef HAVE_QSH 01090 /* qsh handshake sends 600+ size keys over hello extensions */ 01091 MAX_HELLO_SZ = 2048, /* max client or server hello */ 01092 #else 01093 MAX_HELLO_SZ = 128, /* max client or server hello */ 01094 #endif 01095 MAX_CERT_VERIFY_SZ = 1024, /* max */ 01096 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ 01097 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ 01098 01099 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ 01100 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ 01101 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ 01102 01103 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ 01104 NULL_TERM_LEN = 1, /* length of null '\0' termination character */ 01105 MAX_PSK_KEY_LEN = 64, /* max psk key supported */ 01106 MIN_PSK_ID_LEN = 6, /* min length of identities */ 01107 MIN_PSK_BINDERS_LEN= 33, /* min length of binders */ 01108 01109 MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ 01110 01111 #if defined(HAVE_EX_DATA) || defined(FORTRESS) 01112 MAX_EX_DATA = 5, /* allow for five items of ex_data */ 01113 #endif 01114 01115 MAX_X509_SIZE = 2048, /* max static x509 buffer size */ 01116 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ 01117 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input, 01118 will use dynamic buffer if not big enough */ 01119 01120 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ 01121 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ 01122 MAX_NTRU_BITS = 256, /* max symmetric bit strength */ 01123 NO_SNIFF = 0, /* not sniffing */ 01124 SNIFF = 1, /* currently sniffing */ 01125 01126 HASH_SIG_SIZE = 2, /* default SHA1 RSA */ 01127 01128 NO_COPY = 0, /* should we copy static buffer for write */ 01129 COPY = 1, /* should we copy static buffer for write */ 01130 01131 PREV_ORDER = -1, /* Sequence number is in previous epoch. */ 01132 PEER_ORDER = 1, /* Peer sequence number for verify. */ 01133 CUR_ORDER = 0 /* Current sequence number. */ 01134 }; 01135 01136 01137 /* Set max implicit IV size for AEAD cipher suites */ 01138 #define AEAD_MAX_IMP_SZ 12 01139 01140 /* Set max explicit IV size for AEAD cipher suites */ 01141 #define AEAD_MAX_EXP_SZ 8 01142 01143 01144 #ifndef WOLFSSL_MAX_SUITE_SZ 01145 #define WOLFSSL_MAX_SUITE_SZ 300 01146 /* 150 suites for now! */ 01147 #endif 01148 01149 /* set minimum ECC key size allowed */ 01150 #ifndef WOLFSSL_MIN_ECC_BITS 01151 #ifdef WOLFSSL_MAX_STRENGTH 01152 #define WOLFSSL_MIN_ECC_BITS 256 01153 #else 01154 #define WOLFSSL_MIN_ECC_BITS 224 01155 #endif 01156 #endif /* WOLFSSL_MIN_ECC_BITS */ 01157 #if (WOLFSSL_MIN_ECC_BITS % 8) 01158 /* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1. 01159 In these cases round down to the nearest value divisable by 8. The 01160 restriction of being divisable by 8 is in place to match wc_ecc_size 01161 function from wolfSSL. 01162 */ 01163 #error ECC minimum bit size must be a multiple of 8 01164 #endif 01165 #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) 01166 01167 /* set minimum RSA key size allowed */ 01168 #ifndef WOLFSSL_MIN_RSA_BITS 01169 #ifdef WOLFSSL_MAX_STRENGTH 01170 #define WOLFSSL_MIN_RSA_BITS 2048 01171 #else 01172 #define WOLFSSL_MIN_RSA_BITS 1024 01173 #endif 01174 #endif /* WOLFSSL_MIN_RSA_BITS */ 01175 #if (WOLFSSL_MIN_RSA_BITS % 8) 01176 /* This is to account for the example case of a min size of 2050 bits but 01177 still allows 2049 bit key. So we need the measurment to be in bytes. */ 01178 #error RSA minimum bit size must be a multiple of 8 01179 #endif 01180 #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8) 01181 01182 /* set minimum DH key size allowed */ 01183 #ifndef WOLFSSL_MIN_DHKEY_BITS 01184 #ifdef WOLFSSL_MAX_STRENGTH 01185 #define WOLFSSL_MIN_DHKEY_BITS 2048 01186 #else 01187 #define WOLFSSL_MIN_DHKEY_BITS 1024 01188 #endif 01189 #endif 01190 #if (WOLFSSL_MIN_DHKEY_BITS % 8) 01191 #error DH minimum bit size must be multiple of 8 01192 #endif 01193 #if (WOLFSSL_MIN_DHKEY_BITS > 16000) 01194 #error DH minimum bit size must not be greater than 16000 01195 #endif 01196 #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) 01197 01198 01199 #ifdef SESSION_INDEX 01200 /* Shift values for making a session index */ 01201 #define SESSIDX_ROW_SHIFT 4 01202 #define SESSIDX_IDX_MASK 0x0F 01203 #endif 01204 01205 01206 /* max cert chain peer depth */ 01207 #ifndef MAX_CHAIN_DEPTH 01208 #define MAX_CHAIN_DEPTH 9 01209 #endif 01210 01211 /* max size of a certificate message payload */ 01212 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ 01213 #ifndef MAX_CERTIFICATE_SZ 01214 #define MAX_CERTIFICATE_SZ \ 01215 CERT_HEADER_SZ + \ 01216 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH 01217 #endif 01218 01219 /* max size of a handshake message, currently set to the certificate */ 01220 #ifndef MAX_HANDSHAKE_SZ 01221 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ 01222 #endif 01223 01224 #ifndef SESSION_TICKET_LEN 01225 #define SESSION_TICKET_LEN 256 01226 #endif 01227 01228 #ifndef SESSION_TICKET_HINT_DEFAULT 01229 #define SESSION_TICKET_HINT_DEFAULT 300 01230 #endif 01231 01232 01233 /* don't use extra 3/4k stack space unless need to */ 01234 #ifdef HAVE_NTRU 01235 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ 01236 #else 01237 #define MAX_ENCRYPT_SZ ENCRYPT_LEN 01238 #endif 01239 01240 01241 /* states */ 01242 enum states { 01243 NULL_STATE = 0, 01244 01245 SERVER_HELLOVERIFYREQUEST_COMPLETE, 01246 SERVER_HELLO_COMPLETE, 01247 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, 01248 SERVER_CERT_COMPLETE, 01249 SERVER_KEYEXCHANGE_COMPLETE, 01250 SERVER_HELLODONE_COMPLETE, 01251 SERVER_FINISHED_COMPLETE, 01252 SERVER_HELLO_RETRY_REQUEST, 01253 01254 CLIENT_HELLO_COMPLETE, 01255 CLIENT_KEYEXCHANGE_COMPLETE, 01256 CLIENT_FINISHED_COMPLETE, 01257 01258 HANDSHAKE_DONE 01259 }; 01260 01261 01262 #if defined(__GNUC__) 01263 #define WOLFSSL_PACK __attribute__ ((packed)) 01264 #else 01265 #define WOLFSSL_PACK 01266 #endif 01267 01268 /* SSL Version */ 01269 typedef struct ProtocolVersion { 01270 byte major; 01271 byte minor; 01272 } WOLFSSL_PACK ProtocolVersion; 01273 01274 01275 WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); 01276 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); 01277 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); 01278 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); 01279 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); 01280 01281 #ifdef WOLFSSL_DTLS 01282 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); 01283 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); 01284 01285 #ifdef WOLFSSL_SESSION_EXPORT 01286 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, 01287 word32 sz); 01288 WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, 01289 word32 sz); 01290 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); 01291 #endif 01292 #endif 01293 01294 01295 enum BIO_TYPE { 01296 BIO_BUFFER = 1, 01297 BIO_SOCKET = 2, 01298 BIO_SSL = 3, 01299 BIO_MEMORY = 4, 01300 BIO_BIO = 5, 01301 BIO_FILE = 6 01302 }; 01303 01304 01305 /* wolfSSL BIO_METHOD type */ 01306 struct WOLFSSL_BIO_METHOD { 01307 byte type; /* method type */ 01308 }; 01309 01310 01311 /* wolfSSL BIO type */ 01312 struct WOLFSSL_BIO { 01313 WOLFSSL* ssl; /* possible associated ssl */ 01314 #ifndef NO_FILESYSTEM 01315 XFILE file; 01316 #endif 01317 WOLFSSL_BIO* prev; /* previous in chain */ 01318 WOLFSSL_BIO* next; /* next in chain */ 01319 WOLFSSL_BIO* pair; /* BIO paired with */ 01320 void* heap; /* user heap hint */ 01321 byte* mem; /* memory buffer */ 01322 int wrSz; /* write buffer size (mem) */ 01323 int wrIdx; /* current index for write buffer */ 01324 int rdIdx; /* current read index */ 01325 int readRq; /* read request */ 01326 int memLen; /* memory buffer length */ 01327 int fd; /* possible file descriptor */ 01328 int eof; /* eof flag */ 01329 byte type; /* method type */ 01330 byte close; /* close flag */ 01331 }; 01332 01333 01334 /* wolfSSL method type */ 01335 struct WOLFSSL_METHOD { 01336 ProtocolVersion version; 01337 byte side; /* connection side, server or client */ 01338 byte downgrade; /* whether to downgrade version, default no */ 01339 }; 01340 01341 /* wolfSSL buffer type - internal uses "buffer" type */ 01342 typedef WOLFSSL_BUFFER_INFO buffer; 01343 01344 01345 /* defaults to client */ 01346 WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); 01347 01348 /* for sniffer */ 01349 WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 01350 word32 size, word32 totalSz, int sniff); 01351 WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); 01352 /* TLS v1.3 needs these */ 01353 WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, 01354 word32); 01355 WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, 01356 word32); 01357 WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); 01358 WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, 01359 word32 hashSigAlgoSz); 01360 WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); 01361 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); 01362 WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); 01363 WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); 01364 #ifndef NO_CERTS 01365 WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); 01366 #endif 01367 WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); 01368 WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); 01369 WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, 01370 int ivSz); 01371 WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); 01372 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) 01373 WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); 01374 #endif 01375 #ifdef WOLFSSL_TLS13 01376 WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, 01377 word16 sz); 01378 WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, 01379 word32* inOutIdx, byte type, 01380 word32 size, word32 totalSz); 01381 WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, 01382 word32* inOutIdx, word32 totalSz); 01383 WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, 01384 word32* inOutIdx, word32 helloSz); 01385 #endif 01386 01387 #ifndef NO_CERTS 01388 /* wolfSSL DER buffer */ 01389 typedef struct DerBuffer { 01390 byte* buffer; 01391 void* heap; 01392 word32 length; 01393 int type; /* enum CertType */ 01394 int dynType; /* DYNAMIC_TYPE_* */ 01395 } DerBuffer; 01396 #endif /* !NO_CERTS */ 01397 01398 01399 enum { 01400 FORCED_FREE = 1, 01401 NO_FORCED_FREE = 0 01402 }; 01403 01404 01405 /* only use compression extra if using compression */ 01406 #ifdef HAVE_LIBZ 01407 #define COMP_EXTRA MAX_COMP_EXTRA 01408 #else 01409 #define COMP_EXTRA 0 01410 #endif 01411 01412 /* only the sniffer needs space in the buffer for extra MTU record(s) */ 01413 #ifdef WOLFSSL_SNIFFER 01414 #define MTU_EXTRA MAX_MTU * 3 01415 #else 01416 #define MTU_EXTRA 0 01417 #endif 01418 01419 01420 /* embedded callbacks require large static buffers, make sure on */ 01421 #ifdef WOLFSSL_CALLBACKS 01422 #undef LARGE_STATIC_BUFFERS 01423 #define LARGE_STATIC_BUFFERS 01424 #endif 01425 01426 01427 /* give user option to use 16K static buffers */ 01428 #if defined(LARGE_STATIC_BUFFERS) 01429 #define RECORD_SIZE MAX_RECORD_SIZE 01430 #else 01431 #ifdef WOLFSSL_DTLS 01432 #define RECORD_SIZE MAX_MTU 01433 #else 01434 #define RECORD_SIZE 128 01435 #endif 01436 #endif 01437 01438 01439 /* user option to turn off 16K output option */ 01440 /* if using small static buffers (default) and SSL_write tries to write data 01441 larger than the record we have, dynamically get it, unless user says only 01442 write in static buffer chunks */ 01443 #ifndef STATIC_CHUNKS_ONLY 01444 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE 01445 #else 01446 #define OUTPUT_RECORD_SIZE RECORD_SIZE 01447 #endif 01448 01449 /* wolfSSL input buffer 01450 01451 RFC 2246: 01452 01453 length 01454 The length (in bytes) of the following TLSPlaintext.fragment. 01455 The length should not exceed 2^14. 01456 */ 01457 #if defined(LARGE_STATIC_BUFFERS) 01458 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ 01459 MTU_EXTRA + MAX_MSG_EXTRA 01460 #else 01461 /* don't fragment memory from the record header */ 01462 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ 01463 #endif 01464 01465 typedef struct { 01466 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; 01467 byte* buffer; /* place holder for static or dynamic buffer */ 01468 word32 length; /* total buffer length used */ 01469 word32 idx; /* idx to part of length already consumed */ 01470 word32 bufferSize; /* current buffer size */ 01471 byte dynamicFlag; /* dynamic memory currently in use */ 01472 byte offset; /* alignment offset attempt */ 01473 } bufferStatic; 01474 01475 /* Cipher Suites holder */ 01476 typedef struct Suites { 01477 word16 suiteSz; /* suite length in bytes */ 01478 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ 01479 byte suites[WOLFSSL_MAX_SUITE_SZ]; 01480 byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ 01481 byte setSuites; /* user set suites from default */ 01482 byte hashAlgo; /* selected hash algorithm */ 01483 byte sigAlgo; /* selected sig algorithm */ 01484 } Suites; 01485 01486 01487 WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16, 01488 word16, word16, word16, int); 01489 WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); 01490 WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); 01491 01492 #ifndef PSK_TYPES_DEFINED 01493 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, 01494 unsigned int, unsigned char*, unsigned int); 01495 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, 01496 unsigned char*, unsigned int); 01497 #endif /* PSK_TYPES_DEFINED */ 01498 #ifdef WOLFSSL_DTLS 01499 typedef int (*wc_dtls_export)(WOLFSSL* ssl, 01500 unsigned char* exportBuffer, unsigned int sz, void* userCtx); 01501 #endif 01502 01503 01504 /* wolfSSL Cipher type just points back to SSL */ 01505 struct WOLFSSL_CIPHER { 01506 WOLFSSL* ssl; 01507 }; 01508 01509 01510 typedef struct OcspEntry OcspEntry; 01511 01512 #ifdef NO_SHA 01513 #define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE 01514 #else 01515 #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE 01516 #endif 01517 01518 #ifdef NO_ASN 01519 /* no_asn won't have */ 01520 typedef struct CertStatus CertStatus; 01521 #endif 01522 01523 struct OcspEntry { 01524 OcspEntry* next; /* next entry */ 01525 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ 01526 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ 01527 CertStatus* status; /* OCSP response list */ 01528 int totalStatus; /* number on list */ 01529 }; 01530 01531 01532 #ifndef HAVE_OCSP 01533 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; 01534 #endif 01535 01536 /* wolfSSL OCSP controller */ 01537 struct WOLFSSL_OCSP { 01538 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 01539 OcspEntry* ocspList; /* OCSP response list */ 01540 wolfSSL_Mutex ocspLock; /* OCSP list lock */ 01541 #if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) 01542 int(*statusCb)(WOLFSSL*, void*); 01543 #endif 01544 }; 01545 01546 #ifndef MAX_DATE_SIZE 01547 #define MAX_DATE_SIZE 32 01548 #endif 01549 01550 typedef struct CRL_Entry CRL_Entry; 01551 01552 #ifdef NO_SHA 01553 #define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE 01554 #else 01555 #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE 01556 #endif 01557 01558 #ifdef NO_ASN 01559 typedef struct RevokedCert RevokedCert; 01560 #endif 01561 01562 /* Complete CRL */ 01563 struct CRL_Entry { 01564 CRL_Entry* next; /* next entry */ 01565 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ 01566 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ 01567 /* restore the hash here if needed for optimized comparisons */ 01568 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 01569 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 01570 byte lastDateFormat; /* last date format */ 01571 byte nextDateFormat; /* next date format */ 01572 RevokedCert* certs; /* revoked cert list */ 01573 int totalCerts; /* number on list */ 01574 }; 01575 01576 01577 typedef struct CRL_Monitor CRL_Monitor; 01578 01579 /* CRL directory monitor */ 01580 struct CRL_Monitor { 01581 char* path; /* full dir path, if valid pointer we're using */ 01582 int type; /* PEM or ASN1 type */ 01583 }; 01584 01585 01586 #if defined(HAVE_CRL) && defined(NO_FILESYSTEM) 01587 #undef HAVE_CRL_MONITOR 01588 #endif 01589 01590 /* wolfSSL CRL controller */ 01591 struct WOLFSSL_CRL { 01592 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 01593 CRL_Entry* crlList; /* our CRL list */ 01594 #ifdef HAVE_CRL_IO 01595 CbCrlIO crlIOCb; 01596 #endif 01597 wolfSSL_Mutex crlLock; /* CRL list lock */ 01598 CRL_Monitor monitors[2]; /* PEM and DER possible */ 01599 #ifdef HAVE_CRL_MONITOR 01600 pthread_cond_t cond; /* condition to signal setup */ 01601 pthread_t tid; /* monitoring thread */ 01602 int mfd; /* monitor fd, -1 if no init yet */ 01603 int setup; /* thread is setup predicate */ 01604 #endif 01605 void* heap; /* heap hint for dynamic memory */ 01606 }; 01607 01608 01609 #ifdef NO_ASN 01610 typedef struct Signer Signer; 01611 #ifdef WOLFSSL_TRUST_PEER_CERT 01612 typedef struct TrustedPeerCert TrustedPeerCert; 01613 #endif 01614 #endif 01615 01616 01617 #ifndef CA_TABLE_SIZE 01618 #define CA_TABLE_SIZE 11 01619 #endif 01620 #ifdef WOLFSSL_TRUST_PEER_CERT 01621 #define TP_TABLE_SIZE 11 01622 #endif 01623 01624 /* wolfSSL Certificate Manager */ 01625 struct WOLFSSL_CERT_MANAGER { 01626 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ 01627 void* heap; /* heap helper */ 01628 #ifdef WOLFSSL_TRUST_PEER_CERT 01629 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */ 01630 wolfSSL_Mutex tpLock; /* trusted peer list lock */ 01631 #endif 01632 WOLFSSL_CRL* crl; /* CRL checker */ 01633 WOLFSSL_OCSP* ocsp; /* OCSP checker */ 01634 #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 01635 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) 01636 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ 01637 #endif 01638 char* ocspOverrideURL; /* use this responder */ 01639 void* ocspIOCtx; /* I/O callback CTX */ 01640 CallbackCACache caCacheCallback; /* CA cache addition callback */ 01641 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ 01642 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ 01643 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ 01644 wolfSSL_Mutex caLock; /* CA list lock */ 01645 byte crlEnabled; /* is CRL on ? */ 01646 byte crlCheckAll; /* always leaf, but all ? */ 01647 byte ocspEnabled; /* is OCSP on ? */ 01648 byte ocspCheckAll; /* always leaf, but all ? */ 01649 byte ocspSendNonce; /* send the OCSP nonce ? */ 01650 byte ocspUseOverrideURL; /* ignore cert's responder, override */ 01651 byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ 01652 01653 #ifndef NO_RSA 01654 short minRsaKeySz; /* minimum allowed RSA key size */ 01655 #endif 01656 #ifdef HAVE_ECC 01657 short minEccKeySz; /* minimum allowed ECC key size */ 01658 #endif 01659 }; 01660 01661 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); 01662 WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); 01663 WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); 01664 WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); 01665 WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); 01666 01667 /* wolfSSL Sock Addr */ 01668 struct WOLFSSL_SOCKADDR { 01669 unsigned int sz; /* sockaddr size */ 01670 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ 01671 }; 01672 01673 typedef struct WOLFSSL_DTLS_CTX { 01674 WOLFSSL_SOCKADDR peer; 01675 int rfd; 01676 int wfd; 01677 } WOLFSSL_DTLS_CTX; 01678 01679 01680 #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ 01681 01682 /* keys and secrets 01683 * keep as a constant size (no additional ifdefs) for session export */ 01684 typedef struct Keys { 01685 byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */ 01686 byte server_write_MAC_secret[MAX_DIGEST_SIZE]; 01687 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */ 01688 byte server_write_key[AES_256_KEY_SIZE]; 01689 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ 01690 byte server_write_IV[MAX_WRITE_IV_SZ]; 01691 #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT) 01692 byte aead_exp_IV[AEAD_MAX_EXP_SZ]; 01693 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; 01694 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; 01695 #endif 01696 01697 word32 peer_sequence_number_hi; 01698 word32 peer_sequence_number_lo; 01699 word32 sequence_number_hi; 01700 word32 sequence_number_lo; 01701 01702 #ifdef WOLFSSL_DTLS 01703 word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; 01704 /* Sliding window for current epoch */ 01705 word16 nextEpoch; /* Expected epoch in next record */ 01706 word16 nextSeq_hi; /* Expected sequence in next record */ 01707 word32 nextSeq_lo; 01708 01709 word16 curEpoch; /* Received epoch in current record */ 01710 word16 curSeq_hi; /* Received sequence in current record */ 01711 word32 curSeq_lo; 01712 01713 word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS]; 01714 /* Sliding window for old epoch */ 01715 word16 prevSeq_hi; /* Next sequence in allowed old epoch */ 01716 word32 prevSeq_lo; 01717 01718 word16 dtls_peer_handshake_number; 01719 word16 dtls_expected_peer_handshake_number; 01720 01721 word16 dtls_epoch; /* Current epoch */ 01722 word16 dtls_sequence_number_hi; /* Current epoch */ 01723 word32 dtls_sequence_number_lo; 01724 word16 dtls_prev_sequence_number_hi; /* Previous epoch */ 01725 word32 dtls_prev_sequence_number_lo; 01726 word16 dtls_handshake_number; /* Current tx handshake seq */ 01727 #endif 01728 01729 word32 encryptSz; /* last size of encrypted data */ 01730 word32 padSz; /* how much to advance after decrypt part */ 01731 byte encryptionOn; /* true after change cipher spec */ 01732 byte decryptedCur; /* only decrypt current record once */ 01733 #ifdef WOLFSSL_TLS13 01734 byte updateResponseReq:1; /* KeyUpdate response from peer required. */ 01735 byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ 01736 #endif 01737 } Keys; 01738 01739 01740 01741 /** TLS Extensions - RFC 6066 */ 01742 #ifdef HAVE_TLS_EXTENSIONS 01743 01744 typedef enum { 01745 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ 01746 TLSX_MAX_FRAGMENT_LENGTH = 0x0001, 01747 TLSX_TRUNCATED_HMAC = 0x0004, 01748 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ 01749 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ 01750 TLSX_SIGNATURE_ALGORITHMS = 0x000d, 01751 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ 01752 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ 01753 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ 01754 TLSX_SESSION_TICKET = 0x0023, 01755 #ifdef WOLFSSL_TLS13 01756 TLSX_KEY_SHARE = 0x0028, 01757 #ifndef NO_PSK 01758 TLSX_PRE_SHARED_KEY = 0x0029, 01759 #endif 01760 TLSX_SUPPORTED_VERSIONS = 0x002b, 01761 #ifndef NO_PSK 01762 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, 01763 #endif 01764 #endif 01765 TLSX_RENEGOTIATION_INFO = 0xff01 01766 } TLSX_Type; 01767 01768 typedef struct TLSX { 01769 TLSX_Type type; /* Extension Type */ 01770 void* data; /* Extension Data */ 01771 word32 val; /* Extension Value */ 01772 byte resp; /* IsResponse Flag */ 01773 struct TLSX* next; /* List Behavior */ 01774 } TLSX; 01775 01776 WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); 01777 WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); 01778 WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); 01779 WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); 01780 01781 #ifndef NO_WOLFSSL_CLIENT 01782 WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl); 01783 WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output); 01784 #endif 01785 01786 #ifndef NO_WOLFSSL_SERVER 01787 WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType); 01788 WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output, 01789 byte msgType); 01790 #endif 01791 01792 WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, 01793 byte msgType, Suites *suites); 01794 01795 #elif defined(HAVE_SNI) \ 01796 || defined(HAVE_MAX_FRAGMENT) \ 01797 || defined(HAVE_TRUNCATED_HMAC) \ 01798 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 01799 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ 01800 || defined(HAVE_SUPPORTED_CURVES) \ 01801 || defined(HAVE_ALPN) \ 01802 || defined(HAVE_QSH) \ 01803 || defined(HAVE_SESSION_TICKET) \ 01804 || defined(HAVE_SECURE_RENEGOTIATION) \ 01805 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 01806 01807 #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. 01808 01809 #endif /* HAVE_TLS_EXTENSIONS */ 01810 01811 /** Server Name Indication - RFC 6066 (session 3) */ 01812 #ifdef HAVE_SNI 01813 01814 typedef struct SNI { 01815 byte type; /* SNI Type */ 01816 union { char* host_name; } data; /* SNI Data */ 01817 struct SNI* next; /* List Behavior */ 01818 #ifndef NO_WOLFSSL_SERVER 01819 byte options; /* Behavior options */ 01820 byte status; /* Matching result */ 01821 #endif 01822 } SNI; 01823 01824 WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, 01825 word16 size, void* heap); 01826 01827 #ifndef NO_WOLFSSL_SERVER 01828 WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, 01829 byte options); 01830 WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); 01831 WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, 01832 void** data); 01833 WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, 01834 byte type, byte* sni, word32* inOutSz); 01835 #endif 01836 01837 #endif /* HAVE_SNI */ 01838 01839 /* Application-Layer Protocol Negotiation - RFC 7301 */ 01840 #ifdef HAVE_ALPN 01841 typedef struct ALPN { 01842 char* protocol_name; /* ALPN protocol name */ 01843 struct ALPN* next; /* List Behavior */ 01844 byte options; /* Behavior options */ 01845 byte negotiated; /* ALPN protocol negotiated or not */ 01846 } ALPN; 01847 01848 WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, 01849 void** data, word16 *dataSz); 01850 01851 WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, 01852 word16 size, byte options, void* heap); 01853 01854 WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); 01855 01856 #endif /* HAVE_ALPN */ 01857 01858 /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */ 01859 #ifdef HAVE_MAX_FRAGMENT 01860 01861 WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap); 01862 01863 #endif /* HAVE_MAX_FRAGMENT */ 01864 01865 /** Truncated HMAC - RFC 6066 (session 7) */ 01866 #ifdef HAVE_TRUNCATED_HMAC 01867 01868 WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap); 01869 01870 #endif /* HAVE_TRUNCATED_HMAC */ 01871 01872 /** Certificate Status Request - RFC 6066 (session 8) */ 01873 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 01874 01875 typedef struct { 01876 byte status_type; 01877 byte options; 01878 union { 01879 OcspRequest ocsp; 01880 } request; 01881 } CertificateStatusRequest; 01882 01883 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, 01884 byte status_type, byte options, void* heap, int devId); 01885 #ifndef NO_CERTS 01886 WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, 01887 void* heap); 01888 #endif 01889 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); 01890 WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); 01891 01892 #endif 01893 01894 /** Certificate Status Request v2 - RFC 6961 */ 01895 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 01896 01897 typedef struct CSRIv2 { 01898 byte status_type; 01899 byte options; 01900 word16 requests; 01901 union { 01902 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; 01903 } request; 01904 struct CSRIv2* next; 01905 } CertificateStatusRequestItemV2; 01906 01907 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, 01908 byte status_type, byte options, void* heap, int devId); 01909 #ifndef NO_CERTS 01910 WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, 01911 byte isPeer, void* heap); 01912 #endif 01913 WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, 01914 byte index); 01915 WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); 01916 01917 #endif 01918 01919 /** Supported Elliptic Curves - RFC 4492 (session 4) */ 01920 #ifdef HAVE_SUPPORTED_CURVES 01921 01922 typedef struct EllipticCurve { 01923 word16 name; /* CurveNames */ 01924 struct EllipticCurve* next; /* List Behavior */ 01925 } EllipticCurve; 01926 01927 WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, 01928 void* heap); 01929 01930 #ifndef NO_WOLFSSL_SERVER 01931 WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, 01932 byte second); 01933 #endif 01934 01935 #endif /* HAVE_SUPPORTED_CURVES */ 01936 01937 /** Renegotiation Indication - RFC 5746 */ 01938 #if defined(HAVE_SECURE_RENEGOTIATION) \ 01939 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 01940 01941 enum key_cache_state { 01942 SCR_CACHE_NULL = 0, /* empty / begin state */ 01943 SCR_CACHE_NEEDED, /* need to cache keys */ 01944 SCR_CACHE_COPY, /* we have a cached copy */ 01945 SCR_CACHE_PARTIAL, /* partial restore to real keys */ 01946 SCR_CACHE_COMPLETE /* complete restore to real keys */ 01947 }; 01948 01949 /* Additional Connection State according to rfc5746 section 3.1 */ 01950 typedef struct SecureRenegotiation { 01951 byte enabled; /* secure_renegotiation flag in rfc */ 01952 byte startScr; /* server requested client to start scr */ 01953 enum key_cache_state cache_status; /* track key cache state */ 01954 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ 01955 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ 01956 byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */ 01957 Keys tmp_keys; /* can't overwrite real keys yet */ 01958 } SecureRenegotiation; 01959 01960 WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap); 01961 01962 #ifdef HAVE_SERVER_RENEGOTIATION_INFO 01963 WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap); 01964 #endif 01965 01966 #endif /* HAVE_SECURE_RENEGOTIATION */ 01967 01968 /** Session Ticket - RFC 5077 (session 3.2) */ 01969 #ifdef HAVE_SESSION_TICKET 01970 01971 typedef struct SessionTicket { 01972 word32 lifetime; 01973 #ifdef WOLFSSL_TLS13 01974 word64 seen; 01975 word32 ageAdd; 01976 #endif 01977 byte* data; 01978 word16 size; 01979 } SessionTicket; 01980 01981 WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, 01982 SessionTicket* ticket, void* heap); 01983 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, 01984 byte* data, word16 size, void* heap); 01985 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap); 01986 01987 #endif /* HAVE_SESSION_TICKET */ 01988 01989 /** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */ 01990 #ifdef HAVE_QSH 01991 01992 typedef struct QSHScheme { 01993 struct QSHScheme* next; /* List Behavior */ 01994 byte* PK; 01995 word16 name; /* QSHScheme Names */ 01996 word16 PKLen; 01997 } QSHScheme; 01998 01999 typedef struct QSHkey { 02000 struct QSHKey* next; 02001 word16 name; 02002 buffer pub; 02003 buffer pri; 02004 } QSHKey; 02005 02006 typedef struct QSHSecret { 02007 QSHScheme* list; 02008 buffer* SerSi; 02009 buffer* CliSi; 02010 } QSHSecret; 02011 02012 /* used in key exchange during handshake */ 02013 WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, 02014 word16 length, byte isServer); 02015 WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output); 02016 WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest); 02017 02018 /* used by api for setting a specific QSH scheme */ 02019 WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name, 02020 byte* pKey, word16 pKeySz, void* heap); 02021 02022 /* used when parsing in QSHCipher structs */ 02023 WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, 02024 byte* out, word16* szOut); 02025 #ifndef NO_WOLFSSL_SERVER 02026 WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name); 02027 #endif 02028 02029 #endif /* HAVE_QSH */ 02030 02031 #ifdef WOLFSSL_TLS13 02032 /* Key Share - TLS v1.3 Specification */ 02033 02034 /* The KeyShare extension information - entry in a linked list. */ 02035 typedef struct KeyShareEntry { 02036 word16 group; /* NamedGroup */ 02037 byte* ke; /* Key exchange data */ 02038 word32 keLen; /* Key exchange data length */ 02039 void* key; /* Private key */ 02040 word32 keyLen; /* Private key length */ 02041 struct KeyShareEntry* next; /* List pointer */ 02042 } KeyShareEntry; 02043 02044 WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, 02045 byte* data, KeyShareEntry **kse); 02046 WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl); 02047 WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl); 02048 02049 #ifndef NO_PSK 02050 /* The PreSharedKey extension information - entry in a linked list. */ 02051 typedef struct PreSharedKey { 02052 word16 identityLen; /* Length of identity */ 02053 byte* identity; /* PSK identity */ 02054 word32 ticketAge; /* Age of the ticket */ 02055 byte binderLen; /* Length of HMAC */ 02056 byte binder[MAX_DIGEST_SIZE]; /* HMAC of hanshake */ 02057 byte hmac; /* HMAC algorithm */ 02058 byte resumption:1; /* Resumption PSK */ 02059 byte chosen:1; /* Server's choice */ 02060 struct PreSharedKey* next; /* List pointer */ 02061 } PreSharedKey; 02062 02063 WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, 02064 byte* output, byte msgType); 02065 WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, 02066 byte msgType); 02067 WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, 02068 word16 len, word32 age, byte hmac, 02069 byte resumption, 02070 PreSharedKey **preSharedKey); 02071 02072 enum PskKeyExchangeMode { 02073 PSK_KE, 02074 PSK_DHE_KE 02075 }; 02076 02077 WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes); 02078 #endif /* NO_PSK */ 02079 02080 /* The types of keys to derive for. */ 02081 enum DeriveKeyType { 02082 handshake_key, 02083 traffic_key, 02084 update_traffic_key 02085 }; 02086 02087 /* The key update request values for KeyUpdate message. */ 02088 enum KeyUpdateRequest { 02089 update_not_requested, 02090 update_requested 02091 }; 02092 #endif /* WOLFSSL_TLS13 */ 02093 02094 02095 /* wolfSSL context type */ 02096 struct WOLFSSL_CTX { 02097 WOLFSSL_METHOD* method; 02098 #ifdef SINGLE_THREADED 02099 WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */ 02100 #endif 02101 wolfSSL_Mutex countMutex; /* reference count mutex */ 02102 int refCount; /* reference count */ 02103 int err; /* error code in case of mutex not created */ 02104 #ifndef NO_DH 02105 buffer serverDH_P; 02106 buffer serverDH_G; 02107 #endif 02108 #ifndef NO_CERTS 02109 DerBuffer* certificate; 02110 DerBuffer* certChain; 02111 /* chain after self, in DER, with leading size for each cert */ 02112 #ifdef OPENSSL_EXTRA 02113 STACK_OF(WOLFSSL_X509_NAME)* ca_names; 02114 #endif 02115 #if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) 02116 STACK_OF(WOLFSSL_X509)* x509Chain; 02117 #endif 02118 #ifdef WOLFSSL_TLS13 02119 int certChainCnt; 02120 #endif 02121 DerBuffer* privateKey; 02122 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ 02123 #endif 02124 #ifdef KEEP_OUR_CERT 02125 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */ 02126 int ownOurCert; /* Dispose of certificate if we own */ 02127 #endif 02128 Suites* suites; /* make dynamic, user may not need/set */ 02129 void* heap; /* for user memory overrides */ 02130 byte verifyPeer; 02131 byte verifyNone; 02132 byte failNoCert; 02133 byte failNoCertxPSK; /* fail if no cert with the exception of PSK*/ 02134 byte sessionCacheOff; 02135 byte sessionCacheFlushOff; 02136 #ifdef HAVE_EXT_CACHE 02137 byte internalCacheOff; 02138 #endif 02139 byte sendVerify; /* for client side */ 02140 byte haveRSA; /* RSA available */ 02141 byte haveECC; /* ECC available */ 02142 byte haveDH; /* server DH parms set by user */ 02143 byte haveNTRU; /* server private NTRU key loaded */ 02144 byte haveECDSAsig; /* server cert signed w/ ECDSA */ 02145 byte haveStaticECC; /* static server ECC private key */ 02146 byte partialWrite; /* only one msg per write call */ 02147 byte quietShutdown; /* don't send close notify */ 02148 byte groupMessages; /* group handshake messages before sending */ 02149 byte minDowngrade; /* minimum downgrade version */ 02150 byte haveEMS; /* have extended master secret extension */ 02151 byte useClientOrder; /* Use client's cipher preference order */ 02152 #ifdef WOLFSSL_TLS13 02153 byte noTicketTls13; /* Server won't create new Ticket */ 02154 byte noPskDheKe; /* Don't use (EC)DHE with PSK */ 02155 #endif 02156 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) 02157 byte dtlsSctp; /* DTLS-over-SCTP mode */ 02158 word16 dtlsMtuSz; /* DTLS MTU size */ 02159 #endif 02160 #ifndef NO_DH 02161 word16 minDhKeySz; /* minimum DH key size */ 02162 #endif 02163 #ifndef NO_RSA 02164 short minRsaKeySz; /* minimum RSA key size */ 02165 #endif 02166 #ifdef HAVE_ECC 02167 short minEccKeySz; /* minimum ECC key size */ 02168 #endif 02169 #ifdef OPENSSL_EXTRA 02170 unsigned long mask; /* store SSL_OP_ flags */ 02171 #endif 02172 CallbackIORecv CBIORecv; 02173 CallbackIOSend CBIOSend; 02174 #ifdef WOLFSSL_DTLS 02175 CallbackGenCookie CBIOCookie; /* gen cookie callback */ 02176 wc_dtls_export dtls_export; /* export function for DTLS session */ 02177 #ifdef WOLFSSL_SESSION_EXPORT 02178 CallbackGetPeer CBGetPeer; 02179 CallbackSetPeer CBSetPeer; 02180 #endif 02181 #endif /* WOLFSSL_DTLS */ 02182 VerifyCallback verifyCallback; /* cert verification callback */ 02183 word32 timeout; /* session timeout */ 02184 #ifdef HAVE_ECC 02185 word16 eccTempKeySz; /* in octets 20 - 66 */ 02186 word32 ecdhCurveOID; /* curve Ecc_Sum */ 02187 word32 pkCurveOID; /* curve Ecc_Sum */ 02188 #endif 02189 #ifndef NO_PSK 02190 byte havePSK; /* psk key set by user */ 02191 wc_psk_client_callback client_psk_cb; /* client callback */ 02192 wc_psk_server_callback server_psk_cb; /* server callback */ 02193 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 02194 #endif /* NO_PSK */ 02195 #ifdef HAVE_ANON 02196 byte haveAnon; /* User wants to allow Anon suites */ 02197 #endif /* HAVE_ANON */ 02198 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 02199 pem_password_cb* passwd_cb; 02200 void* userdata; 02201 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ 02202 byte readAhead; 02203 void* userPRFArg; /* passed to prf callback */ 02204 #endif /* OPENSSL_EXTRA */ 02205 #ifdef HAVE_EX_DATA 02206 void* ex_data[MAX_EX_DATA]; 02207 #endif 02208 #if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) 02209 CallbackALPNSelect alpnSelect; 02210 void* alpnSelectArg; 02211 #endif 02212 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 02213 CallbackSniRecv sniRecvCb; 02214 void* sniRecvCbArg; 02215 #endif 02216 #ifdef HAVE_OCSP 02217 WOLFSSL_OCSP ocsp; 02218 #endif 02219 int devId; /* async device id to use */ 02220 #ifdef HAVE_TLS_EXTENSIONS 02221 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 02222 #ifndef NO_WOLFSSL_SERVER 02223 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 02224 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 02225 OcspRequest* certOcspRequest; 02226 #endif 02227 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 02228 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; 02229 #endif 02230 #endif 02231 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) 02232 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ 02233 void* ticketEncCtx; /* session encrypt context */ 02234 int ticketHint; /* ticket hint in seconds */ 02235 #endif 02236 #ifdef HAVE_SUPPORTED_CURVES 02237 byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */ 02238 #endif 02239 #endif 02240 #ifdef ATOMIC_USER 02241 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ 02242 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ 02243 #endif 02244 #ifdef HAVE_PK_CALLBACKS 02245 #ifdef HAVE_ECC 02246 CallbackEccSign EccSignCb; /* User EccSign Callback handler */ 02247 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ 02248 CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */ 02249 #endif /* HAVE_ECC */ 02250 #ifndef NO_RSA 02251 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */ 02252 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */ 02253 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ 02254 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ 02255 #endif /* NO_RSA */ 02256 #endif /* HAVE_PK_CALLBACKS */ 02257 #ifdef HAVE_WOLF_EVENT 02258 WOLF_EVENT_QUEUE event_queue; 02259 #endif /* HAVE_WOLF_EVENT */ 02260 #ifdef HAVE_EXT_CACHE 02261 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*); 02262 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); 02263 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); 02264 #endif 02265 }; 02266 02267 02268 WOLFSSL_LOCAL 02269 WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); 02270 WOLFSSL_LOCAL 02271 int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap); 02272 WOLFSSL_LOCAL 02273 void FreeSSL_Ctx(WOLFSSL_CTX*); 02274 WOLFSSL_LOCAL 02275 void SSL_CtxResourceFree(WOLFSSL_CTX*); 02276 02277 WOLFSSL_LOCAL 02278 int DeriveTlsKeys(WOLFSSL* ssl); 02279 WOLFSSL_LOCAL 02280 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 02281 word32 inSz, word16 sz); 02282 02283 #ifndef NO_CERTS 02284 WOLFSSL_LOCAL 02285 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); 02286 WOLFSSL_LOCAL 02287 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); 02288 #ifdef WOLFSSL_TRUST_PEER_CERT 02289 WOLFSSL_LOCAL 02290 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); 02291 WOLFSSL_LOCAL 02292 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash); 02293 #endif 02294 #endif 02295 02296 /* All cipher suite related info 02297 * Keep as a constant size (no ifdefs) for session export */ 02298 typedef struct CipherSpecs { 02299 word16 key_size; 02300 word16 iv_size; 02301 word16 block_size; 02302 word16 aead_mac_size; 02303 byte bulk_cipher_algorithm; 02304 byte cipher_type; /* block, stream, or aead */ 02305 byte mac_algorithm; 02306 byte kea; /* key exchange algo */ 02307 byte sig_algo; 02308 byte hash_size; 02309 byte pad_size; 02310 byte static_ecdh; 02311 } CipherSpecs; 02312 02313 02314 void InitCipherSpecs(CipherSpecs* cs); 02315 02316 02317 /* Supported Message Authentication Codes from page 43 */ 02318 enum MACAlgorithm { 02319 no_mac, 02320 md5_mac, 02321 sha_mac, 02322 sha224_mac, 02323 sha256_mac, /* needs to match external KDF_MacAlgorithm */ 02324 sha384_mac, 02325 sha512_mac, 02326 rmd_mac, 02327 blake2b_mac 02328 }; 02329 02330 02331 /* Supported Key Exchange Protocols */ 02332 enum KeyExchangeAlgorithm { 02333 no_kea, 02334 rsa_kea, 02335 diffie_hellman_kea, 02336 fortezza_kea, 02337 psk_kea, 02338 dhe_psk_kea, 02339 ecdhe_psk_kea, 02340 ntru_kea, 02341 ecc_diffie_hellman_kea, 02342 ecc_static_diffie_hellman_kea /* for verify suite only */ 02343 }; 02344 02345 02346 /* Supported Authentication Schemes */ 02347 enum SignatureAlgorithm { 02348 anonymous_sa_algo = 0, 02349 rsa_sa_algo = 1, 02350 dsa_sa_algo = 2, 02351 ecc_dsa_sa_algo = 3, 02352 rsa_pss_sa_algo = 8 02353 }; 02354 02355 02356 /* Supprted ECC Curve Types */ 02357 enum EccCurves { 02358 named_curve = 3 02359 }; 02360 02361 02362 /* Valid client certificate request types from page 27 */ 02363 enum ClientCertificateType { 02364 rsa_sign = 1, 02365 dss_sign = 2, 02366 rsa_fixed_dh = 3, 02367 dss_fixed_dh = 4, 02368 rsa_ephemeral_dh = 5, 02369 dss_ephemeral_dh = 6, 02370 fortezza_kea_cert = 20, 02371 ecdsa_sign = 64, 02372 rsa_fixed_ecdh = 65, 02373 ecdsa_fixed_ecdh = 66 02374 }; 02375 02376 02377 enum CipherType { stream, block, aead }; 02378 02379 02380 02381 02382 02383 02384 /* cipher for now */ 02385 typedef struct Ciphers { 02386 #ifdef BUILD_ARC4 02387 Arc4* arc4; 02388 #endif 02389 #ifdef BUILD_DES3 02390 Des3* des3; 02391 #endif 02392 #if defined(BUILD_AES) || defined(BUILD_AESGCM) 02393 Aes* aes; 02394 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) 02395 byte* additional; 02396 byte* nonce; 02397 #endif 02398 #endif 02399 #ifdef HAVE_CAMELLIA 02400 Camellia* cam; 02401 #endif 02402 #ifdef HAVE_CHACHA 02403 ChaCha* chacha; 02404 #endif 02405 #ifdef HAVE_HC128 02406 HC128* hc128; 02407 #endif 02408 #ifdef BUILD_RABBIT 02409 Rabbit* rabbit; 02410 #endif 02411 #ifdef HAVE_IDEA 02412 Idea* idea; 02413 #endif 02414 byte state; 02415 byte setup; /* have we set it up flag for detection */ 02416 } Ciphers; 02417 02418 02419 #ifdef HAVE_ONE_TIME_AUTH 02420 /* Ciphers for one time authentication such as poly1305 */ 02421 typedef struct OneTimeAuth { 02422 #ifdef HAVE_POLY1305 02423 Poly1305* poly1305; 02424 #endif 02425 byte setup; /* flag for if a cipher has been set */ 02426 02427 } OneTimeAuth; 02428 #endif 02429 02430 02431 WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); 02432 WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); 02433 02434 02435 /* hashes type */ 02436 typedef struct Hashes { 02437 #if !defined(NO_MD5) && !defined(NO_OLD_TLS) 02438 byte md5[MD5_DIGEST_SIZE]; 02439 #endif 02440 #if !defined(NO_SHA) 02441 byte sha[SHA_DIGEST_SIZE]; 02442 #endif 02443 #ifndef NO_SHA256 02444 byte sha256[SHA256_DIGEST_SIZE]; 02445 #endif 02446 #ifdef WOLFSSL_SHA384 02447 byte sha384[SHA384_DIGEST_SIZE]; 02448 #endif 02449 #ifdef WOLFSSL_SHA512 02450 byte sha512[SHA512_DIGEST_SIZE]; 02451 #endif 02452 } Hashes; 02453 02454 WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); 02455 02456 #ifdef WOLFSSL_TLS13 02457 typedef union Digest { 02458 #ifndef NO_WOLFSSL_SHA256 02459 Sha256 sha256; 02460 #endif 02461 #ifdef WOLFSSL_SHA384 02462 Sha384 sha384; 02463 #endif 02464 #ifdef WOLFSSL_SHA512 02465 Sha512 sha512; 02466 #endif 02467 } Digest; 02468 #endif 02469 02470 /* Static x509 buffer */ 02471 typedef struct x509_buffer { 02472 int length; /* actual size */ 02473 byte buffer[MAX_X509_SIZE]; /* max static cert size */ 02474 } x509_buffer; 02475 02476 02477 /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ 02478 struct WOLFSSL_X509_CHAIN { 02479 int count; /* total number in chain */ 02480 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ 02481 }; 02482 02483 02484 /* wolfSSL session type */ 02485 struct WOLFSSL_SESSION { 02486 word32 bornOn; /* create time in seconds */ 02487 word32 timeout; /* timeout in seconds */ 02488 byte sessionID[ID_LEN]; /* id for protocol */ 02489 byte sessionIDSz; 02490 byte masterSecret[SECRET_LEN]; /* stored secret */ 02491 word16 haveEMS; /* ext master secret flag */ 02492 #ifdef SESSION_CERTS 02493 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ 02494 #endif 02495 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ 02496 defined(HAVE_SESSION_TICKET)) 02497 ProtocolVersion version; /* which version was used */ 02498 byte cipherSuite0; /* first byte, normally 0 */ 02499 byte cipherSuite; /* 2nd byte, actual suite */ 02500 #endif 02501 #ifndef NO_CLIENT_CACHE 02502 word16 idLen; /* serverID length */ 02503 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ 02504 #endif 02505 #ifdef HAVE_SESSION_TICKET 02506 #ifdef WOLFSSL_TLS13 02507 byte namedGroup; 02508 word32 ticketSeen; /* Time ticket seen (ms) */ 02509 word32 ticketAdd; /* Added by client */ 02510 #endif 02511 byte* ticket; 02512 word16 ticketLen; 02513 byte staticTicket[SESSION_TICKET_LEN]; 02514 byte isDynamic; 02515 #endif 02516 #ifdef HAVE_EXT_CACHE 02517 byte isAlloced; 02518 #endif 02519 #ifdef HAVE_EX_DATA 02520 void* ex_data[MAX_EX_DATA]; 02521 #endif 02522 }; 02523 02524 02525 WOLFSSL_LOCAL 02526 WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); 02527 WOLFSSL_LOCAL 02528 int SetSession(WOLFSSL*, WOLFSSL_SESSION*); 02529 02530 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int); 02531 02532 #ifndef NO_CLIENT_CACHE 02533 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); 02534 #endif 02535 02536 /* client connect state for nonblocking restart */ 02537 enum ConnectState { 02538 CONNECT_BEGIN = 0, 02539 CLIENT_HELLO_SENT, 02540 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ 02541 HELLO_AGAIN_REPLY, 02542 FIRST_REPLY_DONE, 02543 FIRST_REPLY_FIRST, 02544 FIRST_REPLY_SECOND, 02545 FIRST_REPLY_THIRD, 02546 FIRST_REPLY_FOURTH, 02547 FINISHED_DONE, 02548 SECOND_REPLY_DONE 02549 }; 02550 02551 02552 /* server accept state for nonblocking restart */ 02553 enum AcceptState { 02554 ACCEPT_BEGIN = 0, 02555 ACCEPT_CLIENT_HELLO_DONE, 02556 ACCEPT_HELLO_RETRY_REQUEST_DONE, 02557 ACCEPT_FIRST_REPLY_DONE, 02558 SERVER_HELLO_SENT, 02559 SERVER_EXTENSIONS_SENT, 02560 CERT_SENT, 02561 CERT_VERIFY_SENT, 02562 CERT_STATUS_SENT, 02563 KEY_EXCHANGE_SENT, 02564 CERT_REQ_SENT, 02565 SERVER_HELLO_DONE, 02566 ACCEPT_SECOND_REPLY_DONE, 02567 TICKET_SENT, 02568 CHANGE_CIPHER_SENT, 02569 ACCEPT_FINISHED_DONE, 02570 ACCEPT_THIRD_REPLY_DONE 02571 }; 02572 02573 /* buffers for struct WOLFSSL */ 02574 typedef struct Buffers { 02575 bufferStatic inputBuffer; 02576 bufferStatic outputBuffer; 02577 buffer domainName; /* for client check */ 02578 buffer clearOutputBuffer; 02579 buffer sig; /* signature data */ 02580 buffer digest; /* digest data */ 02581 int prevSent; /* previous plain text bytes sent 02582 when got WANT_WRITE */ 02583 int plainSz; /* plain text bytes in buffer to send 02584 when got WANT_WRITE */ 02585 byte weOwnCert; /* SSL own cert flag */ 02586 byte weOwnCertChain; /* SSL own cert chain flag */ 02587 byte weOwnKey; /* SSL own key flag */ 02588 byte weOwnDH; /* SSL own dh (p,g) flag */ 02589 #ifndef NO_DH 02590 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ 02591 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ 02592 buffer serverDH_Pub; 02593 buffer serverDH_Priv; 02594 DhKey* serverDH_Key; 02595 #endif 02596 #ifndef NO_CERTS 02597 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ 02598 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ 02599 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ 02600 /* chain after self, in DER, with leading size for each cert */ 02601 #ifdef WOLFSSL_TLS13 02602 int certChainCnt; 02603 #endif 02604 #endif 02605 #ifdef WOLFSSL_DTLS 02606 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ 02607 #ifndef NO_WOLFSSL_SERVER 02608 buffer dtlsCookieSecret; /* DTLS cookie secret */ 02609 #endif /* NO_WOLFSSL_SERVER */ 02610 #endif 02611 #ifdef HAVE_PK_CALLBACKS 02612 #ifdef HAVE_ECC 02613 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ 02614 #endif /* HAVE_ECC */ 02615 #ifndef NO_RSA 02616 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ 02617 #endif /* NO_RSA */ 02618 #endif /* HAVE_PK_CALLBACKS */ 02619 } Buffers; 02620 02621 /* sub-states for send/do key share (key exchange) */ 02622 enum asyncState { 02623 TLS_ASYNC_BEGIN = 0, 02624 TLS_ASYNC_BUILD, 02625 TLS_ASYNC_DO, 02626 TLS_ASYNC_VERIFY, 02627 TLS_ASYNC_FINALIZE, 02628 TLS_ASYNC_END 02629 }; 02630 02631 typedef struct Options { 02632 #ifndef NO_PSK 02633 wc_psk_client_callback client_psk_cb; 02634 wc_psk_server_callback server_psk_cb; 02635 word16 havePSK:1; /* psk key set by user */ 02636 #endif /* NO_PSK */ 02637 #ifdef OPENSSL_EXTRA 02638 unsigned long mask; /* store SSL_OP_ flags */ 02639 #endif 02640 02641 /* on/off or small bit flags, optimize layout */ 02642 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ 02643 word16 sessionCacheOff:1; 02644 word16 sessionCacheFlushOff:1; 02645 #ifdef HAVE_EXT_CACHE 02646 word16 internalCacheOff:1; 02647 #endif 02648 word16 side:1; /* client or server end */ 02649 word16 verifyPeer:1; 02650 word16 verifyNone:1; 02651 word16 failNoCert:1; 02652 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ 02653 word16 downgrade:1; /* allow downgrade of versions */ 02654 word16 resuming:1; 02655 word16 haveSessionId:1; /* server may not send */ 02656 word16 tls:1; /* using TLS ? */ 02657 word16 tls1_1:1; /* using TLSv1.1+ ? */ 02658 word16 tls1_3:1; /* using TLSv1.3+ ? */ 02659 word16 dtls:1; /* using datagrams ? */ 02660 word16 connReset:1; /* has the peer reset */ 02661 word16 isClosed:1; /* if we consider conn closed */ 02662 word16 closeNotify:1; /* we've received a close notify */ 02663 word16 sentNotify:1; /* we've sent a close notify */ 02664 word16 usingCompression:1; /* are we using compression */ 02665 word16 haveRSA:1; /* RSA available */ 02666 word16 haveECC:1; /* ECC available */ 02667 word16 haveDH:1; /* server DH parms set by user */ 02668 word16 haveNTRU:1; /* server NTRU private key loaded */ 02669 word16 haveQSH:1; /* have QSH ability */ 02670 word16 haveECDSAsig:1; /* server ECDSA signed cert */ 02671 word16 haveStaticECC:1; /* static server ECC private key */ 02672 word16 havePeerCert:1; /* do we have peer's cert */ 02673 word16 havePeerVerify:1; /* and peer's cert verify */ 02674 word16 usingPSK_cipher:1; /* are using psk as cipher */ 02675 word16 usingAnon_cipher:1; /* are we using an anon cipher */ 02676 word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */ 02677 word16 sendAlertState:1; /* nonblocking resume */ 02678 word16 partialWrite:1; /* only one msg per write call */ 02679 word16 quietShutdown:1; /* don't send close notify */ 02680 word16 certOnly:1; /* stop once we get cert */ 02681 word16 groupMessages:1; /* group handshake messages */ 02682 word16 usingNonblock:1; /* are we using nonblocking socket */ 02683 word16 saveArrays:1; /* save array Memory for user get keys 02684 or psk */ 02685 word16 weOwnRng:1; /* will be true unless CTX owns */ 02686 #ifdef HAVE_POLY1305 02687 word16 oldPoly:1; /* set when to use old rfc way of poly*/ 02688 #endif 02689 #ifdef HAVE_ANON 02690 word16 haveAnon:1; /* User wants to allow Anon suites */ 02691 #endif 02692 #ifdef HAVE_SESSION_TICKET 02693 word16 createTicket:1; /* Server to create new Ticket */ 02694 word16 useTicket:1; /* Use Ticket not session cache */ 02695 word16 rejectTicket:1; /* Callback rejected ticket */ 02696 #ifdef WOLFSSL_TLS13 02697 word16 noTicketTls13:1; /* Server won't create new Ticket */ 02698 #endif 02699 #endif 02700 #ifdef WOLFSSL_DTLS 02701 word16 dtlsHsRetain:1; /* DTLS retaining HS data */ 02702 #ifdef WOLFSSL_SCTP 02703 word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ 02704 #endif 02705 #endif 02706 word16 haveEMS:1; /* using extended master secret */ 02707 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES) 02708 word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */ 02709 #endif 02710 word16 keepResources:1; /* Keep resources after handshake */ 02711 word16 useClientOrder:1; /* Use client's cipher order */ 02712 02713 /* need full byte values for this section */ 02714 byte processReply; /* nonblocking resume */ 02715 byte cipherSuite0; /* first byte, normally 0 */ 02716 byte cipherSuite; /* second byte, actual suite */ 02717 byte serverState; 02718 byte clientState; 02719 byte handShakeState; 02720 byte handShakeDone; /* at least one handshake complete */ 02721 byte minDowngrade; /* minimum downgrade version */ 02722 byte connectState; /* nonblocking resume */ 02723 byte acceptState; /* nonblocking resume */ 02724 byte asyncState; /* sub-state for enum asyncState */ 02725 byte buildMsgState; /* sub-state for enum buildMsgState */ 02726 #ifndef NO_DH 02727 word16 minDhKeySz; /* minimum DH key size */ 02728 word16 dhKeySz; /* actual DH key size */ 02729 #endif 02730 #ifndef NO_RSA 02731 short minRsaKeySz; /* minimum RSA key size */ 02732 #endif 02733 #ifdef HAVE_ECC 02734 short minEccKeySz; /* minimum ECC key size */ 02735 #endif 02736 02737 } Options; 02738 02739 typedef struct Arrays { 02740 byte* pendingMsg; /* defrag buffer */ 02741 byte* preMasterSecret; 02742 word32 preMasterSz; /* differs for DH, actual size */ 02743 word32 pendingMsgSz; /* defrag buffer size */ 02744 word32 pendingMsgOffset; /* current offset into defrag buffer */ 02745 #ifndef NO_PSK 02746 word32 psk_keySz; /* actual size */ 02747 char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 02748 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 02749 byte psk_key[MAX_PSK_KEY_LEN]; 02750 #endif 02751 byte clientRandom[RAN_LEN]; 02752 byte serverRandom[RAN_LEN]; 02753 byte sessionID[ID_LEN]; 02754 byte sessionIDSz; 02755 #ifdef WOLFSSL_TLS13 02756 byte clientSecret[SECRET_LEN]; 02757 byte serverSecret[SECRET_LEN]; 02758 byte secret[SECRET_LEN]; 02759 #endif 02760 byte masterSecret[SECRET_LEN]; 02761 #ifdef WOLFSSL_DTLS 02762 byte cookie[MAX_COOKIE_LEN]; 02763 byte cookieSz; 02764 #endif 02765 byte pendingMsgType; /* defrag buffer message type */ 02766 } Arrays; 02767 02768 #ifndef ASN_NAME_MAX 02769 #define ASN_NAME_MAX 256 02770 #endif 02771 02772 #ifndef MAX_DATE_SZ 02773 #define MAX_DATE_SZ 32 02774 #endif 02775 02776 struct WOLFSSL_STACK { 02777 unsigned long num; /* number of nodes in stack 02778 * (saftey measure for freeing and shortcut for count) */ 02779 union { 02780 WOLFSSL_X509* x509; 02781 WOLFSSL_X509_NAME* name; 02782 WOLFSSL_BIO* bio; 02783 WOLFSSL_ASN1_OBJECT* obj; 02784 char* string; 02785 } data; 02786 WOLFSSL_STACK* next; 02787 }; 02788 02789 02790 struct WOLFSSL_X509_NAME { 02791 char *name; 02792 char staticName[ASN_NAME_MAX]; 02793 int dynamicName; 02794 int sz; 02795 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) 02796 DecodedName fullName; 02797 WOLFSSL_X509_NAME_ENTRY cnEntry; 02798 WOLFSSL_X509* x509; /* x509 that struct belongs to */ 02799 #endif /* OPENSSL_EXTRA */ 02800 }; 02801 02802 #ifndef EXTERNAL_SERIAL_SIZE 02803 #define EXTERNAL_SERIAL_SIZE 32 02804 #endif 02805 02806 #ifdef NO_ASN 02807 typedef struct DNS_entry DNS_entry; 02808 #endif 02809 02810 struct WOLFSSL_X509 { 02811 int version; 02812 WOLFSSL_X509_NAME issuer; 02813 WOLFSSL_X509_NAME subject; 02814 int serialSz; 02815 byte serial[EXTERNAL_SERIAL_SIZE]; 02816 char subjectCN[ASN_NAME_MAX]; /* common name short cut */ 02817 #ifdef WOLFSSL_SEP 02818 int deviceTypeSz; 02819 byte deviceType[EXTERNAL_SERIAL_SIZE]; 02820 int hwTypeSz; 02821 byte hwType[EXTERNAL_SERIAL_SIZE]; 02822 int hwSerialNumSz; 02823 byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; 02824 #ifdef OPENSSL_EXTRA 02825 byte certPolicySet; 02826 byte certPolicyCrit; 02827 #endif /* OPENSSL_EXTRA */ 02828 #endif 02829 int notBeforeSz; 02830 byte notBefore[MAX_DATE_SZ]; 02831 int notAfterSz; 02832 byte notAfter[MAX_DATE_SZ]; 02833 int sigOID; 02834 buffer sig; 02835 int pubKeyOID; 02836 buffer pubKey; 02837 #ifdef HAVE_ECC 02838 word32 pkCurveOID; 02839 #endif /* HAVE_ECC */ 02840 #ifndef NO_CERTS 02841 DerBuffer* derCert; /* may need */ 02842 #endif 02843 DNS_entry* altNames; /* alt names list */ 02844 DNS_entry* altNamesNext; /* hint for retrieval */ 02845 void* heap; /* heap hint */ 02846 byte dynamicMemory; /* dynamic memory flag */ 02847 byte isCa; 02848 #ifdef WOLFSSL_CERT_EXT 02849 char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; 02850 int certPoliciesNb; 02851 #endif /* WOLFSSL_CERT_EXT */ 02852 #ifdef OPENSSL_EXTRA 02853 #ifdef HAVE_EX_DATA 02854 void* ex_data[MAX_EX_DATA]; 02855 #endif 02856 word32 pathLength; 02857 word16 keyUsage; 02858 byte CRLdistSet; 02859 byte CRLdistCrit; 02860 byte* CRLInfo; 02861 int CRLInfoSz; 02862 byte authInfoSet; 02863 byte authInfoCrit; 02864 byte* authInfo; 02865 int authInfoSz; 02866 byte basicConstSet; 02867 byte basicConstCrit; 02868 byte basicConstPlSet; 02869 byte subjAltNameSet; 02870 byte subjAltNameCrit; 02871 byte authKeyIdSet; 02872 byte authKeyIdCrit; 02873 byte* authKeyId; 02874 word32 authKeyIdSz; 02875 byte subjKeyIdSet; 02876 byte subjKeyIdCrit; 02877 byte* subjKeyId; 02878 word32 subjKeyIdSz; 02879 byte keyUsageSet; 02880 byte keyUsageCrit; 02881 byte extKeyUsageCrit; 02882 byte* extKeyUsageSrc; 02883 word32 extKeyUsageSz; 02884 word32 extKeyUsageCount; 02885 #endif /* OPENSSL_EXTRA */ 02886 }; 02887 02888 02889 /* record layer header for PlainText, Compressed, and CipherText */ 02890 typedef struct RecordLayerHeader { 02891 byte type; 02892 byte pvMajor; 02893 byte pvMinor; 02894 byte length[2]; 02895 } RecordLayerHeader; 02896 02897 02898 /* record layer header for DTLS PlainText, Compressed, and CipherText */ 02899 typedef struct DtlsRecordLayerHeader { 02900 byte type; 02901 byte pvMajor; 02902 byte pvMinor; 02903 byte sequence_number[8]; /* per record */ 02904 byte length[2]; 02905 } DtlsRecordLayerHeader; 02906 02907 02908 typedef struct DtlsFrag { 02909 word32 begin; 02910 word32 end; 02911 struct DtlsFrag* next; 02912 } DtlsFrag; 02913 02914 02915 typedef struct DtlsMsg { 02916 struct DtlsMsg* next; 02917 byte* buf; 02918 byte* msg; 02919 DtlsFrag* fragList; 02920 word32 fragSz; /* Length of fragments received */ 02921 word32 seq; /* Handshake sequence number */ 02922 word32 sz; /* Length of whole mesage */ 02923 byte type; 02924 } DtlsMsg; 02925 02926 02927 #ifdef HAVE_NETX 02928 02929 /* NETX I/O Callback default */ 02930 typedef struct NetX_Ctx { 02931 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ 02932 NX_PACKET* nxPacket; /* incoming packet handle for short reads */ 02933 ULONG nxOffset; /* offset already read from nxPacket */ 02934 ULONG nxWait; /* wait option flag */ 02935 } NetX_Ctx; 02936 02937 #endif 02938 02939 02940 /* Handshake messages received from peer (plus change cipher */ 02941 typedef struct MsgsReceived { 02942 word16 got_hello_request:1; 02943 word16 got_client_hello:2; 02944 word16 got_server_hello:1; 02945 word16 got_hello_verify_request:1; 02946 word16 got_session_ticket:1; 02947 word16 got_hello_retry_request:1; 02948 word16 got_encrypted_extensions:1; 02949 word16 got_certificate:1; 02950 word16 got_certificate_status:1; 02951 word16 got_server_key_exchange:1; 02952 word16 got_certificate_request:1; 02953 word16 got_server_hello_done:1; 02954 word16 got_certificate_verify:1; 02955 word16 got_client_key_exchange:1; 02956 word16 got_finished:1; 02957 word16 got_key_update:1; 02958 word16 got_change_cipher:1; 02959 } MsgsReceived; 02960 02961 02962 /* Handshake hashes */ 02963 typedef struct HS_Hashes { 02964 Hashes verifyHashes; 02965 Hashes certHashes; /* for cert verify */ 02966 #ifndef NO_SHA 02967 Sha hashSha; /* sha hash of handshake msgs */ 02968 #endif 02969 #if !defined(NO_MD5) && !defined(NO_OLD_TLS) 02970 Md5 hashMd5; /* md5 hash of handshake msgs */ 02971 #endif 02972 #ifndef NO_SHA256 02973 Sha256 hashSha256; /* sha256 hash of handshake msgs */ 02974 #endif 02975 #ifdef WOLFSSL_SHA384 02976 Sha384 hashSha384; /* sha384 hash of handshake msgs */ 02977 #endif 02978 #ifdef WOLFSSL_SHA512 02979 Sha512 hashSha512; /* sha512 hash of handshake msgs */ 02980 #endif 02981 } HS_Hashes; 02982 02983 02984 #ifdef WOLFSSL_ASYNC_CRYPT 02985 #define MAX_ASYNC_ARGS 16 02986 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); 02987 02988 struct WOLFSSL_ASYNC { 02989 WC_ASYNC_DEV* dev; 02990 FreeArgsCb freeArgs; /* function pointer to cleanup args */ 02991 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ 02992 }; 02993 #endif 02994 02995 #ifdef HAVE_WRITE_DUP 02996 02997 #define WRITE_DUP_SIDE 1 02998 #define READ_DUP_SIDE 2 02999 03000 typedef struct WriteDup { 03001 wolfSSL_Mutex dupMutex; /* reference count mutex */ 03002 int dupCount; /* reference count */ 03003 int dupErr; /* under dupMutex, pass to other side */ 03004 } WriteDup; 03005 03006 WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl); 03007 WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err); 03008 #endif /* HAVE_WRITE_DUP */ 03009 03010 03011 /* wolfSSL ssl type */ 03012 struct WOLFSSL { 03013 WOLFSSL_CTX* ctx; 03014 Suites* suites; /* only need during handshake */ 03015 Arrays* arrays; 03016 HS_Hashes* hsHashes; 03017 void* IOCB_ReadCtx; 03018 void* IOCB_WriteCtx; 03019 WC_RNG* rng; 03020 void* verifyCbCtx; /* cert verify callback user ctx*/ 03021 VerifyCallback verifyCallback; /* cert verification callback */ 03022 void* heap; /* for user overrides */ 03023 #ifdef HAVE_WRITE_DUP 03024 WriteDup* dupWrite; /* valid pointer indicates ON */ 03025 /* side that decrements dupCount to zero frees overall structure */ 03026 byte dupSide; /* write side or read side */ 03027 #endif 03028 #ifdef WOLFSSL_STATIC_MEMORY 03029 WOLFSSL_HEAP_HINT heap_hint; 03030 #endif 03031 #ifndef NO_HANDSHAKE_DONE_CB 03032 HandShakeDoneCb hsDoneCb; /* notify user handshake done */ 03033 void* hsDoneCtx; /* user handshake cb context */ 03034 #endif 03035 #ifdef WOLFSSL_ASYNC_CRYPT 03036 struct WOLFSSL_ASYNC async; 03037 #endif 03038 void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ 03039 word32 hsType; /* Type of Handshake key (hsKey) */ 03040 WOLFSSL_CIPHER cipher; 03041 hmacfp hmac; 03042 Ciphers encrypt; 03043 Ciphers decrypt; 03044 Buffers buffers; 03045 WOLFSSL_SESSION session; 03046 #ifdef HAVE_EXT_CACHE 03047 WOLFSSL_SESSION* extSession; 03048 #endif 03049 WOLFSSL_ALERT_HISTORY alert_history; 03050 int error; 03051 int rfd; /* read file descriptor */ 03052 int wfd; /* write file descriptor */ 03053 int rflags; /* user read flags */ 03054 int wflags; /* user write flags */ 03055 word32 timeout; /* session timeout */ 03056 word32 fragOffset; /* fragment offset */ 03057 word16 curSize; 03058 RecordLayerHeader curRL; 03059 MsgsReceived msgsReceived; /* peer messages received */ 03060 ProtocolVersion version; /* negotiated version */ 03061 ProtocolVersion chVersion; /* client hello version */ 03062 CipherSpecs specs; 03063 Keys keys; 03064 Options options; 03065 #ifdef OPENSSL_EXTRA 03066 WOLFSSL_BIO* biord; /* socket bio read to free/close */ 03067 WOLFSSL_BIO* biowr; /* socket bio write to free/close */ 03068 unsigned long peerVerifyRet; 03069 byte readAhead; 03070 #ifdef HAVE_PK_CALLBACKS 03071 void* loggingCtx; /* logging callback argument */ 03072 #endif 03073 #endif 03074 #ifndef NO_RSA 03075 RsaKey* peerRsaKey; 03076 byte peerRsaKeyPresent; 03077 #endif 03078 #ifdef HAVE_QSH 03079 QSHKey* QSH_Key; 03080 QSHKey* peerQSHKey; 03081 QSHSecret* QSH_secret; 03082 byte isQSH; /* is the handshake a QSH? */ 03083 byte sendQSHKeys; /* flag for if the client should sen 03084 public keys */ 03085 byte peerQSHKeyPresent; 03086 byte minRequest; 03087 byte maxRequest; 03088 byte user_set_QSHSchemes; 03089 #endif 03090 #ifdef WOLFSSL_TLS13 03091 word16 namedGroup; 03092 #endif 03093 #ifdef HAVE_NTRU 03094 word16 peerNtruKeyLen; 03095 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; 03096 byte peerNtruKeyPresent; 03097 #endif 03098 #ifdef HAVE_ECC 03099 ecc_key* peerEccKey; /* peer's ECDHE key */ 03100 ecc_key* peerEccDsaKey; /* peer's ECDSA key */ 03101 ecc_key* eccTempKey; /* private ECDHE key */ 03102 int eccVerifyRes; 03103 word32 pkCurveOID; /* curve Ecc_Sum */ 03104 word32 ecdhCurveOID; /* curve Ecc_Sum */ 03105 word16 eccTempKeySz; /* in octets 20 - 66 */ 03106 byte peerEccKeyPresent; 03107 byte peerEccDsaKeyPresent; 03108 byte eccTempKeyPresent; 03109 #endif 03110 #ifdef HAVE_LIBZ 03111 z_stream c_stream; /* compression stream */ 03112 z_stream d_stream; /* decompression stream */ 03113 byte didStreamInit; /* for stream init and end */ 03114 #endif 03115 #ifdef WOLFSSL_DTLS 03116 int dtls_timeout_init; /* starting timeout value */ 03117 int dtls_timeout_max; /* maximum timeout value */ 03118 int dtls_timeout; /* current timeout value, changes */ 03119 word32 dtls_tx_msg_list_sz; 03120 word32 dtls_rx_msg_list_sz; 03121 DtlsMsg* dtls_tx_msg_list; 03122 DtlsMsg* dtls_rx_msg_list; 03123 void* IOCB_CookieCtx; /* gen cookie ctx */ 03124 word32 dtls_expected_rx; 03125 wc_dtls_export dtls_export; /* export function for session */ 03126 #ifdef WOLFSSL_SCTP 03127 word16 dtlsMtuSz; 03128 #endif /* WOLFSSL_SCTP */ 03129 #endif 03130 #ifdef WOLFSSL_CALLBACKS 03131 HandShakeInfo handShakeInfo; /* info saved during handshake */ 03132 TimeoutInfo timeoutInfo; /* info saved during handshake */ 03133 byte hsInfoOn; /* track handshake info */ 03134 byte toInfoOn; /* track timeout info */ 03135 #endif 03136 #ifdef HAVE_FUZZER 03137 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ 03138 void* fuzzerCtx; /* user defined pointer */ 03139 #endif 03140 #ifdef WOLFSSL_TLS13 03141 buffer clientCertCtx; /* Certificate context in request */ 03142 #endif 03143 #ifdef KEEP_PEER_CERT 03144 WOLFSSL_X509 peerCert; /* X509 peer cert */ 03145 #endif 03146 #ifdef KEEP_OUR_CERT 03147 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert. 03148 points to ctx if not owned (owned 03149 flag found in buffers.weOwnCert) */ 03150 #endif 03151 byte keepCert; /* keep certificate after handshake */ 03152 #if defined(HAVE_EX_DATA) || defined(FORTRESS) 03153 void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ 03154 #endif 03155 int devId; /* async device id to use */ 03156 #ifdef HAVE_ONE_TIME_AUTH 03157 OneTimeAuth auth; 03158 #endif 03159 #ifdef HAVE_TLS_EXTENSIONS 03160 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 03161 #ifdef HAVE_MAX_FRAGMENT 03162 word16 max_fragment; 03163 #endif 03164 #ifdef HAVE_TRUNCATED_HMAC 03165 byte truncated_hmac; 03166 #endif 03167 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 03168 byte status_request; 03169 #endif 03170 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 03171 byte status_request_v2; 03172 #endif 03173 #if defined(HAVE_SECURE_RENEGOTIATION) \ 03174 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 03175 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ 03176 #endif /* user turned on */ 03177 #ifdef HAVE_ALPN 03178 char* alpn_client_list; /* keep the client's list */ 03179 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 03180 CallbackALPNSelect alpnSelect; 03181 void* alpnSelectArg; 03182 #endif 03183 #endif /* of accepted protocols */ 03184 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) 03185 CallbackSessionTicket session_ticket_cb; 03186 void* session_ticket_ctx; 03187 byte expect_session_ticket; 03188 #endif 03189 #endif /* HAVE_TLS_EXTENSIONS */ 03190 #ifdef OPENSSL_EXTRA 03191 byte* ocspResp; 03192 int ocspRespSz; 03193 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 03194 char* url; 03195 #endif 03196 #endif 03197 #ifdef HAVE_NETX 03198 NetX_Ctx nxCtx; /* NetX IO Context */ 03199 #endif 03200 #ifdef SESSION_INDEX 03201 int sessionIndex; /* Session's location in the cache. */ 03202 #endif 03203 #ifdef ATOMIC_USER 03204 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ 03205 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ 03206 #endif 03207 #ifdef HAVE_PK_CALLBACKS 03208 #ifdef HAVE_ECC 03209 void* EccSignCtx; /* Ecc Sign Callback Context */ 03210 void* EccVerifyCtx; /* Ecc Verify Callback Context */ 03211 void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ 03212 #endif /* HAVE_ECC */ 03213 #ifndef NO_RSA 03214 void* RsaSignCtx; /* Rsa Sign Callback Context */ 03215 void* RsaVerifyCtx; /* Rsa Verify Callback Context */ 03216 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ 03217 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ 03218 #endif /* NO_RSA */ 03219 #endif /* HAVE_PK_CALLBACKS */ 03220 #ifdef HAVE_SECRET_CALLBACK 03221 SessionSecretCb sessionSecretCb; 03222 void* sessionSecretCtx; 03223 #endif /* HAVE_SECRET_CALLBACK */ 03224 #ifdef WOLFSSL_JNI 03225 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ 03226 #endif /* WOLFSSL_JNI */ 03227 }; 03228 03229 03230 WOLFSSL_LOCAL 03231 int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); 03232 WOLFSSL_LOCAL 03233 int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); 03234 WOLFSSL_LOCAL 03235 void FreeSSL(WOLFSSL*, void* heap); 03236 WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ 03237 03238 03239 enum { 03240 IV_SZ = 32, /* max iv sz */ 03241 NAME_SZ = 80 /* max one line */ 03242 }; 03243 03244 03245 typedef struct EncryptedInfo { 03246 char name[NAME_SZ]; /* encryption name */ 03247 byte iv[IV_SZ]; /* encrypted IV */ 03248 word32 ivSz; /* encrypted IV size */ 03249 long consumed; /* tracks PEM bytes consumed */ 03250 byte set; /* if encryption set */ 03251 WOLFSSL_CTX* ctx; /* CTX owner */ 03252 } EncryptedInfo; 03253 03254 03255 #ifndef NO_CERTS 03256 03257 WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap); 03258 WOLFSSL_LOCAL void FreeDer(DerBuffer** der); 03259 03260 WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, 03261 DerBuffer** pDer, void* heap, EncryptedInfo* info, 03262 int* eccKey); 03263 03264 WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, 03265 long sz, int format, int type, WOLFSSL* ssl, 03266 long* used, int userChain); 03267 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, 03268 int type, WOLFSSL* ssl, int userChain, 03269 WOLFSSL_CRL* crl); 03270 03271 #ifdef OPENSSL_EXTRA 03272 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName, 03273 size_t domainNameLen); 03274 #endif 03275 #endif 03276 03277 03278 #ifdef WOLFSSL_CALLBACKS 03279 WOLFSSL_LOCAL 03280 void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*); 03281 WOLFSSL_LOCAL 03282 void FinishHandShakeInfo(HandShakeInfo*); 03283 WOLFSSL_LOCAL 03284 void AddPacketName(const char*, HandShakeInfo*); 03285 03286 WOLFSSL_LOCAL 03287 void InitTimeoutInfo(TimeoutInfo*); 03288 WOLFSSL_LOCAL 03289 void FreeTimeoutInfo(TimeoutInfo*, void*); 03290 WOLFSSL_LOCAL 03291 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*); 03292 WOLFSSL_LOCAL 03293 void AddLateName(const char*, TimeoutInfo*); 03294 WOLFSSL_LOCAL 03295 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); 03296 #endif 03297 03298 03299 /* Record Layer Header identifier from page 12 */ 03300 enum ContentType { 03301 no_type = 0, 03302 change_cipher_spec = 20, 03303 alert = 21, 03304 handshake = 22, 03305 application_data = 23 03306 }; 03307 03308 03309 /* handshake header, same for each message type, pgs 20/21 */ 03310 typedef struct HandShakeHeader { 03311 byte type; 03312 word24 length; 03313 } HandShakeHeader; 03314 03315 03316 /* DTLS handshake header, same for each message type */ 03317 typedef struct DtlsHandShakeHeader { 03318 byte type; 03319 word24 length; 03320 byte message_seq[2]; /* start at 0, retransmit gets same # */ 03321 word24 fragment_offset; /* bytes in previous fragments */ 03322 word24 fragment_length; /* length of this fragment */ 03323 } DtlsHandShakeHeader; 03324 03325 03326 enum HandShakeType { 03327 hello_request = 0, 03328 client_hello = 1, 03329 server_hello = 2, 03330 hello_verify_request = 3, /* DTLS addition */ 03331 session_ticket = 4, 03332 hello_retry_request = 6, 03333 encrypted_extensions = 8, 03334 certificate = 11, 03335 server_key_exchange = 12, 03336 certificate_request = 13, 03337 server_hello_done = 14, 03338 certificate_verify = 15, 03339 client_key_exchange = 16, 03340 finished = 20, 03341 certificate_status = 22, 03342 key_update = 24, 03343 change_cipher_hs = 55, /* simulate unique handshake type for sanity 03344 checks. record layer change_cipher 03345 conflicts with handshake finished */ 03346 no_shake = 255 /* used to initialize the DtlsMsg record */ 03347 }; 03348 03349 03350 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; 03351 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; 03352 03353 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; 03354 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; 03355 03356 03357 /* internal functions */ 03358 WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); 03359 WOLFSSL_LOCAL int SendTicket(WOLFSSL*); 03360 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); 03361 WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); 03362 #ifdef WOLFSSL_TLS13 03363 WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*); 03364 WOLFSSL_LOCAL int SendTls13EncryptedExtensions(WOLFSSL*); 03365 #endif 03366 WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); 03367 #ifdef WOLFSSL_TLS13 03368 WOLFSSL_LOCAL int SendTls13Certificate(WOLFSSL*); 03369 #endif 03370 WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); 03371 #ifdef WOLFSSL_TLS13 03372 WOLFSSL_LOCAL int SendTls13CertificateRequest(WOLFSSL*); 03373 #endif 03374 WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); 03375 WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); 03376 WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); 03377 WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); 03378 WOLFSSL_LOCAL int SendFinished(WOLFSSL*); 03379 #ifdef WOLFSSL_TLS13 03380 WOLFSSL_LOCAL int SendTls13Finished(WOLFSSL*); 03381 WOLFSSL_LOCAL int SendTls13NewSessionTicket(WOLFSSL*); 03382 #endif 03383 WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); 03384 WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); 03385 03386 WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); 03387 WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); 03388 03389 WOLFSSL_LOCAL int AddSession(WOLFSSL*); 03390 WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); 03391 WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData); 03392 03393 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); 03394 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); 03395 WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); 03396 03397 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); 03398 WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); 03399 WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); 03400 03401 WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); 03402 #ifndef NO_CERTS 03403 #ifndef NO_RSA 03404 WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, 03405 byte* verifySig, word32 sigSz, 03406 const byte* plain, word32 plainSz, 03407 RsaKey* key); 03408 WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, 03409 word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx); 03410 WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, 03411 byte** out, int sigAlgo, int hashAlgo, RsaKey* key, 03412 const byte* keyBuf, word32 keySz, void* ctx); 03413 WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, 03414 word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx); 03415 WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, 03416 word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx); 03417 #endif /* !NO_RSA */ 03418 03419 #ifdef HAVE_ECC 03420 WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, 03421 byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz, 03422 void* ctx); 03423 WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, 03424 const byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz, 03425 void* ctx); 03426 WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, 03427 ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out, 03428 word32* outlen, int side, void* ctx); 03429 #endif /* HAVE_ECC */ 03430 03431 #ifdef WOLFSSL_TRUST_PEER_CERT 03432 03433 /* options for searching hash table for a matching trusted peer cert */ 03434 #define WC_MATCH_SKID 0 03435 #define WC_MATCH_NAME 1 03436 03437 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, 03438 int type); 03439 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, 03440 DecodedCert* cert); 03441 #endif 03442 03443 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); 03444 #ifndef NO_SKID 03445 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); 03446 #endif 03447 #endif /* !NO_CERTS */ 03448 WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, 03449 word32* hashLen); 03450 WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, 03451 const byte* sender); 03452 WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); 03453 WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); 03454 WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); 03455 03456 #ifndef NO_TLS 03457 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); 03458 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, 03459 word32 sz, int content, int verify); 03460 #endif 03461 03462 #ifndef NO_WOLFSSL_CLIENT 03463 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); 03464 #ifdef WOLFSSL_TLS13 03465 WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*); 03466 #endif 03467 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); 03468 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); 03469 #endif /* NO_WOLFSSL_CLIENT */ 03470 03471 WOLFSSL_LOCAL int SendTls13CertificateVerify(WOLFSSL*); 03472 03473 #ifndef NO_WOLFSSL_SERVER 03474 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); 03475 #ifdef WOLFSSL_TLS13 03476 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*); 03477 #endif 03478 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); 03479 #endif /* NO_WOLFSSL_SERVER */ 03480 03481 #ifdef WOLFSSL_DTLS 03482 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); 03483 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); 03484 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); 03485 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, 03486 word32, word32, void*); 03487 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); 03488 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32, 03489 byte, word32, word32, void*); 03490 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); 03491 03492 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32); 03493 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); 03494 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); 03495 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); 03496 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); 03497 #endif /* WOLFSSL_DTLS */ 03498 03499 #ifndef NO_TLS 03500 03501 03502 #endif /* NO_TLS */ 03503 03504 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) 03505 WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); 03506 #endif 03507 WOLFSSL_LOCAL word32 LowResTimer(void); 03508 03509 #ifndef NO_CERTS 03510 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); 03511 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap); 03512 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); 03513 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); 03514 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); 03515 #endif 03516 03517 /* used by ssl.c and internal.c */ 03518 WOLFSSL_LOCAL void c32to24(word32 in, word24 out); 03519 03520 WOLFSSL_LOCAL const char* const* GetCipherNames(void); 03521 WOLFSSL_LOCAL int GetCipherNamesSize(void); 03522 WOLFSSL_LOCAL const char* GetCipherNameInternal(const char* cipherName, int cipherSuite); 03523 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); 03524 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_from_suite( 03525 const unsigned char cipherSuite, const unsigned char cipherSuite0); 03526 03527 enum encrypt_side { 03528 ENCRYPT_SIDE_ONLY = 1, 03529 DECRYPT_SIDE_ONLY, 03530 ENCRYPT_AND_DECRYPT_SIDE 03531 }; 03532 03533 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); 03534 03535 03536 #ifndef NO_DH 03537 WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, 03538 byte* priv, word32* privSz, 03539 byte* pub, word32* pubSz); 03540 WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey, 03541 const byte* priv, word32 privSz, 03542 const byte* otherPub, word32 otherPubSz, 03543 byte* agree, word32* agreeSz); 03544 #endif /* !NO_DH */ 03545 03546 #ifdef HAVE_ECC 03547 WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer); 03548 #endif 03549 03550 WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); 03551 WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); 03552 03553 WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, 03554 const byte* input, int inSz, int type, int hashOutput, 03555 int sizeOnly, int asyncOkay); 03556 03557 #ifdef WOLFSSL_TLS13 03558 int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, 03559 int inSz, int type, int hashOutput, int sizeOnly); 03560 #endif 03561 03562 WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey); 03563 WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); 03564 03565 #ifdef WOLFSSL_ASYNC_CRYPT 03566 WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state); 03567 WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, 03568 word32 flags); 03569 #endif 03570 03571 03572 #ifdef __cplusplus 03573 } /* extern "C" */ 03574 #endif 03575 03576 #endif /* wolfSSL_INT_H */ 03577
Generated on Tue Jul 12 2022 23:30:58 by
1.7.2