wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/internal.h@15:117db924cf7c, 2018-08-18 (annotated)

Committer:
wolfSSL
Date:
Sat Aug 18 22:20:43 2018 +0000
Revision:
15:117db924cf7c
Child:
16:8e0d178b1d1e
wolfSSL 3.15.3

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* internal.h
wolfSSL 15:117db924cf7c 2 *
wolfSSL 15:117db924cf7c 3 * Copyright (C) 2006-2017 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23
wolfSSL 15:117db924cf7c 24 #ifndef WOLFSSL_INT_H
wolfSSL 15:117db924cf7c 25 #define WOLFSSL_INT_H
wolfSSL 15:117db924cf7c 26
wolfSSL 15:117db924cf7c 27
wolfSSL 15:117db924cf7c 28 #include <wolfssl/wolfcrypt/types.h>
wolfSSL 15:117db924cf7c 29 #include <wolfssl/ssl.h>
wolfSSL 15:117db924cf7c 30 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 31 #include <wolfssl/crl.h>
wolfSSL 15:117db924cf7c 32 #endif
wolfSSL 15:117db924cf7c 33 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 15:117db924cf7c 34 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 35 #include <wolfssl/wolfcrypt/des3.h>
wolfSSL 15:117db924cf7c 36 #endif
wolfSSL 15:117db924cf7c 37 #ifndef NO_HC128
wolfSSL 15:117db924cf7c 38 #include <wolfssl/wolfcrypt/hc128.h>
wolfSSL 15:117db924cf7c 39 #endif
wolfSSL 15:117db924cf7c 40 #ifndef NO_RABBIT
wolfSSL 15:117db924cf7c 41 #include <wolfssl/wolfcrypt/rabbit.h>
wolfSSL 15:117db924cf7c 42 #endif
wolfSSL 15:117db924cf7c 43 #ifdef HAVE_CHACHA
wolfSSL 15:117db924cf7c 44 #include <wolfssl/wolfcrypt/chacha.h>
wolfSSL 15:117db924cf7c 45 #endif
wolfSSL 15:117db924cf7c 46 #ifndef NO_ASN
wolfSSL 15:117db924cf7c 47 #include <wolfssl/wolfcrypt/asn.h>
wolfSSL 15:117db924cf7c 48 #include <wolfssl/wolfcrypt/pkcs12.h>
wolfSSL 15:117db924cf7c 49 #endif
wolfSSL 15:117db924cf7c 50 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 51 #include <wolfssl/wolfcrypt/md5.h>
wolfSSL 15:117db924cf7c 52 #endif
wolfSSL 15:117db924cf7c 53 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 54 #include <wolfssl/wolfcrypt/sha.h>
wolfSSL 15:117db924cf7c 55 #endif
wolfSSL 15:117db924cf7c 56 #ifndef NO_AES
wolfSSL 15:117db924cf7c 57 #include <wolfssl/wolfcrypt/aes.h>
wolfSSL 15:117db924cf7c 58 #endif
wolfSSL 15:117db924cf7c 59 #ifdef HAVE_POLY1305
wolfSSL 15:117db924cf7c 60 #include <wolfssl/wolfcrypt/poly1305.h>
wolfSSL 15:117db924cf7c 61 #endif
wolfSSL 15:117db924cf7c 62 #ifdef HAVE_CAMELLIA
wolfSSL 15:117db924cf7c 63 #include <wolfssl/wolfcrypt/camellia.h>
wolfSSL 15:117db924cf7c 64 #endif
wolfSSL 15:117db924cf7c 65 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 15:117db924cf7c 66 #ifndef NO_HMAC
wolfSSL 15:117db924cf7c 67 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 15:117db924cf7c 68 #endif
wolfSSL 15:117db924cf7c 69 #ifndef NO_RC4
wolfSSL 15:117db924cf7c 70 #include <wolfssl/wolfcrypt/arc4.h>
wolfSSL 15:117db924cf7c 71 #endif
wolfSSL 15:117db924cf7c 72 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 73 #include <wolfssl/wolfcrypt/sha256.h>
wolfSSL 15:117db924cf7c 74 #endif
wolfSSL 15:117db924cf7c 75 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 76 #include <wolfssl/ocsp.h>
wolfSSL 15:117db924cf7c 77 #endif
wolfSSL 15:117db924cf7c 78 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 79 #include <wolfssl/wolfcrypt/sha512.h>
wolfSSL 15:117db924cf7c 80 #endif
wolfSSL 15:117db924cf7c 81 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 82 #include <wolfssl/wolfcrypt/sha512.h>
wolfSSL 15:117db924cf7c 83 #endif
wolfSSL 15:117db924cf7c 84 #ifdef HAVE_AESGCM
wolfSSL 15:117db924cf7c 85 #include <wolfssl/wolfcrypt/sha512.h>
wolfSSL 15:117db924cf7c 86 #endif
wolfSSL 15:117db924cf7c 87 #ifdef WOLFSSL_RIPEMD
wolfSSL 15:117db924cf7c 88 #include <wolfssl/wolfcrypt/ripemd.h>
wolfSSL 15:117db924cf7c 89 #endif
wolfSSL 15:117db924cf7c 90 #ifdef HAVE_IDEA
wolfSSL 15:117db924cf7c 91 #include <wolfssl/wolfcrypt/idea.h>
wolfSSL 15:117db924cf7c 92 #endif
wolfSSL 15:117db924cf7c 93 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 94 #include <wolfssl/wolfcrypt/rsa.h>
wolfSSL 15:117db924cf7c 95 #endif
wolfSSL 15:117db924cf7c 96 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 97 #include <wolfssl/wolfcrypt/ecc.h>
wolfSSL 15:117db924cf7c 98 #endif
wolfSSL 15:117db924cf7c 99 #ifndef NO_DH
wolfSSL 15:117db924cf7c 100 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 15:117db924cf7c 101 #endif
wolfSSL 15:117db924cf7c 102 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 103 #include <wolfssl/wolfcrypt/ed25519.h>
wolfSSL 15:117db924cf7c 104 #endif
wolfSSL 15:117db924cf7c 105 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 106 #include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL 15:117db924cf7c 107 #endif
wolfSSL 15:117db924cf7c 108
wolfSSL 15:117db924cf7c 109 #include <wolfssl/wolfcrypt/wc_encrypt.h>
wolfSSL 15:117db924cf7c 110 #include <wolfssl/wolfcrypt/hash.h>
wolfSSL 15:117db924cf7c 111
wolfSSL 15:117db924cf7c 112 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 113 #include <wolfssl/callbacks.h>
wolfSSL 15:117db924cf7c 114 #endif
wolfSSL 15:117db924cf7c 115 #ifdef WOLFSSL_CALLBACKS
wolfSSL 15:117db924cf7c 116 #include <signal.h>
wolfSSL 15:117db924cf7c 117 #endif
wolfSSL 15:117db924cf7c 118
wolfSSL 15:117db924cf7c 119 #ifdef USE_WINDOWS_API
wolfSSL 15:117db924cf7c 120 #ifdef WOLFSSL_GAME_BUILD
wolfSSL 15:117db924cf7c 121 #include "system/xtl.h"
wolfSSL 15:117db924cf7c 122 #else
wolfSSL 15:117db924cf7c 123 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
wolfSSL 15:117db924cf7c 124 /* On WinCE winsock2.h must be included before windows.h */
wolfSSL 15:117db924cf7c 125 #include <winsock2.h>
wolfSSL 15:117db924cf7c 126 #endif
wolfSSL 15:117db924cf7c 127 #include <windows.h>
wolfSSL 15:117db924cf7c 128 #endif
wolfSSL 15:117db924cf7c 129 #elif defined(THREADX)
wolfSSL 15:117db924cf7c 130 #ifndef SINGLE_THREADED
wolfSSL 15:117db924cf7c 131 #include "tx_api.h"
wolfSSL 15:117db924cf7c 132 #endif
wolfSSL 15:117db924cf7c 133 #elif defined(MICRIUM)
wolfSSL 15:117db924cf7c 134 /* do nothing, just don't pick Unix */
wolfSSL 15:117db924cf7c 135 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
wolfSSL 15:117db924cf7c 136 /* do nothing */
wolfSSL 15:117db924cf7c 137 #elif defined(EBSNET)
wolfSSL 15:117db924cf7c 138 /* do nothing */
wolfSSL 15:117db924cf7c 139 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
wolfSSL 15:117db924cf7c 140 /* do nothing */
wolfSSL 15:117db924cf7c 141 #elif defined(FREESCALE_FREE_RTOS)
wolfSSL 15:117db924cf7c 142 #include "fsl_os_abstraction.h"
wolfSSL 15:117db924cf7c 143 #elif defined(WOLFSSL_uITRON4)
wolfSSL 15:117db924cf7c 144 /* do nothing */
wolfSSL 15:117db924cf7c 145 #elif defined(WOLFSSL_uTKERNEL2)
wolfSSL 15:117db924cf7c 146 /* do nothing */
wolfSSL 15:117db924cf7c 147 #elif defined(WOLFSSL_CMSIS_RTOS)
wolfSSL 15:117db924cf7c 148 #include "cmsis_os.h"
wolfSSL 15:117db924cf7c 149 #elif defined(WOLFSSL_MDK_ARM)
wolfSSL 15:117db924cf7c 150 #if defined(WOLFSSL_MDK5)
wolfSSL 15:117db924cf7c 151 #include "cmsis_os.h"
wolfSSL 15:117db924cf7c 152 #else
wolfSSL 15:117db924cf7c 153 #include <rtl.h>
wolfSSL 15:117db924cf7c 154 #endif
wolfSSL 15:117db924cf7c 155 #elif defined(WOLFSSL_CMSIS_RTOS)
wolfSSL 15:117db924cf7c 156 #include "cmsis_os.h"
wolfSSL 15:117db924cf7c 157 #elif defined(MBED)
wolfSSL 15:117db924cf7c 158 #elif defined(WOLFSSL_TIRTOS)
wolfSSL 15:117db924cf7c 159 /* do nothing */
wolfSSL 15:117db924cf7c 160 #elif defined(INTIME_RTOS)
wolfSSL 15:117db924cf7c 161 #include <rt.h>
wolfSSL 15:117db924cf7c 162 #elif defined(WOLFSSL_NUCLEUS_1_2)
wolfSSL 15:117db924cf7c 163 /* do nothing */
wolfSSL 15:117db924cf7c 164 #else
wolfSSL 15:117db924cf7c 165 #ifndef SINGLE_THREADED
wolfSSL 15:117db924cf7c 166 #define WOLFSSL_PTHREADS
wolfSSL 15:117db924cf7c 167 #include <pthread.h>
wolfSSL 15:117db924cf7c 168 #endif
wolfSSL 15:117db924cf7c 169 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 170 #include <unistd.h> /* for close of BIO */
wolfSSL 15:117db924cf7c 171 #endif
wolfSSL 15:117db924cf7c 172 #endif
wolfSSL 15:117db924cf7c 173
wolfSSL 15:117db924cf7c 174 #ifndef CHAR_BIT
wolfSSL 15:117db924cf7c 175 /* Needed for DTLS without big math */
wolfSSL 15:117db924cf7c 176 #include <limits.h>
wolfSSL 15:117db924cf7c 177 #endif
wolfSSL 15:117db924cf7c 178
wolfSSL 15:117db924cf7c 179
wolfSSL 15:117db924cf7c 180 #ifdef HAVE_LIBZ
wolfSSL 15:117db924cf7c 181 #include "zlib.h"
wolfSSL 15:117db924cf7c 182 #endif
wolfSSL 15:117db924cf7c 183
wolfSSL 15:117db924cf7c 184 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 185 #include <wolfssl/wolfcrypt/async.h>
wolfSSL 15:117db924cf7c 186 #endif
wolfSSL 15:117db924cf7c 187
wolfSSL 15:117db924cf7c 188 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 189 #ifdef WOLFCRYPT_HAVE_SRP
wolfSSL 15:117db924cf7c 190 #include <wolfssl/wolfcrypt/srp.h>
wolfSSL 15:117db924cf7c 191 #endif
wolfSSL 15:117db924cf7c 192 #endif
wolfSSL 15:117db924cf7c 193
wolfSSL 15:117db924cf7c 194 #ifdef _MSC_VER
wolfSSL 15:117db924cf7c 195 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL 15:117db924cf7c 196 #pragma warning(disable: 4996)
wolfSSL 15:117db924cf7c 197 #endif
wolfSSL 15:117db924cf7c 198
wolfSSL 15:117db924cf7c 199 #ifdef NO_SHA
wolfSSL 15:117db924cf7c 200 #define WC_SHA_DIGEST_SIZE 20
wolfSSL 15:117db924cf7c 201 #endif
wolfSSL 15:117db924cf7c 202
wolfSSL 15:117db924cf7c 203 #ifdef NO_SHA256
wolfSSL 15:117db924cf7c 204 #define WC_SHA256_DIGEST_SIZE 32
wolfSSL 15:117db924cf7c 205 #endif
wolfSSL 15:117db924cf7c 206
wolfSSL 15:117db924cf7c 207 #ifdef NO_MD5
wolfSSL 15:117db924cf7c 208 #define WC_MD5_DIGEST_SIZE 16
wolfSSL 15:117db924cf7c 209 #endif
wolfSSL 15:117db924cf7c 210
wolfSSL 15:117db924cf7c 211
wolfSSL 15:117db924cf7c 212 #ifdef __cplusplus
wolfSSL 15:117db924cf7c 213 extern "C" {
wolfSSL 15:117db924cf7c 214 #endif
wolfSSL 15:117db924cf7c 215
wolfSSL 15:117db924cf7c 216 /* Define or comment out the cipher suites you'd like to be compiled in
wolfSSL 15:117db924cf7c 217 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
wolfSSL 15:117db924cf7c 218
wolfSSL 15:117db924cf7c 219 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
wolfSSL 15:117db924cf7c 220
wolfSSL 15:117db924cf7c 221 Now that there is a maximum strength crypto build, the following BUILD_XXX
wolfSSL 15:117db924cf7c 222 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
wolfSSL 15:117db924cf7c 223 Those that do not use Perfect Forward Security and do not use AEAD ciphers
wolfSSL 15:117db924cf7c 224 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
wolfSSL 15:117db924cf7c 225 CHACHA-POLY.
wolfSSL 15:117db924cf7c 226 */
wolfSSL 15:117db924cf7c 227
wolfSSL 15:117db924cf7c 228 /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
wolfSSL 15:117db924cf7c 229 * not turned off. */
wolfSSL 15:117db924cf7c 230 #if defined(WOLFSSL_MAX_STRENGTH) && \
wolfSSL 15:117db924cf7c 231 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
wolfSSL 15:117db924cf7c 232 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
wolfSSL 15:117db924cf7c 233 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
wolfSSL 15:117db924cf7c 234 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
wolfSSL 15:117db924cf7c 235 !defined(NO_OLD_TLS))
wolfSSL 15:117db924cf7c 236
wolfSSL 15:117db924cf7c 237 #error "You are trying to build max strength with requirements disabled."
wolfSSL 15:117db924cf7c 238 #endif
wolfSSL 15:117db924cf7c 239
wolfSSL 15:117db924cf7c 240 /* Have QSH : Quantum-safe Handshake */
wolfSSL 15:117db924cf7c 241 #if defined(HAVE_QSH)
wolfSSL 15:117db924cf7c 242 #define BUILD_TLS_QSH
wolfSSL 15:117db924cf7c 243 #endif
wolfSSL 15:117db924cf7c 244
wolfSSL 15:117db924cf7c 245 #ifndef WOLFSSL_MAX_STRENGTH
wolfSSL 15:117db924cf7c 246
wolfSSL 15:117db924cf7c 247 #if !defined(NO_RSA) && !defined(NO_RC4)
wolfSSL 15:117db924cf7c 248 #if defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 249 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 250 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 15:117db924cf7c 251 #endif
wolfSSL 15:117db924cf7c 252 #if !defined(NO_MD5)
wolfSSL 15:117db924cf7c 253 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 15:117db924cf7c 254 #endif
wolfSSL 15:117db924cf7c 255 #endif
wolfSSL 15:117db924cf7c 256 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
wolfSSL 15:117db924cf7c 257 && defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 258 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 15:117db924cf7c 259 #endif
wolfSSL 15:117db924cf7c 260 #endif
wolfSSL 15:117db924cf7c 261
wolfSSL 15:117db924cf7c 262 #if !defined(NO_RSA) && !defined(NO_DES3)
wolfSSL 15:117db924cf7c 263 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 264 #if defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 265 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 15:117db924cf7c 266 #endif
wolfSSL 15:117db924cf7c 267 #if !defined(NO_TLS) && defined(HAVE_NTRU) \
wolfSSL 15:117db924cf7c 268 && defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 269 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 15:117db924cf7c 270 #endif
wolfSSL 15:117db924cf7c 271 #endif
wolfSSL 15:117db924cf7c 272 #endif
wolfSSL 15:117db924cf7c 273
wolfSSL 15:117db924cf7c 274 #if !defined(NO_RSA) && defined(HAVE_IDEA)
wolfSSL 15:117db924cf7c 275 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 276 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 15:117db924cf7c 277 #endif
wolfSSL 15:117db924cf7c 278 #endif
wolfSSL 15:117db924cf7c 279
wolfSSL 15:117db924cf7c 280 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL 15:117db924cf7c 281 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 282 #if defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 283 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 284 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 285 #endif
wolfSSL 15:117db924cf7c 286 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 287 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 15:117db924cf7c 288 #endif
wolfSSL 15:117db924cf7c 289 #endif
wolfSSL 15:117db924cf7c 290 #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 291 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 292 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 293 #endif
wolfSSL 15:117db924cf7c 294 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 295 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 15:117db924cf7c 296 #endif
wolfSSL 15:117db924cf7c 297 #endif
wolfSSL 15:117db924cf7c 298 #endif
wolfSSL 15:117db924cf7c 299 #if defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 300 #if !defined (NO_SHA256)
wolfSSL 15:117db924cf7c 301 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 302 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 303 #endif
wolfSSL 15:117db924cf7c 304 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 305 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 15:117db924cf7c 306 #endif
wolfSSL 15:117db924cf7c 307 #endif
wolfSSL 15:117db924cf7c 308 #if defined (HAVE_AESGCM)
wolfSSL 15:117db924cf7c 309 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 310 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 311 #endif
wolfSSL 15:117db924cf7c 312 #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL 15:117db924cf7c 313 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 314 #endif
wolfSSL 15:117db924cf7c 315 #endif
wolfSSL 15:117db924cf7c 316 #if defined (HAVE_AESCCM)
wolfSSL 15:117db924cf7c 317 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 318 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 15:117db924cf7c 319 #endif
wolfSSL 15:117db924cf7c 320 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 321 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 15:117db924cf7c 322 #endif
wolfSSL 15:117db924cf7c 323 #endif
wolfSSL 15:117db924cf7c 324 #if defined(HAVE_BLAKE2)
wolfSSL 15:117db924cf7c 325 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 326 #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 15:117db924cf7c 327 #endif
wolfSSL 15:117db924cf7c 328 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 329 #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 15:117db924cf7c 330 #endif
wolfSSL 15:117db924cf7c 331 #endif
wolfSSL 15:117db924cf7c 332 #endif
wolfSSL 15:117db924cf7c 333 #endif
wolfSSL 15:117db924cf7c 334
wolfSSL 15:117db924cf7c 335 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
wolfSSL 15:117db924cf7c 336 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 337 #if defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 338 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 339 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 15:117db924cf7c 340 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 15:117db924cf7c 341 #endif
wolfSSL 15:117db924cf7c 342 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 343 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 15:117db924cf7c 344 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 15:117db924cf7c 345 #endif
wolfSSL 15:117db924cf7c 346 #endif
wolfSSL 15:117db924cf7c 347 #if !defined(NO_DH)
wolfSSL 15:117db924cf7c 348 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 349 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 15:117db924cf7c 350 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 15:117db924cf7c 351 #endif
wolfSSL 15:117db924cf7c 352 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 353 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 15:117db924cf7c 354 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 15:117db924cf7c 355 #endif
wolfSSL 15:117db924cf7c 356 #endif
wolfSSL 15:117db924cf7c 357 #endif
wolfSSL 15:117db924cf7c 358 #endif
wolfSSL 15:117db924cf7c 359
wolfSSL 15:117db924cf7c 360 #if defined(WOLFSSL_STATIC_PSK)
wolfSSL 15:117db924cf7c 361 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
wolfSSL 15:117db924cf7c 362 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 363 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 364 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 365 #endif
wolfSSL 15:117db924cf7c 366 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 367 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 15:117db924cf7c 368 #endif
wolfSSL 15:117db924cf7c 369 #endif
wolfSSL 15:117db924cf7c 370 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 371 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 372 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 373 #ifdef HAVE_AESGCM
wolfSSL 15:117db924cf7c 374 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 375 #endif
wolfSSL 15:117db924cf7c 376 #endif /* WOLFSSL_AES_128 */
wolfSSL 15:117db924cf7c 377 #ifdef HAVE_AESCCM
wolfSSL 15:117db924cf7c 378 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 379 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 15:117db924cf7c 380 #define BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 15:117db924cf7c 381 #endif
wolfSSL 15:117db924cf7c 382 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 383 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 15:117db924cf7c 384 #define BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 15:117db924cf7c 385 #endif
wolfSSL 15:117db924cf7c 386 #endif
wolfSSL 15:117db924cf7c 387 #endif
wolfSSL 15:117db924cf7c 388 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL 15:117db924cf7c 389 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 15:117db924cf7c 390 #ifdef HAVE_AESGCM
wolfSSL 15:117db924cf7c 391 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 392 #endif
wolfSSL 15:117db924cf7c 393 #endif
wolfSSL 15:117db924cf7c 394 #endif
wolfSSL 15:117db924cf7c 395 #endif
wolfSSL 15:117db924cf7c 396
wolfSSL 15:117db924cf7c 397 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
wolfSSL 15:117db924cf7c 398 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 399 #if defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 400 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 401 #define BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 15:117db924cf7c 402 #endif
wolfSSL 15:117db924cf7c 403 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 404 #define BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 15:117db924cf7c 405 #endif
wolfSSL 15:117db924cf7c 406 #endif
wolfSSL 15:117db924cf7c 407 #endif
wolfSSL 15:117db924cf7c 408 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
wolfSSL 15:117db924cf7c 409 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 410 #define BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 15:117db924cf7c 411 #endif
wolfSSL 15:117db924cf7c 412 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 413 #define BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 15:117db924cf7c 414 #endif
wolfSSL 15:117db924cf7c 415 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 416 #define BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 15:117db924cf7c 417 #endif
wolfSSL 15:117db924cf7c 418 #endif
wolfSSL 15:117db924cf7c 419 #endif
wolfSSL 15:117db924cf7c 420
wolfSSL 15:117db924cf7c 421 #if defined(WOLFSSL_STATIC_RSA)
wolfSSL 15:117db924cf7c 422 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
wolfSSL 15:117db924cf7c 423 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 424 #define BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 15:117db924cf7c 425 #endif
wolfSSL 15:117db924cf7c 426 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 427 #define BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 15:117db924cf7c 428 #endif
wolfSSL 15:117db924cf7c 429 #if defined(HAVE_BLAKE2)
wolfSSL 15:117db924cf7c 430 #define BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 15:117db924cf7c 431 #endif
wolfSSL 15:117db924cf7c 432 #endif
wolfSSL 15:117db924cf7c 433
wolfSSL 15:117db924cf7c 434 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
wolfSSL 15:117db924cf7c 435 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 436 #define BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 15:117db924cf7c 437 #endif
wolfSSL 15:117db924cf7c 438 #endif
wolfSSL 15:117db924cf7c 439 #endif
wolfSSL 15:117db924cf7c 440
wolfSSL 15:117db924cf7c 441 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL 15:117db924cf7c 442 !defined(NO_RSA)
wolfSSL 15:117db924cf7c 443
wolfSSL 15:117db924cf7c 444 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 445 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 446 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 447 #endif
wolfSSL 15:117db924cf7c 448 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 449 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 15:117db924cf7c 450 #endif
wolfSSL 15:117db924cf7c 451 #if !defined(NO_DES3)
wolfSSL 15:117db924cf7c 452 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 15:117db924cf7c 453 #endif
wolfSSL 15:117db924cf7c 454 #endif
wolfSSL 15:117db924cf7c 455 #if !defined(NO_SHA256) && defined(HAVE_AES_CBC)
wolfSSL 15:117db924cf7c 456 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 457 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 458 #endif
wolfSSL 15:117db924cf7c 459 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 460 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 15:117db924cf7c 461 #endif
wolfSSL 15:117db924cf7c 462 #endif
wolfSSL 15:117db924cf7c 463 #endif
wolfSSL 15:117db924cf7c 464
wolfSSL 15:117db924cf7c 465 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
wolfSSL 15:117db924cf7c 466 !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 467 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 468
wolfSSL 15:117db924cf7c 469 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
wolfSSL 15:117db924cf7c 470 #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 471 #endif
wolfSSL 15:117db924cf7c 472 #endif
wolfSSL 15:117db924cf7c 473
wolfSSL 15:117db924cf7c 474 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL 15:117db924cf7c 475 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 476 #if !defined(NO_AES) && defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 477 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 478 #endif
wolfSSL 15:117db924cf7c 479 #ifdef HAVE_NULL_CIPHER
wolfSSL 15:117db924cf7c 480 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 15:117db924cf7c 481 #endif
wolfSSL 15:117db924cf7c 482 #endif
wolfSSL 15:117db924cf7c 483 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 484 #if !defined(NO_AES) && defined(WOLFSSL_AES_256)
wolfSSL 15:117db924cf7c 485 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 15:117db924cf7c 486 #endif
wolfSSL 15:117db924cf7c 487 #ifdef HAVE_NULL_CIPHER
wolfSSL 15:117db924cf7c 488 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 15:117db924cf7c 489 #endif
wolfSSL 15:117db924cf7c 490 #endif
wolfSSL 15:117db924cf7c 491 #endif
wolfSSL 15:117db924cf7c 492
wolfSSL 15:117db924cf7c 493 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS)
wolfSSL 15:117db924cf7c 494 #if !defined(NO_AES)
wolfSSL 15:117db924cf7c 495 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 496 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 497 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 498 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 499 #endif
wolfSSL 15:117db924cf7c 500 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 501 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 15:117db924cf7c 502 #endif
wolfSSL 15:117db924cf7c 503 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 504 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 505 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 506 #endif
wolfSSL 15:117db924cf7c 507 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 508 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 15:117db924cf7c 509 #endif
wolfSSL 15:117db924cf7c 510 #endif
wolfSSL 15:117db924cf7c 511 #endif
wolfSSL 15:117db924cf7c 512
wolfSSL 15:117db924cf7c 513 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 514 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 515 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 516 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 517 #endif
wolfSSL 15:117db924cf7c 518 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 519 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 15:117db924cf7c 520 #endif
wolfSSL 15:117db924cf7c 521 #endif
wolfSSL 15:117db924cf7c 522
wolfSSL 15:117db924cf7c 523 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 524 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 525 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 15:117db924cf7c 526 #endif
wolfSSL 15:117db924cf7c 527 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 528 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 15:117db924cf7c 529 #endif
wolfSSL 15:117db924cf7c 530 #endif
wolfSSL 15:117db924cf7c 531 #endif /* NO_SHA */
wolfSSL 15:117db924cf7c 532 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 533 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 534 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 535 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 536 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 537 #endif
wolfSSL 15:117db924cf7c 538 #endif
wolfSSL 15:117db924cf7c 539 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 540 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 541 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 542 #endif
wolfSSL 15:117db924cf7c 543 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 544 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 545 #endif
wolfSSL 15:117db924cf7c 546 #endif
wolfSSL 15:117db924cf7c 547
wolfSSL 15:117db924cf7c 548 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL 15:117db924cf7c 549 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 550 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 15:117db924cf7c 551 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 552 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 15:117db924cf7c 553 #endif
wolfSSL 15:117db924cf7c 554 #endif
wolfSSL 15:117db924cf7c 555 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 556 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 557 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 15:117db924cf7c 558 #endif
wolfSSL 15:117db924cf7c 559 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 560 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 15:117db924cf7c 561 #endif
wolfSSL 15:117db924cf7c 562 #endif
wolfSSL 15:117db924cf7c 563
wolfSSL 15:117db924cf7c 564 #if defined (HAVE_AESGCM)
wolfSSL 15:117db924cf7c 565 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 566 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 567 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 568 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 569 #endif
wolfSSL 15:117db924cf7c 570 #endif
wolfSSL 15:117db924cf7c 571 #if defined(WOLFSSL_SHA384)
wolfSSL 15:117db924cf7c 572 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 573 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 574 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 575 #endif
wolfSSL 15:117db924cf7c 576 #endif
wolfSSL 15:117db924cf7c 577 #endif
wolfSSL 15:117db924cf7c 578 #endif
wolfSSL 15:117db924cf7c 579
wolfSSL 15:117db924cf7c 580 #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \
wolfSSL 15:117db924cf7c 581 defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 582 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 583 #endif
wolfSSL 15:117db924cf7c 584
wolfSSL 15:117db924cf7c 585 #if defined(WOLFSSL_SHA384)
wolfSSL 15:117db924cf7c 586 #if defined(WOLFSSL_STATIC_DH) && \
wolfSSL 15:117db924cf7c 587 defined(WOLFSSL_AES_256) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 588 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 589 #endif
wolfSSL 15:117db924cf7c 590 #endif
wolfSSL 15:117db924cf7c 591 #endif
wolfSSL 15:117db924cf7c 592 #endif /* NO_AES */
wolfSSL 15:117db924cf7c 593 #if !defined(NO_RC4)
wolfSSL 15:117db924cf7c 594 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 595 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 596 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 15:117db924cf7c 597 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 598 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 15:117db924cf7c 599 #endif
wolfSSL 15:117db924cf7c 600 #endif
wolfSSL 15:117db924cf7c 601
wolfSSL 15:117db924cf7c 602 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 603 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 604 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 15:117db924cf7c 605 #endif
wolfSSL 15:117db924cf7c 606 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 607 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 15:117db924cf7c 608 #endif
wolfSSL 15:117db924cf7c 609 #endif
wolfSSL 15:117db924cf7c 610 #endif
wolfSSL 15:117db924cf7c 611 #if !defined(NO_DES3)
wolfSSL 15:117db924cf7c 612 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 613 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 614 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 15:117db924cf7c 615 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 616 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 15:117db924cf7c 617 #endif
wolfSSL 15:117db924cf7c 618 #endif
wolfSSL 15:117db924cf7c 619
wolfSSL 15:117db924cf7c 620 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 621 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 622 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 15:117db924cf7c 623 #endif
wolfSSL 15:117db924cf7c 624 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 625 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 15:117db924cf7c 626 #endif
wolfSSL 15:117db924cf7c 627 #endif /* NO_SHA */
wolfSSL 15:117db924cf7c 628 #endif
wolfSSL 15:117db924cf7c 629 #if defined(HAVE_NULL_CIPHER)
wolfSSL 15:117db924cf7c 630 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 631 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 632 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 633 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 15:117db924cf7c 634 #endif
wolfSSL 15:117db924cf7c 635 #endif
wolfSSL 15:117db924cf7c 636 #if !defined(NO_PSK) && !defined(NO_SHA256)
wolfSSL 15:117db924cf7c 637 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 15:117db924cf7c 638 #endif
wolfSSL 15:117db924cf7c 639 #endif
wolfSSL 15:117db924cf7c 640 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
wolfSSL 15:117db924cf7c 641 defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 642 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 15:117db924cf7c 643 #endif
wolfSSL 15:117db924cf7c 644 #endif
wolfSSL 15:117db924cf7c 645 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL 15:117db924cf7c 646 #if !defined(NO_OLD_POLY1305)
wolfSSL 15:117db924cf7c 647 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 648 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 649 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 15:117db924cf7c 650 #endif
wolfSSL 15:117db924cf7c 651 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 652 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 15:117db924cf7c 653 #endif
wolfSSL 15:117db924cf7c 654 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 15:117db924cf7c 655 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 15:117db924cf7c 656 #endif
wolfSSL 15:117db924cf7c 657 #endif /* NO_OLD_POLY1305 */
wolfSSL 15:117db924cf7c 658 #if !defined(NO_PSK)
wolfSSL 15:117db924cf7c 659 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 15:117db924cf7c 660 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 661 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 15:117db924cf7c 662 #endif
wolfSSL 15:117db924cf7c 663 #ifndef NO_DH
wolfSSL 15:117db924cf7c 664 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 15:117db924cf7c 665 #endif
wolfSSL 15:117db924cf7c 666 #endif /* !NO_PSK */
wolfSSL 15:117db924cf7c 667 #endif
wolfSSL 15:117db924cf7c 668
wolfSSL 15:117db924cf7c 669 #endif /* !WOLFSSL_MAX_STRENGTH */
wolfSSL 15:117db924cf7c 670
wolfSSL 15:117db924cf7c 671 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
wolfSSL 15:117db924cf7c 672 !defined(NO_RSA) && defined(HAVE_AESGCM)
wolfSSL 15:117db924cf7c 673
wolfSSL 15:117db924cf7c 674 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 675 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 676 #endif
wolfSSL 15:117db924cf7c 677
wolfSSL 15:117db924cf7c 678 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL 15:117db924cf7c 679 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 680 #endif
wolfSSL 15:117db924cf7c 681 #endif
wolfSSL 15:117db924cf7c 682
wolfSSL 15:117db924cf7c 683 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
wolfSSL 15:117db924cf7c 684 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 685 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 686 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 687 #endif
wolfSSL 15:117db924cf7c 688 #ifdef HAVE_AESCCM
wolfSSL 15:117db924cf7c 689 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 690 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 15:117db924cf7c 691 #endif
wolfSSL 15:117db924cf7c 692 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 693 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 15:117db924cf7c 694 #endif
wolfSSL 15:117db924cf7c 695 #endif
wolfSSL 15:117db924cf7c 696 #endif
wolfSSL 15:117db924cf7c 697 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \
wolfSSL 15:117db924cf7c 698 defined(WOLFSSL_AES_256)
wolfSSL 15:117db924cf7c 699 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 700 #endif
wolfSSL 15:117db924cf7c 701 #endif
wolfSSL 15:117db924cf7c 702
wolfSSL 15:117db924cf7c 703 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \
wolfSSL 15:117db924cf7c 704 !defined(NO_AES)
wolfSSL 15:117db924cf7c 705 #ifdef HAVE_AESGCM
wolfSSL 15:117db924cf7c 706 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 707 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 708 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 709 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 710 #endif
wolfSSL 15:117db924cf7c 711 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 712 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 713 #endif
wolfSSL 15:117db924cf7c 714 #endif
wolfSSL 15:117db924cf7c 715 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL 15:117db924cf7c 716 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 717 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 718 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 719 #endif
wolfSSL 15:117db924cf7c 720 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 721 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 722 #endif
wolfSSL 15:117db924cf7c 723 #endif
wolfSSL 15:117db924cf7c 724 #endif
wolfSSL 15:117db924cf7c 725 #if defined(HAVE_AESCCM) && !defined(NO_SHA256)
wolfSSL 15:117db924cf7c 726 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 727 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 728 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 729 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 15:117db924cf7c 730 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 15:117db924cf7c 731 #endif
wolfSSL 15:117db924cf7c 732 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 733 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 15:117db924cf7c 734 #endif
wolfSSL 15:117db924cf7c 735 #endif
wolfSSL 15:117db924cf7c 736 #endif
wolfSSL 15:117db924cf7c 737 #endif
wolfSSL 15:117db924cf7c 738
wolfSSL 15:117db924cf7c 739 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
wolfSSL 15:117db924cf7c 740 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 741 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
wolfSSL 15:117db924cf7c 742 defined(HAVE_ED25519))
wolfSSL 15:117db924cf7c 743 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 15:117db924cf7c 744 #endif
wolfSSL 15:117db924cf7c 745 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 746 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 15:117db924cf7c 747 #endif
wolfSSL 15:117db924cf7c 748 #endif
wolfSSL 15:117db924cf7c 749 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 15:117db924cf7c 750 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 15:117db924cf7c 751 #endif
wolfSSL 15:117db924cf7c 752 #endif
wolfSSL 15:117db924cf7c 753
wolfSSL 15:117db924cf7c 754 #if defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 755 #ifdef HAVE_AESGCM
wolfSSL 15:117db924cf7c 756 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 757 #define BUILD_TLS_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 758 #endif
wolfSSL 15:117db924cf7c 759 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
wolfSSL 15:117db924cf7c 760 #define BUILD_TLS_AES_256_GCM_SHA384
wolfSSL 15:117db924cf7c 761 #endif
wolfSSL 15:117db924cf7c 762 #endif
wolfSSL 15:117db924cf7c 763
wolfSSL 15:117db924cf7c 764 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL 15:117db924cf7c 765 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 766 #define BUILD_TLS_CHACHA20_POLY1305_SHA256
wolfSSL 15:117db924cf7c 767 #endif
wolfSSL 15:117db924cf7c 768 #endif
wolfSSL 15:117db924cf7c 769
wolfSSL 15:117db924cf7c 770 #ifdef HAVE_AESCCM
wolfSSL 15:117db924cf7c 771 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
wolfSSL 15:117db924cf7c 772 #define BUILD_TLS_AES_128_CCM_SHA256
wolfSSL 15:117db924cf7c 773 #define BUILD_TLS_AES_128_CCM_8_SHA256
wolfSSL 15:117db924cf7c 774 #endif
wolfSSL 15:117db924cf7c 775 #endif
wolfSSL 15:117db924cf7c 776 #endif
wolfSSL 15:117db924cf7c 777
wolfSSL 15:117db924cf7c 778 #ifdef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 779 #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
wolfSSL 15:117db924cf7c 780 #define BUILD_WDM_WITH_NULL_SHA256
wolfSSL 15:117db924cf7c 781 #endif
wolfSSL 15:117db924cf7c 782 #endif
wolfSSL 15:117db924cf7c 783
wolfSSL 15:117db924cf7c 784 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
wolfSSL 15:117db924cf7c 785 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
wolfSSL 15:117db924cf7c 786 #define BUILD_ARC4
wolfSSL 15:117db924cf7c 787 #endif
wolfSSL 15:117db924cf7c 788
wolfSSL 15:117db924cf7c 789 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
wolfSSL 15:117db924cf7c 790 #define BUILD_DES3
wolfSSL 15:117db924cf7c 791 #endif
wolfSSL 15:117db924cf7c 792
wolfSSL 15:117db924cf7c 793 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
wolfSSL 15:117db924cf7c 794 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
wolfSSL 15:117db924cf7c 795 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \
wolfSSL 15:117db924cf7c 796 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
wolfSSL 15:117db924cf7c 797 #undef BUILD_AES
wolfSSL 15:117db924cf7c 798 #define BUILD_AES
wolfSSL 15:117db924cf7c 799 #endif
wolfSSL 15:117db924cf7c 800
wolfSSL 15:117db924cf7c 801 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
wolfSSL 15:117db924cf7c 802 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
wolfSSL 15:117db924cf7c 803 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
wolfSSL 15:117db924cf7c 804 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
wolfSSL 15:117db924cf7c 805 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
wolfSSL 15:117db924cf7c 806 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
wolfSSL 15:117db924cf7c 807 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
wolfSSL 15:117db924cf7c 808 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
wolfSSL 15:117db924cf7c 809 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
wolfSSL 15:117db924cf7c 810 defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384)
wolfSSL 15:117db924cf7c 811 #define BUILD_AESGCM
wolfSSL 15:117db924cf7c 812 #else
wolfSSL 15:117db924cf7c 813 /* No AES-GCM cipher suites available with build */
wolfSSL 15:117db924cf7c 814 #define NO_AESGCM_AEAD
wolfSSL 15:117db924cf7c 815 #endif
wolfSSL 15:117db924cf7c 816
wolfSSL 15:117db924cf7c 817 #if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 818 defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 819 defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 820 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 821 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 822 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 823 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 824 defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 825 defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
wolfSSL 15:117db924cf7c 826 defined(BUILD_TLS_CHACHA20_POLY1305_SHA256)
wolfSSL 15:117db924cf7c 827 /* Have an available ChaCha Poly cipher suite */
wolfSSL 15:117db924cf7c 828 #else
wolfSSL 15:117db924cf7c 829 /* No ChaCha Poly cipher suites available with build */
wolfSSL 15:117db924cf7c 830 #define NO_CHAPOL_AEAD
wolfSSL 15:117db924cf7c 831 #endif
wolfSSL 15:117db924cf7c 832
wolfSSL 15:117db924cf7c 833 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
wolfSSL 15:117db924cf7c 834 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
wolfSSL 15:117db924cf7c 835 defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
wolfSSL 15:117db924cf7c 836 #define BUILD_HC128
wolfSSL 15:117db924cf7c 837 #endif
wolfSSL 15:117db924cf7c 838
wolfSSL 15:117db924cf7c 839 #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
wolfSSL 15:117db924cf7c 840 #define BUILD_RABBIT
wolfSSL 15:117db924cf7c 841 #endif
wolfSSL 15:117db924cf7c 842
wolfSSL 15:117db924cf7c 843 #ifdef NO_DES3
wolfSSL 15:117db924cf7c 844 #define DES_BLOCK_SIZE 8
wolfSSL 15:117db924cf7c 845 #else
wolfSSL 15:117db924cf7c 846 #undef BUILD_DES3
wolfSSL 15:117db924cf7c 847 #define BUILD_DES3
wolfSSL 15:117db924cf7c 848 #endif
wolfSSL 15:117db924cf7c 849
wolfSSL 15:117db924cf7c 850 #if defined(NO_AES) || defined(NO_AES_DECRYPT)
wolfSSL 15:117db924cf7c 851 #define AES_BLOCK_SIZE 16
wolfSSL 15:117db924cf7c 852 #undef BUILD_AES
wolfSSL 15:117db924cf7c 853 #else
wolfSSL 15:117db924cf7c 854 #undef BUILD_AES
wolfSSL 15:117db924cf7c 855 #define BUILD_AES
wolfSSL 15:117db924cf7c 856 #endif
wolfSSL 15:117db924cf7c 857
wolfSSL 15:117db924cf7c 858 #ifndef NO_RC4
wolfSSL 15:117db924cf7c 859 #undef BUILD_ARC4
wolfSSL 15:117db924cf7c 860 #define BUILD_ARC4
wolfSSL 15:117db924cf7c 861 #endif
wolfSSL 15:117db924cf7c 862
wolfSSL 15:117db924cf7c 863 #ifdef HAVE_CHACHA
wolfSSL 15:117db924cf7c 864 #define CHACHA20_BLOCK_SIZE 16
wolfSSL 15:117db924cf7c 865 #endif
wolfSSL 15:117db924cf7c 866
wolfSSL 15:117db924cf7c 867 #if defined(WOLFSSL_MAX_STRENGTH) || \
wolfSSL 15:117db924cf7c 868 (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \
wolfSSL 15:117db924cf7c 869 defined(HAVE_AESCCM) || \
wolfSSL 15:117db924cf7c 870 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD))
wolfSSL 15:117db924cf7c 871
wolfSSL 15:117db924cf7c 872 #define HAVE_AEAD
wolfSSL 15:117db924cf7c 873 #endif
wolfSSL 15:117db924cf7c 874
wolfSSL 15:117db924cf7c 875 #if defined(WOLFSSL_MAX_STRENGTH) || \
wolfSSL 15:117db924cf7c 876 defined(HAVE_ECC) || !defined(NO_DH)
wolfSSL 15:117db924cf7c 877
wolfSSL 15:117db924cf7c 878 #define HAVE_PFS
wolfSSL 15:117db924cf7c 879 #endif
wolfSSL 15:117db924cf7c 880
wolfSSL 15:117db924cf7c 881 #if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
wolfSSL 15:117db924cf7c 882 #define BUILD_IDEA
wolfSSL 15:117db924cf7c 883 #endif
wolfSSL 15:117db924cf7c 884
wolfSSL 15:117db924cf7c 885 /* actual cipher values, 2nd byte */
wolfSSL 15:117db924cf7c 886 enum {
wolfSSL 15:117db924cf7c 887 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
wolfSSL 15:117db924cf7c 888 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
wolfSSL 15:117db924cf7c 889 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
wolfSSL 15:117db924cf7c 890 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
wolfSSL 15:117db924cf7c 891 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
wolfSSL 15:117db924cf7c 892 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
wolfSSL 15:117db924cf7c 893 TLS_RSA_WITH_NULL_SHA = 0x02,
wolfSSL 15:117db924cf7c 894 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
wolfSSL 15:117db924cf7c 895 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
wolfSSL 15:117db924cf7c 896 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
wolfSSL 15:117db924cf7c 897 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
wolfSSL 15:117db924cf7c 898 TLS_PSK_WITH_NULL_SHA256 = 0xb0,
wolfSSL 15:117db924cf7c 899 TLS_PSK_WITH_NULL_SHA384 = 0xb1,
wolfSSL 15:117db924cf7c 900 TLS_PSK_WITH_NULL_SHA = 0x2c,
wolfSSL 15:117db924cf7c 901 SSL_RSA_WITH_RC4_128_SHA = 0x05,
wolfSSL 15:117db924cf7c 902 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
wolfSSL 15:117db924cf7c 903 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
wolfSSL 15:117db924cf7c 904 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
wolfSSL 15:117db924cf7c 905
wolfSSL 15:117db924cf7c 906 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
wolfSSL 15:117db924cf7c 907 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
wolfSSL 15:117db924cf7c 908 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
wolfSSL 15:117db924cf7c 909 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
wolfSSL 15:117db924cf7c 910 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
wolfSSL 15:117db924cf7c 911 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
wolfSSL 15:117db924cf7c 912 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
wolfSSL 15:117db924cf7c 913 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
wolfSSL 15:117db924cf7c 914 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
wolfSSL 15:117db924cf7c 915 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
wolfSSL 15:117db924cf7c 916 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
wolfSSL 15:117db924cf7c 917 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
wolfSSL 15:117db924cf7c 918 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
wolfSSL 15:117db924cf7c 919 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
wolfSSL 15:117db924cf7c 920 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
wolfSSL 15:117db924cf7c 921 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
wolfSSL 15:117db924cf7c 922
wolfSSL 15:117db924cf7c 923 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
wolfSSL 15:117db924cf7c 924 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
wolfSSL 15:117db924cf7c 925 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
wolfSSL 15:117db924cf7c 926 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
wolfSSL 15:117db924cf7c 927 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
wolfSSL 15:117db924cf7c 928 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
wolfSSL 15:117db924cf7c 929 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
wolfSSL 15:117db924cf7c 930 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
wolfSSL 15:117db924cf7c 931 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
wolfSSL 15:117db924cf7c 932 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
wolfSSL 15:117db924cf7c 933 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
wolfSSL 15:117db924cf7c 934 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
wolfSSL 15:117db924cf7c 935 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
wolfSSL 15:117db924cf7c 936
wolfSSL 15:117db924cf7c 937 /* wolfSSL extension - eSTREAM */
wolfSSL 15:117db924cf7c 938 TLS_RSA_WITH_HC_128_MD5 = 0xFB,
wolfSSL 15:117db924cf7c 939 TLS_RSA_WITH_HC_128_SHA = 0xFC,
wolfSSL 15:117db924cf7c 940 TLS_RSA_WITH_RABBIT_SHA = 0xFD,
wolfSSL 15:117db924cf7c 941 WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
wolfSSL 15:117db924cf7c 942
wolfSSL 15:117db924cf7c 943 /* wolfSSL extension - Blake2b 256 */
wolfSSL 15:117db924cf7c 944 TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
wolfSSL 15:117db924cf7c 945 TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
wolfSSL 15:117db924cf7c 946 TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
wolfSSL 15:117db924cf7c 947
wolfSSL 15:117db924cf7c 948 /* wolfSSL extension - NTRU */
wolfSSL 15:117db924cf7c 949 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
wolfSSL 15:117db924cf7c 950 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
wolfSSL 15:117db924cf7c 951 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
wolfSSL 15:117db924cf7c 952 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
wolfSSL 15:117db924cf7c 953
wolfSSL 15:117db924cf7c 954 /* wolfSSL extension - NTRU , Quantum-safe Handshake
wolfSSL 15:117db924cf7c 955 first byte is 0xD0 (QSH_BYTE) */
wolfSSL 15:117db924cf7c 956 TLS_QSH = 0x01,
wolfSSL 15:117db924cf7c 957
wolfSSL 15:117db924cf7c 958 /* SHA256 */
wolfSSL 15:117db924cf7c 959 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
wolfSSL 15:117db924cf7c 960 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
wolfSSL 15:117db924cf7c 961 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
wolfSSL 15:117db924cf7c 962 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
wolfSSL 15:117db924cf7c 963 TLS_RSA_WITH_NULL_SHA256 = 0x3b,
wolfSSL 15:117db924cf7c 964 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
wolfSSL 15:117db924cf7c 965 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
wolfSSL 15:117db924cf7c 966
wolfSSL 15:117db924cf7c 967 /* SHA384 */
wolfSSL 15:117db924cf7c 968 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
wolfSSL 15:117db924cf7c 969 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
wolfSSL 15:117db924cf7c 970
wolfSSL 15:117db924cf7c 971 /* AES-GCM */
wolfSSL 15:117db924cf7c 972 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
wolfSSL 15:117db924cf7c 973 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
wolfSSL 15:117db924cf7c 974 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
wolfSSL 15:117db924cf7c 975 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
wolfSSL 15:117db924cf7c 976 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
wolfSSL 15:117db924cf7c 977 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
wolfSSL 15:117db924cf7c 978 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
wolfSSL 15:117db924cf7c 979 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
wolfSSL 15:117db924cf7c 980 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
wolfSSL 15:117db924cf7c 981
wolfSSL 15:117db924cf7c 982 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
wolfSSL 15:117db924cf7c 983 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
wolfSSL 15:117db924cf7c 984 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
wolfSSL 15:117db924cf7c 985 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
wolfSSL 15:117db924cf7c 986 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
wolfSSL 15:117db924cf7c 987 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
wolfSSL 15:117db924cf7c 988 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
wolfSSL 15:117db924cf7c 989 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
wolfSSL 15:117db924cf7c 990 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
wolfSSL 15:117db924cf7c 991
wolfSSL 15:117db924cf7c 992 /* AES-CCM, first byte is 0xC0 but isn't ECC,
wolfSSL 15:117db924cf7c 993 * also, in some of the other AES-CCM suites
wolfSSL 15:117db924cf7c 994 * there will be second byte number conflicts
wolfSSL 15:117db924cf7c 995 * with non-ECC AES-GCM */
wolfSSL 15:117db924cf7c 996 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
wolfSSL 15:117db924cf7c 997 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
wolfSSL 15:117db924cf7c 998 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
wolfSSL 15:117db924cf7c 999 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
wolfSSL 15:117db924cf7c 1000 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
wolfSSL 15:117db924cf7c 1001 TLS_PSK_WITH_AES_128_CCM = 0xa4,
wolfSSL 15:117db924cf7c 1002 TLS_PSK_WITH_AES_256_CCM = 0xa5,
wolfSSL 15:117db924cf7c 1003 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
wolfSSL 15:117db924cf7c 1004 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
wolfSSL 15:117db924cf7c 1005 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
wolfSSL 15:117db924cf7c 1006 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
wolfSSL 15:117db924cf7c 1007
wolfSSL 15:117db924cf7c 1008 /* Camellia */
wolfSSL 15:117db924cf7c 1009 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
wolfSSL 15:117db924cf7c 1010 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
wolfSSL 15:117db924cf7c 1011 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
wolfSSL 15:117db924cf7c 1012 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
wolfSSL 15:117db924cf7c 1013 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
wolfSSL 15:117db924cf7c 1014 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
wolfSSL 15:117db924cf7c 1015 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
wolfSSL 15:117db924cf7c 1016 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
wolfSSL 15:117db924cf7c 1017
wolfSSL 15:117db924cf7c 1018 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
wolfSSL 15:117db924cf7c 1019 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
wolfSSL 15:117db924cf7c 1020 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
wolfSSL 15:117db924cf7c 1021 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
wolfSSL 15:117db924cf7c 1022 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
wolfSSL 15:117db924cf7c 1023 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
wolfSSL 15:117db924cf7c 1024 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
wolfSSL 15:117db924cf7c 1025
wolfSSL 15:117db924cf7c 1026 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
wolfSSL 15:117db924cf7c 1027 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
wolfSSL 15:117db924cf7c 1028 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
wolfSSL 15:117db924cf7c 1029 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
wolfSSL 15:117db924cf7c 1030
wolfSSL 15:117db924cf7c 1031 /* TLS v1.3 cipher suites */
wolfSSL 15:117db924cf7c 1032 TLS_AES_128_GCM_SHA256 = 0x01,
wolfSSL 15:117db924cf7c 1033 TLS_AES_256_GCM_SHA384 = 0x02,
wolfSSL 15:117db924cf7c 1034 TLS_CHACHA20_POLY1305_SHA256 = 0x03,
wolfSSL 15:117db924cf7c 1035 TLS_AES_128_CCM_SHA256 = 0x04,
wolfSSL 15:117db924cf7c 1036 TLS_AES_128_CCM_8_SHA256 = 0x05,
wolfSSL 15:117db924cf7c 1037
wolfSSL 15:117db924cf7c 1038 /* Renegotiation Indication Extension Special Suite */
wolfSSL 15:117db924cf7c 1039 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
wolfSSL 15:117db924cf7c 1040 };
wolfSSL 15:117db924cf7c 1041
wolfSSL 15:117db924cf7c 1042
wolfSSL 15:117db924cf7c 1043 #ifndef WOLFSSL_SESSION_TIMEOUT
wolfSSL 15:117db924cf7c 1044 #define WOLFSSL_SESSION_TIMEOUT 500
wolfSSL 15:117db924cf7c 1045 /* default session resumption cache timeout in seconds */
wolfSSL 15:117db924cf7c 1046 #endif
wolfSSL 15:117db924cf7c 1047
wolfSSL 15:117db924cf7c 1048
wolfSSL 15:117db924cf7c 1049 #ifndef WOLFSSL_DTLS_WINDOW_WORDS
wolfSSL 15:117db924cf7c 1050 #define WOLFSSL_DTLS_WINDOW_WORDS 2
wolfSSL 15:117db924cf7c 1051 #endif /* WOLFSSL_DTLS_WINDOW_WORDS */
wolfSSL 15:117db924cf7c 1052 #define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
wolfSSL 15:117db924cf7c 1053 #define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
wolfSSL 15:117db924cf7c 1054 #define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL 15:117db924cf7c 1055
wolfSSL 15:117db924cf7c 1056 #ifndef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 1057 #define WOLFSSL_DTLS_PEERSEQ_SZ 1
wolfSSL 15:117db924cf7c 1058 #else
wolfSSL 15:117db924cf7c 1059 #ifndef WOLFSSL_MULTICAST_PEERS
wolfSSL 15:117db924cf7c 1060 /* max allowed multicast group peers */
wolfSSL 15:117db924cf7c 1061 #define WOLFSSL_MULTICAST_PEERS 100
wolfSSL 15:117db924cf7c 1062 #endif
wolfSSL 15:117db924cf7c 1063 #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS
wolfSSL 15:117db924cf7c 1064 #endif /* WOLFSSL_MULTICAST */
wolfSSL 15:117db924cf7c 1065
wolfSSL 15:117db924cf7c 1066 #ifndef WOLFSSL_MAX_MTU
wolfSSL 15:117db924cf7c 1067 #define WOLFSSL_MAX_MTU 1500
wolfSSL 15:117db924cf7c 1068 #endif /* WOLFSSL_MAX_MTU */
wolfSSL 15:117db924cf7c 1069
wolfSSL 15:117db924cf7c 1070
wolfSSL 15:117db924cf7c 1071 /* set minimum DH key size allowed */
wolfSSL 15:117db924cf7c 1072 #ifndef WOLFSSL_MIN_DHKEY_BITS
wolfSSL 15:117db924cf7c 1073 #ifdef WOLFSSL_MAX_STRENGTH
wolfSSL 15:117db924cf7c 1074 #define WOLFSSL_MIN_DHKEY_BITS 2048
wolfSSL 15:117db924cf7c 1075 #else
wolfSSL 15:117db924cf7c 1076 #define WOLFSSL_MIN_DHKEY_BITS 1024
wolfSSL 15:117db924cf7c 1077 #endif
wolfSSL 15:117db924cf7c 1078 #endif
wolfSSL 15:117db924cf7c 1079 #if (WOLFSSL_MIN_DHKEY_BITS % 8)
wolfSSL 15:117db924cf7c 1080 #error DH minimum bit size must be multiple of 8
wolfSSL 15:117db924cf7c 1081 #endif
wolfSSL 15:117db924cf7c 1082 #if (WOLFSSL_MIN_DHKEY_BITS > 16000)
wolfSSL 15:117db924cf7c 1083 #error DH minimum bit size must not be greater than 16000
wolfSSL 15:117db924cf7c 1084 #endif
wolfSSL 15:117db924cf7c 1085 #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
wolfSSL 15:117db924cf7c 1086 /* set maximum DH key size allowed */
wolfSSL 15:117db924cf7c 1087 #ifndef WOLFSSL_MAX_DHKEY_BITS
wolfSSL 15:117db924cf7c 1088 #define WOLFSSL_MAX_DHKEY_BITS 4096
wolfSSL 15:117db924cf7c 1089 #endif
wolfSSL 15:117db924cf7c 1090 #if (WOLFSSL_MAX_DHKEY_BITS % 8)
wolfSSL 15:117db924cf7c 1091 #error DH maximum bit size must be multiple of 8
wolfSSL 15:117db924cf7c 1092 #endif
wolfSSL 15:117db924cf7c 1093 #if (WOLFSSL_MAX_DHKEY_BITS > 16000)
wolfSSL 15:117db924cf7c 1094 #error DH maximum bit size must not be greater than 16000
wolfSSL 15:117db924cf7c 1095 #endif
wolfSSL 15:117db924cf7c 1096 #define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
wolfSSL 15:117db924cf7c 1097
wolfSSL 15:117db924cf7c 1098
wolfSSL 15:117db924cf7c 1099
wolfSSL 15:117db924cf7c 1100 enum Misc {
wolfSSL 15:117db924cf7c 1101 CIPHER_BYTE = 0x00, /* Default ciphers */
wolfSSL 15:117db924cf7c 1102 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
wolfSSL 15:117db924cf7c 1103 QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
wolfSSL 15:117db924cf7c 1104 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
wolfSSL 15:117db924cf7c 1105 TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
wolfSSL 15:117db924cf7c 1106
wolfSSL 15:117db924cf7c 1107 SEND_CERT = 1,
wolfSSL 15:117db924cf7c 1108 SEND_BLANK_CERT = 2,
wolfSSL 15:117db924cf7c 1109
wolfSSL 15:117db924cf7c 1110 DTLS_MAJOR = 0xfe, /* DTLS major version number */
wolfSSL 15:117db924cf7c 1111 DTLS_MINOR = 0xff, /* DTLS minor version number */
wolfSSL 15:117db924cf7c 1112 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
wolfSSL 15:117db924cf7c 1113 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
wolfSSL 15:117db924cf7c 1114 SSLv3_MINOR = 0, /* TLSv1 minor version number */
wolfSSL 15:117db924cf7c 1115 TLSv1_MINOR = 1, /* TLSv1 minor version number */
wolfSSL 15:117db924cf7c 1116 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
wolfSSL 15:117db924cf7c 1117 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
wolfSSL 15:117db924cf7c 1118 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
wolfSSL 15:117db924cf7c 1119 #ifndef WOLFSSL_TLS13_FINAL
wolfSSL 15:117db924cf7c 1120 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
wolfSSL 15:117db924cf7c 1121 #ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 1122 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
wolfSSL 15:117db924cf7c 1123 #elif defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 1124 TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */
wolfSSL 15:117db924cf7c 1125 #elif defined(WOLFSSL_TLS13_DRAFT_23)
wolfSSL 15:117db924cf7c 1126 TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */
wolfSSL 15:117db924cf7c 1127 #elif defined(WOLFSSL_TLS13_DRAFT_26)
wolfSSL 15:117db924cf7c 1128 TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */
wolfSSL 15:117db924cf7c 1129 #else
wolfSSL 15:117db924cf7c 1130 TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */
wolfSSL 15:117db924cf7c 1131 #endif
wolfSSL 15:117db924cf7c 1132 #endif
wolfSSL 15:117db924cf7c 1133 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
wolfSSL 15:117db924cf7c 1134 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
wolfSSL 15:117db924cf7c 1135 NO_COMPRESSION = 0,
wolfSSL 15:117db924cf7c 1136 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
wolfSSL 15:117db924cf7c 1137 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
wolfSSL 15:117db924cf7c 1138 HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
wolfSSL 15:117db924cf7c 1139 SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
wolfSSL 15:117db924cf7c 1140 /* pre RSA and all master */
wolfSSL 15:117db924cf7c 1141 #if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 15:117db924cf7c 1142 ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
wolfSSL 15:117db924cf7c 1143 #else
wolfSSL 15:117db924cf7c 1144 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
wolfSSL 15:117db924cf7c 1145 #endif
wolfSSL 15:117db924cf7c 1146 SIZEOF_SENDER = 4, /* clnt or srvr */
wolfSSL 15:117db924cf7c 1147 FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
wolfSSL 15:117db924cf7c 1148 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
wolfSSL 15:117db924cf7c 1149 MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
wolfSSL 15:117db924cf7c 1150 /* max added to msg, mac + pad from */
wolfSSL 15:117db924cf7c 1151 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
wolfSSL 15:117db924cf7c 1152 digest sz + BLOC_SZ (iv) + pad byte (1) */
wolfSSL 15:117db924cf7c 1153 MAX_COMP_EXTRA = 1024, /* max compression extra */
wolfSSL 15:117db924cf7c 1154 MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
wolfSSL 15:117db924cf7c 1155 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
wolfSSL 15:117db924cf7c 1156 MAX_DH_SZ = (MAX_DHKEY_SZ * 2) + 12,
wolfSSL 15:117db924cf7c 1157 /* 4096 p, pub, g + 2 byte size for each */
wolfSSL 15:117db924cf7c 1158 MAX_STR_VERSION = 8, /* string rep of protocol version */
wolfSSL 15:117db924cf7c 1159
wolfSSL 15:117db924cf7c 1160 PAD_MD5 = 48, /* pad length for finished */
wolfSSL 15:117db924cf7c 1161 PAD_SHA = 40, /* pad length for finished */
wolfSSL 15:117db924cf7c 1162 MAX_PAD_SIZE = 256, /* maximum length of padding */
wolfSSL 15:117db924cf7c 1163
wolfSSL 15:117db924cf7c 1164 LENGTH_SZ = 2, /* length field for HMAC, data only */
wolfSSL 15:117db924cf7c 1165 VERSION_SZ = 2, /* length of proctocol version */
wolfSSL 15:117db924cf7c 1166 SEQ_SZ = 8, /* 64 bit sequence number */
wolfSSL 15:117db924cf7c 1167 ALERT_SIZE = 2, /* level + description */
wolfSSL 15:117db924cf7c 1168 VERIFY_HEADER = 2, /* always use 2 bytes */
wolfSSL 15:117db924cf7c 1169 EXTS_SZ = 2, /* always use 2 bytes */
wolfSSL 15:117db924cf7c 1170 EXT_ID_SZ = 2, /* always use 2 bytes */
wolfSSL 15:117db924cf7c 1171 MAX_DH_SIZE = MAX_DHKEY_SZ+1,
wolfSSL 15:117db924cf7c 1172 /* Max size plus possible leading 0 */
wolfSSL 15:117db924cf7c 1173 NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
wolfSSL 15:117db924cf7c 1174 SESSION_HINT_SZ = 4, /* session timeout hint */
wolfSSL 15:117db924cf7c 1175 SESSION_ADD_SZ = 4, /* session age add */
wolfSSL 15:117db924cf7c 1176 TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
wolfSSL 15:117db924cf7c 1177 DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
wolfSSL 15:117db924cf7c 1178 MAX_TICKET_NONCE_SZ = 4, /* maximum ticket nonce size */
wolfSSL 15:117db924cf7c 1179 MAX_LIFETIME = 604800, /* maximum ticket lifetime */
wolfSSL 15:117db924cf7c 1180 MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */
wolfSSL 15:117db924cf7c 1181
wolfSSL 15:117db924cf7c 1182 RAN_LEN = 32, /* random length */
wolfSSL 15:117db924cf7c 1183 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
wolfSSL 15:117db924cf7c 1184 ID_LEN = 32, /* session id length */
wolfSSL 15:117db924cf7c 1185 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
wolfSSL 15:117db924cf7c 1186 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
wolfSSL 15:117db924cf7c 1187 COOKIE_SZ = 20, /* use a 20 byte cookie */
wolfSSL 15:117db924cf7c 1188 SUITE_LEN = 2, /* cipher suite sz length */
wolfSSL 15:117db924cf7c 1189 ENUM_LEN = 1, /* always a byte */
wolfSSL 15:117db924cf7c 1190 OPAQUE8_LEN = 1, /* 1 byte */
wolfSSL 15:117db924cf7c 1191 OPAQUE16_LEN = 2, /* 2 bytes */
wolfSSL 15:117db924cf7c 1192 OPAQUE24_LEN = 3, /* 3 bytes */
wolfSSL 15:117db924cf7c 1193 OPAQUE32_LEN = 4, /* 4 bytes */
wolfSSL 15:117db924cf7c 1194 OPAQUE64_LEN = 8, /* 8 bytes */
wolfSSL 15:117db924cf7c 1195 COMP_LEN = 1, /* compression length */
wolfSSL 15:117db924cf7c 1196 CURVE_LEN = 2, /* ecc named curve length */
wolfSSL 15:117db924cf7c 1197 KE_GROUP_LEN = 2, /* key exchange group length */
wolfSSL 15:117db924cf7c 1198 SERVER_ID_LEN = 20, /* server session id length */
wolfSSL 15:117db924cf7c 1199
wolfSSL 15:117db924cf7c 1200 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
wolfSSL 15:117db924cf7c 1201 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
wolfSSL 15:117db924cf7c 1202 CERT_HEADER_SZ = 3, /* always 3 bytes */
wolfSSL 15:117db924cf7c 1203 REQ_HEADER_SZ = 2, /* cert request header sz */
wolfSSL 15:117db924cf7c 1204 HINT_LEN_SZ = 2, /* length of hint size field */
wolfSSL 15:117db924cf7c 1205 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
wolfSSL 15:117db924cf7c 1206 HELLO_EXT_SZ = 4, /* base length of a hello extension */
wolfSSL 15:117db924cf7c 1207 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
wolfSSL 15:117db924cf7c 1208 HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
wolfSSL 15:117db924cf7c 1209 HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
wolfSSL 15:117db924cf7c 1210
wolfSSL 15:117db924cf7c 1211 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
wolfSSL 15:117db924cf7c 1212 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
wolfSSL 15:117db924cf7c 1213 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
wolfSSL 15:117db924cf7c 1214 DTLS_RECORD_EXTRA = 8, /* diff from normal */
wolfSSL 15:117db924cf7c 1215 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
wolfSSL 15:117db924cf7c 1216 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
wolfSSL 15:117db924cf7c 1217 DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
wolfSSL 15:117db924cf7c 1218 DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
wolfSSL 15:117db924cf7c 1219 DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
wolfSSL 15:117db924cf7c 1220 DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */
wolfSSL 15:117db924cf7c 1221 DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
wolfSSL 15:117db924cf7c 1222 DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */
wolfSSL 15:117db924cf7c 1223 DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
wolfSSL 15:117db924cf7c 1224 /* max amount of bytes used from Keys */
wolfSSL 15:117db924cf7c 1225 DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
wolfSSL 15:117db924cf7c 1226 /* min amount of bytes used from Keys */
wolfSSL 15:117db924cf7c 1227 DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
wolfSSL 15:117db924cf7c 1228 DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
wolfSSL 15:117db924cf7c 1229 DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
wolfSSL 15:117db924cf7c 1230 MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
wolfSSL 15:117db924cf7c 1231 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
wolfSSL 15:117db924cf7c 1232 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
wolfSSL 15:117db924cf7c 1233 EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
wolfSSL 15:117db924cf7c 1234 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
wolfSSL 15:117db924cf7c 1235 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
wolfSSL 15:117db924cf7c 1236 MAX_PRF_HALF = 256, /* Maximum half secret len */
wolfSSL 15:117db924cf7c 1237 MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
wolfSSL 15:117db924cf7c 1238 MAX_PRF_DIG = 224, /* Maximum digest len */
wolfSSL 15:117db924cf7c 1239 PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
wolfSSL 15:117db924cf7c 1240 MAX_LABEL_SZ = 34, /* Maximum length of a label */
wolfSSL 15:117db924cf7c 1241 MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
wolfSSL 15:117db924cf7c 1242 OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
wolfSSL 15:117db924cf7c 1243 OPAQUE8_LEN + WC_MAX_DIGEST_SIZE,
wolfSSL 15:117db924cf7c 1244 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
wolfSSL 15:117db924cf7c 1245 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
wolfSSL 15:117db924cf7c 1246 TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */
wolfSSL 15:117db924cf7c 1247
wolfSSL 15:117db924cf7c 1248 #if defined(HAVE_FIPS) && \
wolfSSL 15:117db924cf7c 1249 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
wolfSSL 15:117db924cf7c 1250 MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
wolfSSL 15:117db924cf7c 1251 #else
wolfSSL 15:117db924cf7c 1252 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
wolfSSL 15:117db924cf7c 1253 #endif
wolfSSL 15:117db924cf7c 1254
wolfSSL 15:117db924cf7c 1255 #ifdef HAVE_SELFTEST
wolfSSL 15:117db924cf7c 1256 AES_256_KEY_SIZE = 32,
wolfSSL 15:117db924cf7c 1257 AES_IV_SIZE = 16,
wolfSSL 15:117db924cf7c 1258 AES_128_KEY_SIZE = 16,
wolfSSL 15:117db924cf7c 1259 #endif
wolfSSL 15:117db924cf7c 1260
wolfSSL 15:117db924cf7c 1261 MAX_IV_SZ = AES_BLOCK_SIZE,
wolfSSL 15:117db924cf7c 1262
wolfSSL 15:117db924cf7c 1263 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
wolfSSL 15:117db924cf7c 1264 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
wolfSSL 15:117db924cf7c 1265 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
wolfSSL 15:117db924cf7c 1266 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
wolfSSL 15:117db924cf7c 1267 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
wolfSSL 15:117db924cf7c 1268 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
wolfSSL 15:117db924cf7c 1269 AEAD_NONCE_SZ = 12,
wolfSSL 15:117db924cf7c 1270 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
wolfSSL 15:117db924cf7c 1271 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
wolfSSL 15:117db924cf7c 1272 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
wolfSSL 15:117db924cf7c 1273
wolfSSL 15:117db924cf7c 1274 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
wolfSSL 15:117db924cf7c 1275 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
wolfSSL 15:117db924cf7c 1276 CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
wolfSSL 15:117db924cf7c 1277
wolfSSL 15:117db924cf7c 1278 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
wolfSSL 15:117db924cf7c 1279
wolfSSL 15:117db924cf7c 1280 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
wolfSSL 15:117db924cf7c 1281 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
wolfSSL 15:117db924cf7c 1282 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
wolfSSL 15:117db924cf7c 1283 AESCCM_NONCE_SZ = 12,
wolfSSL 15:117db924cf7c 1284
wolfSSL 15:117db924cf7c 1285 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL 15:117db924cf7c 1286 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
wolfSSL 15:117db924cf7c 1287 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL 15:117db924cf7c 1288 CAMELLIA_IV_SIZE = 16, /* always block size */
wolfSSL 15:117db924cf7c 1289
wolfSSL 15:117db924cf7c 1290 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
wolfSSL 15:117db924cf7c 1291 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
wolfSSL 15:117db924cf7c 1292 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
wolfSSL 15:117db924cf7c 1293
wolfSSL 15:117db924cf7c 1294 POLY1305_AUTH_SZ = 16, /* 128 bits */
wolfSSL 15:117db924cf7c 1295
wolfSSL 15:117db924cf7c 1296 HC_128_KEY_SIZE = 16, /* 128 bits */
wolfSSL 15:117db924cf7c 1297 HC_128_IV_SIZE = 16, /* also 128 bits */
wolfSSL 15:117db924cf7c 1298
wolfSSL 15:117db924cf7c 1299 RABBIT_KEY_SIZE = 16, /* 128 bits */
wolfSSL 15:117db924cf7c 1300 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
wolfSSL 15:117db924cf7c 1301
wolfSSL 15:117db924cf7c 1302 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
wolfSSL 15:117db924cf7c 1303
wolfSSL 15:117db924cf7c 1304 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
wolfSSL 15:117db924cf7c 1305 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
wolfSSL 15:117db924cf7c 1306 MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
wolfSSL 15:117db924cf7c 1307
wolfSSL 15:117db924cf7c 1308 NEW_SA_MAJOR = 8, /* Most signicant byte used with new sig algos */
wolfSSL 15:117db924cf7c 1309 ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
wolfSSL 15:117db924cf7c 1310 ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
wolfSSL 15:117db924cf7c 1311 ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
wolfSSL 15:117db924cf7c 1312 ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
wolfSSL 15:117db924cf7c 1313
wolfSSL 15:117db924cf7c 1314 MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
wolfSSL 15:117db924cf7c 1315 MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
wolfSSL 15:117db924cf7c 1316
wolfSSL 15:117db924cf7c 1317 MAX_CERT_VERIFY_SZ = 1024, /* max */
wolfSSL 15:117db924cf7c 1318 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
wolfSSL 15:117db924cf7c 1319 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
wolfSSL 15:117db924cf7c 1320
wolfSSL 15:117db924cf7c 1321 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
wolfSSL 15:117db924cf7c 1322 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
wolfSSL 15:117db924cf7c 1323 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
wolfSSL 15:117db924cf7c 1324
wolfSSL 15:117db924cf7c 1325 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
wolfSSL 15:117db924cf7c 1326 NULL_TERM_LEN = 1, /* length of null '\0' termination character */
wolfSSL 15:117db924cf7c 1327 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
wolfSSL 15:117db924cf7c 1328 MIN_PSK_ID_LEN = 6, /* min length of identities */
wolfSSL 15:117db924cf7c 1329 MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
wolfSSL 15:117db924cf7c 1330 MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */
wolfSSL 15:117db924cf7c 1331
wolfSSL 15:117db924cf7c 1332 MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
wolfSSL 15:117db924cf7c 1333
wolfSSL 15:117db924cf7c 1334 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 15:117db924cf7c 1335 MAX_EX_DATA = 5, /* allow for five items of ex_data */
wolfSSL 15:117db924cf7c 1336 #endif
wolfSSL 15:117db924cf7c 1337
wolfSSL 15:117db924cf7c 1338 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
wolfSSL 15:117db924cf7c 1339 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
wolfSSL 15:117db924cf7c 1340
wolfSSL 15:117db924cf7c 1341 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
wolfSSL 15:117db924cf7c 1342 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
wolfSSL 15:117db924cf7c 1343 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
wolfSSL 15:117db924cf7c 1344 NO_SNIFF = 0, /* not sniffing */
wolfSSL 15:117db924cf7c 1345 SNIFF = 1, /* currently sniffing */
wolfSSL 15:117db924cf7c 1346
wolfSSL 15:117db924cf7c 1347 HASH_SIG_SIZE = 2, /* default SHA1 RSA */
wolfSSL 15:117db924cf7c 1348
wolfSSL 15:117db924cf7c 1349 NO_COPY = 0, /* should we copy static buffer for write */
wolfSSL 15:117db924cf7c 1350 COPY = 1, /* should we copy static buffer for write */
wolfSSL 15:117db924cf7c 1351
wolfSSL 15:117db924cf7c 1352 INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */
wolfSSL 15:117db924cf7c 1353
wolfSSL 15:117db924cf7c 1354 PREV_ORDER = -1, /* Sequence number is in previous epoch. */
wolfSSL 15:117db924cf7c 1355 PEER_ORDER = 1, /* Peer sequence number for verify. */
wolfSSL 15:117db924cf7c 1356 CUR_ORDER = 0, /* Current sequence number. */
wolfSSL 15:117db924cf7c 1357 WRITE_PROTO = 1, /* writing a protocol message */
wolfSSL 15:117db924cf7c 1358 READ_PROTO = 0 /* reading a protocol message */
wolfSSL 15:117db924cf7c 1359 };
wolfSSL 15:117db924cf7c 1360
wolfSSL 15:117db924cf7c 1361 /* minimum Downgrade Minor version */
wolfSSL 15:117db924cf7c 1362 #ifndef WOLFSSL_MIN_DOWNGRADE
wolfSSL 15:117db924cf7c 1363 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 1364 #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
wolfSSL 15:117db924cf7c 1365 #else
wolfSSL 15:117db924cf7c 1366 #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
wolfSSL 15:117db924cf7c 1367 #endif
wolfSSL 15:117db924cf7c 1368 #endif
wolfSSL 15:117db924cf7c 1369
wolfSSL 15:117db924cf7c 1370 /* Set max implicit IV size for AEAD cipher suites */
wolfSSL 15:117db924cf7c 1371 #define AEAD_MAX_IMP_SZ 12
wolfSSL 15:117db924cf7c 1372
wolfSSL 15:117db924cf7c 1373 /* Set max explicit IV size for AEAD cipher suites */
wolfSSL 15:117db924cf7c 1374 #define AEAD_MAX_EXP_SZ 8
wolfSSL 15:117db924cf7c 1375
wolfSSL 15:117db924cf7c 1376
wolfSSL 15:117db924cf7c 1377 #ifndef WOLFSSL_MAX_SUITE_SZ
wolfSSL 15:117db924cf7c 1378 #define WOLFSSL_MAX_SUITE_SZ 300
wolfSSL 15:117db924cf7c 1379 /* 150 suites for now! */
wolfSSL 15:117db924cf7c 1380 #endif
wolfSSL 15:117db924cf7c 1381
wolfSSL 15:117db924cf7c 1382 /* number of items in the signature algo list */
wolfSSL 15:117db924cf7c 1383 #ifndef WOLFSSL_MAX_SIGALGO
wolfSSL 15:117db924cf7c 1384 #define WOLFSSL_MAX_SIGALGO 32
wolfSSL 15:117db924cf7c 1385 #endif
wolfSSL 15:117db924cf7c 1386
wolfSSL 15:117db924cf7c 1387
wolfSSL 15:117db924cf7c 1388 /* set minimum ECC key size allowed */
wolfSSL 15:117db924cf7c 1389 #ifndef WOLFSSL_MIN_ECC_BITS
wolfSSL 15:117db924cf7c 1390 #ifdef WOLFSSL_MAX_STRENGTH
wolfSSL 15:117db924cf7c 1391 #define WOLFSSL_MIN_ECC_BITS 256
wolfSSL 15:117db924cf7c 1392 #else
wolfSSL 15:117db924cf7c 1393 #define WOLFSSL_MIN_ECC_BITS 224
wolfSSL 15:117db924cf7c 1394 #endif
wolfSSL 15:117db924cf7c 1395 #endif /* WOLFSSL_MIN_ECC_BITS */
wolfSSL 15:117db924cf7c 1396 #if (WOLFSSL_MIN_ECC_BITS % 8)
wolfSSL 15:117db924cf7c 1397 /* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1.
wolfSSL 15:117db924cf7c 1398 In these cases round down to the nearest value divisable by 8. The
wolfSSL 15:117db924cf7c 1399 restriction of being divisable by 8 is in place to match wc_ecc_size
wolfSSL 15:117db924cf7c 1400 function from wolfSSL.
wolfSSL 15:117db924cf7c 1401 */
wolfSSL 15:117db924cf7c 1402 #error ECC minimum bit size must be a multiple of 8
wolfSSL 15:117db924cf7c 1403 #endif
wolfSSL 15:117db924cf7c 1404 #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
wolfSSL 15:117db924cf7c 1405
wolfSSL 15:117db924cf7c 1406 /* set minimum RSA key size allowed */
wolfSSL 15:117db924cf7c 1407 #ifndef WOLFSSL_MIN_RSA_BITS
wolfSSL 15:117db924cf7c 1408 #ifdef WOLFSSL_MAX_STRENGTH
wolfSSL 15:117db924cf7c 1409 #define WOLFSSL_MIN_RSA_BITS 2048
wolfSSL 15:117db924cf7c 1410 #else
wolfSSL 15:117db924cf7c 1411 #define WOLFSSL_MIN_RSA_BITS 1024
wolfSSL 15:117db924cf7c 1412 #endif
wolfSSL 15:117db924cf7c 1413 #endif /* WOLFSSL_MIN_RSA_BITS */
wolfSSL 15:117db924cf7c 1414 #if (WOLFSSL_MIN_RSA_BITS % 8)
wolfSSL 15:117db924cf7c 1415 /* This is to account for the example case of a min size of 2050 bits but
wolfSSL 15:117db924cf7c 1416 still allows 2049 bit key. So we need the measurment to be in bytes. */
wolfSSL 15:117db924cf7c 1417 #error RSA minimum bit size must be a multiple of 8
wolfSSL 15:117db924cf7c 1418 #endif
wolfSSL 15:117db924cf7c 1419 #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
wolfSSL 15:117db924cf7c 1420
wolfSSL 15:117db924cf7c 1421 #ifdef SESSION_INDEX
wolfSSL 15:117db924cf7c 1422 /* Shift values for making a session index */
wolfSSL 15:117db924cf7c 1423 #define SESSIDX_ROW_SHIFT 4
wolfSSL 15:117db924cf7c 1424 #define SESSIDX_IDX_MASK 0x0F
wolfSSL 15:117db924cf7c 1425 #endif
wolfSSL 15:117db924cf7c 1426
wolfSSL 15:117db924cf7c 1427
wolfSSL 15:117db924cf7c 1428 /* max cert chain peer depth */
wolfSSL 15:117db924cf7c 1429 #ifndef MAX_CHAIN_DEPTH
wolfSSL 15:117db924cf7c 1430 #define MAX_CHAIN_DEPTH 9
wolfSSL 15:117db924cf7c 1431 #endif
wolfSSL 15:117db924cf7c 1432
wolfSSL 15:117db924cf7c 1433 /* max size of a certificate message payload */
wolfSSL 15:117db924cf7c 1434 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
wolfSSL 15:117db924cf7c 1435 #ifndef MAX_CERTIFICATE_SZ
wolfSSL 15:117db924cf7c 1436 #define MAX_CERTIFICATE_SZ \
wolfSSL 15:117db924cf7c 1437 CERT_HEADER_SZ + \
wolfSSL 15:117db924cf7c 1438 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
wolfSSL 15:117db924cf7c 1439 #endif
wolfSSL 15:117db924cf7c 1440
wolfSSL 15:117db924cf7c 1441 /* max size of a handshake message, currently set to the certificate */
wolfSSL 15:117db924cf7c 1442 #ifndef MAX_HANDSHAKE_SZ
wolfSSL 15:117db924cf7c 1443 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
wolfSSL 15:117db924cf7c 1444 #endif
wolfSSL 15:117db924cf7c 1445
wolfSSL 15:117db924cf7c 1446 #ifndef SESSION_TICKET_LEN
wolfSSL 15:117db924cf7c 1447 #define SESSION_TICKET_LEN 256
wolfSSL 15:117db924cf7c 1448 #endif
wolfSSL 15:117db924cf7c 1449
wolfSSL 15:117db924cf7c 1450 #ifndef SESSION_TICKET_HINT_DEFAULT
wolfSSL 15:117db924cf7c 1451 #define SESSION_TICKET_HINT_DEFAULT 300
wolfSSL 15:117db924cf7c 1452 #endif
wolfSSL 15:117db924cf7c 1453
wolfSSL 15:117db924cf7c 1454
wolfSSL 15:117db924cf7c 1455 /* don't use extra 3/4k stack space unless need to */
wolfSSL 15:117db924cf7c 1456 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 1457 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
wolfSSL 15:117db924cf7c 1458 #else
wolfSSL 15:117db924cf7c 1459 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
wolfSSL 15:117db924cf7c 1460 #endif
wolfSSL 15:117db924cf7c 1461
wolfSSL 15:117db924cf7c 1462
wolfSSL 15:117db924cf7c 1463 /* states */
wolfSSL 15:117db924cf7c 1464 enum states {
wolfSSL 15:117db924cf7c 1465 NULL_STATE = 0,
wolfSSL 15:117db924cf7c 1466
wolfSSL 15:117db924cf7c 1467 SERVER_HELLOVERIFYREQUEST_COMPLETE,
wolfSSL 15:117db924cf7c 1468 SERVER_HELLO_RETRY_REQUEST_COMPLETE,
wolfSSL 15:117db924cf7c 1469 SERVER_HELLO_COMPLETE,
wolfSSL 15:117db924cf7c 1470 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
wolfSSL 15:117db924cf7c 1471 SERVER_CERT_COMPLETE,
wolfSSL 15:117db924cf7c 1472 SERVER_KEYEXCHANGE_COMPLETE,
wolfSSL 15:117db924cf7c 1473 SERVER_HELLODONE_COMPLETE,
wolfSSL 15:117db924cf7c 1474 SERVER_CHANGECIPHERSPEC_COMPLETE,
wolfSSL 15:117db924cf7c 1475 SERVER_FINISHED_COMPLETE,
wolfSSL 15:117db924cf7c 1476
wolfSSL 15:117db924cf7c 1477 CLIENT_HELLO_COMPLETE,
wolfSSL 15:117db924cf7c 1478 CLIENT_KEYEXCHANGE_COMPLETE,
wolfSSL 15:117db924cf7c 1479 CLIENT_CHANGECIPHERSPEC_COMPLETE,
wolfSSL 15:117db924cf7c 1480 CLIENT_FINISHED_COMPLETE,
wolfSSL 15:117db924cf7c 1481
wolfSSL 15:117db924cf7c 1482 HANDSHAKE_DONE
wolfSSL 15:117db924cf7c 1483 };
wolfSSL 15:117db924cf7c 1484
wolfSSL 15:117db924cf7c 1485 /* SSL Version */
wolfSSL 15:117db924cf7c 1486 typedef struct ProtocolVersion {
wolfSSL 15:117db924cf7c 1487 byte major;
wolfSSL 15:117db924cf7c 1488 byte minor;
wolfSSL 15:117db924cf7c 1489 } WOLFSSL_PACK ProtocolVersion;
wolfSSL 15:117db924cf7c 1490
wolfSSL 15:117db924cf7c 1491
wolfSSL 15:117db924cf7c 1492 WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
wolfSSL 15:117db924cf7c 1493 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
wolfSSL 15:117db924cf7c 1494 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
wolfSSL 15:117db924cf7c 1495 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
wolfSSL 15:117db924cf7c 1496 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
wolfSSL 15:117db924cf7c 1497
wolfSSL 15:117db924cf7c 1498 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 1499 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
wolfSSL 15:117db924cf7c 1500 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
wolfSSL 15:117db924cf7c 1501
wolfSSL 15:117db924cf7c 1502 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 15:117db924cf7c 1503 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
wolfSSL 15:117db924cf7c 1504 word32 sz);
wolfSSL 15:117db924cf7c 1505 WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
wolfSSL 15:117db924cf7c 1506 word32 sz);
wolfSSL 15:117db924cf7c 1507 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 1508 #endif
wolfSSL 15:117db924cf7c 1509 #endif
wolfSSL 15:117db924cf7c 1510
wolfSSL 15:117db924cf7c 1511
wolfSSL 15:117db924cf7c 1512 /* wolfSSL BIO_METHOD type */
wolfSSL 15:117db924cf7c 1513 struct WOLFSSL_BIO_METHOD {
wolfSSL 15:117db924cf7c 1514 byte type; /* method type */
wolfSSL 15:117db924cf7c 1515 };
wolfSSL 15:117db924cf7c 1516
wolfSSL 15:117db924cf7c 1517
wolfSSL 15:117db924cf7c 1518 /* wolfSSL BIO type */
wolfSSL 15:117db924cf7c 1519 struct WOLFSSL_BIO {
wolfSSL 15:117db924cf7c 1520 WOLFSSL_BUF_MEM* mem_buf;
wolfSSL 15:117db924cf7c 1521 WOLFSSL* ssl; /* possible associated ssl */
wolfSSL 15:117db924cf7c 1522 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 1523 XFILE file;
wolfSSL 15:117db924cf7c 1524 #endif
wolfSSL 15:117db924cf7c 1525 WOLFSSL_BIO* prev; /* previous in chain */
wolfSSL 15:117db924cf7c 1526 WOLFSSL_BIO* next; /* next in chain */
wolfSSL 15:117db924cf7c 1527 WOLFSSL_BIO* pair; /* BIO paired with */
wolfSSL 15:117db924cf7c 1528 void* heap; /* user heap hint */
wolfSSL 15:117db924cf7c 1529 byte* mem; /* memory buffer */
wolfSSL 15:117db924cf7c 1530 int wrSz; /* write buffer size (mem) */
wolfSSL 15:117db924cf7c 1531 int wrIdx; /* current index for write buffer */
wolfSSL 15:117db924cf7c 1532 int rdIdx; /* current read index */
wolfSSL 15:117db924cf7c 1533 int readRq; /* read request */
wolfSSL 15:117db924cf7c 1534 int memLen; /* memory buffer length */
wolfSSL 15:117db924cf7c 1535 int fd; /* possible file descriptor */
wolfSSL 15:117db924cf7c 1536 int eof; /* eof flag */
wolfSSL 15:117db924cf7c 1537 int flags;
wolfSSL 15:117db924cf7c 1538 byte type; /* method type */
wolfSSL 15:117db924cf7c 1539 byte close; /* close flag */
wolfSSL 15:117db924cf7c 1540 };
wolfSSL 15:117db924cf7c 1541
wolfSSL 15:117db924cf7c 1542
wolfSSL 15:117db924cf7c 1543 /* wolfSSL method type */
wolfSSL 15:117db924cf7c 1544 struct WOLFSSL_METHOD {
wolfSSL 15:117db924cf7c 1545 ProtocolVersion version;
wolfSSL 15:117db924cf7c 1546 byte side; /* connection side, server or client */
wolfSSL 15:117db924cf7c 1547 byte downgrade; /* whether to downgrade version, default no */
wolfSSL 15:117db924cf7c 1548 };
wolfSSL 15:117db924cf7c 1549
wolfSSL 15:117db924cf7c 1550 /* wolfSSL buffer type - internal uses "buffer" type */
wolfSSL 15:117db924cf7c 1551 typedef WOLFSSL_BUFFER_INFO buffer;
wolfSSL 15:117db924cf7c 1552
wolfSSL 15:117db924cf7c 1553 typedef struct Suites Suites;
wolfSSL 15:117db924cf7c 1554
wolfSSL 15:117db924cf7c 1555
wolfSSL 15:117db924cf7c 1556 /* defaults to client */
wolfSSL 15:117db924cf7c 1557 WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
wolfSSL 15:117db924cf7c 1558
wolfSSL 15:117db924cf7c 1559 /* for sniffer */
wolfSSL 15:117db924cf7c 1560 WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 15:117db924cf7c 1561 word32 size, word32 totalSz, int sniff);
wolfSSL 15:117db924cf7c 1562 WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
wolfSSL 15:117db924cf7c 1563 /* TLS v1.3 needs these */
wolfSSL 15:117db924cf7c 1564 WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
wolfSSL 15:117db924cf7c 1565 Suites* clSuites);
wolfSSL 15:117db924cf7c 1566 WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 15:117db924cf7c 1567 word32);
wolfSSL 15:117db924cf7c 1568 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 1569 WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
wolfSSL 15:117db924cf7c 1570 word32* inOutIdx, word32 helloSz);
wolfSSL 15:117db924cf7c 1571 #endif
wolfSSL 15:117db924cf7c 1572 WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 15:117db924cf7c 1573 word32);
wolfSSL 15:117db924cf7c 1574 WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
wolfSSL 15:117db924cf7c 1575 WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
wolfSSL 15:117db924cf7c 1576 WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
wolfSSL 15:117db924cf7c 1577 word32 hashSigAlgoSz);
wolfSSL 15:117db924cf7c 1578 WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
wolfSSL 15:117db924cf7c 1579 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 1580 WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 1581 #ifndef NO_ASN
wolfSSL 15:117db924cf7c 1582 WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
wolfSSL 15:117db924cf7c 1583 #endif
wolfSSL 15:117db924cf7c 1584 #endif
wolfSSL 15:117db924cf7c 1585 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 1586 WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
wolfSSL 15:117db924cf7c 1587 WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
wolfSSL 15:117db924cf7c 1588 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 1589 WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
wolfSSL 15:117db924cf7c 1590 #endif
wolfSSL 15:117db924cf7c 1591 WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 1592 WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
wolfSSL 15:117db924cf7c 1593 WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
wolfSSL 15:117db924cf7c 1594 int ivSz);
wolfSSL 15:117db924cf7c 1595 WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
wolfSSL 15:117db924cf7c 1596 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 1597 WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 1598 #endif
wolfSSL 15:117db924cf7c 1599 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 1600 WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
wolfSSL 15:117db924cf7c 1601 word16 sz, const byte* aad, word16 aadSz);
wolfSSL 15:117db924cf7c 1602 WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
wolfSSL 15:117db924cf7c 1603 word32* inOutIdx, byte type,
wolfSSL 15:117db924cf7c 1604 word32 size, word32 totalSz);
wolfSSL 15:117db924cf7c 1605 WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
wolfSSL 15:117db924cf7c 1606 word32* inOutIdx, word32 totalSz);
wolfSSL 15:117db924cf7c 1607 WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
wolfSSL 15:117db924cf7c 1608 word32* inOutIdx, word32 helloSz,
wolfSSL 15:117db924cf7c 1609 byte* extMsgType);
wolfSSL 15:117db924cf7c 1610 #endif
wolfSSL 15:117db924cf7c 1611 int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
wolfSSL 15:117db924cf7c 1612 int pLen, int content);
wolfSSL 15:117db924cf7c 1613
wolfSSL 15:117db924cf7c 1614
wolfSSL 15:117db924cf7c 1615 enum {
wolfSSL 15:117db924cf7c 1616 FORCED_FREE = 1,
wolfSSL 15:117db924cf7c 1617 NO_FORCED_FREE = 0
wolfSSL 15:117db924cf7c 1618 };
wolfSSL 15:117db924cf7c 1619
wolfSSL 15:117db924cf7c 1620
wolfSSL 15:117db924cf7c 1621 /* only use compression extra if using compression */
wolfSSL 15:117db924cf7c 1622 #ifdef HAVE_LIBZ
wolfSSL 15:117db924cf7c 1623 #define COMP_EXTRA MAX_COMP_EXTRA
wolfSSL 15:117db924cf7c 1624 #else
wolfSSL 15:117db924cf7c 1625 #define COMP_EXTRA 0
wolfSSL 15:117db924cf7c 1626 #endif
wolfSSL 15:117db924cf7c 1627
wolfSSL 15:117db924cf7c 1628 /* only the sniffer needs space in the buffer for extra MTU record(s) */
wolfSSL 15:117db924cf7c 1629 #ifdef WOLFSSL_SNIFFER
wolfSSL 15:117db924cf7c 1630 #define MTU_EXTRA MAX_MTU * 3
wolfSSL 15:117db924cf7c 1631 #else
wolfSSL 15:117db924cf7c 1632 #define MTU_EXTRA 0
wolfSSL 15:117db924cf7c 1633 #endif
wolfSSL 15:117db924cf7c 1634
wolfSSL 15:117db924cf7c 1635
wolfSSL 15:117db924cf7c 1636 /* embedded callbacks require large static buffers, make sure on */
wolfSSL 15:117db924cf7c 1637 #ifdef WOLFSSL_CALLBACKS
wolfSSL 15:117db924cf7c 1638 #undef LARGE_STATIC_BUFFERS
wolfSSL 15:117db924cf7c 1639 #define LARGE_STATIC_BUFFERS
wolfSSL 15:117db924cf7c 1640 #endif
wolfSSL 15:117db924cf7c 1641
wolfSSL 15:117db924cf7c 1642
wolfSSL 15:117db924cf7c 1643 /* give user option to use 16K static buffers */
wolfSSL 15:117db924cf7c 1644 #if defined(LARGE_STATIC_BUFFERS)
wolfSSL 15:117db924cf7c 1645 #define RECORD_SIZE MAX_RECORD_SIZE
wolfSSL 15:117db924cf7c 1646 #else
wolfSSL 15:117db924cf7c 1647 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 1648 #define RECORD_SIZE MAX_MTU
wolfSSL 15:117db924cf7c 1649 #else
wolfSSL 15:117db924cf7c 1650 #define RECORD_SIZE 128
wolfSSL 15:117db924cf7c 1651 #endif
wolfSSL 15:117db924cf7c 1652 #endif
wolfSSL 15:117db924cf7c 1653
wolfSSL 15:117db924cf7c 1654
wolfSSL 15:117db924cf7c 1655 /* user option to turn off 16K output option */
wolfSSL 15:117db924cf7c 1656 /* if using small static buffers (default) and SSL_write tries to write data
wolfSSL 15:117db924cf7c 1657 larger than the record we have, dynamically get it, unless user says only
wolfSSL 15:117db924cf7c 1658 write in static buffer chunks */
wolfSSL 15:117db924cf7c 1659 #ifndef STATIC_CHUNKS_ONLY
wolfSSL 15:117db924cf7c 1660 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
wolfSSL 15:117db924cf7c 1661 #else
wolfSSL 15:117db924cf7c 1662 #define OUTPUT_RECORD_SIZE RECORD_SIZE
wolfSSL 15:117db924cf7c 1663 #endif
wolfSSL 15:117db924cf7c 1664
wolfSSL 15:117db924cf7c 1665 /* wolfSSL input buffer
wolfSSL 15:117db924cf7c 1666
wolfSSL 15:117db924cf7c 1667 RFC 2246:
wolfSSL 15:117db924cf7c 1668
wolfSSL 15:117db924cf7c 1669 length
wolfSSL 15:117db924cf7c 1670 The length (in bytes) of the following TLSPlaintext.fragment.
wolfSSL 15:117db924cf7c 1671 The length should not exceed 2^14.
wolfSSL 15:117db924cf7c 1672 */
wolfSSL 15:117db924cf7c 1673 #if defined(LARGE_STATIC_BUFFERS)
wolfSSL 15:117db924cf7c 1674 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
wolfSSL 15:117db924cf7c 1675 MTU_EXTRA + MAX_MSG_EXTRA
wolfSSL 15:117db924cf7c 1676 #else
wolfSSL 15:117db924cf7c 1677 /* don't fragment memory from the record header */
wolfSSL 15:117db924cf7c 1678 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
wolfSSL 15:117db924cf7c 1679 #endif
wolfSSL 15:117db924cf7c 1680
wolfSSL 15:117db924cf7c 1681 typedef struct {
wolfSSL 15:117db924cf7c 1682 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
wolfSSL 15:117db924cf7c 1683 byte* buffer; /* place holder for static or dynamic buffer */
wolfSSL 15:117db924cf7c 1684 word32 length; /* total buffer length used */
wolfSSL 15:117db924cf7c 1685 word32 idx; /* idx to part of length already consumed */
wolfSSL 15:117db924cf7c 1686 word32 bufferSize; /* current buffer size */
wolfSSL 15:117db924cf7c 1687 byte dynamicFlag; /* dynamic memory currently in use */
wolfSSL 15:117db924cf7c 1688 byte offset; /* alignment offset attempt */
wolfSSL 15:117db924cf7c 1689 } bufferStatic;
wolfSSL 15:117db924cf7c 1690
wolfSSL 15:117db924cf7c 1691 /* Cipher Suites holder */
wolfSSL 15:117db924cf7c 1692 struct Suites {
wolfSSL 15:117db924cf7c 1693 word16 suiteSz; /* suite length in bytes */
wolfSSL 15:117db924cf7c 1694 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
wolfSSL 15:117db924cf7c 1695 byte suites[WOLFSSL_MAX_SUITE_SZ];
wolfSSL 15:117db924cf7c 1696 byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
wolfSSL 15:117db924cf7c 1697 byte setSuites; /* user set suites from default */
wolfSSL 15:117db924cf7c 1698 byte hashAlgo; /* selected hash algorithm */
wolfSSL 15:117db924cf7c 1699 byte sigAlgo; /* selected sig algorithm */
wolfSSL 15:117db924cf7c 1700 };
wolfSSL 15:117db924cf7c 1701
wolfSSL 15:117db924cf7c 1702
wolfSSL 15:117db924cf7c 1703 WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
wolfSSL 15:117db924cf7c 1704 int haveRSAsig, int haveAnon,
wolfSSL 15:117db924cf7c 1705 int tls1_2, int keySz);
wolfSSL 15:117db924cf7c 1706 WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
wolfSSL 15:117db924cf7c 1707 word16, word16, word16, word16, word16, int);
wolfSSL 15:117db924cf7c 1708 WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
wolfSSL 15:117db924cf7c 1709 WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
wolfSSL 15:117db924cf7c 1710
wolfSSL 15:117db924cf7c 1711 #ifndef PSK_TYPES_DEFINED
wolfSSL 15:117db924cf7c 1712 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
wolfSSL 15:117db924cf7c 1713 unsigned int, unsigned char*, unsigned int);
wolfSSL 15:117db924cf7c 1714 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
wolfSSL 15:117db924cf7c 1715 unsigned char*, unsigned int);
wolfSSL 15:117db924cf7c 1716 #endif /* PSK_TYPES_DEFINED */
wolfSSL 15:117db924cf7c 1717 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
wolfSSL 15:117db924cf7c 1718 !defined(WOLFSSL_DTLS_EXPORT_TYPES)
wolfSSL 15:117db924cf7c 1719 typedef int (*wc_dtls_export)(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 1720 unsigned char* exportBuffer, unsigned int sz, void* userCtx);
wolfSSL 15:117db924cf7c 1721 #define WOLFSSL_DTLS_EXPORT_TYPES
wolfSSL 15:117db924cf7c 1722 #endif /* WOLFSSL_DTLS_EXPORT_TYPES */
wolfSSL 15:117db924cf7c 1723
wolfSSL 15:117db924cf7c 1724
wolfSSL 15:117db924cf7c 1725 /* wolfSSL Cipher type just points back to SSL */
wolfSSL 15:117db924cf7c 1726 struct WOLFSSL_CIPHER {
wolfSSL 15:117db924cf7c 1727 WOLFSSL* ssl;
wolfSSL 15:117db924cf7c 1728 };
wolfSSL 15:117db924cf7c 1729
wolfSSL 15:117db924cf7c 1730
wolfSSL 15:117db924cf7c 1731 typedef struct OcspEntry OcspEntry;
wolfSSL 15:117db924cf7c 1732
wolfSSL 15:117db924cf7c 1733 #ifdef NO_SHA
wolfSSL 15:117db924cf7c 1734 #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
wolfSSL 15:117db924cf7c 1735 #else
wolfSSL 15:117db924cf7c 1736 #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
wolfSSL 15:117db924cf7c 1737 #endif
wolfSSL 15:117db924cf7c 1738
wolfSSL 15:117db924cf7c 1739 #ifdef NO_ASN
wolfSSL 15:117db924cf7c 1740 /* no_asn won't have */
wolfSSL 15:117db924cf7c 1741 typedef struct CertStatus CertStatus;
wolfSSL 15:117db924cf7c 1742 #endif
wolfSSL 15:117db924cf7c 1743
wolfSSL 15:117db924cf7c 1744 struct OcspEntry {
wolfSSL 15:117db924cf7c 1745 OcspEntry* next; /* next entry */
wolfSSL 15:117db924cf7c 1746 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
wolfSSL 15:117db924cf7c 1747 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
wolfSSL 15:117db924cf7c 1748 CertStatus* status; /* OCSP response list */
wolfSSL 15:117db924cf7c 1749 int totalStatus; /* number on list */
wolfSSL 15:117db924cf7c 1750 };
wolfSSL 15:117db924cf7c 1751
wolfSSL 15:117db924cf7c 1752
wolfSSL 15:117db924cf7c 1753 #ifndef HAVE_OCSP
wolfSSL 15:117db924cf7c 1754 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
wolfSSL 15:117db924cf7c 1755 #endif
wolfSSL 15:117db924cf7c 1756
wolfSSL 15:117db924cf7c 1757 /* wolfSSL OCSP controller */
wolfSSL 15:117db924cf7c 1758 struct WOLFSSL_OCSP {
wolfSSL 15:117db924cf7c 1759 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL 15:117db924cf7c 1760 OcspEntry* ocspList; /* OCSP response list */
wolfSSL 15:117db924cf7c 1761 wolfSSL_Mutex ocspLock; /* OCSP list lock */
wolfSSL 15:117db924cf7c 1762 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
wolfSSL 15:117db924cf7c 1763 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 1764 int(*statusCb)(WOLFSSL*, void*);
wolfSSL 15:117db924cf7c 1765 #endif
wolfSSL 15:117db924cf7c 1766 };
wolfSSL 15:117db924cf7c 1767
wolfSSL 15:117db924cf7c 1768 #ifndef MAX_DATE_SIZE
wolfSSL 15:117db924cf7c 1769 #define MAX_DATE_SIZE 32
wolfSSL 15:117db924cf7c 1770 #endif
wolfSSL 15:117db924cf7c 1771
wolfSSL 15:117db924cf7c 1772 typedef struct CRL_Entry CRL_Entry;
wolfSSL 15:117db924cf7c 1773
wolfSSL 15:117db924cf7c 1774 #ifdef NO_SHA
wolfSSL 15:117db924cf7c 1775 #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
wolfSSL 15:117db924cf7c 1776 #else
wolfSSL 15:117db924cf7c 1777 #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE
wolfSSL 15:117db924cf7c 1778 #endif
wolfSSL 15:117db924cf7c 1779
wolfSSL 15:117db924cf7c 1780 #ifdef NO_ASN
wolfSSL 15:117db924cf7c 1781 typedef struct RevokedCert RevokedCert;
wolfSSL 15:117db924cf7c 1782 #endif
wolfSSL 15:117db924cf7c 1783
wolfSSL 15:117db924cf7c 1784 /* Complete CRL */
wolfSSL 15:117db924cf7c 1785 struct CRL_Entry {
wolfSSL 15:117db924cf7c 1786 CRL_Entry* next; /* next entry */
wolfSSL 15:117db924cf7c 1787 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
wolfSSL 15:117db924cf7c 1788 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
wolfSSL 15:117db924cf7c 1789 /* restore the hash here if needed for optimized comparisons */
wolfSSL 15:117db924cf7c 1790 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL 15:117db924cf7c 1791 byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL 15:117db924cf7c 1792 byte lastDateFormat; /* last date format */
wolfSSL 15:117db924cf7c 1793 byte nextDateFormat; /* next date format */
wolfSSL 15:117db924cf7c 1794 RevokedCert* certs; /* revoked cert list */
wolfSSL 15:117db924cf7c 1795 int totalCerts; /* number on list */
wolfSSL 15:117db924cf7c 1796 int verified;
wolfSSL 15:117db924cf7c 1797 byte* toBeSigned;
wolfSSL 15:117db924cf7c 1798 word32 tbsSz;
wolfSSL 15:117db924cf7c 1799 byte* signature;
wolfSSL 15:117db924cf7c 1800 word32 signatureSz;
wolfSSL 15:117db924cf7c 1801 word32 signatureOID;
wolfSSL 15:117db924cf7c 1802 #if !defined(NO_SKID) && defined(CRL_SKID_READY)
wolfSSL 15:117db924cf7c 1803 byte extAuthKeyIdSet;
wolfSSL 15:117db924cf7c 1804 byte extAuthKeyId[KEYID_SIZE];
wolfSSL 15:117db924cf7c 1805 #endif
wolfSSL 15:117db924cf7c 1806 };
wolfSSL 15:117db924cf7c 1807
wolfSSL 15:117db924cf7c 1808
wolfSSL 15:117db924cf7c 1809 typedef struct CRL_Monitor CRL_Monitor;
wolfSSL 15:117db924cf7c 1810
wolfSSL 15:117db924cf7c 1811 /* CRL directory monitor */
wolfSSL 15:117db924cf7c 1812 struct CRL_Monitor {
wolfSSL 15:117db924cf7c 1813 char* path; /* full dir path, if valid pointer we're using */
wolfSSL 15:117db924cf7c 1814 int type; /* PEM or ASN1 type */
wolfSSL 15:117db924cf7c 1815 };
wolfSSL 15:117db924cf7c 1816
wolfSSL 15:117db924cf7c 1817
wolfSSL 15:117db924cf7c 1818 #if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 1819 #undef HAVE_CRL_MONITOR
wolfSSL 15:117db924cf7c 1820 #endif
wolfSSL 15:117db924cf7c 1821
wolfSSL 15:117db924cf7c 1822 /* wolfSSL CRL controller */
wolfSSL 15:117db924cf7c 1823 struct WOLFSSL_CRL {
wolfSSL 15:117db924cf7c 1824 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
wolfSSL 15:117db924cf7c 1825 CRL_Entry* crlList; /* our CRL list */
wolfSSL 15:117db924cf7c 1826 #ifdef HAVE_CRL_IO
wolfSSL 15:117db924cf7c 1827 CbCrlIO crlIOCb;
wolfSSL 15:117db924cf7c 1828 #endif
wolfSSL 15:117db924cf7c 1829 wolfSSL_Mutex crlLock; /* CRL list lock */
wolfSSL 15:117db924cf7c 1830 CRL_Monitor monitors[2]; /* PEM and DER possible */
wolfSSL 15:117db924cf7c 1831 #ifdef HAVE_CRL_MONITOR
wolfSSL 15:117db924cf7c 1832 pthread_cond_t cond; /* condition to signal setup */
wolfSSL 15:117db924cf7c 1833 pthread_t tid; /* monitoring thread */
wolfSSL 15:117db924cf7c 1834 int mfd; /* monitor fd, -1 if no init yet */
wolfSSL 15:117db924cf7c 1835 int setup; /* thread is setup predicate */
wolfSSL 15:117db924cf7c 1836 #endif
wolfSSL 15:117db924cf7c 1837 void* heap; /* heap hint for dynamic memory */
wolfSSL 15:117db924cf7c 1838 };
wolfSSL 15:117db924cf7c 1839
wolfSSL 15:117db924cf7c 1840
wolfSSL 15:117db924cf7c 1841 #ifdef NO_ASN
wolfSSL 15:117db924cf7c 1842 typedef struct Signer Signer;
wolfSSL 15:117db924cf7c 1843 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 1844 typedef struct TrustedPeerCert TrustedPeerCert;
wolfSSL 15:117db924cf7c 1845 #endif
wolfSSL 15:117db924cf7c 1846 #endif
wolfSSL 15:117db924cf7c 1847
wolfSSL 15:117db924cf7c 1848
wolfSSL 15:117db924cf7c 1849 #ifndef CA_TABLE_SIZE
wolfSSL 15:117db924cf7c 1850 #define CA_TABLE_SIZE 11
wolfSSL 15:117db924cf7c 1851 #endif
wolfSSL 15:117db924cf7c 1852 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 1853 #define TP_TABLE_SIZE 11
wolfSSL 15:117db924cf7c 1854 #endif
wolfSSL 15:117db924cf7c 1855
wolfSSL 15:117db924cf7c 1856 /* wolfSSL Certificate Manager */
wolfSSL 15:117db924cf7c 1857 struct WOLFSSL_CERT_MANAGER {
wolfSSL 15:117db924cf7c 1858 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
wolfSSL 15:117db924cf7c 1859 void* heap; /* heap helper */
wolfSSL 15:117db924cf7c 1860 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 1861 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
wolfSSL 15:117db924cf7c 1862 wolfSSL_Mutex tpLock; /* trusted peer list lock */
wolfSSL 15:117db924cf7c 1863 #endif
wolfSSL 15:117db924cf7c 1864 WOLFSSL_CRL* crl; /* CRL checker */
wolfSSL 15:117db924cf7c 1865 WOLFSSL_OCSP* ocsp; /* OCSP checker */
wolfSSL 15:117db924cf7c 1866 #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 1867 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
wolfSSL 15:117db924cf7c 1868 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
wolfSSL 15:117db924cf7c 1869 #endif
wolfSSL 15:117db924cf7c 1870 char* ocspOverrideURL; /* use this responder */
wolfSSL 15:117db924cf7c 1871 void* ocspIOCtx; /* I/O callback CTX */
wolfSSL 15:117db924cf7c 1872 CallbackCACache caCacheCallback; /* CA cache addition callback */
wolfSSL 15:117db924cf7c 1873 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
wolfSSL 15:117db924cf7c 1874 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
wolfSSL 15:117db924cf7c 1875 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL 15:117db924cf7c 1876 wolfSSL_Mutex caLock; /* CA list lock */
wolfSSL 15:117db924cf7c 1877 byte crlEnabled; /* is CRL on ? */
wolfSSL 15:117db924cf7c 1878 byte crlCheckAll; /* always leaf, but all ? */
wolfSSL 15:117db924cf7c 1879 byte ocspEnabled; /* is OCSP on ? */
wolfSSL 15:117db924cf7c 1880 byte ocspCheckAll; /* always leaf, but all ? */
wolfSSL 15:117db924cf7c 1881 byte ocspSendNonce; /* send the OCSP nonce ? */
wolfSSL 15:117db924cf7c 1882 byte ocspUseOverrideURL; /* ignore cert's responder, override */
wolfSSL 15:117db924cf7c 1883 byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
wolfSSL 15:117db924cf7c 1884
wolfSSL 15:117db924cf7c 1885 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 1886 short minRsaKeySz; /* minimum allowed RSA key size */
wolfSSL 15:117db924cf7c 1887 #endif
wolfSSL 15:117db924cf7c 1888 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 1889 short minEccKeySz; /* minimum allowed ECC key size */
wolfSSL 15:117db924cf7c 1890 #endif
wolfSSL 15:117db924cf7c 1891 };
wolfSSL 15:117db924cf7c 1892
wolfSSL 15:117db924cf7c 1893 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
wolfSSL 15:117db924cf7c 1894 WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*);
wolfSSL 15:117db924cf7c 1895 WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
wolfSSL 15:117db924cf7c 1896 WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
wolfSSL 15:117db924cf7c 1897 WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
wolfSSL 15:117db924cf7c 1898
wolfSSL 15:117db924cf7c 1899 /* wolfSSL Sock Addr */
wolfSSL 15:117db924cf7c 1900 struct WOLFSSL_SOCKADDR {
wolfSSL 15:117db924cf7c 1901 unsigned int sz; /* sockaddr size */
wolfSSL 15:117db924cf7c 1902 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
wolfSSL 15:117db924cf7c 1903 };
wolfSSL 15:117db924cf7c 1904
wolfSSL 15:117db924cf7c 1905 typedef struct WOLFSSL_DTLS_CTX {
wolfSSL 15:117db924cf7c 1906 WOLFSSL_SOCKADDR peer;
wolfSSL 15:117db924cf7c 1907 int rfd;
wolfSSL 15:117db924cf7c 1908 int wfd;
wolfSSL 15:117db924cf7c 1909 } WOLFSSL_DTLS_CTX;
wolfSSL 15:117db924cf7c 1910
wolfSSL 15:117db924cf7c 1911
wolfSSL 15:117db924cf7c 1912 typedef struct WOLFSSL_DTLS_PEERSEQ {
wolfSSL 15:117db924cf7c 1913 word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL 15:117db924cf7c 1914 /* Sliding window for current epoch */
wolfSSL 15:117db924cf7c 1915 word16 nextEpoch; /* Expected epoch in next record */
wolfSSL 15:117db924cf7c 1916 word16 nextSeq_hi; /* Expected sequence in next record */
wolfSSL 15:117db924cf7c 1917 word32 nextSeq_lo;
wolfSSL 15:117db924cf7c 1918
wolfSSL 15:117db924cf7c 1919 word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL 15:117db924cf7c 1920 /* Sliding window for old epoch */
wolfSSL 15:117db924cf7c 1921 word32 prevSeq_lo;
wolfSSL 15:117db924cf7c 1922 word16 prevSeq_hi; /* Next sequence in allowed old epoch */
wolfSSL 15:117db924cf7c 1923
wolfSSL 15:117db924cf7c 1924 #ifdef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 1925 word16 peerId;
wolfSSL 15:117db924cf7c 1926 word32 highwaterMark;
wolfSSL 15:117db924cf7c 1927 #endif
wolfSSL 15:117db924cf7c 1928 } WOLFSSL_DTLS_PEERSEQ;
wolfSSL 15:117db924cf7c 1929
wolfSSL 15:117db924cf7c 1930
wolfSSL 15:117db924cf7c 1931 #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
wolfSSL 15:117db924cf7c 1932
wolfSSL 15:117db924cf7c 1933 /* keys and secrets
wolfSSL 15:117db924cf7c 1934 * keep as a constant size (no additional ifdefs) for session export */
wolfSSL 15:117db924cf7c 1935 typedef struct Keys {
wolfSSL 15:117db924cf7c 1936 byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */
wolfSSL 15:117db924cf7c 1937 byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 1938 byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */
wolfSSL 15:117db924cf7c 1939 byte server_write_key[MAX_SYM_KEY_SIZE];
wolfSSL 15:117db924cf7c 1940 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
wolfSSL 15:117db924cf7c 1941 byte server_write_IV[MAX_WRITE_IV_SZ];
wolfSSL 15:117db924cf7c 1942 #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT)
wolfSSL 15:117db924cf7c 1943 byte aead_exp_IV[AEAD_MAX_EXP_SZ];
wolfSSL 15:117db924cf7c 1944 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL 15:117db924cf7c 1945 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
wolfSSL 15:117db924cf7c 1946 #endif
wolfSSL 15:117db924cf7c 1947
wolfSSL 15:117db924cf7c 1948 word32 peer_sequence_number_hi;
wolfSSL 15:117db924cf7c 1949 word32 peer_sequence_number_lo;
wolfSSL 15:117db924cf7c 1950 word32 sequence_number_hi;
wolfSSL 15:117db924cf7c 1951 word32 sequence_number_lo;
wolfSSL 15:117db924cf7c 1952
wolfSSL 15:117db924cf7c 1953 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 1954 word16 curEpoch; /* Received epoch in current record */
wolfSSL 15:117db924cf7c 1955 word16 curSeq_hi; /* Received sequence in current record */
wolfSSL 15:117db924cf7c 1956 word32 curSeq_lo;
wolfSSL 15:117db924cf7c 1957 #ifdef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 1958 byte curPeerId; /* Received peer group ID in current record */
wolfSSL 15:117db924cf7c 1959 #endif
wolfSSL 15:117db924cf7c 1960 WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ];
wolfSSL 15:117db924cf7c 1961
wolfSSL 15:117db924cf7c 1962 word16 dtls_peer_handshake_number;
wolfSSL 15:117db924cf7c 1963 word16 dtls_expected_peer_handshake_number;
wolfSSL 15:117db924cf7c 1964
wolfSSL 15:117db924cf7c 1965 word16 dtls_epoch; /* Current epoch */
wolfSSL 15:117db924cf7c 1966 word16 dtls_sequence_number_hi; /* Current epoch */
wolfSSL 15:117db924cf7c 1967 word32 dtls_sequence_number_lo;
wolfSSL 15:117db924cf7c 1968 word16 dtls_prev_sequence_number_hi; /* Previous epoch */
wolfSSL 15:117db924cf7c 1969 word32 dtls_prev_sequence_number_lo;
wolfSSL 15:117db924cf7c 1970 word16 dtls_handshake_number; /* Current tx handshake seq */
wolfSSL 15:117db924cf7c 1971 #endif
wolfSSL 15:117db924cf7c 1972
wolfSSL 15:117db924cf7c 1973 word32 encryptSz; /* last size of encrypted data */
wolfSSL 15:117db924cf7c 1974 word32 padSz; /* how much to advance after decrypt part */
wolfSSL 15:117db924cf7c 1975 byte encryptionOn; /* true after change cipher spec */
wolfSSL 15:117db924cf7c 1976 byte decryptedCur; /* only decrypt current record once */
wolfSSL 15:117db924cf7c 1977 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 1978 byte updateResponseReq:1; /* KeyUpdate response from peer required. */
wolfSSL 15:117db924cf7c 1979 byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
wolfSSL 15:117db924cf7c 1980 #endif
wolfSSL 15:117db924cf7c 1981 } Keys;
wolfSSL 15:117db924cf7c 1982
wolfSSL 15:117db924cf7c 1983
wolfSSL 15:117db924cf7c 1984
wolfSSL 15:117db924cf7c 1985 /** TLS Extensions - RFC 6066 */
wolfSSL 15:117db924cf7c 1986 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 15:117db924cf7c 1987
wolfSSL 15:117db924cf7c 1988 typedef enum {
wolfSSL 15:117db924cf7c 1989 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
wolfSSL 15:117db924cf7c 1990 TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
wolfSSL 15:117db924cf7c 1991 TLSX_TRUNCATED_HMAC = 0x0004,
wolfSSL 15:117db924cf7c 1992 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
wolfSSL 15:117db924cf7c 1993 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
wolfSSL 15:117db924cf7c 1994 TLSX_EC_POINT_FORMATS = 0x000b,
wolfSSL 15:117db924cf7c 1995 TLSX_SIGNATURE_ALGORITHMS = 0x000d,
wolfSSL 15:117db924cf7c 1996 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
wolfSSL 15:117db924cf7c 1997 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
wolfSSL 15:117db924cf7c 1998 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
wolfSSL 15:117db924cf7c 1999 TLSX_SESSION_TICKET = 0x0023,
wolfSSL 15:117db924cf7c 2000 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2001 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 2002 TLSX_PRE_SHARED_KEY = 0x0029,
wolfSSL 15:117db924cf7c 2003 #endif
wolfSSL 15:117db924cf7c 2004 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 2005 TLSX_EARLY_DATA = 0x002a,
wolfSSL 15:117db924cf7c 2006 #endif
wolfSSL 15:117db924cf7c 2007 TLSX_SUPPORTED_VERSIONS = 0x002b,
wolfSSL 15:117db924cf7c 2008 TLSX_COOKIE = 0x002c,
wolfSSL 15:117db924cf7c 2009 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 2010 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
wolfSSL 15:117db924cf7c 2011 #endif
wolfSSL 15:117db924cf7c 2012 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 2013 TLSX_POST_HANDSHAKE_AUTH = 0x0031,
wolfSSL 15:117db924cf7c 2014 #endif
wolfSSL 15:117db924cf7c 2015 #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 2016 TLSX_KEY_SHARE = 0x0028,
wolfSSL 15:117db924cf7c 2017 #else
wolfSSL 15:117db924cf7c 2018 TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
wolfSSL 15:117db924cf7c 2019 TLSX_KEY_SHARE = 0x0033,
wolfSSL 15:117db924cf7c 2020 #endif
wolfSSL 15:117db924cf7c 2021 #endif
wolfSSL 15:117db924cf7c 2022 TLSX_RENEGOTIATION_INFO = 0xff01
wolfSSL 15:117db924cf7c 2023 } TLSX_Type;
wolfSSL 15:117db924cf7c 2024
wolfSSL 15:117db924cf7c 2025 typedef struct TLSX {
wolfSSL 15:117db924cf7c 2026 TLSX_Type type; /* Extension Type */
wolfSSL 15:117db924cf7c 2027 void* data; /* Extension Data */
wolfSSL 15:117db924cf7c 2028 word32 val; /* Extension Value */
wolfSSL 15:117db924cf7c 2029 byte resp; /* IsResponse Flag */
wolfSSL 15:117db924cf7c 2030 struct TLSX* next; /* List Behavior */
wolfSSL 15:117db924cf7c 2031 } TLSX;
wolfSSL 15:117db924cf7c 2032
wolfSSL 15:117db924cf7c 2033 WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
wolfSSL 15:117db924cf7c 2034 WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap);
wolfSSL 15:117db924cf7c 2035 WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
wolfSSL 15:117db924cf7c 2036 WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2037 WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
wolfSSL 15:117db924cf7c 2038
wolfSSL 15:117db924cf7c 2039 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 2040 WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
wolfSSL 15:117db924cf7c 2041 word16* pLength);
wolfSSL 15:117db924cf7c 2042 WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
wolfSSL 15:117db924cf7c 2043 byte msgType, word16* pOffset);
wolfSSL 15:117db924cf7c 2044 #endif
wolfSSL 15:117db924cf7c 2045
wolfSSL 15:117db924cf7c 2046 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 2047 /* TLS 1.3 Certificate messages have extensions. */
wolfSSL 15:117db924cf7c 2048 WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
wolfSSL 15:117db924cf7c 2049 word16* pLength);
wolfSSL 15:117db924cf7c 2050 WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType,
wolfSSL 15:117db924cf7c 2051 word16* pOffset);
wolfSSL 15:117db924cf7c 2052 #endif
wolfSSL 15:117db924cf7c 2053
wolfSSL 15:117db924cf7c 2054 WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 2055 byte msgType, Suites *suites);
wolfSSL 15:117db924cf7c 2056
wolfSSL 15:117db924cf7c 2057 #elif defined(HAVE_SNI) \
wolfSSL 15:117db924cf7c 2058 || defined(HAVE_MAX_FRAGMENT) \
wolfSSL 15:117db924cf7c 2059 || defined(HAVE_TRUNCATED_HMAC) \
wolfSSL 15:117db924cf7c 2060 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 2061 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
wolfSSL 15:117db924cf7c 2062 || defined(HAVE_SUPPORTED_CURVES) \
wolfSSL 15:117db924cf7c 2063 || defined(HAVE_ALPN) \
wolfSSL 15:117db924cf7c 2064 || defined(HAVE_QSH) \
wolfSSL 15:117db924cf7c 2065 || defined(HAVE_SESSION_TICKET) \
wolfSSL 15:117db924cf7c 2066 || defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL 15:117db924cf7c 2067 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL 15:117db924cf7c 2068
wolfSSL 15:117db924cf7c 2069 #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
wolfSSL 15:117db924cf7c 2070
wolfSSL 15:117db924cf7c 2071 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 15:117db924cf7c 2072
wolfSSL 15:117db924cf7c 2073 /** Server Name Indication - RFC 6066 (session 3) */
wolfSSL 15:117db924cf7c 2074 #ifdef HAVE_SNI
wolfSSL 15:117db924cf7c 2075
wolfSSL 15:117db924cf7c 2076 typedef struct SNI {
wolfSSL 15:117db924cf7c 2077 byte type; /* SNI Type */
wolfSSL 15:117db924cf7c 2078 union { char* host_name; } data; /* SNI Data */
wolfSSL 15:117db924cf7c 2079 struct SNI* next; /* List Behavior */
wolfSSL 15:117db924cf7c 2080 byte status; /* Matching result */
wolfSSL 15:117db924cf7c 2081 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2082 byte options; /* Behavior options */
wolfSSL 15:117db924cf7c 2083 #endif
wolfSSL 15:117db924cf7c 2084 } SNI;
wolfSSL 15:117db924cf7c 2085
wolfSSL 15:117db924cf7c 2086 WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
wolfSSL 15:117db924cf7c 2087 word16 size, void* heap);
wolfSSL 15:117db924cf7c 2088 WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
wolfSSL 15:117db924cf7c 2089 WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
wolfSSL 15:117db924cf7c 2090 void** data);
wolfSSL 15:117db924cf7c 2091
wolfSSL 15:117db924cf7c 2092 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2093 WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
wolfSSL 15:117db924cf7c 2094 byte options);
wolfSSL 15:117db924cf7c 2095 WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
wolfSSL 15:117db924cf7c 2096 byte type, byte* sni, word32* inOutSz);
wolfSSL 15:117db924cf7c 2097 #endif
wolfSSL 15:117db924cf7c 2098
wolfSSL 15:117db924cf7c 2099 #endif /* HAVE_SNI */
wolfSSL 15:117db924cf7c 2100
wolfSSL 15:117db924cf7c 2101 /* Application-Layer Protocol Negotiation - RFC 7301 */
wolfSSL 15:117db924cf7c 2102 #ifdef HAVE_ALPN
wolfSSL 15:117db924cf7c 2103 typedef struct ALPN {
wolfSSL 15:117db924cf7c 2104 char* protocol_name; /* ALPN protocol name */
wolfSSL 15:117db924cf7c 2105 struct ALPN* next; /* List Behavior */
wolfSSL 15:117db924cf7c 2106 byte options; /* Behavior options */
wolfSSL 15:117db924cf7c 2107 byte negotiated; /* ALPN protocol negotiated or not */
wolfSSL 15:117db924cf7c 2108 } ALPN;
wolfSSL 15:117db924cf7c 2109
wolfSSL 15:117db924cf7c 2110 WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
wolfSSL 15:117db924cf7c 2111 void** data, word16 *dataSz);
wolfSSL 15:117db924cf7c 2112
wolfSSL 15:117db924cf7c 2113 WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
wolfSSL 15:117db924cf7c 2114 word16 size, byte options, void* heap);
wolfSSL 15:117db924cf7c 2115
wolfSSL 15:117db924cf7c 2116 WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
wolfSSL 15:117db924cf7c 2117
wolfSSL 15:117db924cf7c 2118 #endif /* HAVE_ALPN */
wolfSSL 15:117db924cf7c 2119
wolfSSL 15:117db924cf7c 2120 /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
wolfSSL 15:117db924cf7c 2121 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 15:117db924cf7c 2122
wolfSSL 15:117db924cf7c 2123 WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
wolfSSL 15:117db924cf7c 2124
wolfSSL 15:117db924cf7c 2125 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 15:117db924cf7c 2126
wolfSSL 15:117db924cf7c 2127 /** Truncated HMAC - RFC 6066 (session 7) */
wolfSSL 15:117db924cf7c 2128 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 15:117db924cf7c 2129
wolfSSL 15:117db924cf7c 2130 WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
wolfSSL 15:117db924cf7c 2131
wolfSSL 15:117db924cf7c 2132 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 15:117db924cf7c 2133
wolfSSL 15:117db924cf7c 2134 /** Certificate Status Request - RFC 6066 (session 8) */
wolfSSL 15:117db924cf7c 2135 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 2136
wolfSSL 15:117db924cf7c 2137 typedef struct {
wolfSSL 15:117db924cf7c 2138 byte status_type;
wolfSSL 15:117db924cf7c 2139 byte options;
wolfSSL 15:117db924cf7c 2140 WOLFSSL* ssl;
wolfSSL 15:117db924cf7c 2141 union {
wolfSSL 15:117db924cf7c 2142 OcspRequest ocsp;
wolfSSL 15:117db924cf7c 2143 } request;
wolfSSL 15:117db924cf7c 2144 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 2145 buffer response;
wolfSSL 15:117db924cf7c 2146 #endif
wolfSSL 15:117db924cf7c 2147 } CertificateStatusRequest;
wolfSSL 15:117db924cf7c 2148
wolfSSL 15:117db924cf7c 2149 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
wolfSSL 15:117db924cf7c 2150 byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId);
wolfSSL 15:117db924cf7c 2151 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 2152 WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
wolfSSL 15:117db924cf7c 2153 void* heap);
wolfSSL 15:117db924cf7c 2154 #endif
wolfSSL 15:117db924cf7c 2155 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
wolfSSL 15:117db924cf7c 2156 WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2157
wolfSSL 15:117db924cf7c 2158 #endif
wolfSSL 15:117db924cf7c 2159
wolfSSL 15:117db924cf7c 2160 /** Certificate Status Request v2 - RFC 6961 */
wolfSSL 15:117db924cf7c 2161 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 15:117db924cf7c 2162
wolfSSL 15:117db924cf7c 2163 typedef struct CSRIv2 {
wolfSSL 15:117db924cf7c 2164 byte status_type;
wolfSSL 15:117db924cf7c 2165 byte options;
wolfSSL 15:117db924cf7c 2166 word16 requests;
wolfSSL 15:117db924cf7c 2167 union {
wolfSSL 15:117db924cf7c 2168 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
wolfSSL 15:117db924cf7c 2169 } request;
wolfSSL 15:117db924cf7c 2170 struct CSRIv2* next;
wolfSSL 15:117db924cf7c 2171 } CertificateStatusRequestItemV2;
wolfSSL 15:117db924cf7c 2172
wolfSSL 15:117db924cf7c 2173 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
wolfSSL 15:117db924cf7c 2174 byte status_type, byte options, void* heap, int devId);
wolfSSL 15:117db924cf7c 2175 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 2176 WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
wolfSSL 15:117db924cf7c 2177 byte isPeer, void* heap);
wolfSSL 15:117db924cf7c 2178 #endif
wolfSSL 15:117db924cf7c 2179 WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
wolfSSL 15:117db924cf7c 2180 byte index);
wolfSSL 15:117db924cf7c 2181 WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2182
wolfSSL 15:117db924cf7c 2183 #endif
wolfSSL 15:117db924cf7c 2184
wolfSSL 15:117db924cf7c 2185 /** Supported Elliptic Curves - RFC 4492 (session 4) */
wolfSSL 15:117db924cf7c 2186 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 15:117db924cf7c 2187
wolfSSL 15:117db924cf7c 2188 typedef struct SupportedCurve {
wolfSSL 15:117db924cf7c 2189 word16 name; /* Curve Names */
wolfSSL 15:117db924cf7c 2190 struct SupportedCurve* next; /* List Behavior */
wolfSSL 15:117db924cf7c 2191 } SupportedCurve;
wolfSSL 15:117db924cf7c 2192
wolfSSL 15:117db924cf7c 2193 typedef struct PointFormat {
wolfSSL 15:117db924cf7c 2194 byte format; /* PointFormat */
wolfSSL 15:117db924cf7c 2195 struct PointFormat* next; /* List Behavior */
wolfSSL 15:117db924cf7c 2196 } PointFormat;
wolfSSL 15:117db924cf7c 2197
wolfSSL 15:117db924cf7c 2198 WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
wolfSSL 15:117db924cf7c 2199 void* heap);
wolfSSL 15:117db924cf7c 2200
wolfSSL 15:117db924cf7c 2201 WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
wolfSSL 15:117db924cf7c 2202 void* heap);
wolfSSL 15:117db924cf7c 2203
wolfSSL 15:117db924cf7c 2204 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2205 WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first,
wolfSSL 15:117db924cf7c 2206 byte second);
wolfSSL 15:117db924cf7c 2207 WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2208 #endif
wolfSSL 15:117db924cf7c 2209 WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 2210 int checkSupported);
wolfSSL 15:117db924cf7c 2211
wolfSSL 15:117db924cf7c 2212 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 2213
wolfSSL 15:117db924cf7c 2214 /** Renegotiation Indication - RFC 5746 */
wolfSSL 15:117db924cf7c 2215 #if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL 15:117db924cf7c 2216 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL 15:117db924cf7c 2217
wolfSSL 15:117db924cf7c 2218 enum key_cache_state {
wolfSSL 15:117db924cf7c 2219 SCR_CACHE_NULL = 0, /* empty / begin state */
wolfSSL 15:117db924cf7c 2220 SCR_CACHE_NEEDED, /* need to cache keys */
wolfSSL 15:117db924cf7c 2221 SCR_CACHE_COPY, /* we have a cached copy */
wolfSSL 15:117db924cf7c 2222 SCR_CACHE_PARTIAL, /* partial restore to real keys */
wolfSSL 15:117db924cf7c 2223 SCR_CACHE_COMPLETE /* complete restore to real keys */
wolfSSL 15:117db924cf7c 2224 };
wolfSSL 15:117db924cf7c 2225
wolfSSL 15:117db924cf7c 2226 /* Additional Connection State according to rfc5746 section 3.1 */
wolfSSL 15:117db924cf7c 2227 typedef struct SecureRenegotiation {
wolfSSL 15:117db924cf7c 2228 byte enabled; /* secure_renegotiation flag in rfc */
wolfSSL 15:117db924cf7c 2229 byte startScr; /* server requested client to start scr */
wolfSSL 15:117db924cf7c 2230 enum key_cache_state cache_status; /* track key cache state */
wolfSSL 15:117db924cf7c 2231 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL 15:117db924cf7c 2232 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
wolfSSL 15:117db924cf7c 2233 byte subject_hash[WC_SHA_DIGEST_SIZE]; /* peer cert hash */
wolfSSL 15:117db924cf7c 2234 Keys tmp_keys; /* can't overwrite real keys yet */
wolfSSL 15:117db924cf7c 2235 } SecureRenegotiation;
wolfSSL 15:117db924cf7c 2236
wolfSSL 15:117db924cf7c 2237 WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
wolfSSL 15:117db924cf7c 2238
wolfSSL 15:117db924cf7c 2239 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 15:117db924cf7c 2240 WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
wolfSSL 15:117db924cf7c 2241 #endif
wolfSSL 15:117db924cf7c 2242
wolfSSL 15:117db924cf7c 2243 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 15:117db924cf7c 2244
wolfSSL 15:117db924cf7c 2245 /** Session Ticket - RFC 5077 (session 3.2) */
wolfSSL 15:117db924cf7c 2246 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 2247
wolfSSL 15:117db924cf7c 2248 typedef struct SessionTicket {
wolfSSL 15:117db924cf7c 2249 word32 lifetime;
wolfSSL 15:117db924cf7c 2250 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2251 word64 seen;
wolfSSL 15:117db924cf7c 2252 word32 ageAdd;
wolfSSL 15:117db924cf7c 2253 #endif
wolfSSL 15:117db924cf7c 2254 byte* data;
wolfSSL 15:117db924cf7c 2255 word16 size;
wolfSSL 15:117db924cf7c 2256 } SessionTicket;
wolfSSL 15:117db924cf7c 2257
wolfSSL 15:117db924cf7c 2258 WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
wolfSSL 15:117db924cf7c 2259 SessionTicket* ticket, void* heap);
wolfSSL 15:117db924cf7c 2260 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL 15:117db924cf7c 2261 byte* data, word16 size, void* heap);
wolfSSL 15:117db924cf7c 2262 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
wolfSSL 15:117db924cf7c 2263
wolfSSL 15:117db924cf7c 2264 #endif /* HAVE_SESSION_TICKET */
wolfSSL 15:117db924cf7c 2265
wolfSSL 15:117db924cf7c 2266 /** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
wolfSSL 15:117db924cf7c 2267 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 2268
wolfSSL 15:117db924cf7c 2269 typedef struct QSHScheme {
wolfSSL 15:117db924cf7c 2270 struct QSHScheme* next; /* List Behavior */
wolfSSL 15:117db924cf7c 2271 byte* PK;
wolfSSL 15:117db924cf7c 2272 word16 name; /* QSHScheme Names */
wolfSSL 15:117db924cf7c 2273 word16 PKLen;
wolfSSL 15:117db924cf7c 2274 } QSHScheme;
wolfSSL 15:117db924cf7c 2275
wolfSSL 15:117db924cf7c 2276 typedef struct QSHkey {
wolfSSL 15:117db924cf7c 2277 struct QSHKey* next;
wolfSSL 15:117db924cf7c 2278 word16 name;
wolfSSL 15:117db924cf7c 2279 buffer pub;
wolfSSL 15:117db924cf7c 2280 buffer pri;
wolfSSL 15:117db924cf7c 2281 } QSHKey;
wolfSSL 15:117db924cf7c 2282
wolfSSL 15:117db924cf7c 2283 typedef struct QSHSecret {
wolfSSL 15:117db924cf7c 2284 QSHScheme* list;
wolfSSL 15:117db924cf7c 2285 buffer* SerSi;
wolfSSL 15:117db924cf7c 2286 buffer* CliSi;
wolfSSL 15:117db924cf7c 2287 } QSHSecret;
wolfSSL 15:117db924cf7c 2288
wolfSSL 15:117db924cf7c 2289 /* used in key exchange during handshake */
wolfSSL 15:117db924cf7c 2290 WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
wolfSSL 15:117db924cf7c 2291 word16 length, byte isServer);
wolfSSL 15:117db924cf7c 2292 WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
wolfSSL 15:117db924cf7c 2293 WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
wolfSSL 15:117db924cf7c 2294
wolfSSL 15:117db924cf7c 2295 /* used by api for setting a specific QSH scheme */
wolfSSL 15:117db924cf7c 2296 WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
wolfSSL 15:117db924cf7c 2297 byte* pKey, word16 pKeySz, void* heap);
wolfSSL 15:117db924cf7c 2298
wolfSSL 15:117db924cf7c 2299 /* used when parsing in QSHCipher structs */
wolfSSL 15:117db924cf7c 2300 WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL 15:117db924cf7c 2301 byte* out, word16* szOut);
wolfSSL 15:117db924cf7c 2302 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2303 WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
wolfSSL 15:117db924cf7c 2304 #endif
wolfSSL 15:117db924cf7c 2305
wolfSSL 15:117db924cf7c 2306 #endif /* HAVE_QSH */
wolfSSL 15:117db924cf7c 2307
wolfSSL 15:117db924cf7c 2308 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2309 /* Cookie extension information - cookie data. */
wolfSSL 15:117db924cf7c 2310 typedef struct Cookie {
wolfSSL 15:117db924cf7c 2311 word16 len;
wolfSSL 15:117db924cf7c 2312 byte data;
wolfSSL 15:117db924cf7c 2313 } Cookie;
wolfSSL 15:117db924cf7c 2314
wolfSSL 15:117db924cf7c 2315 WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len,
wolfSSL 15:117db924cf7c 2316 byte* mac, byte macSz, int resp);
wolfSSL 15:117db924cf7c 2317
wolfSSL 15:117db924cf7c 2318
wolfSSL 15:117db924cf7c 2319 /* Key Share - TLS v1.3 Specification */
wolfSSL 15:117db924cf7c 2320
wolfSSL 15:117db924cf7c 2321 /* The KeyShare extension information - entry in a linked list. */
wolfSSL 15:117db924cf7c 2322 typedef struct KeyShareEntry {
wolfSSL 15:117db924cf7c 2323 word16 group; /* NamedGroup */
wolfSSL 15:117db924cf7c 2324 byte* ke; /* Key exchange data */
wolfSSL 15:117db924cf7c 2325 word32 keLen; /* Key exchange data length */
wolfSSL 15:117db924cf7c 2326 void* key; /* Private key */
wolfSSL 15:117db924cf7c 2327 word32 keyLen; /* Private key length */
wolfSSL 15:117db924cf7c 2328 byte* pubKey; /* Public key */
wolfSSL 15:117db924cf7c 2329 word32 pubKeyLen; /* Public key length */
wolfSSL 15:117db924cf7c 2330 struct KeyShareEntry* next; /* List pointer */
wolfSSL 15:117db924cf7c 2331 } KeyShareEntry;
wolfSSL 15:117db924cf7c 2332
wolfSSL 15:117db924cf7c 2333 WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
wolfSSL 15:117db924cf7c 2334 byte* data, KeyShareEntry **kse);
wolfSSL 15:117db924cf7c 2335 WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2336 WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2337 WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2338
wolfSSL 15:117db924cf7c 2339
wolfSSL 15:117db924cf7c 2340 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 2341 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 2342 /* Ticket nonce - for deriving PSK.
wolfSSL 15:117db924cf7c 2343 * Length allowed to be: 1..255. Only support 4 bytes.
wolfSSL 15:117db924cf7c 2344 */
wolfSSL 15:117db924cf7c 2345 typedef struct TicketNonce {
wolfSSL 15:117db924cf7c 2346 byte len;
wolfSSL 15:117db924cf7c 2347 byte data[MAX_TICKET_NONCE_SZ];
wolfSSL 15:117db924cf7c 2348 } TicketNonce;
wolfSSL 15:117db924cf7c 2349 #endif
wolfSSL 15:117db924cf7c 2350
wolfSSL 15:117db924cf7c 2351 /* The PreSharedKey extension information - entry in a linked list. */
wolfSSL 15:117db924cf7c 2352 typedef struct PreSharedKey {
wolfSSL 15:117db924cf7c 2353 word16 identityLen; /* Length of identity */
wolfSSL 15:117db924cf7c 2354 byte* identity; /* PSK identity */
wolfSSL 15:117db924cf7c 2355 word32 ticketAge; /* Age of the ticket */
wolfSSL 15:117db924cf7c 2356 byte cipherSuite0; /* Cipher Suite */
wolfSSL 15:117db924cf7c 2357 byte cipherSuite; /* Cipher Suite */
wolfSSL 15:117db924cf7c 2358 word32 binderLen; /* Length of HMAC */
wolfSSL 15:117db924cf7c 2359 byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of hanshake */
wolfSSL 15:117db924cf7c 2360 byte hmac; /* HMAC algorithm */
wolfSSL 15:117db924cf7c 2361 byte resumption:1; /* Resumption PSK */
wolfSSL 15:117db924cf7c 2362 byte chosen:1; /* Server's choice */
wolfSSL 15:117db924cf7c 2363 struct PreSharedKey* next; /* List pointer */
wolfSSL 15:117db924cf7c 2364 } PreSharedKey;
wolfSSL 15:117db924cf7c 2365
wolfSSL 15:117db924cf7c 2366 WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
wolfSSL 15:117db924cf7c 2367 byte* output, byte msgType);
wolfSSL 15:117db924cf7c 2368 WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
wolfSSL 15:117db924cf7c 2369 byte msgType);
wolfSSL 15:117db924cf7c 2370 WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
wolfSSL 15:117db924cf7c 2371 word16 len, word32 age, byte hmac,
wolfSSL 15:117db924cf7c 2372 byte cipherSuite0, byte cipherSuite,
wolfSSL 15:117db924cf7c 2373 byte resumption,
wolfSSL 15:117db924cf7c 2374 PreSharedKey **preSharedKey);
wolfSSL 15:117db924cf7c 2375
wolfSSL 15:117db924cf7c 2376 /* The possible Pre-Shared Key key exchange modes. */
wolfSSL 15:117db924cf7c 2377 enum PskKeyExchangeMode {
wolfSSL 15:117db924cf7c 2378 PSK_KE,
wolfSSL 15:117db924cf7c 2379 PSK_DHE_KE
wolfSSL 15:117db924cf7c 2380 };
wolfSSL 15:117db924cf7c 2381
wolfSSL 15:117db924cf7c 2382 /* User can define this. */
wolfSSL 15:117db924cf7c 2383 #ifndef WOLFSSL_DEF_PSK_CIPHER
wolfSSL 15:117db924cf7c 2384 #define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256
wolfSSL 15:117db924cf7c 2385 #endif
wolfSSL 15:117db924cf7c 2386
wolfSSL 15:117db924cf7c 2387 WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
wolfSSL 15:117db924cf7c 2388
wolfSSL 15:117db924cf7c 2389 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 2390 WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max);
wolfSSL 15:117db924cf7c 2391 #endif
wolfSSL 15:117db924cf7c 2392 #endif /* HAVE_SESSION_TICKET || !NO_PSK */
wolfSSL 15:117db924cf7c 2393
wolfSSL 15:117db924cf7c 2394
wolfSSL 15:117db924cf7c 2395 /* The types of keys to derive for. */
wolfSSL 15:117db924cf7c 2396 enum DeriveKeyType {
wolfSSL 15:117db924cf7c 2397 no_key,
wolfSSL 15:117db924cf7c 2398 early_data_key,
wolfSSL 15:117db924cf7c 2399 handshake_key,
wolfSSL 15:117db924cf7c 2400 traffic_key,
wolfSSL 15:117db924cf7c 2401 update_traffic_key
wolfSSL 15:117db924cf7c 2402 };
wolfSSL 15:117db924cf7c 2403
wolfSSL 15:117db924cf7c 2404 /* The key update request values for KeyUpdate message. */
wolfSSL 15:117db924cf7c 2405 enum KeyUpdateRequest {
wolfSSL 15:117db924cf7c 2406 update_not_requested,
wolfSSL 15:117db924cf7c 2407 update_requested
wolfSSL 15:117db924cf7c 2408 };
wolfSSL 15:117db924cf7c 2409 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 2410
wolfSSL 15:117db924cf7c 2411
wolfSSL 15:117db924cf7c 2412 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 2413 enum SetCBIO {
wolfSSL 15:117db924cf7c 2414 WOLFSSL_CBIO_NONE = 0,
wolfSSL 15:117db924cf7c 2415 WOLFSSL_CBIO_RECV = 0x1,
wolfSSL 15:117db924cf7c 2416 WOLFSSL_CBIO_SEND = 0x2,
wolfSSL 15:117db924cf7c 2417 };
wolfSSL 15:117db924cf7c 2418 #endif
wolfSSL 15:117db924cf7c 2419
wolfSSL 15:117db924cf7c 2420 /* wolfSSL context type */
wolfSSL 15:117db924cf7c 2421 struct WOLFSSL_CTX {
wolfSSL 15:117db924cf7c 2422 WOLFSSL_METHOD* method;
wolfSSL 15:117db924cf7c 2423 #ifdef SINGLE_THREADED
wolfSSL 15:117db924cf7c 2424 WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
wolfSSL 15:117db924cf7c 2425 #endif
wolfSSL 15:117db924cf7c 2426 wolfSSL_Mutex countMutex; /* reference count mutex */
wolfSSL 15:117db924cf7c 2427 int refCount; /* reference count */
wolfSSL 15:117db924cf7c 2428 int err; /* error code in case of mutex not created */
wolfSSL 15:117db924cf7c 2429 #ifndef NO_DH
wolfSSL 15:117db924cf7c 2430 buffer serverDH_P;
wolfSSL 15:117db924cf7c 2431 buffer serverDH_G;
wolfSSL 15:117db924cf7c 2432 #endif
wolfSSL 15:117db924cf7c 2433 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 2434 DerBuffer* certificate;
wolfSSL 15:117db924cf7c 2435 DerBuffer* certChain;
wolfSSL 15:117db924cf7c 2436 /* chain after self, in DER, with leading size for each cert */
wolfSSL 15:117db924cf7c 2437 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 2438 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
wolfSSL 15:117db924cf7c 2439 #endif
wolfSSL 15:117db924cf7c 2440 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
wolfSSL 15:117db924cf7c 2441 defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 2442 WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
wolfSSL 15:117db924cf7c 2443 #endif
wolfSSL 15:117db924cf7c 2444 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2445 int certChainCnt;
wolfSSL 15:117db924cf7c 2446 #endif
wolfSSL 15:117db924cf7c 2447 DerBuffer* privateKey;
wolfSSL 15:117db924cf7c 2448 byte privateKeyType;
wolfSSL 15:117db924cf7c 2449 int privateKeySz;
wolfSSL 15:117db924cf7c 2450 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
wolfSSL 15:117db924cf7c 2451 #endif
wolfSSL 15:117db924cf7c 2452 #ifdef KEEP_OUR_CERT
wolfSSL 15:117db924cf7c 2453 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
wolfSSL 15:117db924cf7c 2454 int ownOurCert; /* Dispose of certificate if we own */
wolfSSL 15:117db924cf7c 2455 #endif
wolfSSL 15:117db924cf7c 2456 Suites* suites; /* make dynamic, user may not need/set */
wolfSSL 15:117db924cf7c 2457 void* heap; /* for user memory overrides */
wolfSSL 15:117db924cf7c 2458 byte verifyDepth;
wolfSSL 15:117db924cf7c 2459 byte verifyPeer:1;
wolfSSL 15:117db924cf7c 2460 byte verifyNone:1;
wolfSSL 15:117db924cf7c 2461 byte failNoCert:1;
wolfSSL 15:117db924cf7c 2462 byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/
wolfSSL 15:117db924cf7c 2463 byte sessionCacheOff:1;
wolfSSL 15:117db924cf7c 2464 byte sessionCacheFlushOff:1;
wolfSSL 15:117db924cf7c 2465 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 2466 byte internalCacheOff:1;
wolfSSL 15:117db924cf7c 2467 #endif
wolfSSL 15:117db924cf7c 2468 byte sendVerify; /* for client side (can not be single bit) */
wolfSSL 15:117db924cf7c 2469 byte haveRSA:1; /* RSA available */
wolfSSL 15:117db924cf7c 2470 byte haveECC:1; /* ECC available */
wolfSSL 15:117db924cf7c 2471 byte haveDH:1; /* server DH parms set by user */
wolfSSL 15:117db924cf7c 2472 byte haveNTRU:1; /* server private NTRU key loaded */
wolfSSL 15:117db924cf7c 2473 byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
wolfSSL 15:117db924cf7c 2474 byte haveStaticECC:1; /* static server ECC private key */
wolfSSL 15:117db924cf7c 2475 byte partialWrite:1; /* only one msg per write call */
wolfSSL 15:117db924cf7c 2476 byte quietShutdown:1; /* don't send close notify */
wolfSSL 15:117db924cf7c 2477 byte groupMessages:1; /* group handshake messages before sending */
wolfSSL 15:117db924cf7c 2478 byte minDowngrade; /* minimum downgrade version */
wolfSSL 15:117db924cf7c 2479 byte haveEMS:1; /* have extended master secret extension */
wolfSSL 15:117db924cf7c 2480 byte useClientOrder:1; /* Use client's cipher preference order */
wolfSSL 15:117db924cf7c 2481 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2482 byte noTicketTls13:1; /* Server won't create new Ticket */
wolfSSL 15:117db924cf7c 2483 byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
wolfSSL 15:117db924cf7c 2484 #endif
wolfSSL 15:117db924cf7c 2485 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 15:117db924cf7c 2486 byte postHandshakeAuth:1; /* Post-handshake auth supported. */
wolfSSL 15:117db924cf7c 2487 #endif
wolfSSL 15:117db924cf7c 2488 #ifdef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 2489 byte haveMcast; /* multicast requested */
wolfSSL 15:117db924cf7c 2490 byte mcastID; /* multicast group ID */
wolfSSL 15:117db924cf7c 2491 #endif
wolfSSL 15:117db924cf7c 2492 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
wolfSSL 15:117db924cf7c 2493 byte dtlsSctp; /* DTLS-over-SCTP mode */
wolfSSL 15:117db924cf7c 2494 word16 dtlsMtuSz; /* DTLS MTU size */
wolfSSL 15:117db924cf7c 2495 #endif
wolfSSL 15:117db924cf7c 2496 #ifndef NO_DH
wolfSSL 15:117db924cf7c 2497 word16 minDhKeySz; /* minimum DH key size */
wolfSSL 15:117db924cf7c 2498 word16 maxDhKeySz; /* maximum DH key size */
wolfSSL 15:117db924cf7c 2499 #endif
wolfSSL 15:117db924cf7c 2500 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 2501 short minRsaKeySz; /* minimum RSA key size */
wolfSSL 15:117db924cf7c 2502 #endif
wolfSSL 15:117db924cf7c 2503 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 2504 short minEccKeySz; /* minimum ECC key size */
wolfSSL 15:117db924cf7c 2505 #endif
wolfSSL 15:117db924cf7c 2506 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 2507 byte sessionCtx[ID_LEN]; /* app session context ID */
wolfSSL 15:117db924cf7c 2508 word32 disabledCurves; /* curves disabled by user */
wolfSSL 15:117db924cf7c 2509 unsigned long mask; /* store SSL_OP_ flags */
wolfSSL 15:117db924cf7c 2510 const unsigned char *alpn_cli_protos;/* ALPN client protocol list */
wolfSSL 15:117db924cf7c 2511 unsigned int alpn_cli_protos_len;
wolfSSL 15:117db924cf7c 2512 byte sessionCtxSz;
wolfSSL 15:117db924cf7c 2513 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
wolfSSL 15:117db924cf7c 2514 CallbackInfoState* CBIS; /* used to get info about SSL state */
wolfSSL 15:117db924cf7c 2515 #endif
wolfSSL 15:117db924cf7c 2516 CallbackIORecv CBIORecv;
wolfSSL 15:117db924cf7c 2517 CallbackIOSend CBIOSend;
wolfSSL 15:117db924cf7c 2518 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 2519 CallbackGenCookie CBIOCookie; /* gen cookie callback */
wolfSSL 15:117db924cf7c 2520 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 15:117db924cf7c 2521 wc_dtls_export dtls_export; /* export function for DTLS session */
wolfSSL 15:117db924cf7c 2522 CallbackGetPeer CBGetPeer;
wolfSSL 15:117db924cf7c 2523 CallbackSetPeer CBSetPeer;
wolfSSL 15:117db924cf7c 2524 #endif
wolfSSL 15:117db924cf7c 2525 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 2526 VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL 15:117db924cf7c 2527 word32 timeout; /* session timeout */
wolfSSL 15:117db924cf7c 2528 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 2529 word32 ecdhCurveOID; /* curve Ecc_Sum */
wolfSSL 15:117db924cf7c 2530 #endif
wolfSSL 15:117db924cf7c 2531 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 2532 word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL 15:117db924cf7c 2533 #endif
wolfSSL 15:117db924cf7c 2534 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 2535 word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL 15:117db924cf7c 2536 #endif
wolfSSL 15:117db924cf7c 2537 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 2538 byte havePSK; /* psk key set by user */
wolfSSL 15:117db924cf7c 2539 wc_psk_client_callback client_psk_cb; /* client callback */
wolfSSL 15:117db924cf7c 2540 wc_psk_server_callback server_psk_cb; /* server callback */
wolfSSL 15:117db924cf7c 2541 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL 15:117db924cf7c 2542 #endif /* HAVE_SESSION_TICKET || !NO_PSK */
wolfSSL 15:117db924cf7c 2543 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2544 word16 group[WOLFSSL_MAX_GROUP_COUNT];
wolfSSL 15:117db924cf7c 2545 byte numGroups;
wolfSSL 15:117db924cf7c 2546 #endif
wolfSSL 15:117db924cf7c 2547 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 2548 word32 maxEarlyDataSz;
wolfSSL 15:117db924cf7c 2549 #endif
wolfSSL 15:117db924cf7c 2550 #ifdef HAVE_ANON
wolfSSL 15:117db924cf7c 2551 byte haveAnon; /* User wants to allow Anon suites */
wolfSSL 15:117db924cf7c 2552 #endif /* HAVE_ANON */
wolfSSL 15:117db924cf7c 2553 #ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL 15:117db924cf7c 2554 pem_password_cb* passwd_cb;
wolfSSL 15:117db924cf7c 2555 void* passwd_userdata;
wolfSSL 15:117db924cf7c 2556 #endif
wolfSSL 15:117db924cf7c 2557 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 15:117db924cf7c 2558 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
wolfSSL 15:117db924cf7c 2559 WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
wolfSSL 15:117db924cf7c 2560 byte readAhead;
wolfSSL 15:117db924cf7c 2561 void* userPRFArg; /* passed to prf callback */
wolfSSL 15:117db924cf7c 2562 #endif
wolfSSL 15:117db924cf7c 2563 #ifdef HAVE_EX_DATA
wolfSSL 15:117db924cf7c 2564 void* ex_data[MAX_EX_DATA];
wolfSSL 15:117db924cf7c 2565 #endif
wolfSSL 15:117db924cf7c 2566 #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
wolfSSL 15:117db924cf7c 2567 CallbackALPNSelect alpnSelect;
wolfSSL 15:117db924cf7c 2568 void* alpnSelectArg;
wolfSSL 15:117db924cf7c 2569 #endif
wolfSSL 15:117db924cf7c 2570 #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)))
wolfSSL 15:117db924cf7c 2571 CallbackSniRecv sniRecvCb;
wolfSSL 15:117db924cf7c 2572 void* sniRecvCbArg;
wolfSSL 15:117db924cf7c 2573 #endif
wolfSSL 15:117db924cf7c 2574 #if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
wolfSSL 15:117db924cf7c 2575 CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
wolfSSL 15:117db924cf7c 2576 word32 mcastFirstSeq; /* first trigger level */
wolfSSL 15:117db924cf7c 2577 word32 mcastSecondSeq; /* second tigger level */
wolfSSL 15:117db924cf7c 2578 word32 mcastMaxSeq; /* max level */
wolfSSL 15:117db924cf7c 2579 #endif
wolfSSL 15:117db924cf7c 2580 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 2581 WOLFSSL_OCSP ocsp;
wolfSSL 15:117db924cf7c 2582 #endif
wolfSSL 15:117db924cf7c 2583 int devId; /* async device id to use */
wolfSSL 15:117db924cf7c 2584 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 15:117db924cf7c 2585 TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL 15:117db924cf7c 2586 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2587 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 2588 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 2589 OcspRequest* certOcspRequest;
wolfSSL 15:117db924cf7c 2590 #endif
wolfSSL 15:117db924cf7c 2591 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 2592 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
wolfSSL 15:117db924cf7c 2593 #endif
wolfSSL 15:117db924cf7c 2594 #endif
wolfSSL 15:117db924cf7c 2595 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 2596 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
wolfSSL 15:117db924cf7c 2597 void* ticketEncCtx; /* session encrypt context */
wolfSSL 15:117db924cf7c 2598 int ticketHint; /* ticket hint in seconds */
wolfSSL 15:117db924cf7c 2599 #endif
wolfSSL 15:117db924cf7c 2600 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 15:117db924cf7c 2601 byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
wolfSSL 15:117db924cf7c 2602 #endif
wolfSSL 15:117db924cf7c 2603 #endif
wolfSSL 15:117db924cf7c 2604 #ifdef ATOMIC_USER
wolfSSL 15:117db924cf7c 2605 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
wolfSSL 15:117db924cf7c 2606 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
wolfSSL 15:117db924cf7c 2607 #endif
wolfSSL 15:117db924cf7c 2608 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 2609 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 2610 CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */
wolfSSL 15:117db924cf7c 2611 CallbackEccSign EccSignCb; /* User EccSign Callback handler */
wolfSSL 15:117db924cf7c 2612 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
wolfSSL 15:117db924cf7c 2613 CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
wolfSSL 15:117db924cf7c 2614 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 2615 /* User Ed25519Sign Callback handler */
wolfSSL 15:117db924cf7c 2616 CallbackEd25519Sign Ed25519SignCb;
wolfSSL 15:117db924cf7c 2617 /* User Ed25519Verify Callback handler */
wolfSSL 15:117db924cf7c 2618 CallbackEd25519Verify Ed25519VerifyCb;
wolfSSL 15:117db924cf7c 2619 #endif
wolfSSL 15:117db924cf7c 2620 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 2621 /* User X25519 KeyGen Callback Handler */
wolfSSL 15:117db924cf7c 2622 CallbackX25519KeyGen X25519KeyGenCb;
wolfSSL 15:117db924cf7c 2623 /* User X25519 SharedSecret Callback handler */
wolfSSL 15:117db924cf7c 2624 CallbackX25519SharedSecret X25519SharedSecretCb;
wolfSSL 15:117db924cf7c 2625 #endif
wolfSSL 15:117db924cf7c 2626 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 2627 #ifndef NO_DH
wolfSSL 15:117db924cf7c 2628 CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */
wolfSSL 15:117db924cf7c 2629 #endif
wolfSSL 15:117db924cf7c 2630 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 2631 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */
wolfSSL 15:117db924cf7c 2632 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */
wolfSSL 15:117db924cf7c 2633 CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */
wolfSSL 15:117db924cf7c 2634 #ifdef WC_RSA_PSS
wolfSSL 15:117db924cf7c 2635 CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */
wolfSSL 15:117db924cf7c 2636 CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */
wolfSSL 15:117db924cf7c 2637 CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */
wolfSSL 15:117db924cf7c 2638 #endif
wolfSSL 15:117db924cf7c 2639 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
wolfSSL 15:117db924cf7c 2640 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
wolfSSL 15:117db924cf7c 2641 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 2642 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 15:117db924cf7c 2643 #ifdef HAVE_WOLF_EVENT
wolfSSL 15:117db924cf7c 2644 WOLF_EVENT_QUEUE event_queue;
wolfSSL 15:117db924cf7c 2645 #endif /* HAVE_WOLF_EVENT */
wolfSSL 15:117db924cf7c 2646 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 2647 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*);
wolfSSL 15:117db924cf7c 2648 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
wolfSSL 15:117db924cf7c 2649 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
wolfSSL 15:117db924cf7c 2650 #endif
wolfSSL 15:117db924cf7c 2651 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256)
wolfSSL 15:117db924cf7c 2652 Srp* srp; /* TLS Secure Remote Password Protocol*/
wolfSSL 15:117db924cf7c 2653 byte* srp_password;
wolfSSL 15:117db924cf7c 2654 #endif
wolfSSL 15:117db924cf7c 2655 };
wolfSSL 15:117db924cf7c 2656
wolfSSL 15:117db924cf7c 2657 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2658 WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
wolfSSL 15:117db924cf7c 2659 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2660 int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
wolfSSL 15:117db924cf7c 2661 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2662 void FreeSSL_Ctx(WOLFSSL_CTX*);
wolfSSL 15:117db924cf7c 2663 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2664 void SSL_CtxResourceFree(WOLFSSL_CTX*);
wolfSSL 15:117db924cf7c 2665
wolfSSL 15:117db924cf7c 2666 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2667 int DeriveTlsKeys(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2668 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2669 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 15:117db924cf7c 2670 word32 inSz, word16 sz);
wolfSSL 15:117db924cf7c 2671
wolfSSL 15:117db924cf7c 2672 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 2673 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2674 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
wolfSSL 15:117db924cf7c 2675 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2676 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL 15:117db924cf7c 2677 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 2678 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2679 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
wolfSSL 15:117db924cf7c 2680 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2681 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
wolfSSL 15:117db924cf7c 2682 #endif
wolfSSL 15:117db924cf7c 2683 #endif
wolfSSL 15:117db924cf7c 2684
wolfSSL 15:117db924cf7c 2685 /* All cipher suite related info
wolfSSL 15:117db924cf7c 2686 * Keep as a constant size (no ifdefs) for session export */
wolfSSL 15:117db924cf7c 2687 typedef struct CipherSpecs {
wolfSSL 15:117db924cf7c 2688 word16 key_size;
wolfSSL 15:117db924cf7c 2689 word16 iv_size;
wolfSSL 15:117db924cf7c 2690 word16 block_size;
wolfSSL 15:117db924cf7c 2691 word16 aead_mac_size;
wolfSSL 15:117db924cf7c 2692 byte bulk_cipher_algorithm;
wolfSSL 15:117db924cf7c 2693 byte cipher_type; /* block, stream, or aead */
wolfSSL 15:117db924cf7c 2694 byte mac_algorithm;
wolfSSL 15:117db924cf7c 2695 byte kea; /* key exchange algo */
wolfSSL 15:117db924cf7c 2696 byte sig_algo;
wolfSSL 15:117db924cf7c 2697 byte hash_size;
wolfSSL 15:117db924cf7c 2698 byte pad_size;
wolfSSL 15:117db924cf7c 2699 byte static_ecdh;
wolfSSL 15:117db924cf7c 2700 } CipherSpecs;
wolfSSL 15:117db924cf7c 2701
wolfSSL 15:117db924cf7c 2702
wolfSSL 15:117db924cf7c 2703 void InitCipherSpecs(CipherSpecs* cs);
wolfSSL 15:117db924cf7c 2704
wolfSSL 15:117db924cf7c 2705
wolfSSL 15:117db924cf7c 2706 /* Supported Message Authentication Codes from page 43 */
wolfSSL 15:117db924cf7c 2707 enum MACAlgorithm {
wolfSSL 15:117db924cf7c 2708 no_mac,
wolfSSL 15:117db924cf7c 2709 md5_mac,
wolfSSL 15:117db924cf7c 2710 sha_mac,
wolfSSL 15:117db924cf7c 2711 sha224_mac,
wolfSSL 15:117db924cf7c 2712 sha256_mac, /* needs to match external KDF_MacAlgorithm */
wolfSSL 15:117db924cf7c 2713 sha384_mac,
wolfSSL 15:117db924cf7c 2714 sha512_mac,
wolfSSL 15:117db924cf7c 2715 rmd_mac,
wolfSSL 15:117db924cf7c 2716 blake2b_mac
wolfSSL 15:117db924cf7c 2717 };
wolfSSL 15:117db924cf7c 2718
wolfSSL 15:117db924cf7c 2719
wolfSSL 15:117db924cf7c 2720 /* Supported Key Exchange Protocols */
wolfSSL 15:117db924cf7c 2721 enum KeyExchangeAlgorithm {
wolfSSL 15:117db924cf7c 2722 no_kea,
wolfSSL 15:117db924cf7c 2723 rsa_kea,
wolfSSL 15:117db924cf7c 2724 diffie_hellman_kea,
wolfSSL 15:117db924cf7c 2725 fortezza_kea,
wolfSSL 15:117db924cf7c 2726 psk_kea,
wolfSSL 15:117db924cf7c 2727 dhe_psk_kea,
wolfSSL 15:117db924cf7c 2728 ecdhe_psk_kea,
wolfSSL 15:117db924cf7c 2729 ntru_kea,
wolfSSL 15:117db924cf7c 2730 ecc_diffie_hellman_kea,
wolfSSL 15:117db924cf7c 2731 ecc_static_diffie_hellman_kea /* for verify suite only */
wolfSSL 15:117db924cf7c 2732 };
wolfSSL 15:117db924cf7c 2733
wolfSSL 15:117db924cf7c 2734
wolfSSL 15:117db924cf7c 2735 /* Supported Authentication Schemes */
wolfSSL 15:117db924cf7c 2736 enum SignatureAlgorithm {
wolfSSL 15:117db924cf7c 2737 anonymous_sa_algo = 0,
wolfSSL 15:117db924cf7c 2738 rsa_sa_algo = 1,
wolfSSL 15:117db924cf7c 2739 dsa_sa_algo = 2,
wolfSSL 15:117db924cf7c 2740 ecc_dsa_sa_algo = 3,
wolfSSL 15:117db924cf7c 2741 rsa_pss_sa_algo = 8,
wolfSSL 15:117db924cf7c 2742 ed25519_sa_algo = 9
wolfSSL 15:117db924cf7c 2743 };
wolfSSL 15:117db924cf7c 2744
wolfSSL 15:117db924cf7c 2745
wolfSSL 15:117db924cf7c 2746 /* Supprted ECC Curve Types */
wolfSSL 15:117db924cf7c 2747 enum EccCurves {
wolfSSL 15:117db924cf7c 2748 named_curve = 3
wolfSSL 15:117db924cf7c 2749 };
wolfSSL 15:117db924cf7c 2750
wolfSSL 15:117db924cf7c 2751
wolfSSL 15:117db924cf7c 2752 /* Valid client certificate request types from page 27 */
wolfSSL 15:117db924cf7c 2753 enum ClientCertificateType {
wolfSSL 15:117db924cf7c 2754 rsa_sign = 1,
wolfSSL 15:117db924cf7c 2755 dss_sign = 2,
wolfSSL 15:117db924cf7c 2756 rsa_fixed_dh = 3,
wolfSSL 15:117db924cf7c 2757 dss_fixed_dh = 4,
wolfSSL 15:117db924cf7c 2758 rsa_ephemeral_dh = 5,
wolfSSL 15:117db924cf7c 2759 dss_ephemeral_dh = 6,
wolfSSL 15:117db924cf7c 2760 fortezza_kea_cert = 20,
wolfSSL 15:117db924cf7c 2761 ecdsa_sign = 64,
wolfSSL 15:117db924cf7c 2762 rsa_fixed_ecdh = 65,
wolfSSL 15:117db924cf7c 2763 ecdsa_fixed_ecdh = 66
wolfSSL 15:117db924cf7c 2764 };
wolfSSL 15:117db924cf7c 2765
wolfSSL 15:117db924cf7c 2766
wolfSSL 15:117db924cf7c 2767 enum CipherType { stream, block, aead };
wolfSSL 15:117db924cf7c 2768
wolfSSL 15:117db924cf7c 2769
wolfSSL 15:117db924cf7c 2770
wolfSSL 15:117db924cf7c 2771
wolfSSL 15:117db924cf7c 2772
wolfSSL 15:117db924cf7c 2773
wolfSSL 15:117db924cf7c 2774 /* cipher for now */
wolfSSL 15:117db924cf7c 2775 typedef struct Ciphers {
wolfSSL 15:117db924cf7c 2776 #ifdef BUILD_ARC4
wolfSSL 15:117db924cf7c 2777 Arc4* arc4;
wolfSSL 15:117db924cf7c 2778 #endif
wolfSSL 15:117db924cf7c 2779 #ifdef BUILD_DES3
wolfSSL 15:117db924cf7c 2780 Des3* des3;
wolfSSL 15:117db924cf7c 2781 #endif
wolfSSL 15:117db924cf7c 2782 #if defined(BUILD_AES) || defined(BUILD_AESGCM)
wolfSSL 15:117db924cf7c 2783 Aes* aes;
wolfSSL 15:117db924cf7c 2784 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 2785 byte* additional;
wolfSSL 15:117db924cf7c 2786 byte* nonce;
wolfSSL 15:117db924cf7c 2787 #endif
wolfSSL 15:117db924cf7c 2788 #endif
wolfSSL 15:117db924cf7c 2789 #ifdef HAVE_CAMELLIA
wolfSSL 15:117db924cf7c 2790 Camellia* cam;
wolfSSL 15:117db924cf7c 2791 #endif
wolfSSL 15:117db924cf7c 2792 #ifdef HAVE_CHACHA
wolfSSL 15:117db924cf7c 2793 ChaCha* chacha;
wolfSSL 15:117db924cf7c 2794 #endif
wolfSSL 15:117db924cf7c 2795 #ifdef HAVE_HC128
wolfSSL 15:117db924cf7c 2796 HC128* hc128;
wolfSSL 15:117db924cf7c 2797 #endif
wolfSSL 15:117db924cf7c 2798 #ifdef BUILD_RABBIT
wolfSSL 15:117db924cf7c 2799 Rabbit* rabbit;
wolfSSL 15:117db924cf7c 2800 #endif
wolfSSL 15:117db924cf7c 2801 #ifdef HAVE_IDEA
wolfSSL 15:117db924cf7c 2802 Idea* idea;
wolfSSL 15:117db924cf7c 2803 #endif
wolfSSL 15:117db924cf7c 2804 byte state;
wolfSSL 15:117db924cf7c 2805 byte setup; /* have we set it up flag for detection */
wolfSSL 15:117db924cf7c 2806 } Ciphers;
wolfSSL 15:117db924cf7c 2807
wolfSSL 15:117db924cf7c 2808
wolfSSL 15:117db924cf7c 2809 #ifdef HAVE_ONE_TIME_AUTH
wolfSSL 15:117db924cf7c 2810 /* Ciphers for one time authentication such as poly1305 */
wolfSSL 15:117db924cf7c 2811 typedef struct OneTimeAuth {
wolfSSL 15:117db924cf7c 2812 #ifdef HAVE_POLY1305
wolfSSL 15:117db924cf7c 2813 Poly1305* poly1305;
wolfSSL 15:117db924cf7c 2814 #endif
wolfSSL 15:117db924cf7c 2815 byte setup; /* flag for if a cipher has been set */
wolfSSL 15:117db924cf7c 2816
wolfSSL 15:117db924cf7c 2817 } OneTimeAuth;
wolfSSL 15:117db924cf7c 2818 #endif
wolfSSL 15:117db924cf7c 2819
wolfSSL 15:117db924cf7c 2820
wolfSSL 15:117db924cf7c 2821 WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2822 WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 2823
wolfSSL 15:117db924cf7c 2824
wolfSSL 15:117db924cf7c 2825 /* hashes type */
wolfSSL 15:117db924cf7c 2826 typedef struct Hashes {
wolfSSL 15:117db924cf7c 2827 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL 15:117db924cf7c 2828 byte md5[WC_MD5_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 2829 #endif
wolfSSL 15:117db924cf7c 2830 #if !defined(NO_SHA)
wolfSSL 15:117db924cf7c 2831 byte sha[WC_SHA_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 2832 #endif
wolfSSL 15:117db924cf7c 2833 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 2834 byte sha256[WC_SHA256_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 2835 #endif
wolfSSL 15:117db924cf7c 2836 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 2837 byte sha384[WC_SHA384_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 2838 #endif
wolfSSL 15:117db924cf7c 2839 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 2840 byte sha512[WC_SHA512_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 2841 #endif
wolfSSL 15:117db924cf7c 2842 } Hashes;
wolfSSL 15:117db924cf7c 2843
wolfSSL 15:117db924cf7c 2844 WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
wolfSSL 15:117db924cf7c 2845
wolfSSL 15:117db924cf7c 2846 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2847 typedef union Digest {
wolfSSL 15:117db924cf7c 2848 #ifndef NO_WOLFSSL_SHA256
wolfSSL 15:117db924cf7c 2849 wc_Sha256 sha256;
wolfSSL 15:117db924cf7c 2850 #endif
wolfSSL 15:117db924cf7c 2851 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 2852 wc_Sha384 sha384;
wolfSSL 15:117db924cf7c 2853 #endif
wolfSSL 15:117db924cf7c 2854 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 2855 wc_Sha512 sha512;
wolfSSL 15:117db924cf7c 2856 #endif
wolfSSL 15:117db924cf7c 2857 } Digest;
wolfSSL 15:117db924cf7c 2858 #endif
wolfSSL 15:117db924cf7c 2859
wolfSSL 15:117db924cf7c 2860 /* Static x509 buffer */
wolfSSL 15:117db924cf7c 2861 typedef struct x509_buffer {
wolfSSL 15:117db924cf7c 2862 int length; /* actual size */
wolfSSL 15:117db924cf7c 2863 byte buffer[MAX_X509_SIZE]; /* max static cert size */
wolfSSL 15:117db924cf7c 2864 } x509_buffer;
wolfSSL 15:117db924cf7c 2865
wolfSSL 15:117db924cf7c 2866
wolfSSL 15:117db924cf7c 2867 /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
wolfSSL 15:117db924cf7c 2868 struct WOLFSSL_X509_CHAIN {
wolfSSL 15:117db924cf7c 2869 int count; /* total number in chain */
wolfSSL 15:117db924cf7c 2870 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
wolfSSL 15:117db924cf7c 2871 };
wolfSSL 15:117db924cf7c 2872
wolfSSL 15:117db924cf7c 2873
wolfSSL 15:117db924cf7c 2874 /* wolfSSL session type */
wolfSSL 15:117db924cf7c 2875 struct WOLFSSL_SESSION {
wolfSSL 15:117db924cf7c 2876 word32 bornOn; /* create time in seconds */
wolfSSL 15:117db924cf7c 2877 word32 timeout; /* timeout in seconds */
wolfSSL 15:117db924cf7c 2878 byte sessionID[ID_LEN]; /* id for protocol */
wolfSSL 15:117db924cf7c 2879 byte sessionIDSz;
wolfSSL 15:117db924cf7c 2880 byte masterSecret[SECRET_LEN]; /* stored secret */
wolfSSL 15:117db924cf7c 2881 word16 haveEMS; /* ext master secret flag */
wolfSSL 15:117db924cf7c 2882 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 2883 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
wolfSSL 15:117db924cf7c 2884 #ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL 15:117db924cf7c 2885 WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
wolfSSL 15:117db924cf7c 2886 #endif
wolfSSL 15:117db924cf7c 2887 #endif
wolfSSL 15:117db924cf7c 2888 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 2889 defined(HAVE_SESSION_TICKET))
wolfSSL 15:117db924cf7c 2890 ProtocolVersion version; /* which version was used */
wolfSSL 15:117db924cf7c 2891 byte cipherSuite0; /* first byte, normally 0 */
wolfSSL 15:117db924cf7c 2892 byte cipherSuite; /* 2nd byte, actual suite */
wolfSSL 15:117db924cf7c 2893 #endif
wolfSSL 15:117db924cf7c 2894 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 2895 word16 idLen; /* serverID length */
wolfSSL 15:117db924cf7c 2896 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
wolfSSL 15:117db924cf7c 2897 #endif
wolfSSL 15:117db924cf7c 2898 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 2899 byte sessionCtxSz; /* sessionCtx length */
wolfSSL 15:117db924cf7c 2900 byte sessionCtx[ID_LEN]; /* app specific context id */
wolfSSL 15:117db924cf7c 2901 #endif
wolfSSL 15:117db924cf7c 2902 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2903 word16 namedGroup;
wolfSSL 15:117db924cf7c 2904 #endif
wolfSSL 15:117db924cf7c 2905 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 2906 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 2907 word32 ticketSeen; /* Time ticket seen (ms) */
wolfSSL 15:117db924cf7c 2908 word32 ticketAdd; /* Added by client */
wolfSSL 15:117db924cf7c 2909 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 2910 TicketNonce ticketNonce; /* Nonce used to derive PSK */
wolfSSL 15:117db924cf7c 2911 #endif
wolfSSL 15:117db924cf7c 2912 #endif
wolfSSL 15:117db924cf7c 2913 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 2914 word32 maxEarlyDataSz;
wolfSSL 15:117db924cf7c 2915 #endif
wolfSSL 15:117db924cf7c 2916 #endif
wolfSSL 15:117db924cf7c 2917 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 2918 byte* ticket;
wolfSSL 15:117db924cf7c 2919 word16 ticketLen;
wolfSSL 15:117db924cf7c 2920 byte staticTicket[SESSION_TICKET_LEN];
wolfSSL 15:117db924cf7c 2921 byte isDynamic;
wolfSSL 15:117db924cf7c 2922 #endif
wolfSSL 15:117db924cf7c 2923 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 2924 byte isAlloced;
wolfSSL 15:117db924cf7c 2925 #endif
wolfSSL 15:117db924cf7c 2926 #ifdef HAVE_EX_DATA
wolfSSL 15:117db924cf7c 2927 void* ex_data[MAX_EX_DATA];
wolfSSL 15:117db924cf7c 2928 #endif
wolfSSL 15:117db924cf7c 2929 };
wolfSSL 15:117db924cf7c 2930
wolfSSL 15:117db924cf7c 2931
wolfSSL 15:117db924cf7c 2932 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2933 WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
wolfSSL 15:117db924cf7c 2934 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 2935 int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
wolfSSL 15:117db924cf7c 2936
wolfSSL 15:117db924cf7c 2937 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int);
wolfSSL 15:117db924cf7c 2938
wolfSSL 15:117db924cf7c 2939 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 2940 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
wolfSSL 15:117db924cf7c 2941 #endif
wolfSSL 15:117db924cf7c 2942
wolfSSL 15:117db924cf7c 2943 /* client connect state for nonblocking restart */
wolfSSL 15:117db924cf7c 2944 enum ConnectState {
wolfSSL 15:117db924cf7c 2945 CONNECT_BEGIN = 0,
wolfSSL 15:117db924cf7c 2946 CLIENT_HELLO_SENT,
wolfSSL 15:117db924cf7c 2947 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
wolfSSL 15:117db924cf7c 2948 HELLO_AGAIN_REPLY,
wolfSSL 15:117db924cf7c 2949 FIRST_REPLY_DONE,
wolfSSL 15:117db924cf7c 2950 FIRST_REPLY_FIRST,
wolfSSL 15:117db924cf7c 2951 FIRST_REPLY_SECOND,
wolfSSL 15:117db924cf7c 2952 FIRST_REPLY_THIRD,
wolfSSL 15:117db924cf7c 2953 FIRST_REPLY_FOURTH,
wolfSSL 15:117db924cf7c 2954 FINISHED_DONE,
wolfSSL 15:117db924cf7c 2955 SECOND_REPLY_DONE
wolfSSL 15:117db924cf7c 2956 };
wolfSSL 15:117db924cf7c 2957
wolfSSL 15:117db924cf7c 2958
wolfSSL 15:117db924cf7c 2959 /* server accept state for nonblocking restart */
wolfSSL 15:117db924cf7c 2960 enum AcceptState {
wolfSSL 15:117db924cf7c 2961 ACCEPT_BEGIN = 0,
wolfSSL 15:117db924cf7c 2962 ACCEPT_CLIENT_HELLO_DONE,
wolfSSL 15:117db924cf7c 2963 ACCEPT_HELLO_RETRY_REQUEST_DONE,
wolfSSL 15:117db924cf7c 2964 ACCEPT_FIRST_REPLY_DONE,
wolfSSL 15:117db924cf7c 2965 SERVER_HELLO_SENT,
wolfSSL 15:117db924cf7c 2966 SERVER_EXTENSIONS_SENT,
wolfSSL 15:117db924cf7c 2967 CERT_SENT,
wolfSSL 15:117db924cf7c 2968 CERT_VERIFY_SENT,
wolfSSL 15:117db924cf7c 2969 CERT_STATUS_SENT,
wolfSSL 15:117db924cf7c 2970 KEY_EXCHANGE_SENT,
wolfSSL 15:117db924cf7c 2971 CERT_REQ_SENT,
wolfSSL 15:117db924cf7c 2972 SERVER_HELLO_DONE,
wolfSSL 15:117db924cf7c 2973 ACCEPT_SECOND_REPLY_DONE,
wolfSSL 15:117db924cf7c 2974 TICKET_SENT,
wolfSSL 15:117db924cf7c 2975 CHANGE_CIPHER_SENT,
wolfSSL 15:117db924cf7c 2976 ACCEPT_FINISHED_DONE,
wolfSSL 15:117db924cf7c 2977 ACCEPT_THIRD_REPLY_DONE
wolfSSL 15:117db924cf7c 2978 };
wolfSSL 15:117db924cf7c 2979
wolfSSL 15:117db924cf7c 2980 /* TLS 1.3 server accept state for nonblocking restart */
wolfSSL 15:117db924cf7c 2981 enum AcceptStateTls13 {
wolfSSL 15:117db924cf7c 2982 TLS13_ACCEPT_BEGIN = 0,
wolfSSL 15:117db924cf7c 2983 TLS13_ACCEPT_CLIENT_HELLO_DONE,
wolfSSL 15:117db924cf7c 2984 TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE,
wolfSSL 15:117db924cf7c 2985 TLS13_ACCEPT_FIRST_REPLY_DONE,
wolfSSL 15:117db924cf7c 2986 TLS13_ACCEPT_SECOND_REPLY_DONE,
wolfSSL 15:117db924cf7c 2987 TLS13_SERVER_HELLO_SENT,
wolfSSL 15:117db924cf7c 2988 TLS13_ACCEPT_THIRD_REPLY_DONE,
wolfSSL 15:117db924cf7c 2989 TLS13_SERVER_EXTENSIONS_SENT,
wolfSSL 15:117db924cf7c 2990 TLS13_CERT_REQ_SENT,
wolfSSL 15:117db924cf7c 2991 TLS13_CERT_SENT,
wolfSSL 15:117db924cf7c 2992 TLS13_CERT_VERIFY_SENT,
wolfSSL 15:117db924cf7c 2993 TLS13_ACCEPT_FINISHED_SENT,
wolfSSL 15:117db924cf7c 2994 TLS13_PRE_TICKET_SENT,
wolfSSL 15:117db924cf7c 2995 TLS13_ACCEPT_FINISHED_DONE,
wolfSSL 15:117db924cf7c 2996 TLS13_TICKET_SENT
wolfSSL 15:117db924cf7c 2997 };
wolfSSL 15:117db924cf7c 2998
wolfSSL 15:117db924cf7c 2999 /* buffers for struct WOLFSSL */
wolfSSL 15:117db924cf7c 3000 typedef struct Buffers {
wolfSSL 15:117db924cf7c 3001 bufferStatic inputBuffer;
wolfSSL 15:117db924cf7c 3002 bufferStatic outputBuffer;
wolfSSL 15:117db924cf7c 3003 buffer domainName; /* for client check */
wolfSSL 15:117db924cf7c 3004 buffer clearOutputBuffer;
wolfSSL 15:117db924cf7c 3005 buffer sig; /* signature data */
wolfSSL 15:117db924cf7c 3006 buffer digest; /* digest data */
wolfSSL 15:117db924cf7c 3007 int prevSent; /* previous plain text bytes sent
wolfSSL 15:117db924cf7c 3008 when got WANT_WRITE */
wolfSSL 15:117db924cf7c 3009 int plainSz; /* plain text bytes in buffer to send
wolfSSL 15:117db924cf7c 3010 when got WANT_WRITE */
wolfSSL 15:117db924cf7c 3011 byte weOwnCert; /* SSL own cert flag */
wolfSSL 15:117db924cf7c 3012 byte weOwnCertChain; /* SSL own cert chain flag */
wolfSSL 15:117db924cf7c 3013 byte weOwnKey; /* SSL own key flag */
wolfSSL 15:117db924cf7c 3014 byte weOwnDH; /* SSL own dh (p,g) flag */
wolfSSL 15:117db924cf7c 3015 #ifndef NO_DH
wolfSSL 15:117db924cf7c 3016 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
wolfSSL 15:117db924cf7c 3017 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
wolfSSL 15:117db924cf7c 3018 buffer serverDH_Pub;
wolfSSL 15:117db924cf7c 3019 buffer serverDH_Priv;
wolfSSL 15:117db924cf7c 3020 DhKey* serverDH_Key;
wolfSSL 15:117db924cf7c 3021 #endif
wolfSSL 15:117db924cf7c 3022 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 3023 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
wolfSSL 15:117db924cf7c 3024 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
wolfSSL 15:117db924cf7c 3025 byte keyType; /* Type of key: RSA, ECC, Ed25519 */
wolfSSL 15:117db924cf7c 3026 int keySz; /* Size of RSA key */
wolfSSL 15:117db924cf7c 3027 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
wolfSSL 15:117db924cf7c 3028 /* chain after self, in DER, with leading size for each cert */
wolfSSL 15:117db924cf7c 3029 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3030 int certChainCnt;
wolfSSL 15:117db924cf7c 3031 DerBuffer* certExts;
wolfSSL 15:117db924cf7c 3032 #endif
wolfSSL 15:117db924cf7c 3033 #endif
wolfSSL 15:117db924cf7c 3034 #ifdef WOLFSSL_SEND_HRR_COOKIE
wolfSSL 15:117db924cf7c 3035 buffer tls13CookieSecret; /* HRR cookie secret */
wolfSSL 15:117db924cf7c 3036 #endif
wolfSSL 15:117db924cf7c 3037 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 3038 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
wolfSSL 15:117db924cf7c 3039 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 3040 buffer dtlsCookieSecret; /* DTLS cookie secret */
wolfSSL 15:117db924cf7c 3041 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 3042 #endif
wolfSSL 15:117db924cf7c 3043 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 3044 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 3045 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
wolfSSL 15:117db924cf7c 3046 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 3047 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 3048 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
wolfSSL 15:117db924cf7c 3049 #endif /* HAVE_ED25519 */
wolfSSL 15:117db924cf7c 3050 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 3051 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
wolfSSL 15:117db924cf7c 3052 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 3053 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 15:117db924cf7c 3054 } Buffers;
wolfSSL 15:117db924cf7c 3055
wolfSSL 15:117db924cf7c 3056 /* sub-states for send/do key share (key exchange) */
wolfSSL 15:117db924cf7c 3057 enum asyncState {
wolfSSL 15:117db924cf7c 3058 TLS_ASYNC_BEGIN = 0,
wolfSSL 15:117db924cf7c 3059 TLS_ASYNC_BUILD,
wolfSSL 15:117db924cf7c 3060 TLS_ASYNC_DO,
wolfSSL 15:117db924cf7c 3061 TLS_ASYNC_VERIFY,
wolfSSL 15:117db924cf7c 3062 TLS_ASYNC_FINALIZE,
wolfSSL 15:117db924cf7c 3063 TLS_ASYNC_END
wolfSSL 15:117db924cf7c 3064 };
wolfSSL 15:117db924cf7c 3065
wolfSSL 15:117db924cf7c 3066 /* sub-states for build message */
wolfSSL 15:117db924cf7c 3067 enum buildMsgState {
wolfSSL 15:117db924cf7c 3068 BUILD_MSG_BEGIN = 0,
wolfSSL 15:117db924cf7c 3069 BUILD_MSG_SIZE,
wolfSSL 15:117db924cf7c 3070 BUILD_MSG_HASH,
wolfSSL 15:117db924cf7c 3071 BUILD_MSG_VERIFY_MAC,
wolfSSL 15:117db924cf7c 3072 BUILD_MSG_ENCRYPT,
wolfSSL 15:117db924cf7c 3073 };
wolfSSL 15:117db924cf7c 3074
wolfSSL 15:117db924cf7c 3075 /* sub-states for cipher operations */
wolfSSL 15:117db924cf7c 3076 enum cipherState {
wolfSSL 15:117db924cf7c 3077 CIPHER_STATE_BEGIN = 0,
wolfSSL 15:117db924cf7c 3078 CIPHER_STATE_DO,
wolfSSL 15:117db924cf7c 3079 CIPHER_STATE_END,
wolfSSL 15:117db924cf7c 3080 };
wolfSSL 15:117db924cf7c 3081
wolfSSL 15:117db924cf7c 3082 typedef struct Options {
wolfSSL 15:117db924cf7c 3083 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 3084 wc_psk_client_callback client_psk_cb;
wolfSSL 15:117db924cf7c 3085 wc_psk_server_callback server_psk_cb;
wolfSSL 15:117db924cf7c 3086 #endif /* NO_PSK */
wolfSSL 15:117db924cf7c 3087 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3088 unsigned long mask; /* store SSL_OP_ flags */
wolfSSL 15:117db924cf7c 3089 #endif
wolfSSL 15:117db924cf7c 3090
wolfSSL 15:117db924cf7c 3091 /* on/off or small bit flags, optimize layout */
wolfSSL 15:117db924cf7c 3092 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 3093 word16 havePSK:1; /* psk key set by user */
wolfSSL 15:117db924cf7c 3094 #endif /* HAVE_SESSION_TICKET || !NO_PSK */
wolfSSL 15:117db924cf7c 3095 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
wolfSSL 15:117db924cf7c 3096 word16 sessionCacheOff:1;
wolfSSL 15:117db924cf7c 3097 word16 sessionCacheFlushOff:1;
wolfSSL 15:117db924cf7c 3098 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 3099 word16 internalCacheOff:1;
wolfSSL 15:117db924cf7c 3100 #endif
wolfSSL 15:117db924cf7c 3101 word16 side:1; /* client or server end */
wolfSSL 15:117db924cf7c 3102 word16 verifyPeer:1;
wolfSSL 15:117db924cf7c 3103 word16 verifyNone:1;
wolfSSL 15:117db924cf7c 3104 word16 failNoCert:1;
wolfSSL 15:117db924cf7c 3105 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
wolfSSL 15:117db924cf7c 3106 word16 downgrade:1; /* allow downgrade of versions */
wolfSSL 15:117db924cf7c 3107 word16 resuming:1;
wolfSSL 15:117db924cf7c 3108 word16 haveSessionId:1; /* server may not send */
wolfSSL 15:117db924cf7c 3109 word16 tls:1; /* using TLS ? */
wolfSSL 15:117db924cf7c 3110 word16 tls1_1:1; /* using TLSv1.1+ ? */
wolfSSL 15:117db924cf7c 3111 word16 tls1_3:1; /* using TLSv1.3+ ? */
wolfSSL 15:117db924cf7c 3112 word16 dtls:1; /* using datagrams ? */
wolfSSL 15:117db924cf7c 3113 word16 connReset:1; /* has the peer reset */
wolfSSL 15:117db924cf7c 3114 word16 isClosed:1; /* if we consider conn closed */
wolfSSL 15:117db924cf7c 3115 word16 closeNotify:1; /* we've received a close notify */
wolfSSL 15:117db924cf7c 3116 word16 sentNotify:1; /* we've sent a close notify */
wolfSSL 15:117db924cf7c 3117 word16 usingCompression:1; /* are we using compression */
wolfSSL 15:117db924cf7c 3118 word16 haveRSA:1; /* RSA available */
wolfSSL 15:117db924cf7c 3119 word16 haveECC:1; /* ECC available */
wolfSSL 15:117db924cf7c 3120 word16 haveDH:1; /* server DH parms set by user */
wolfSSL 15:117db924cf7c 3121 word16 haveNTRU:1; /* server NTRU private key loaded */
wolfSSL 15:117db924cf7c 3122 word16 haveQSH:1; /* have QSH ability */
wolfSSL 15:117db924cf7c 3123 word16 haveECDSAsig:1; /* server ECDSA signed cert */
wolfSSL 15:117db924cf7c 3124 word16 haveStaticECC:1; /* static server ECC private key */
wolfSSL 15:117db924cf7c 3125 word16 havePeerCert:1; /* do we have peer's cert */
wolfSSL 15:117db924cf7c 3126 word16 havePeerVerify:1; /* and peer's cert verify */
wolfSSL 15:117db924cf7c 3127 word16 usingPSK_cipher:1; /* are using psk as cipher */
wolfSSL 15:117db924cf7c 3128 word16 usingAnon_cipher:1; /* are we using an anon cipher */
wolfSSL 15:117db924cf7c 3129 word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
wolfSSL 15:117db924cf7c 3130 word16 sendAlertState:1; /* nonblocking resume */
wolfSSL 15:117db924cf7c 3131 word16 partialWrite:1; /* only one msg per write call */
wolfSSL 15:117db924cf7c 3132 word16 quietShutdown:1; /* don't send close notify */
wolfSSL 15:117db924cf7c 3133 word16 certOnly:1; /* stop once we get cert */
wolfSSL 15:117db924cf7c 3134 word16 groupMessages:1; /* group handshake messages */
wolfSSL 15:117db924cf7c 3135 word16 saveArrays:1; /* save array Memory for user get keys
wolfSSL 15:117db924cf7c 3136 or psk */
wolfSSL 15:117db924cf7c 3137 word16 weOwnRng:1; /* will be true unless CTX owns */
wolfSSL 15:117db924cf7c 3138 word16 haveEMS:1; /* using extended master secret */
wolfSSL 15:117db924cf7c 3139 #ifdef HAVE_POLY1305
wolfSSL 15:117db924cf7c 3140 word16 oldPoly:1; /* set when to use old rfc way of poly*/
wolfSSL 15:117db924cf7c 3141 #endif
wolfSSL 15:117db924cf7c 3142 #ifdef HAVE_ANON
wolfSSL 15:117db924cf7c 3143 word16 haveAnon:1; /* User wants to allow Anon suites */
wolfSSL 15:117db924cf7c 3144 #endif
wolfSSL 15:117db924cf7c 3145 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 3146 word16 createTicket:1; /* Server to create new Ticket */
wolfSSL 15:117db924cf7c 3147 word16 useTicket:1; /* Use Ticket not session cache */
wolfSSL 15:117db924cf7c 3148 word16 rejectTicket:1; /* Callback rejected ticket */
wolfSSL 15:117db924cf7c 3149 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3150 word16 noTicketTls13:1; /* Server won't create new Ticket */
wolfSSL 15:117db924cf7c 3151 #endif
wolfSSL 15:117db924cf7c 3152 #endif
wolfSSL 15:117db924cf7c 3153 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 3154 word16 dtlsUseNonblock:1; /* are we using nonblocking socket */
wolfSSL 15:117db924cf7c 3155 word16 dtlsHsRetain:1; /* DTLS retaining HS data */
wolfSSL 15:117db924cf7c 3156 word16 haveMcast:1; /* using multicast ? */
wolfSSL 15:117db924cf7c 3157 #ifdef WOLFSSL_SCTP
wolfSSL 15:117db924cf7c 3158 word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
wolfSSL 15:117db924cf7c 3159 #endif
wolfSSL 15:117db924cf7c 3160 #endif
wolfSSL 15:117db924cf7c 3161 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 3162 word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
wolfSSL 15:117db924cf7c 3163 #endif
wolfSSL 15:117db924cf7c 3164 word16 keepResources:1; /* Keep resources after handshake */
wolfSSL 15:117db924cf7c 3165 word16 useClientOrder:1; /* Use client's cipher order */
wolfSSL 15:117db924cf7c 3166 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 15:117db924cf7c 3167 word16 postHandshakeAuth:1;/* Client send post_handshake_auth
wolfSSL 15:117db924cf7c 3168 * extendion. */
wolfSSL 15:117db924cf7c 3169 #endif
wolfSSL 15:117db924cf7c 3170 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 3171 word16 sendCookie:1; /* Server creates a Cookie in HRR */
wolfSSL 15:117db924cf7c 3172 #endif
wolfSSL 15:117db924cf7c 3173 #ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL 15:117db924cf7c 3174 word16 usingAltCertChain:1;/* Alternate cert chain was used */
wolfSSL 15:117db924cf7c 3175 #endif
wolfSSL 15:117db924cf7c 3176 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
wolfSSL 15:117db924cf7c 3177 word16 sentChangeCipher:1; /* Change Cipher Spec sent */
wolfSSL 15:117db924cf7c 3178 #endif
wolfSSL 15:117db924cf7c 3179 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \
wolfSSL 15:117db924cf7c 3180 !defined(NO_ED25519_CLIENT_AUTH)
wolfSSL 15:117db924cf7c 3181 word16 cacheMessages:1; /* Cache messages for sign/verify */
wolfSSL 15:117db924cf7c 3182 #endif
wolfSSL 15:117db924cf7c 3183
wolfSSL 15:117db924cf7c 3184 /* need full byte values for this section */
wolfSSL 15:117db924cf7c 3185 byte processReply; /* nonblocking resume */
wolfSSL 15:117db924cf7c 3186 byte cipherSuite0; /* first byte, normally 0 */
wolfSSL 15:117db924cf7c 3187 byte cipherSuite; /* second byte, actual suite */
wolfSSL 15:117db924cf7c 3188 byte serverState;
wolfSSL 15:117db924cf7c 3189 byte clientState;
wolfSSL 15:117db924cf7c 3190 byte handShakeState;
wolfSSL 15:117db924cf7c 3191 byte handShakeDone; /* at least one handshake complete */
wolfSSL 15:117db924cf7c 3192 byte minDowngrade; /* minimum downgrade version */
wolfSSL 15:117db924cf7c 3193 byte connectState; /* nonblocking resume */
wolfSSL 15:117db924cf7c 3194 byte acceptState; /* nonblocking resume */
wolfSSL 15:117db924cf7c 3195 byte asyncState; /* sub-state for enum asyncState */
wolfSSL 15:117db924cf7c 3196 byte buildMsgState; /* sub-state for enum buildMsgState */
wolfSSL 15:117db924cf7c 3197 byte alertCount; /* detect warning dos attempt */
wolfSSL 15:117db924cf7c 3198 #ifdef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 3199 word16 mcastID; /* Multicast group ID */
wolfSSL 15:117db924cf7c 3200 #endif
wolfSSL 15:117db924cf7c 3201 #ifndef NO_DH
wolfSSL 15:117db924cf7c 3202 word16 minDhKeySz; /* minimum DH key size */
wolfSSL 15:117db924cf7c 3203 word16 maxDhKeySz; /* minimum DH key size */
wolfSSL 15:117db924cf7c 3204 word16 dhKeySz; /* actual DH key size */
wolfSSL 15:117db924cf7c 3205 #endif
wolfSSL 15:117db924cf7c 3206 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 3207 short minRsaKeySz; /* minimum RSA key size */
wolfSSL 15:117db924cf7c 3208 #endif
wolfSSL 15:117db924cf7c 3209 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 3210 short minEccKeySz; /* minimum ECC key size */
wolfSSL 15:117db924cf7c 3211 #endif
wolfSSL 15:117db924cf7c 3212 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3213 byte verifyDepth; /* maximum verification depth */
wolfSSL 15:117db924cf7c 3214 #endif
wolfSSL 15:117db924cf7c 3215 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 3216 word16 pskIdIndex;
wolfSSL 15:117db924cf7c 3217 word32 maxEarlyDataSz;
wolfSSL 15:117db924cf7c 3218 #endif
wolfSSL 15:117db924cf7c 3219 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3220 byte oldMinor; /* client preferred version < TLS 1.3 */
wolfSSL 15:117db924cf7c 3221 #endif
wolfSSL 15:117db924cf7c 3222 } Options;
wolfSSL 15:117db924cf7c 3223
wolfSSL 15:117db924cf7c 3224 typedef struct Arrays {
wolfSSL 15:117db924cf7c 3225 byte* pendingMsg; /* defrag buffer */
wolfSSL 15:117db924cf7c 3226 byte* preMasterSecret;
wolfSSL 15:117db924cf7c 3227 word32 preMasterSz; /* differs for DH, actual size */
wolfSSL 15:117db924cf7c 3228 word32 pendingMsgSz; /* defrag buffer size */
wolfSSL 15:117db924cf7c 3229 word32 pendingMsgOffset; /* current offset into defrag buffer */
wolfSSL 15:117db924cf7c 3230 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 3231 word32 psk_keySz; /* actual size */
wolfSSL 15:117db924cf7c 3232 char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL 15:117db924cf7c 3233 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
wolfSSL 15:117db924cf7c 3234 byte psk_key[MAX_PSK_KEY_LEN];
wolfSSL 15:117db924cf7c 3235 #endif
wolfSSL 15:117db924cf7c 3236 byte clientRandom[RAN_LEN];
wolfSSL 15:117db924cf7c 3237 byte serverRandom[RAN_LEN];
wolfSSL 15:117db924cf7c 3238 byte sessionID[ID_LEN];
wolfSSL 15:117db924cf7c 3239 byte sessionIDSz;
wolfSSL 15:117db924cf7c 3240 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3241 byte clientSecret[SECRET_LEN];
wolfSSL 15:117db924cf7c 3242 byte serverSecret[SECRET_LEN];
wolfSSL 15:117db924cf7c 3243 byte secret[SECRET_LEN];
wolfSSL 15:117db924cf7c 3244 #endif
wolfSSL 15:117db924cf7c 3245 byte masterSecret[SECRET_LEN];
wolfSSL 15:117db924cf7c 3246 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 3247 byte cookie[MAX_COOKIE_LEN];
wolfSSL 15:117db924cf7c 3248 byte cookieSz;
wolfSSL 15:117db924cf7c 3249 #endif
wolfSSL 15:117db924cf7c 3250 byte pendingMsgType; /* defrag buffer message type */
wolfSSL 15:117db924cf7c 3251 } Arrays;
wolfSSL 15:117db924cf7c 3252
wolfSSL 15:117db924cf7c 3253 #ifndef ASN_NAME_MAX
wolfSSL 15:117db924cf7c 3254 #define ASN_NAME_MAX 256
wolfSSL 15:117db924cf7c 3255 #endif
wolfSSL 15:117db924cf7c 3256
wolfSSL 15:117db924cf7c 3257 #ifndef MAX_DATE_SZ
wolfSSL 15:117db924cf7c 3258 #define MAX_DATE_SZ 32
wolfSSL 15:117db924cf7c 3259 #endif
wolfSSL 15:117db924cf7c 3260
wolfSSL 15:117db924cf7c 3261 struct WOLFSSL_STACK {
wolfSSL 15:117db924cf7c 3262 unsigned long num; /* number of nodes in stack
wolfSSL 15:117db924cf7c 3263 * (saftey measure for freeing and shortcut for count) */
wolfSSL 15:117db924cf7c 3264 union {
wolfSSL 15:117db924cf7c 3265 WOLFSSL_X509* x509;
wolfSSL 15:117db924cf7c 3266 WOLFSSL_X509_NAME* name;
wolfSSL 15:117db924cf7c 3267 WOLFSSL_BIO* bio;
wolfSSL 15:117db924cf7c 3268 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 15:117db924cf7c 3269 char* string;
wolfSSL 15:117db924cf7c 3270 } data;
wolfSSL 15:117db924cf7c 3271 WOLFSSL_STACK* next;
wolfSSL 15:117db924cf7c 3272 };
wolfSSL 15:117db924cf7c 3273
wolfSSL 15:117db924cf7c 3274
wolfSSL 15:117db924cf7c 3275 struct WOLFSSL_X509_NAME {
wolfSSL 15:117db924cf7c 3276 char *name;
wolfSSL 15:117db924cf7c 3277 int dynamicName;
wolfSSL 15:117db924cf7c 3278 int sz;
wolfSSL 15:117db924cf7c 3279 char staticName[ASN_NAME_MAX];
wolfSSL 15:117db924cf7c 3280 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
wolfSSL 15:117db924cf7c 3281 !defined(NO_ASN)
wolfSSL 15:117db924cf7c 3282 DecodedName fullName;
wolfSSL 15:117db924cf7c 3283 WOLFSSL_X509_NAME_ENTRY cnEntry;
wolfSSL 15:117db924cf7c 3284 WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
wolfSSL 15:117db924cf7c 3285 WOLFSSL_X509* x509; /* x509 that struct belongs to */
wolfSSL 15:117db924cf7c 3286 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 3287 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
wolfSSL 15:117db924cf7c 3288 byte raw[ASN_NAME_MAX];
wolfSSL 15:117db924cf7c 3289 int rawLen;
wolfSSL 15:117db924cf7c 3290 #endif
wolfSSL 15:117db924cf7c 3291 };
wolfSSL 15:117db924cf7c 3292
wolfSSL 15:117db924cf7c 3293 #ifndef EXTERNAL_SERIAL_SIZE
wolfSSL 15:117db924cf7c 3294 #define EXTERNAL_SERIAL_SIZE 32
wolfSSL 15:117db924cf7c 3295 #endif
wolfSSL 15:117db924cf7c 3296
wolfSSL 15:117db924cf7c 3297 #ifdef NO_ASN
wolfSSL 15:117db924cf7c 3298 typedef struct DNS_entry DNS_entry;
wolfSSL 15:117db924cf7c 3299 #endif
wolfSSL 15:117db924cf7c 3300
wolfSSL 15:117db924cf7c 3301 struct WOLFSSL_X509 {
wolfSSL 15:117db924cf7c 3302 int version;
wolfSSL 15:117db924cf7c 3303 int serialSz;
wolfSSL 15:117db924cf7c 3304 #ifdef WOLFSSL_SEP
wolfSSL 15:117db924cf7c 3305 int deviceTypeSz;
wolfSSL 15:117db924cf7c 3306 int hwTypeSz;
wolfSSL 15:117db924cf7c 3307 byte deviceType[EXTERNAL_SERIAL_SIZE];
wolfSSL 15:117db924cf7c 3308 byte hwType[EXTERNAL_SERIAL_SIZE];
wolfSSL 15:117db924cf7c 3309 int hwSerialNumSz;
wolfSSL 15:117db924cf7c 3310 byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
wolfSSL 15:117db924cf7c 3311 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 3312 byte certPolicySet;
wolfSSL 15:117db924cf7c 3313 byte certPolicyCrit;
wolfSSL 15:117db924cf7c 3314 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 3315 #endif
wolfSSL 15:117db924cf7c 3316 int notBeforeSz;
wolfSSL 15:117db924cf7c 3317 int notAfterSz;
wolfSSL 15:117db924cf7c 3318 byte notBefore[MAX_DATE_SZ];
wolfSSL 15:117db924cf7c 3319 byte notAfter[MAX_DATE_SZ];
wolfSSL 15:117db924cf7c 3320 buffer sig;
wolfSSL 15:117db924cf7c 3321 int sigOID;
wolfSSL 15:117db924cf7c 3322 DNS_entry* altNames; /* alt names list */
wolfSSL 15:117db924cf7c 3323 buffer pubKey;
wolfSSL 15:117db924cf7c 3324 int pubKeyOID;
wolfSSL 15:117db924cf7c 3325 DNS_entry* altNamesNext; /* hint for retrieval */
wolfSSL 15:117db924cf7c 3326 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 3327 word32 pkCurveOID;
wolfSSL 15:117db924cf7c 3328 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 3329 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 3330 DerBuffer* derCert; /* may need */
wolfSSL 15:117db924cf7c 3331 #endif
wolfSSL 15:117db924cf7c 3332 void* heap; /* heap hint */
wolfSSL 15:117db924cf7c 3333 byte dynamicMemory; /* dynamic memory flag */
wolfSSL 15:117db924cf7c 3334 byte isCa:1;
wolfSSL 15:117db924cf7c 3335 #ifdef WOLFSSL_CERT_EXT
wolfSSL 15:117db924cf7c 3336 char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
wolfSSL 15:117db924cf7c 3337 int certPoliciesNb;
wolfSSL 15:117db924cf7c 3338 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 15:117db924cf7c 3339 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 3340 #ifdef HAVE_EX_DATA
wolfSSL 15:117db924cf7c 3341 void* ex_data[MAX_EX_DATA];
wolfSSL 15:117db924cf7c 3342 #endif
wolfSSL 15:117db924cf7c 3343 byte* authKeyId;
wolfSSL 15:117db924cf7c 3344 byte* subjKeyId;
wolfSSL 15:117db924cf7c 3345 byte* extKeyUsageSrc;
wolfSSL 15:117db924cf7c 3346 byte* CRLInfo;
wolfSSL 15:117db924cf7c 3347 byte* authInfo;
wolfSSL 15:117db924cf7c 3348 word32 pathLength;
wolfSSL 15:117db924cf7c 3349 word16 keyUsage;
wolfSSL 15:117db924cf7c 3350 int CRLInfoSz;
wolfSSL 15:117db924cf7c 3351 int authInfoSz;
wolfSSL 15:117db924cf7c 3352 word32 authKeyIdSz;
wolfSSL 15:117db924cf7c 3353 word32 subjKeyIdSz;
wolfSSL 15:117db924cf7c 3354 word32 extKeyUsageSz;
wolfSSL 15:117db924cf7c 3355 word32 extKeyUsageCount;
wolfSSL 15:117db924cf7c 3356
wolfSSL 15:117db924cf7c 3357 byte CRLdistSet:1;
wolfSSL 15:117db924cf7c 3358 byte CRLdistCrit:1;
wolfSSL 15:117db924cf7c 3359 byte authInfoSet:1;
wolfSSL 15:117db924cf7c 3360 byte authInfoCrit:1;
wolfSSL 15:117db924cf7c 3361 byte keyUsageSet:1;
wolfSSL 15:117db924cf7c 3362 byte keyUsageCrit:1;
wolfSSL 15:117db924cf7c 3363 byte extKeyUsageCrit:1;
wolfSSL 15:117db924cf7c 3364 byte subjKeyIdSet:1;
wolfSSL 15:117db924cf7c 3365
wolfSSL 15:117db924cf7c 3366 byte subjKeyIdCrit:1;
wolfSSL 15:117db924cf7c 3367 byte basicConstSet:1;
wolfSSL 15:117db924cf7c 3368 byte basicConstCrit:1;
wolfSSL 15:117db924cf7c 3369 byte basicConstPlSet:1;
wolfSSL 15:117db924cf7c 3370 byte subjAltNameSet:1;
wolfSSL 15:117db924cf7c 3371 byte subjAltNameCrit:1;
wolfSSL 15:117db924cf7c 3372 byte authKeyIdSet:1;
wolfSSL 15:117db924cf7c 3373 byte authKeyIdCrit:1;
wolfSSL 15:117db924cf7c 3374 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
wolfSSL 15:117db924cf7c 3375 byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL 15:117db924cf7c 3376 char subjectCN[ASN_NAME_MAX]; /* common name short cut */
wolfSSL 15:117db924cf7c 3377 #ifdef WOLFSSL_CERT_REQ
wolfSSL 15:117db924cf7c 3378 char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
wolfSSL 15:117db924cf7c 3379 #endif
wolfSSL 15:117db924cf7c 3380 WOLFSSL_X509_NAME issuer;
wolfSSL 15:117db924cf7c 3381 WOLFSSL_X509_NAME subject;
wolfSSL 15:117db924cf7c 3382 };
wolfSSL 15:117db924cf7c 3383
wolfSSL 15:117db924cf7c 3384
wolfSSL 15:117db924cf7c 3385 /* record layer header for PlainText, Compressed, and CipherText */
wolfSSL 15:117db924cf7c 3386 typedef struct RecordLayerHeader {
wolfSSL 15:117db924cf7c 3387 byte type;
wolfSSL 15:117db924cf7c 3388 byte pvMajor;
wolfSSL 15:117db924cf7c 3389 byte pvMinor;
wolfSSL 15:117db924cf7c 3390 byte length[2];
wolfSSL 15:117db924cf7c 3391 } RecordLayerHeader;
wolfSSL 15:117db924cf7c 3392
wolfSSL 15:117db924cf7c 3393
wolfSSL 15:117db924cf7c 3394 /* record layer header for DTLS PlainText, Compressed, and CipherText */
wolfSSL 15:117db924cf7c 3395 typedef struct DtlsRecordLayerHeader {
wolfSSL 15:117db924cf7c 3396 byte type;
wolfSSL 15:117db924cf7c 3397 byte pvMajor;
wolfSSL 15:117db924cf7c 3398 byte pvMinor;
wolfSSL 15:117db924cf7c 3399 byte sequence_number[8]; /* per record */
wolfSSL 15:117db924cf7c 3400 byte length[2];
wolfSSL 15:117db924cf7c 3401 } DtlsRecordLayerHeader;
wolfSSL 15:117db924cf7c 3402
wolfSSL 15:117db924cf7c 3403
wolfSSL 15:117db924cf7c 3404 typedef struct DtlsFrag {
wolfSSL 15:117db924cf7c 3405 word32 begin;
wolfSSL 15:117db924cf7c 3406 word32 end;
wolfSSL 15:117db924cf7c 3407 struct DtlsFrag* next;
wolfSSL 15:117db924cf7c 3408 } DtlsFrag;
wolfSSL 15:117db924cf7c 3409
wolfSSL 15:117db924cf7c 3410
wolfSSL 15:117db924cf7c 3411 typedef struct DtlsMsg {
wolfSSL 15:117db924cf7c 3412 struct DtlsMsg* next;
wolfSSL 15:117db924cf7c 3413 byte* buf;
wolfSSL 15:117db924cf7c 3414 byte* msg;
wolfSSL 15:117db924cf7c 3415 DtlsFrag* fragList;
wolfSSL 15:117db924cf7c 3416 word32 fragSz; /* Length of fragments received */
wolfSSL 15:117db924cf7c 3417 word32 seq; /* Handshake sequence number */
wolfSSL 15:117db924cf7c 3418 word32 sz; /* Length of whole mesage */
wolfSSL 15:117db924cf7c 3419 byte type;
wolfSSL 15:117db924cf7c 3420 } DtlsMsg;
wolfSSL 15:117db924cf7c 3421
wolfSSL 15:117db924cf7c 3422
wolfSSL 15:117db924cf7c 3423 #ifdef HAVE_NETX
wolfSSL 15:117db924cf7c 3424
wolfSSL 15:117db924cf7c 3425 /* NETX I/O Callback default */
wolfSSL 15:117db924cf7c 3426 typedef struct NetX_Ctx {
wolfSSL 15:117db924cf7c 3427 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
wolfSSL 15:117db924cf7c 3428 NX_PACKET* nxPacket; /* incoming packet handle for short reads */
wolfSSL 15:117db924cf7c 3429 ULONG nxOffset; /* offset already read from nxPacket */
wolfSSL 15:117db924cf7c 3430 ULONG nxWait; /* wait option flag */
wolfSSL 15:117db924cf7c 3431 } NetX_Ctx;
wolfSSL 15:117db924cf7c 3432
wolfSSL 15:117db924cf7c 3433 #endif
wolfSSL 15:117db924cf7c 3434
wolfSSL 15:117db924cf7c 3435
wolfSSL 15:117db924cf7c 3436 /* Handshake messages received from peer (plus change cipher */
wolfSSL 15:117db924cf7c 3437 typedef struct MsgsReceived {
wolfSSL 15:117db924cf7c 3438 word16 got_hello_request:1;
wolfSSL 15:117db924cf7c 3439 word16 got_client_hello:2;
wolfSSL 15:117db924cf7c 3440 word16 got_server_hello:2;
wolfSSL 15:117db924cf7c 3441 word16 got_hello_verify_request:1;
wolfSSL 15:117db924cf7c 3442 word16 got_session_ticket:1;
wolfSSL 15:117db924cf7c 3443 word16 got_end_of_early_data:1;
wolfSSL 15:117db924cf7c 3444 word16 got_hello_retry_request:1;
wolfSSL 15:117db924cf7c 3445 word16 got_encrypted_extensions:1;
wolfSSL 15:117db924cf7c 3446 word16 got_certificate:1;
wolfSSL 15:117db924cf7c 3447 word16 got_certificate_status:1;
wolfSSL 15:117db924cf7c 3448 word16 got_server_key_exchange:1;
wolfSSL 15:117db924cf7c 3449 word16 got_certificate_request:1;
wolfSSL 15:117db924cf7c 3450 word16 got_server_hello_done:1;
wolfSSL 15:117db924cf7c 3451 word16 got_certificate_verify:1;
wolfSSL 15:117db924cf7c 3452 word16 got_client_key_exchange:1;
wolfSSL 15:117db924cf7c 3453 word16 got_finished:1;
wolfSSL 15:117db924cf7c 3454 word16 got_key_update:1;
wolfSSL 15:117db924cf7c 3455 word16 got_change_cipher:1;
wolfSSL 15:117db924cf7c 3456 } MsgsReceived;
wolfSSL 15:117db924cf7c 3457
wolfSSL 15:117db924cf7c 3458
wolfSSL 15:117db924cf7c 3459 /* Handshake hashes */
wolfSSL 15:117db924cf7c 3460 typedef struct HS_Hashes {
wolfSSL 15:117db924cf7c 3461 Hashes verifyHashes;
wolfSSL 15:117db924cf7c 3462 Hashes certHashes; /* for cert verify */
wolfSSL 15:117db924cf7c 3463 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 3464 wc_Sha hashSha; /* sha hash of handshake msgs */
wolfSSL 15:117db924cf7c 3465 #endif
wolfSSL 15:117db924cf7c 3466 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL 15:117db924cf7c 3467 wc_Md5 hashMd5; /* md5 hash of handshake msgs */
wolfSSL 15:117db924cf7c 3468 #endif
wolfSSL 15:117db924cf7c 3469 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 3470 wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */
wolfSSL 15:117db924cf7c 3471 #endif
wolfSSL 15:117db924cf7c 3472 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 3473 wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */
wolfSSL 15:117db924cf7c 3474 #endif
wolfSSL 15:117db924cf7c 3475 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 3476 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
wolfSSL 15:117db924cf7c 3477 #endif
wolfSSL 15:117db924cf7c 3478 #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL 15:117db924cf7c 3479 byte* messages; /* handshake messages */
wolfSSL 15:117db924cf7c 3480 int length; /* length of handhsake messages' data */
wolfSSL 15:117db924cf7c 3481 int prevLen; /* length of messages but last */
wolfSSL 15:117db924cf7c 3482 #endif
wolfSSL 15:117db924cf7c 3483 } HS_Hashes;
wolfSSL 15:117db924cf7c 3484
wolfSSL 15:117db924cf7c 3485
wolfSSL 15:117db924cf7c 3486 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 3487 #define MAX_ASYNC_ARGS 18
wolfSSL 15:117db924cf7c 3488 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
wolfSSL 15:117db924cf7c 3489
wolfSSL 15:117db924cf7c 3490 struct WOLFSSL_ASYNC {
wolfSSL 15:117db924cf7c 3491 WC_ASYNC_DEV* dev;
wolfSSL 15:117db924cf7c 3492 FreeArgsCb freeArgs; /* function pointer to cleanup args */
wolfSSL 15:117db924cf7c 3493 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
wolfSSL 15:117db924cf7c 3494 };
wolfSSL 15:117db924cf7c 3495 #endif
wolfSSL 15:117db924cf7c 3496
wolfSSL 15:117db924cf7c 3497 #ifdef HAVE_WRITE_DUP
wolfSSL 15:117db924cf7c 3498
wolfSSL 15:117db924cf7c 3499 #define WRITE_DUP_SIDE 1
wolfSSL 15:117db924cf7c 3500 #define READ_DUP_SIDE 2
wolfSSL 15:117db924cf7c 3501
wolfSSL 15:117db924cf7c 3502 typedef struct WriteDup {
wolfSSL 15:117db924cf7c 3503 wolfSSL_Mutex dupMutex; /* reference count mutex */
wolfSSL 15:117db924cf7c 3504 int dupCount; /* reference count */
wolfSSL 15:117db924cf7c 3505 int dupErr; /* under dupMutex, pass to other side */
wolfSSL 15:117db924cf7c 3506 } WriteDup;
wolfSSL 15:117db924cf7c 3507
wolfSSL 15:117db924cf7c 3508 WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 3509 WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
wolfSSL 15:117db924cf7c 3510 #endif /* HAVE_WRITE_DUP */
wolfSSL 15:117db924cf7c 3511
wolfSSL 15:117db924cf7c 3512 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 15:117db924cf7c 3513 typedef struct CertReqCtx CertReqCtx;
wolfSSL 15:117db924cf7c 3514
wolfSSL 15:117db924cf7c 3515 struct CertReqCtx {
wolfSSL 15:117db924cf7c 3516 CertReqCtx* next;
wolfSSL 15:117db924cf7c 3517 byte len;
wolfSSL 15:117db924cf7c 3518 byte ctx;
wolfSSL 15:117db924cf7c 3519 };
wolfSSL 15:117db924cf7c 3520 #endif
wolfSSL 15:117db924cf7c 3521
wolfSSL 15:117db924cf7c 3522 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 3523 typedef enum EarlyDataState {
wolfSSL 15:117db924cf7c 3524 no_early_data,
wolfSSL 15:117db924cf7c 3525 expecting_early_data,
wolfSSL 15:117db924cf7c 3526 process_early_data,
wolfSSL 15:117db924cf7c 3527 done_early_data
wolfSSL 15:117db924cf7c 3528 } EarlyDataState;
wolfSSL 15:117db924cf7c 3529 #endif
wolfSSL 15:117db924cf7c 3530
wolfSSL 15:117db924cf7c 3531 /* wolfSSL ssl type */
wolfSSL 15:117db924cf7c 3532 struct WOLFSSL {
wolfSSL 15:117db924cf7c 3533 WOLFSSL_CTX* ctx;
wolfSSL 15:117db924cf7c 3534 Suites* suites; /* only need during handshake */
wolfSSL 15:117db924cf7c 3535 Arrays* arrays;
wolfSSL 15:117db924cf7c 3536 HS_Hashes* hsHashes;
wolfSSL 15:117db924cf7c 3537 void* IOCB_ReadCtx;
wolfSSL 15:117db924cf7c 3538 void* IOCB_WriteCtx;
wolfSSL 15:117db924cf7c 3539 WC_RNG* rng;
wolfSSL 15:117db924cf7c 3540 void* verifyCbCtx; /* cert verify callback user ctx*/
wolfSSL 15:117db924cf7c 3541 VerifyCallback verifyCallback; /* cert verification callback */
wolfSSL 15:117db924cf7c 3542 void* heap; /* for user overrides */
wolfSSL 15:117db924cf7c 3543 #ifdef HAVE_WRITE_DUP
wolfSSL 15:117db924cf7c 3544 WriteDup* dupWrite; /* valid pointer indicates ON */
wolfSSL 15:117db924cf7c 3545 /* side that decrements dupCount to zero frees overall structure */
wolfSSL 15:117db924cf7c 3546 byte dupSide; /* write side or read side */
wolfSSL 15:117db924cf7c 3547 #endif
wolfSSL 15:117db924cf7c 3548 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3549 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
wolfSSL 15:117db924cf7c 3550 #endif
wolfSSL 15:117db924cf7c 3551 CallbackIORecv CBIORecv;
wolfSSL 15:117db924cf7c 3552 CallbackIOSend CBIOSend;
wolfSSL 15:117db924cf7c 3553 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 15:117db924cf7c 3554 WOLFSSL_HEAP_HINT heap_hint;
wolfSSL 15:117db924cf7c 3555 #endif
wolfSSL 15:117db924cf7c 3556 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 15:117db924cf7c 3557 HandShakeDoneCb hsDoneCb; /* notify user handshake done */
wolfSSL 15:117db924cf7c 3558 void* hsDoneCtx; /* user handshake cb context */
wolfSSL 15:117db924cf7c 3559 #endif
wolfSSL 15:117db924cf7c 3560 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 3561 struct WOLFSSL_ASYNC async;
wolfSSL 15:117db924cf7c 3562 #elif defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL 15:117db924cf7c 3563 void* nonblockarg; /* dynamic arg for handling non-block resume */
wolfSSL 15:117db924cf7c 3564 #endif
wolfSSL 15:117db924cf7c 3565 void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
wolfSSL 15:117db924cf7c 3566 word32 hsType; /* Type of Handshake key (hsKey) */
wolfSSL 15:117db924cf7c 3567 WOLFSSL_CIPHER cipher;
wolfSSL 15:117db924cf7c 3568 hmacfp hmac;
wolfSSL 15:117db924cf7c 3569 Ciphers encrypt;
wolfSSL 15:117db924cf7c 3570 Ciphers decrypt;
wolfSSL 15:117db924cf7c 3571 Buffers buffers;
wolfSSL 15:117db924cf7c 3572 WOLFSSL_SESSION session;
wolfSSL 15:117db924cf7c 3573 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 3574 WOLFSSL_SESSION* extSession;
wolfSSL 15:117db924cf7c 3575 #endif
wolfSSL 15:117db924cf7c 3576 WOLFSSL_ALERT_HISTORY alert_history;
wolfSSL 15:117db924cf7c 3577 int error;
wolfSSL 15:117db924cf7c 3578 int rfd; /* read file descriptor */
wolfSSL 15:117db924cf7c 3579 int wfd; /* write file descriptor */
wolfSSL 15:117db924cf7c 3580 int rflags; /* user read flags */
wolfSSL 15:117db924cf7c 3581 int wflags; /* user write flags */
wolfSSL 15:117db924cf7c 3582 word32 timeout; /* session timeout */
wolfSSL 15:117db924cf7c 3583 word32 fragOffset; /* fragment offset */
wolfSSL 15:117db924cf7c 3584 word16 curSize;
wolfSSL 15:117db924cf7c 3585 byte verifyDepth;
wolfSSL 15:117db924cf7c 3586 RecordLayerHeader curRL;
wolfSSL 15:117db924cf7c 3587 MsgsReceived msgsReceived; /* peer messages received */
wolfSSL 15:117db924cf7c 3588 ProtocolVersion version; /* negotiated version */
wolfSSL 15:117db924cf7c 3589 ProtocolVersion chVersion; /* client hello version */
wolfSSL 15:117db924cf7c 3590 CipherSpecs specs;
wolfSSL 15:117db924cf7c 3591 Keys keys;
wolfSSL 15:117db924cf7c 3592 Options options;
wolfSSL 15:117db924cf7c 3593 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3594 CallbackInfoState* CBIS; /* used to get info about SSL state */
wolfSSL 15:117db924cf7c 3595 int cbmode; /* read or write on info callback */
wolfSSL 15:117db924cf7c 3596 int cbtype; /* event type in info callback */
wolfSSL 15:117db924cf7c 3597 WOLFSSL_BIO* biord; /* socket bio read to free/close */
wolfSSL 15:117db924cf7c 3598 WOLFSSL_BIO* biowr; /* socket bio write to free/close */
wolfSSL 15:117db924cf7c 3599 byte sessionCtx[ID_LEN]; /* app session context ID */
wolfSSL 15:117db924cf7c 3600 unsigned long peerVerifyRet;
wolfSSL 15:117db924cf7c 3601 byte readAhead;
wolfSSL 15:117db924cf7c 3602 byte sessionCtxSz; /* size of sessionCtx stored */
wolfSSL 15:117db924cf7c 3603 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 3604 void* loggingCtx; /* logging callback argument */
wolfSSL 15:117db924cf7c 3605 #endif
wolfSSL 15:117db924cf7c 3606 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 3607 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 3608 RsaKey* peerRsaKey;
wolfSSL 15:117db924cf7c 3609 byte peerRsaKeyPresent;
wolfSSL 15:117db924cf7c 3610 #endif
wolfSSL 15:117db924cf7c 3611 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 3612 QSHKey* QSH_Key;
wolfSSL 15:117db924cf7c 3613 QSHKey* peerQSHKey;
wolfSSL 15:117db924cf7c 3614 QSHSecret* QSH_secret;
wolfSSL 15:117db924cf7c 3615 byte isQSH; /* is the handshake a QSH? */
wolfSSL 15:117db924cf7c 3616 byte sendQSHKeys; /* flag for if the client should sen
wolfSSL 15:117db924cf7c 3617 public keys */
wolfSSL 15:117db924cf7c 3618 byte peerQSHKeyPresent;
wolfSSL 15:117db924cf7c 3619 byte minRequest;
wolfSSL 15:117db924cf7c 3620 byte maxRequest;
wolfSSL 15:117db924cf7c 3621 byte user_set_QSHSchemes;
wolfSSL 15:117db924cf7c 3622 #endif
wolfSSL 15:117db924cf7c 3623 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3624 word16 namedGroup;
wolfSSL 15:117db924cf7c 3625 word16 group[WOLFSSL_MAX_GROUP_COUNT];
wolfSSL 15:117db924cf7c 3626 byte numGroups;
wolfSSL 15:117db924cf7c 3627 #endif
wolfSSL 15:117db924cf7c 3628 byte pssAlgo;
wolfSSL 15:117db924cf7c 3629 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3630 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 3631 word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
wolfSSL 15:117db924cf7c 3632 byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
wolfSSL 15:117db924cf7c 3633 * offer */
wolfSSL 15:117db924cf7c 3634 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
wolfSSL 15:117db924cf7c 3635 #endif
wolfSSL 15:117db924cf7c 3636 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 3637 word16 peerNtruKeyLen;
wolfSSL 15:117db924cf7c 3638 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
wolfSSL 15:117db924cf7c 3639 byte peerNtruKeyPresent;
wolfSSL 15:117db924cf7c 3640 #endif
wolfSSL 15:117db924cf7c 3641 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 3642 int eccVerifyRes;
wolfSSL 15:117db924cf7c 3643 #endif
wolfSSL 15:117db924cf7c 3644 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 3645 word32 ecdhCurveOID; /* curve Ecc_Sum */
wolfSSL 15:117db924cf7c 3646 ecc_key* eccTempKey; /* private ECDHE key */
wolfSSL 15:117db924cf7c 3647 byte eccTempKeyPresent; /* also holds type */
wolfSSL 15:117db924cf7c 3648 byte peerEccKeyPresent;
wolfSSL 15:117db924cf7c 3649 #endif
wolfSSL 15:117db924cf7c 3650 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 3651 ecc_key* peerEccKey; /* peer's ECDHE key */
wolfSSL 15:117db924cf7c 3652 ecc_key* peerEccDsaKey; /* peer's ECDSA key */
wolfSSL 15:117db924cf7c 3653 word16 eccTempKeySz; /* in octets 20 - 66 */
wolfSSL 15:117db924cf7c 3654 byte peerEccDsaKeyPresent;
wolfSSL 15:117db924cf7c 3655 #endif
wolfSSL 15:117db924cf7c 3656 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 3657 word32 pkCurveOID; /* curve Ecc_Sum */
wolfSSL 15:117db924cf7c 3658 #endif
wolfSSL 15:117db924cf7c 3659 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 3660 ed25519_key* peerEd25519Key;
wolfSSL 15:117db924cf7c 3661 byte peerEd25519KeyPresent;
wolfSSL 15:117db924cf7c 3662 #endif
wolfSSL 15:117db924cf7c 3663 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 3664 curve25519_key* peerX25519Key;
wolfSSL 15:117db924cf7c 3665 byte peerX25519KeyPresent;
wolfSSL 15:117db924cf7c 3666 #endif
wolfSSL 15:117db924cf7c 3667 #ifdef HAVE_LIBZ
wolfSSL 15:117db924cf7c 3668 z_stream c_stream; /* compression stream */
wolfSSL 15:117db924cf7c 3669 z_stream d_stream; /* decompression stream */
wolfSSL 15:117db924cf7c 3670 byte didStreamInit; /* for stream init and end */
wolfSSL 15:117db924cf7c 3671 #endif
wolfSSL 15:117db924cf7c 3672 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 3673 int dtls_timeout_init; /* starting timeout value */
wolfSSL 15:117db924cf7c 3674 int dtls_timeout_max; /* maximum timeout value */
wolfSSL 15:117db924cf7c 3675 int dtls_timeout; /* current timeout value, changes */
wolfSSL 15:117db924cf7c 3676 word32 dtls_tx_msg_list_sz;
wolfSSL 15:117db924cf7c 3677 word32 dtls_rx_msg_list_sz;
wolfSSL 15:117db924cf7c 3678 DtlsMsg* dtls_tx_msg_list;
wolfSSL 15:117db924cf7c 3679 DtlsMsg* dtls_rx_msg_list;
wolfSSL 15:117db924cf7c 3680 void* IOCB_CookieCtx; /* gen cookie ctx */
wolfSSL 15:117db924cf7c 3681 word32 dtls_expected_rx;
wolfSSL 15:117db924cf7c 3682 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 15:117db924cf7c 3683 wc_dtls_export dtls_export; /* export function for session */
wolfSSL 15:117db924cf7c 3684 #endif
wolfSSL 15:117db924cf7c 3685 #ifdef WOLFSSL_SCTP
wolfSSL 15:117db924cf7c 3686 word16 dtlsMtuSz;
wolfSSL 15:117db924cf7c 3687 #endif /* WOLFSSL_SCTP */
wolfSSL 15:117db924cf7c 3688 #ifdef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 3689 void* mcastHwCbCtx; /* Multicast highwater callback ctx */
wolfSSL 15:117db924cf7c 3690 #endif /* WOLFSSL_MULTICAST */
wolfSSL 15:117db924cf7c 3691 #ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL 15:117db924cf7c 3692 word32 macDropCount;
wolfSSL 15:117db924cf7c 3693 word32 replayDropCount;
wolfSSL 15:117db924cf7c 3694 #endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL 15:117db924cf7c 3695 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 3696 #ifdef WOLFSSL_CALLBACKS
wolfSSL 15:117db924cf7c 3697 TimeoutInfo timeoutInfo; /* info saved during handshake */
wolfSSL 15:117db924cf7c 3698 HandShakeInfo handShakeInfo; /* info saved during handshake */
wolfSSL 15:117db924cf7c 3699 #endif
wolfSSL 15:117db924cf7c 3700 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3701 SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
wolfSSL 15:117db924cf7c 3702 void* protoMsgCtx; /* user set context with msg callback */
wolfSSL 15:117db924cf7c 3703 #endif
wolfSSL 15:117db924cf7c 3704 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 3705 byte hsInfoOn; /* track handshake info */
wolfSSL 15:117db924cf7c 3706 byte toInfoOn; /* track timeout info */
wolfSSL 15:117db924cf7c 3707 #endif
wolfSSL 15:117db924cf7c 3708 #ifdef HAVE_FUZZER
wolfSSL 15:117db924cf7c 3709 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
wolfSSL 15:117db924cf7c 3710 void* fuzzerCtx; /* user defined pointer */
wolfSSL 15:117db924cf7c 3711 #endif
wolfSSL 15:117db924cf7c 3712 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 15:117db924cf7c 3713 CertReqCtx* certReqCtx;
wolfSSL 15:117db924cf7c 3714 #endif
wolfSSL 15:117db924cf7c 3715 #ifdef KEEP_PEER_CERT
wolfSSL 15:117db924cf7c 3716 WOLFSSL_X509 peerCert; /* X509 peer cert */
wolfSSL 15:117db924cf7c 3717 #endif
wolfSSL 15:117db924cf7c 3718 #ifdef KEEP_OUR_CERT
wolfSSL 15:117db924cf7c 3719 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
wolfSSL 15:117db924cf7c 3720 points to ctx if not owned (owned
wolfSSL 15:117db924cf7c 3721 flag found in buffers.weOwnCert) */
wolfSSL 15:117db924cf7c 3722 #endif
wolfSSL 15:117db924cf7c 3723 byte keepCert; /* keep certificate after handshake */
wolfSSL 15:117db924cf7c 3724 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 15:117db924cf7c 3725 void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
wolfSSL 15:117db924cf7c 3726 #endif
wolfSSL 15:117db924cf7c 3727 int devId; /* async device id to use */
wolfSSL 15:117db924cf7c 3728 #ifdef HAVE_ONE_TIME_AUTH
wolfSSL 15:117db924cf7c 3729 OneTimeAuth auth;
wolfSSL 15:117db924cf7c 3730 #endif
wolfSSL 15:117db924cf7c 3731 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 15:117db924cf7c 3732 TLSX* extensions; /* RFC 6066 TLS Extensions data */
wolfSSL 15:117db924cf7c 3733 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 15:117db924cf7c 3734 word16 max_fragment;
wolfSSL 15:117db924cf7c 3735 #endif
wolfSSL 15:117db924cf7c 3736 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 15:117db924cf7c 3737 byte truncated_hmac;
wolfSSL 15:117db924cf7c 3738 #endif
wolfSSL 15:117db924cf7c 3739 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 3740 byte status_request;
wolfSSL 15:117db924cf7c 3741 #endif
wolfSSL 15:117db924cf7c 3742 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 15:117db924cf7c 3743 byte status_request_v2;
wolfSSL 15:117db924cf7c 3744 #endif
wolfSSL 15:117db924cf7c 3745 #if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL 15:117db924cf7c 3746 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL 15:117db924cf7c 3747 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
wolfSSL 15:117db924cf7c 3748 #endif /* user turned on */
wolfSSL 15:117db924cf7c 3749 #ifdef HAVE_ALPN
wolfSSL 15:117db924cf7c 3750 char* alpn_client_list; /* keep the client's list */
wolfSSL 15:117db924cf7c 3751 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 3752 CallbackALPNSelect alpnSelect;
wolfSSL 15:117db924cf7c 3753 void* alpnSelectArg;
wolfSSL 15:117db924cf7c 3754 #endif
wolfSSL 15:117db924cf7c 3755 #endif /* of accepted protocols */
wolfSSL 15:117db924cf7c 3756 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL 15:117db924cf7c 3757 CallbackSessionTicket session_ticket_cb;
wolfSSL 15:117db924cf7c 3758 void* session_ticket_ctx;
wolfSSL 15:117db924cf7c 3759 byte expect_session_ticket;
wolfSSL 15:117db924cf7c 3760 #endif
wolfSSL 15:117db924cf7c 3761 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 15:117db924cf7c 3762 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 3763 void* ocspIOCtx;
wolfSSL 15:117db924cf7c 3764 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3765 byte* ocspResp;
wolfSSL 15:117db924cf7c 3766 int ocspRespSz;
wolfSSL 15:117db924cf7c 3767 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 3768 char* url;
wolfSSL 15:117db924cf7c 3769 #endif
wolfSSL 15:117db924cf7c 3770 #endif
wolfSSL 15:117db924cf7c 3771 #endif
wolfSSL 15:117db924cf7c 3772 #ifdef HAVE_NETX
wolfSSL 15:117db924cf7c 3773 NetX_Ctx nxCtx; /* NetX IO Context */
wolfSSL 15:117db924cf7c 3774 #endif
wolfSSL 15:117db924cf7c 3775 #ifdef SESSION_INDEX
wolfSSL 15:117db924cf7c 3776 int sessionIndex; /* Session's location in the cache. */
wolfSSL 15:117db924cf7c 3777 #endif
wolfSSL 15:117db924cf7c 3778 #ifdef ATOMIC_USER
wolfSSL 15:117db924cf7c 3779 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
wolfSSL 15:117db924cf7c 3780 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
wolfSSL 15:117db924cf7c 3781 #endif
wolfSSL 15:117db924cf7c 3782 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 3783 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 3784 void* EccKeyGenCtx; /* EccKeyGen Callback Context */
wolfSSL 15:117db924cf7c 3785 void* EccSignCtx; /* Ecc Sign Callback Context */
wolfSSL 15:117db924cf7c 3786 void* EccVerifyCtx; /* Ecc Verify Callback Context */
wolfSSL 15:117db924cf7c 3787 void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
wolfSSL 15:117db924cf7c 3788 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 3789 void* Ed25519SignCtx; /* ED25519 Sign Callback Context */
wolfSSL 15:117db924cf7c 3790 void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */
wolfSSL 15:117db924cf7c 3791 #endif
wolfSSL 15:117db924cf7c 3792 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 3793 void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */
wolfSSL 15:117db924cf7c 3794 void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
wolfSSL 15:117db924cf7c 3795 #endif
wolfSSL 15:117db924cf7c 3796 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 3797 #ifndef NO_DH
wolfSSL 15:117db924cf7c 3798 void* DhAgreeCtx; /* DH Pms Callback Context */
wolfSSL 15:117db924cf7c 3799 #endif /* !NO_DH */
wolfSSL 15:117db924cf7c 3800 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 3801 void* RsaSignCtx; /* Rsa Sign Callback Context */
wolfSSL 15:117db924cf7c 3802 void* RsaVerifyCtx; /* Rsa Verify Callback Context */
wolfSSL 15:117db924cf7c 3803 #ifdef WC_RSA_PSS
wolfSSL 15:117db924cf7c 3804 void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */
wolfSSL 15:117db924cf7c 3805 void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */
wolfSSL 15:117db924cf7c 3806 #endif
wolfSSL 15:117db924cf7c 3807 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
wolfSSL 15:117db924cf7c 3808 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
wolfSSL 15:117db924cf7c 3809 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 3810 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 15:117db924cf7c 3811 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 15:117db924cf7c 3812 SessionSecretCb sessionSecretCb;
wolfSSL 15:117db924cf7c 3813 void* sessionSecretCtx;
wolfSSL 15:117db924cf7c 3814 #endif /* HAVE_SECRET_CALLBACK */
wolfSSL 15:117db924cf7c 3815 #ifdef WOLFSSL_JNI
wolfSSL 15:117db924cf7c 3816 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
wolfSSL 15:117db924cf7c 3817 #endif /* WOLFSSL_JNI */
wolfSSL 15:117db924cf7c 3818 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 3819 EarlyDataState earlyData;
wolfSSL 15:117db924cf7c 3820 word32 earlyDataSz;
wolfSSL 15:117db924cf7c 3821 #endif
wolfSSL 15:117db924cf7c 3822 };
wolfSSL 15:117db924cf7c 3823
wolfSSL 15:117db924cf7c 3824
wolfSSL 15:117db924cf7c 3825 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3826 int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
wolfSSL 15:117db924cf7c 3827 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3828 int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
wolfSSL 15:117db924cf7c 3829 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3830 void FreeSSL(WOLFSSL*, void* heap);
wolfSSL 15:117db924cf7c 3831 WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
wolfSSL 15:117db924cf7c 3832
wolfSSL 15:117db924cf7c 3833
wolfSSL 15:117db924cf7c 3834
wolfSSL 15:117db924cf7c 3835 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 3836
wolfSSL 15:117db924cf7c 3837 WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 15:117db924cf7c 3838 long sz, int format, int type, WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 3839 long* used, int userChain);
wolfSSL 15:117db924cf7c 3840 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
wolfSSL 15:117db924cf7c 3841 int type, WOLFSSL* ssl, int userChain,
wolfSSL 15:117db924cf7c 3842 WOLFSSL_CRL* crl);
wolfSSL 15:117db924cf7c 3843
wolfSSL 15:117db924cf7c 3844 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3845 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
wolfSSL 15:117db924cf7c 3846 size_t domainNameLen);
wolfSSL 15:117db924cf7c 3847 #endif
wolfSSL 15:117db924cf7c 3848 #endif
wolfSSL 15:117db924cf7c 3849
wolfSSL 15:117db924cf7c 3850
wolfSSL 15:117db924cf7c 3851 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 3852 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3853 void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*);
wolfSSL 15:117db924cf7c 3854 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3855 void FinishHandShakeInfo(HandShakeInfo*);
wolfSSL 15:117db924cf7c 3856 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3857 void AddPacketName(WOLFSSL* ssl, const char* name);
wolfSSL 15:117db924cf7c 3858
wolfSSL 15:117db924cf7c 3859 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3860 void InitTimeoutInfo(TimeoutInfo*);
wolfSSL 15:117db924cf7c 3861 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3862 void FreeTimeoutInfo(TimeoutInfo*, void*);
wolfSSL 15:117db924cf7c 3863 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3864 void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
wolfSSL 15:117db924cf7c 3865 const byte* data, int sz, int write, void* heap);
wolfSSL 15:117db924cf7c 3866 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3867 void AddLateName(const char*, TimeoutInfo*);
wolfSSL 15:117db924cf7c 3868 WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 3869 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
wolfSSL 15:117db924cf7c 3870 #endif
wolfSSL 15:117db924cf7c 3871
wolfSSL 15:117db924cf7c 3872
wolfSSL 15:117db924cf7c 3873 /* Record Layer Header identifier from page 12 */
wolfSSL 15:117db924cf7c 3874 enum ContentType {
wolfSSL 15:117db924cf7c 3875 no_type = 0,
wolfSSL 15:117db924cf7c 3876 change_cipher_spec = 20,
wolfSSL 15:117db924cf7c 3877 alert = 21,
wolfSSL 15:117db924cf7c 3878 handshake = 22,
wolfSSL 15:117db924cf7c 3879 application_data = 23
wolfSSL 15:117db924cf7c 3880 };
wolfSSL 15:117db924cf7c 3881
wolfSSL 15:117db924cf7c 3882
wolfSSL 15:117db924cf7c 3883 /* handshake header, same for each message type, pgs 20/21 */
wolfSSL 15:117db924cf7c 3884 typedef struct HandShakeHeader {
wolfSSL 15:117db924cf7c 3885 byte type;
wolfSSL 15:117db924cf7c 3886 word24 length;
wolfSSL 15:117db924cf7c 3887 } HandShakeHeader;
wolfSSL 15:117db924cf7c 3888
wolfSSL 15:117db924cf7c 3889
wolfSSL 15:117db924cf7c 3890 /* DTLS handshake header, same for each message type */
wolfSSL 15:117db924cf7c 3891 typedef struct DtlsHandShakeHeader {
wolfSSL 15:117db924cf7c 3892 byte type;
wolfSSL 15:117db924cf7c 3893 word24 length;
wolfSSL 15:117db924cf7c 3894 byte message_seq[2]; /* start at 0, retransmit gets same # */
wolfSSL 15:117db924cf7c 3895 word24 fragment_offset; /* bytes in previous fragments */
wolfSSL 15:117db924cf7c 3896 word24 fragment_length; /* length of this fragment */
wolfSSL 15:117db924cf7c 3897 } DtlsHandShakeHeader;
wolfSSL 15:117db924cf7c 3898
wolfSSL 15:117db924cf7c 3899
wolfSSL 15:117db924cf7c 3900 enum HandShakeType {
wolfSSL 15:117db924cf7c 3901 hello_request = 0,
wolfSSL 15:117db924cf7c 3902 client_hello = 1,
wolfSSL 15:117db924cf7c 3903 server_hello = 2,
wolfSSL 15:117db924cf7c 3904 hello_verify_request = 3, /* DTLS addition */
wolfSSL 15:117db924cf7c 3905 session_ticket = 4,
wolfSSL 15:117db924cf7c 3906 end_of_early_data = 5,
wolfSSL 15:117db924cf7c 3907 hello_retry_request = 6,
wolfSSL 15:117db924cf7c 3908 encrypted_extensions = 8,
wolfSSL 15:117db924cf7c 3909 certificate = 11,
wolfSSL 15:117db924cf7c 3910 server_key_exchange = 12,
wolfSSL 15:117db924cf7c 3911 certificate_request = 13,
wolfSSL 15:117db924cf7c 3912 server_hello_done = 14,
wolfSSL 15:117db924cf7c 3913 certificate_verify = 15,
wolfSSL 15:117db924cf7c 3914 client_key_exchange = 16,
wolfSSL 15:117db924cf7c 3915 finished = 20,
wolfSSL 15:117db924cf7c 3916 certificate_status = 22,
wolfSSL 15:117db924cf7c 3917 key_update = 24,
wolfSSL 15:117db924cf7c 3918 change_cipher_hs = 55, /* simulate unique handshake type for sanity
wolfSSL 15:117db924cf7c 3919 checks. record layer change_cipher
wolfSSL 15:117db924cf7c 3920 conflicts with handshake finished */
wolfSSL 15:117db924cf7c 3921 message_hash = 254, /* synthetic message type for TLS v1.3 */
wolfSSL 15:117db924cf7c 3922 no_shake = 255 /* used to initialize the DtlsMsg record */
wolfSSL 15:117db924cf7c 3923 };
wolfSSL 15:117db924cf7c 3924
wolfSSL 15:117db924cf7c 3925 enum ProvisionSide {
wolfSSL 15:117db924cf7c 3926 PROVISION_CLIENT = 1,
wolfSSL 15:117db924cf7c 3927 PROVISION_SERVER = 2,
wolfSSL 15:117db924cf7c 3928 PROVISION_CLIENT_SERVER = 3
wolfSSL 15:117db924cf7c 3929 };
wolfSSL 15:117db924cf7c 3930
wolfSSL 15:117db924cf7c 3931
wolfSSL 15:117db924cf7c 3932 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
wolfSSL 15:117db924cf7c 3933 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
wolfSSL 15:117db924cf7c 3934
wolfSSL 15:117db924cf7c 3935 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
wolfSSL 15:117db924cf7c 3936 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
wolfSSL 15:117db924cf7c 3937
wolfSSL 15:117db924cf7c 3938
wolfSSL 15:117db924cf7c 3939 /* internal functions */
wolfSSL 15:117db924cf7c 3940 WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
wolfSSL 15:117db924cf7c 3941 WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
wolfSSL 15:117db924cf7c 3942 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
wolfSSL 15:117db924cf7c 3943 WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
wolfSSL 15:117db924cf7c 3944 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3945 #ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 3946 WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
wolfSSL 15:117db924cf7c 3947 #else
wolfSSL 15:117db924cf7c 3948 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
wolfSSL 15:117db924cf7c 3949 #endif
wolfSSL 15:117db924cf7c 3950 #endif
wolfSSL 15:117db924cf7c 3951 WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
wolfSSL 15:117db924cf7c 3952 WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
wolfSSL 15:117db924cf7c 3953 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 3954 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 3955 WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*);
wolfSSL 15:117db924cf7c 3956 #endif
wolfSSL 15:117db924cf7c 3957 WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
wolfSSL 15:117db924cf7c 3958 WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
wolfSSL 15:117db924cf7c 3959 WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
wolfSSL 15:117db924cf7c 3960 WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
wolfSSL 15:117db924cf7c 3961 WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
wolfSSL 15:117db924cf7c 3962 WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
wolfSSL 15:117db924cf7c 3963 WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
wolfSSL 15:117db924cf7c 3964
wolfSSL 15:117db924cf7c 3965 WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
wolfSSL 15:117db924cf7c 3966 WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
wolfSSL 15:117db924cf7c 3967
wolfSSL 15:117db924cf7c 3968 WOLFSSL_LOCAL int AddSession(WOLFSSL*);
wolfSSL 15:117db924cf7c 3969 WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 3970 WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
wolfSSL 15:117db924cf7c 3971
wolfSSL 15:117db924cf7c 3972 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 3973 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 3974 WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
wolfSSL 15:117db924cf7c 3975
wolfSSL 15:117db924cf7c 3976 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 3977 WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
wolfSSL 15:117db924cf7c 3978 WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 3979
wolfSSL 15:117db924cf7c 3980 WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 3981
wolfSSL 15:117db924cf7c 3982 WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
wolfSSL 15:117db924cf7c 3983 WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
wolfSSL 15:117db924cf7c 3984
wolfSSL 15:117db924cf7c 3985 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 3986 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 3987 #ifdef WC_RSA_PSS
wolfSSL 15:117db924cf7c 3988 WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
wolfSSL 15:117db924cf7c 3989 byte* out, word32 sigSz, enum wc_HashType hashType);
wolfSSL 15:117db924cf7c 3990 WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
wolfSSL 15:117db924cf7c 3991 enum wc_HashType* hashType, int* mgf);
wolfSSL 15:117db924cf7c 3992 #endif
wolfSSL 15:117db924cf7c 3993 WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
wolfSSL 15:117db924cf7c 3994 word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo,
wolfSSL 15:117db924cf7c 3995 int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo);
wolfSSL 15:117db924cf7c 3996 WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL 15:117db924cf7c 3997 byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
wolfSSL 15:117db924cf7c 3998 DerBuffer* keyBufInfo);
wolfSSL 15:117db924cf7c 3999 WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
wolfSSL 15:117db924cf7c 4000 byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
wolfSSL 15:117db924cf7c 4001 buffer* keyBufInfo);
wolfSSL 15:117db924cf7c 4002 WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
wolfSSL 15:117db924cf7c 4003 word32* outSz, RsaKey* key, DerBuffer* keyBufInfo);
wolfSSL 15:117db924cf7c 4004 WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL 15:117db924cf7c 4005 word32* outSz, RsaKey* key, buffer* keyBufInfo);
wolfSSL 15:117db924cf7c 4006 #endif /* !NO_RSA */
wolfSSL 15:117db924cf7c 4007
wolfSSL 15:117db924cf7c 4008 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4009 WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL 15:117db924cf7c 4010 byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo);
wolfSSL 15:117db924cf7c 4011 WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL 15:117db924cf7c 4012 const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo);
wolfSSL 15:117db924cf7c 4013 WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
wolfSSL 15:117db924cf7c 4014 ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
wolfSSL 15:117db924cf7c 4015 word32* outlen, int side);
wolfSSL 15:117db924cf7c 4016 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 4017 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 4018 WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 4019 WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL 15:117db924cf7c 4020 byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo);
wolfSSL 15:117db924cf7c 4021 WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in,
wolfSSL 15:117db924cf7c 4022 word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
wolfSSL 15:117db924cf7c 4023 buffer* keyBufInfo);
wolfSSL 15:117db924cf7c 4024 #endif /* HAVE_ED25519 */
wolfSSL 15:117db924cf7c 4025
wolfSSL 15:117db924cf7c 4026
wolfSSL 15:117db924cf7c 4027 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 4028
wolfSSL 15:117db924cf7c 4029 /* options for searching hash table for a matching trusted peer cert */
wolfSSL 15:117db924cf7c 4030 #define WC_MATCH_SKID 0
wolfSSL 15:117db924cf7c 4031 #define WC_MATCH_NAME 1
wolfSSL 15:117db924cf7c 4032
wolfSSL 15:117db924cf7c 4033 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
wolfSSL 15:117db924cf7c 4034 int type);
wolfSSL 15:117db924cf7c 4035 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
wolfSSL 15:117db924cf7c 4036 DecodedCert* cert);
wolfSSL 15:117db924cf7c 4037 #endif
wolfSSL 15:117db924cf7c 4038
wolfSSL 15:117db924cf7c 4039 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
wolfSSL 15:117db924cf7c 4040 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4041 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
wolfSSL 15:117db924cf7c 4042 #endif
wolfSSL 15:117db924cf7c 4043 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 4044 WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
wolfSSL 15:117db924cf7c 4045 word32* hashLen);
wolfSSL 15:117db924cf7c 4046 WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
wolfSSL 15:117db924cf7c 4047 const byte* sender);
wolfSSL 15:117db924cf7c 4048 WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
wolfSSL 15:117db924cf7c 4049 WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
wolfSSL 15:117db924cf7c 4050 WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
wolfSSL 15:117db924cf7c 4051
wolfSSL 15:117db924cf7c 4052 #ifndef NO_TLS
wolfSSL 15:117db924cf7c 4053 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
wolfSSL 15:117db924cf7c 4054 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
wolfSSL 15:117db924cf7c 4055 word32 sz, int padSz, int content, int verify);
wolfSSL 15:117db924cf7c 4056 #endif
wolfSSL 15:117db924cf7c 4057
wolfSSL 15:117db924cf7c 4058 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 4059 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
wolfSSL 15:117db924cf7c 4060 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 4061 WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
wolfSSL 15:117db924cf7c 4062 #endif
wolfSSL 15:117db924cf7c 4063 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
wolfSSL 15:117db924cf7c 4064 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
wolfSSL 15:117db924cf7c 4065 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 4066
wolfSSL 15:117db924cf7c 4067 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4068 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
wolfSSL 15:117db924cf7c 4069 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
wolfSSL 15:117db924cf7c 4070 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 4071
wolfSSL 15:117db924cf7c 4072 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 4073 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
wolfSSL 15:117db924cf7c 4074 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
wolfSSL 15:117db924cf7c 4075 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
wolfSSL 15:117db924cf7c 4076 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
wolfSSL 15:117db924cf7c 4077 word32, word32, void*);
wolfSSL 15:117db924cf7c 4078 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
wolfSSL 15:117db924cf7c 4079 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,
wolfSSL 15:117db924cf7c 4080 byte, word32, word32, void*);
wolfSSL 15:117db924cf7c 4081 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
wolfSSL 15:117db924cf7c 4082
wolfSSL 15:117db924cf7c 4083 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32);
wolfSSL 15:117db924cf7c 4084 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
wolfSSL 15:117db924cf7c 4085 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
wolfSSL 15:117db924cf7c 4086 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
wolfSSL 15:117db924cf7c 4087 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
wolfSSL 15:117db924cf7c 4088 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 4089
wolfSSL 15:117db924cf7c 4090 #ifndef NO_TLS
wolfSSL 15:117db924cf7c 4091
wolfSSL 15:117db924cf7c 4092
wolfSSL 15:117db924cf7c 4093 #endif /* NO_TLS */
wolfSSL 15:117db924cf7c 4094
wolfSSL 15:117db924cf7c 4095 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 4096 WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
wolfSSL 15:117db924cf7c 4097 #endif
wolfSSL 15:117db924cf7c 4098 WOLFSSL_LOCAL word32 LowResTimer(void);
wolfSSL 15:117db924cf7c 4099
wolfSSL 15:117db924cf7c 4100 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 4101 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
wolfSSL 15:117db924cf7c 4102 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
wolfSSL 15:117db924cf7c 4103 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
wolfSSL 15:117db924cf7c 4104 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
wolfSSL 15:117db924cf7c 4105 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
wolfSSL 15:117db924cf7c 4106 #endif
wolfSSL 15:117db924cf7c 4107
wolfSSL 15:117db924cf7c 4108 typedef struct CipherSuiteInfo {
wolfSSL 15:117db924cf7c 4109 const char* name;
wolfSSL 15:117db924cf7c 4110 #ifndef NO_ERROR_STRINGS
wolfSSL 15:117db924cf7c 4111 const char* name_iana;
wolfSSL 15:117db924cf7c 4112 #endif
wolfSSL 15:117db924cf7c 4113 byte cipherSuite0;
wolfSSL 15:117db924cf7c 4114 byte cipherSuite;
wolfSSL 15:117db924cf7c 4115 } CipherSuiteInfo;
wolfSSL 15:117db924cf7c 4116
wolfSSL 15:117db924cf7c 4117 WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
wolfSSL 15:117db924cf7c 4118 WOLFSSL_LOCAL int GetCipherNamesSize(void);
wolfSSL 15:117db924cf7c 4119 WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite);
wolfSSL 15:117db924cf7c 4120 WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite);
wolfSSL 15:117db924cf7c 4121 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 4122 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 4123
wolfSSL 15:117db924cf7c 4124 enum encrypt_side {
wolfSSL 15:117db924cf7c 4125 ENCRYPT_SIDE_ONLY = 1,
wolfSSL 15:117db924cf7c 4126 DECRYPT_SIDE_ONLY,
wolfSSL 15:117db924cf7c 4127 ENCRYPT_AND_DECRYPT_SIDE
wolfSSL 15:117db924cf7c 4128 };
wolfSSL 15:117db924cf7c 4129
wolfSSL 15:117db924cf7c 4130 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
wolfSSL 15:117db924cf7c 4131
wolfSSL 15:117db924cf7c 4132
wolfSSL 15:117db924cf7c 4133 #ifndef NO_DH
wolfSSL 15:117db924cf7c 4134 WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL 15:117db924cf7c 4135 byte* priv, word32* privSz,
wolfSSL 15:117db924cf7c 4136 byte* pub, word32* pubSz);
wolfSSL 15:117db924cf7c 4137 WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL 15:117db924cf7c 4138 const byte* priv, word32 privSz,
wolfSSL 15:117db924cf7c 4139 const byte* otherPub, word32 otherPubSz,
wolfSSL 15:117db924cf7c 4140 byte* agree, word32* agreeSz);
wolfSSL 15:117db924cf7c 4141 #endif /* !NO_DH */
wolfSSL 15:117db924cf7c 4142
wolfSSL 15:117db924cf7c 4143 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4144 WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
wolfSSL 15:117db924cf7c 4145 #endif
wolfSSL 15:117db924cf7c 4146
wolfSSL 15:117db924cf7c 4147 WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 4148 WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 4149
wolfSSL 15:117db924cf7c 4150 WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
wolfSSL 15:117db924cf7c 4151 const byte* input, int inSz, int type, int hashOutput,
wolfSSL 15:117db924cf7c 4152 int sizeOnly, int asyncOkay);
wolfSSL 15:117db924cf7c 4153
wolfSSL 15:117db924cf7c 4154 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 4155 int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
wolfSSL 15:117db924cf7c 4156 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
wolfSSL 15:117db924cf7c 4157 #endif
wolfSSL 15:117db924cf7c 4158
wolfSSL 15:117db924cf7c 4159 WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
wolfSSL 15:117db924cf7c 4160 WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
wolfSSL 15:117db924cf7c 4161
wolfSSL 15:117db924cf7c 4162 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 4163 WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags);
wolfSSL 15:117db924cf7c 4164 WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
wolfSSL 15:117db924cf7c 4165 WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
wolfSSL 15:117db924cf7c 4166 #endif
wolfSSL 15:117db924cf7c 4167
wolfSSL 15:117db924cf7c 4168
wolfSSL 15:117db924cf7c 4169 #ifdef __cplusplus
wolfSSL 15:117db924cf7c 4170 } /* extern "C" */
wolfSSL 15:117db924cf7c 4171 #endif
wolfSSL 15:117db924cf7c 4172
wolfSSL 15:117db924cf7c 4173 #endif /* wolfSSL_INT_H */
wolfSSL 15:117db924cf7c 4174