wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
Diff: wolfssl/internal.h
- Revision:
- 16:8e0d178b1d1e
- Parent:
- 15:117db924cf7c
--- a/wolfssl/internal.h Sat Aug 18 22:20:43 2018 +0000 +++ b/wolfssl/internal.h Thu Jun 04 23:57:22 2020 +0000 @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2017 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -105,6 +105,12 @@ #ifdef HAVE_CURVE25519 #include <wolfssl/wolfcrypt/curve25519.h> #endif +#ifdef HAVE_ED448 + #include <wolfssl/wolfcrypt/ed448.h> +#endif +#ifdef HAVE_CURVE448 + #include <wolfssl/wolfcrypt/curve448.h> +#endif #include <wolfssl/wolfcrypt/wc_encrypt.h> #include <wolfssl/wolfcrypt/hash.h> @@ -130,6 +136,9 @@ #ifndef SINGLE_THREADED #include "tx_api.h" #endif + +#elif defined(WOLFSSL_DEOS) + /* do nothing, just don't pick Unix */ #elif defined(MICRIUM) /* do nothing, just don't pick Unix */ #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) @@ -146,14 +155,14 @@ /* do nothing */ #elif defined(WOLFSSL_CMSIS_RTOS) #include "cmsis_os.h" +#elif defined(WOLFSSL_CMSIS_RTOSv2) + #include "cmsis_os2.h" #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) - #include "cmsis_os.h" + #include "cmsis_os.h" #else #include <rtl.h> #endif -#elif defined(WOLFSSL_CMSIS_RTOS) - #include "cmsis_os.h" #elif defined(MBED) #elif defined(WOLFSSL_TIRTOS) /* do nothing */ @@ -161,12 +170,23 @@ #include <rt.h> #elif defined(WOLFSSL_NUCLEUS_1_2) /* do nothing */ +#elif defined(WOLFSSL_APACHE_MYNEWT) + #if !defined(WOLFSSL_LWIP) + void mynewt_ctx_clear(void *ctx); + void* mynewt_ctx_new(); + #endif +#elif defined(WOLFSSL_ZEPHYR) + #ifndef SINGLE_THREADED + #include <kernel.h> + #endif +#elif defined(WOLFSSL_TELIT_M2MB) + /* do nothing */ #else #ifndef SINGLE_THREADED #define WOLFSSL_PTHREADS #include <pthread.h> #endif - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) #include <unistd.h> /* for close of BIO */ #endif #endif @@ -242,8 +262,16 @@ #define BUILD_TLS_QSH #endif +#ifndef WOLFSSL_NO_TLS12 + #ifndef WOLFSSL_MAX_STRENGTH +#ifdef WOLFSSL_AEAD_ONLY + /* AES CBC ciphers are not allowed in AEAD only mode */ + #undef HAVE_AES_CBC +#endif + +#ifndef WOLFSSL_AEAD_ONLY #if !defined(NO_RSA) && !defined(NO_RC4) #if defined(WOLFSSL_STATIC_RSA) #if !defined(NO_SHA) @@ -276,9 +304,10 @@ #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA #endif #endif +#endif /* !WOLFSSL_AEAD_ONLY */ #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) - #if !defined(NO_SHA) + #if !defined(NO_SHA) && defined(HAVE_AES_CBC) #if defined(WOLFSSL_STATIC_RSA) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA @@ -297,7 +326,7 @@ #endif #endif #if defined(WOLFSSL_STATIC_RSA) - #if !defined (NO_SHA256) + #if !defined (NO_SHA256) && defined(HAVE_AES_CBC) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 #endif @@ -321,18 +350,10 @@ #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 #endif #endif - #if defined(HAVE_BLAKE2) - #ifdef WOLFSSL_AES_128 - #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - #endif - #ifdef WOLFSSL_AES_256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - #endif - #endif #endif #endif - #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) + #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC) #ifndef NO_RSA #if defined(WOLFSSL_STATIC_RSA) #if !defined(NO_SHA) @@ -369,10 +390,12 @@ #endif #ifndef NO_SHA256 #ifdef WOLFSSL_AES_128 - #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 - #ifdef HAVE_AESGCM - #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - #endif + #ifdef HAVE_AES_CBC + #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 + #endif + #ifdef HAVE_AESGCM + #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + #endif #endif /* WOLFSSL_AES_128 */ #ifdef HAVE_AESCCM #ifdef WOLFSSL_AES_128 @@ -386,7 +409,9 @@ #endif #endif #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) - #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + #ifdef HAVE_AES_CBC + #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + #endif #ifdef HAVE_AESGCM #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 #endif @@ -397,6 +422,9 @@ #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) #if !defined(NO_RSA) #if defined(WOLFSSL_STATIC_RSA) + #ifndef NO_MD5 + #define BUILD_TLS_RSA_WITH_NULL_MD5 + #endif #if !defined(NO_SHA) #define BUILD_TLS_RSA_WITH_NULL_SHA #endif @@ -426,9 +454,6 @@ #if !defined(NO_SHA) #define BUILD_TLS_RSA_WITH_HC_128_SHA #endif - #if defined(HAVE_BLAKE2) - #define BUILD_TLS_RSA_WITH_HC_128_B2B256 - #endif #endif #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) @@ -442,10 +467,10 @@ !defined(NO_RSA) #if !defined(NO_SHA) - #ifdef WOLFSSL_AES_128 + #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #endif - #ifdef WOLFSSL_AES_256 + #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA #endif #if !defined(NO_DES3) @@ -464,7 +489,9 @@ #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) - #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA + #ifdef HAVE_AES_CBC + #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA + #endif #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 @@ -473,7 +500,8 @@ #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) #ifndef NO_SHA256 - #if !defined(NO_AES) && defined(WOLFSSL_AES_128) + #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_CBC) #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 #endif #ifdef HAVE_NULL_CIPHER @@ -481,7 +509,8 @@ #endif #endif #ifdef WOLFSSL_SHA384 - #if !defined(NO_AES) && defined(WOLFSSL_AES_256) + #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_CBC) #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 #endif #ifdef HAVE_NULL_CIPHER @@ -490,9 +519,10 @@ #endif #endif - #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && !defined(NO_TLS) #if !defined(NO_AES) - #if !defined(NO_SHA) + #if !defined(NO_SHA) && defined(HAVE_AES_CBC) #if !defined(NO_RSA) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA @@ -510,8 +540,9 @@ #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA #endif @@ -529,15 +560,17 @@ #endif #endif #endif /* NO_SHA */ - #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_CBC) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) @@ -545,15 +578,17 @@ #endif #endif - #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_CBC) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) @@ -593,15 +628,20 @@ #if !defined(NO_RC4) #if !defined(NO_SHA) #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #ifndef WOLFSSL_AEAD_ONLY + #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) - #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) + #ifndef WOLFSSL_AEAD_ONLY + #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #endif #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA @@ -617,8 +657,9 @@ #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) @@ -628,8 +669,9 @@ #endif #if defined(HAVE_NULL_CIPHER) #if !defined(NO_SHA) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA #endif #endif @@ -638,17 +680,18 @@ #endif #endif #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ - defined(WOLFSSL_AES_128) + defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 #endif #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) #if !defined(NO_OLD_POLY1305) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 #endif - #ifndef NO_RSA + #if !defined(NO_RSA) && defined(HAVE_ECC) #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 #endif #if !defined(NO_DH) && !defined(NO_RSA) @@ -657,7 +700,8 @@ #endif /* NO_OLD_POLY1305 */ #if !defined(NO_PSK) #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - #if defined(HAVE_ECC) || defined(HAVE_ED25519) + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + defined(HAVE_ED448) #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 #endif #ifndef NO_DH @@ -700,12 +744,13 @@ #endif #endif -#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \ - !defined(NO_AES) +#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \ + && !defined(NO_TLS) && !defined(NO_AES) #ifdef HAVE_AESGCM #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 #endif #ifndef NO_RSA @@ -713,8 +758,9 @@ #endif #endif #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 #endif #ifndef NO_RSA @@ -723,8 +769,9 @@ #endif #endif #if defined(HAVE_AESCCM) && !defined(NO_SHA256) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 @@ -737,9 +784,10 @@ #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 #endif #ifndef NO_RSA @@ -751,6 +799,8 @@ #endif #endif +#endif + #if defined(WOLFSSL_TLS13) #ifdef HAVE_AESGCM #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) @@ -773,6 +823,14 @@ #define BUILD_TLS_AES_128_CCM_8_SHA256 #endif #endif + #ifdef HAVE_NULL_CIPHER + #ifndef NO_SHA256 + #define BUILD_TLS_SHA256_SHA256 + #endif + #ifdef WOLFSSL_SHA384 + #define BUILD_TLS_SHA384_SHA384 + #endif + #endif #endif #ifdef WOLFSSL_MULTICAST @@ -807,7 +865,9 @@ defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ - defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) + defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \ + defined(BUILD_TLS_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_AES_256_GCM_SHA384) #define BUILD_AESGCM #else /* No AES-GCM cipher suites available with build */ @@ -831,8 +891,7 @@ #endif #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ - defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ - defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) + defined(BUILD_TLS_RSA_WITH_HC_128_MD5) #define BUILD_HC128 #endif @@ -867,7 +926,9 @@ #if defined(WOLFSSL_MAX_STRENGTH) || \ (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \ defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)) + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + !defined(NO_CHAPOL_AEAD)) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)) #define HAVE_AEAD #endif @@ -890,6 +951,7 @@ TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, + TLS_RSA_WITH_NULL_MD5 = 0x01, TLS_RSA_WITH_NULL_SHA = 0x02, TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, @@ -940,11 +1002,6 @@ TLS_RSA_WITH_RABBIT_SHA = 0xFD, WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ - /* wolfSSL extension - Blake2b 256 */ - TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, - TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, - TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ - /* wolfSSL extension - NTRU */ TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, @@ -1035,6 +1092,12 @@ TLS_AES_128_CCM_SHA256 = 0x04, TLS_AES_128_CCM_8_SHA256 = 0x05, + /* TLS v1.3 Integity only cipher suites - 0xC0 (ECC) first byte */ + TLS_SHA256_SHA256 = 0xB4, + TLS_SHA384_SHA384 = 0xB5, + + /* Fallback SCSV (Signaling Cipher Suite Value) */ + TLS_FALLBACK_SCSV = 0x56, /* Renegotiation Indication Extension Special Suite */ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff }; @@ -1085,7 +1148,11 @@ #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) /* set maximum DH key size allowed */ #ifndef WOLFSSL_MAX_DHKEY_BITS - #define WOLFSSL_MAX_DHKEY_BITS 4096 + #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) + #define WOLFSSL_MAX_DHKEY_BITS 8192 + #else + #define WOLFSSL_MAX_DHKEY_BITS 4096 + #endif #endif #if (WOLFSSL_MAX_DHKEY_BITS % 8) #error DH maximum bit size must be multiple of 8 @@ -1095,7 +1162,19 @@ #endif #define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8) - +#ifndef MAX_PSK_ID_LEN + /* max psk identity/hint supported */ + #if defined(WOLFSSL_TLS13) + #define MAX_PSK_ID_LEN 256 + #else + #define MAX_PSK_ID_LEN 128 + #endif +#endif + +#ifndef MAX_EARLY_DATA_SZ + /* maximum early data size */ + #define MAX_EARLY_DATA_SZ 4096 +#endif enum Misc { CIPHER_BYTE = 0x00, /* Default ciphers */ @@ -1116,8 +1195,8 @@ TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ -#ifndef WOLFSSL_TLS13_FINAL TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ +#ifdef WOLFSSL_TLS13_DRAFT #ifdef WOLFSSL_TLS13_DRAFT_18 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ #elif defined(WOLFSSL_TLS13_DRAFT_22) @@ -1138,14 +1217,29 @@ HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, /* pre RSA and all master */ -#if defined(WOLFSSL_MYSQL_COMPATIBLE) - ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */ +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192) +#ifndef NO_PSK + ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */ +#else + ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ +#endif +#else +#ifndef NO_PSK + ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */ #else ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ #endif +#endif SIZEOF_SENDER = 4, /* clnt or srvr */ FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ + MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */ + MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */ +#ifdef WOLFSSL_TLS13 + MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */ + MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */ +#endif MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE, /* max added to msg, mac + pad from */ /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max @@ -1153,7 +1247,7 @@ MAX_COMP_EXTRA = 1024, /* max compression extra */ MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */ MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ - MAX_DH_SZ = (MAX_DHKEY_SZ * 2) + 12, + MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */ /* 4096 p, pub, g + 2 byte size for each */ MAX_STR_VERSION = 8, /* string rep of protocol version */ @@ -1171,13 +1265,14 @@ MAX_DH_SIZE = MAX_DHKEY_SZ+1, /* Max size plus possible leading 0 */ NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */ + MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */ + MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */ SESSION_HINT_SZ = 4, /* session timeout hint */ SESSION_ADD_SZ = 4, /* session age add */ TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */ DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */ - MAX_TICKET_NONCE_SZ = 4, /* maximum ticket nonce size */ + MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */ MAX_LIFETIME = 604800, /* maximum ticket lifetime */ - MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */ RAN_LEN = 32, /* random length */ SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ @@ -1216,26 +1311,26 @@ DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */ DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ + DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */ DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */ DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */ DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */ DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), /* max amount of bytes used from Keys */ - DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2), + DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2), /* min amount of bytes used from Keys */ DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ + MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN), + /* max size of buffer for exporting state */ FINISHED_LABEL_SZ = 15, /* TLS finished label size */ TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */ MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ - MAX_PRF_HALF = 256, /* Maximum half secret len */ - MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ - MAX_PRF_DIG = 224, /* Maximum digest len */ PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */ MAX_LABEL_SZ = 34, /* Maximum length of a label */ MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + @@ -1253,9 +1348,13 @@ #endif #ifdef HAVE_SELFTEST - AES_256_KEY_SIZE = 32, + #ifndef WOLFSSL_AES_KEY_SIZE_ENUM + #define WOLFSSL_AES_KEY_SIZE_ENUM AES_IV_SIZE = 16, AES_128_KEY_SIZE = 16, + AES_192_KEY_SIZE = 24, + AES_256_KEY_SIZE = 32, + #endif #endif MAX_IV_SZ = AES_BLOCK_SIZE, @@ -1293,6 +1392,8 @@ POLY1305_AUTH_SZ = 16, /* 128 bits */ + HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */ + HC_128_KEY_SIZE = 16, /* 128 bits */ HC_128_IV_SIZE = 16, /* also 128 bits */ @@ -1301,11 +1402,13 @@ EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ +#ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */ ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ +#endif MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */ - NEW_SA_MAJOR = 8, /* Most signicant byte used with new sig algos */ + NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ @@ -1314,7 +1417,17 @@ MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ - MAX_CERT_VERIFY_SZ = 1024, /* max */ +#ifndef NO_RSA + MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */ +#elif defined(HAVE_ECC) + MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */ +#elif defined(HAVE_ED448) + MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */ +#elif defined(HAVE_ED25519) + MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */ +#else + MAX_CERT_VERIFY_SZ = 1024, /* max default */ +#endif CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ @@ -1322,17 +1435,14 @@ DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ - MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ NULL_TERM_LEN = 1, /* length of null '\0' termination character */ MAX_PSK_KEY_LEN = 64, /* max psk key supported */ MIN_PSK_ID_LEN = 6, /* min length of identities */ MIN_PSK_BINDERS_LEN= 33, /* min length of binders */ MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */ - MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ - -#if defined(HAVE_EX_DATA) || defined(FORTRESS) - MAX_EX_DATA = 5, /* allow for five items of ex_data */ +#ifndef MAX_WOLFSSL_FILE_SIZE + MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */ #endif MAX_X509_SIZE = 2048, /* max static x509 buffer size */ @@ -1394,9 +1504,9 @@ #endif #endif /* WOLFSSL_MIN_ECC_BITS */ #if (WOLFSSL_MIN_ECC_BITS % 8) - /* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1. - In these cases round down to the nearest value divisable by 8. The - restriction of being divisable by 8 is in place to match wc_ecc_size + /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1. + In these cases round down to the nearest value divisible by 8. The + restriction of being divisible by 8 is in place to match wc_ecc_size function from wolfSSL. */ #error ECC minimum bit size must be a multiple of 8 @@ -1413,7 +1523,7 @@ #endif /* WOLFSSL_MIN_RSA_BITS */ #if (WOLFSSL_MIN_RSA_BITS % 8) /* This is to account for the example case of a min size of 2050 bits but - still allows 2049 bit key. So we need the measurment to be in bytes. */ + still allows 2049 bit key. So we need the measurement to be in bytes. */ #error RSA minimum bit size must be a multiple of 8 #endif #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8) @@ -1474,6 +1584,7 @@ SERVER_CHANGECIPHERSPEC_COMPLETE, SERVER_FINISHED_COMPLETE, + CLIENT_HELLO_RETRY, CLIENT_HELLO_COMPLETE, CLIENT_KEYEXCHANGE_COMPLETE, CLIENT_CHANGECIPHERSPEC_COMPLETE, @@ -1504,42 +1615,15 @@ word32 sz); WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, word32 sz); + WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, + byte* buf, word32 sz); + WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, + byte* buf, word32 sz); WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); #endif #endif -/* wolfSSL BIO_METHOD type */ -struct WOLFSSL_BIO_METHOD { - byte type; /* method type */ -}; - - -/* wolfSSL BIO type */ -struct WOLFSSL_BIO { - WOLFSSL_BUF_MEM* mem_buf; - WOLFSSL* ssl; /* possible associated ssl */ -#ifndef NO_FILESYSTEM - XFILE file; -#endif - WOLFSSL_BIO* prev; /* previous in chain */ - WOLFSSL_BIO* next; /* next in chain */ - WOLFSSL_BIO* pair; /* BIO paired with */ - void* heap; /* user heap hint */ - byte* mem; /* memory buffer */ - int wrSz; /* write buffer size (mem) */ - int wrIdx; /* current index for write buffer */ - int rdIdx; /* current read index */ - int readRq; /* read request */ - int memLen; /* memory buffer length */ - int fd; /* possible file descriptor */ - int eof; /* eof flag */ - int flags; - byte type; /* method type */ - byte close; /* close flag */ -}; - - /* wolfSSL method type */ struct WOLFSSL_METHOD { ProtocolVersion version; @@ -1556,6 +1640,9 @@ /* defaults to client */ WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); +WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl); +WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side); + /* for sniffer */ WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, word32 totalSz, int sniff); @@ -1563,6 +1650,9 @@ /* TLS v1.3 needs these */ WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites); +#ifdef WOLFSSL_TLS13 +WOLFSSL_LOCAL int FindSuite(Suites* suites, byte first, byte second); +#endif WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, word32); #ifdef WOLFSSL_TLS13 @@ -1573,7 +1663,7 @@ word32); WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); -WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, +WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz); WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); #ifdef HAVE_PK_CALLBACKS @@ -1583,10 +1673,14 @@ #endif #endif WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); +WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); #ifndef NO_CERTS WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); +#ifdef OPENSSL_EXTRA +WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc); +#endif #endif WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); @@ -1697,6 +1791,9 @@ byte setSuites; /* user set suites from default */ byte hashAlgo; /* selected hash algorithm */ byte sigAlgo; /* selected sig algorithm */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */ +#endif }; @@ -1713,6 +1810,13 @@ unsigned int, unsigned char*, unsigned int); typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, unsigned char*, unsigned int); +#ifdef WOLFSSL_TLS13 + typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*, + char*, unsigned int, unsigned char*, unsigned int, + const char**); + typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*, + unsigned char*, unsigned int, const char**); +#endif #endif /* PSK_TYPES_DEFINED */ #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ !defined(WOLFSSL_DTLS_EXPORT_TYPES) @@ -1722,48 +1826,45 @@ #endif /* WOLFSSL_DTLS_EXPORT_TYPES */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#define MAX_DESCRIPTION_SZ 255 +#endif /* wolfSSL Cipher type just points back to SSL */ struct WOLFSSL_CIPHER { + byte cipherSuite0; + byte cipherSuite; WOLFSSL* ssl; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + char description[MAX_DESCRIPTION_SZ]; + unsigned long offset; + unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */ + int bits; +#endif }; -typedef struct OcspEntry OcspEntry; - -#ifdef NO_SHA - #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE -#else - #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE -#endif - #ifdef NO_ASN /* no_asn won't have */ typedef struct CertStatus CertStatus; #endif -struct OcspEntry { - OcspEntry* next; /* next entry */ - byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ - byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ - CertStatus* status; /* OCSP response list */ - int totalStatus; /* number on list */ -}; - - #ifndef HAVE_OCSP typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; #endif /* wolfSSL OCSP controller */ +#ifdef HAVE_OCSP struct WOLFSSL_OCSP { WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ OcspEntry* ocspList; /* OCSP response list */ wolfSSL_Mutex ocspLock; /* OCSP list lock */ + int error; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int(*statusCb)(WOLFSSL*, void*); #endif }; +#endif #ifndef MAX_DATE_SIZE #define MAX_DATE_SIZE 32 @@ -1799,7 +1900,7 @@ byte* signature; word32 signatureSz; word32 signatureOID; -#if !defined(NO_SKID) && defined(CRL_SKID_READY) +#if !defined(NO_SKID) && !defined(NO_ASN) byte extAuthKeyIdSet; byte extAuthKeyId[KEYID_SIZE]; #endif @@ -1869,6 +1970,9 @@ #endif char* ocspOverrideURL; /* use this responder */ void* ocspIOCtx; /* I/O callback CTX */ +#ifndef NO_WOLFSSL_CM_VERIFY + VerifyCallback verifyCallback; /* Verify callback */ +#endif CallbackCACache caCacheCallback; /* CA cache addition callback */ CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ @@ -1885,7 +1989,7 @@ #ifndef NO_RSA short minRsaKeySz; /* minimum allowed RSA key size */ #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum allowed ECC key size */ #endif }; @@ -1895,6 +1999,42 @@ WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); +WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff, + long sz, int format, int err_val); + + +#ifndef NO_CERTS +#if !defined NOCERTS &&\ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) +typedef struct ProcPeerCertArgs { + buffer* certs; +#ifdef WOLFSSL_TLS13 + buffer* exts; /* extensions */ +#endif + DecodedCert* dCert; + word32 idx; + word32 begin; + int totalCerts; /* number of certs in certs buffer */ + int count; + int certIdx; + int lastErr; +#ifdef WOLFSSL_TLS13 + byte ctxSz; +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + char untrustedDepth; +#endif + word16 fatal:1; + word16 verifyErr:1; + word16 dCertInit:1; +#ifdef WOLFSSL_TRUST_PEER_CERT + word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */ +#endif +} ProcPeerCertArgs; +WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, + int ret, ProcPeerCertArgs* args); +#endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ +#endif /* !defined NO_CERTS */ /* wolfSSL Sock Addr */ struct WOLFSSL_SOCKADDR { @@ -1933,8 +2073,10 @@ /* keys and secrets * keep as a constant size (no additional ifdefs) for session export */ typedef struct Keys { +#if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13) byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */ byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE]; +#endif byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */ byte server_write_key[MAX_SYM_KEY_SIZE]; byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ @@ -1978,6 +2120,10 @@ byte updateResponseReq:1; /* KeyUpdate response from peer required. */ byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ #endif +#ifdef WOLFSSL_RENESAS_TSIP_TLS + byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; + byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; +#endif } Keys; @@ -1988,13 +2134,19 @@ typedef enum { TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ TLSX_MAX_FRAGMENT_LENGTH = 0x0001, + TLSX_TRUSTED_CA_KEYS = 0x0003, TLSX_TRUNCATED_HMAC = 0x0004, TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ TLSX_EC_POINT_FORMATS = 0x000b, +#if !defined(WOLFSSL_NO_SIGALG) TLSX_SIGNATURE_ALGORITHMS = 0x000d, +#endif TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ +#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) + TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ +#endif TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ TLSX_SESSION_TICKET = 0x0023, #ifdef WOLFSSL_TLS13 @@ -2037,7 +2189,7 @@ WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) -WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, +WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength); WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset); @@ -2045,17 +2197,20 @@ #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) /* TLS 1.3 Certificate messages have extensions. */ -WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, +WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength); -WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, +WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset); #endif +WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length, + byte msgType, int* found); WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, Suites *suites); #elif defined(HAVE_SNI) \ || defined(HAVE_MAX_FRAGMENT) \ + || defined(HAVE_TRUSTED_CA) \ || defined(HAVE_TRUNCATED_HMAC) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ @@ -2098,6 +2253,21 @@ #endif /* HAVE_SNI */ +/* Trusted CA Key Indication - RFC 6066 (section 6) */ +#ifdef HAVE_TRUSTED_CA + +typedef struct TCA { + byte type; /* TCA Type */ + byte* id; /* TCA identifier */ + word16 idSz; /* TCA identifier size */ + struct TCA* next; /* List Behavior */ +} TCA; + +WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type, + const byte* id, word16 idSz, void* heap); + +#endif /* HAVE_TRUSTED_CA */ + /* Application-Layer Protocol Negotiation - RFC 7301 */ #ifdef HAVE_ALPN typedef struct ALPN { @@ -2205,6 +2375,7 @@ WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second); WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl); #endif WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported); @@ -2226,11 +2397,13 @@ /* Additional Connection State according to rfc5746 section 3.1 */ typedef struct SecureRenegotiation { byte enabled; /* secure_renegotiation flag in rfc */ + byte verifySet; byte startScr; /* server requested client to start scr */ enum key_cache_state cache_status; /* track key cache state */ byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ - byte subject_hash[WC_SHA_DIGEST_SIZE]; /* peer cert hash */ + byte subject_hash_set; /* if peer cert hash is set */ + byte subject_hash[KEYID_SIZE]; /* peer cert hash */ Keys tmp_keys; /* can't overwrite real keys yet */ } SecureRenegotiation; @@ -2356,17 +2529,18 @@ byte cipherSuite0; /* Cipher Suite */ byte cipherSuite; /* Cipher Suite */ word32 binderLen; /* Length of HMAC */ - byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of hanshake */ + byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */ byte hmac; /* HMAC algorithm */ byte resumption:1; /* Resumption PSK */ byte chosen:1; /* Server's choice */ struct PreSharedKey* next; /* List pointer */ } PreSharedKey; -WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, - byte* output, byte msgType); -WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, - byte msgType); +WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, + byte* output, byte msgType, + word16* pSz); +WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, + byte msgType, word16* pSz); WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, word16 len, word32 age, byte hmac, byte cipherSuite0, byte cipherSuite, @@ -2413,7 +2587,7 @@ enum SetCBIO { WOLFSSL_CBIO_NONE = 0, WOLFSSL_CBIO_RECV = 0x1, - WOLFSSL_CBIO_SEND = 0x2, + WOLFSSL_CBIO_SEND = 0x2, }; #endif @@ -2434,19 +2608,22 @@ DerBuffer* certificate; DerBuffer* certChain; /* chain after self, in DER, with leading size for each cert */ - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; #endif #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) WOLF_STACK_OF(WOLFSSL_X509)* x509Chain; + client_cert_cb CBClientCert; /* client certificate callback */ #endif #ifdef WOLFSSL_TLS13 int certChainCnt; #endif DerBuffer* privateKey; - byte privateKeyType; + byte privateKeyType:7; + byte privateKeyId:1; int privateKeySz; + int privateKeyDevId; WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ #endif #ifdef KEEP_OUR_CERT @@ -2465,7 +2642,7 @@ #ifdef HAVE_EXT_CACHE byte internalCacheOff:1; #endif - byte sendVerify; /* for client side (can not be single bit) */ + byte sendVerify:2; /* for client side (can not be single bit) */ byte haveRSA:1; /* RSA available */ byte haveECC:1; /* ECC available */ byte haveDH:1; /* server DH parms set by user */ @@ -2482,15 +2659,34 @@ byte noTicketTls13:1; /* Server won't create new Ticket */ byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ #endif + byte mutualAuth:1; /* Mutual authentication required */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) byte postHandshakeAuth:1; /* Post-handshake auth supported. */ #endif +#ifndef NO_DH + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + byte dhKeyTested:1; /* Set when key has been tested. */ + #endif +#endif +#ifdef HAVE_SECURE_RENEGOTIATION + byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */ +#endif +#ifdef HAVE_ENCRYPT_THEN_MAC + byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ +#endif +#ifdef WOLFSSL_STATIC_MEMORY + byte onHeap:1; /* whether the ctx/method is put on heap hint */ +#endif #ifdef WOLFSSL_MULTICAST byte haveMcast; /* multicast requested */ byte mcastID; /* multicast group ID */ #endif #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) byte dtlsSctp; /* DTLS-over-SCTP mode */ +#endif +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) word16 dtlsMtuSz; /* DTLS MTU size */ #endif #ifndef NO_DH @@ -2500,13 +2696,15 @@ #ifndef NO_RSA short minRsaKeySz; /* minimum RSA key size */ #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ #endif +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + unsigned long mask; /* store SSL_OP_ flags */ +#endif #ifdef OPENSSL_EXTRA byte sessionCtx[ID_LEN]; /* app session context ID */ word32 disabledCurves; /* curves disabled by user */ - unsigned long mask; /* store SSL_OP_ flags */ const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ unsigned int alpn_cli_protos_len; byte sessionCtxSz; @@ -2524,20 +2722,28 @@ #endif #endif /* WOLFSSL_DTLS */ VerifyCallback verifyCallback; /* cert verification callback */ +#ifdef OPENSSL_ALL + CertVerifyCallback verifyCertCb; + void* verifyCertCbArg; +#endif /* OPENSSL_ALL */ word32 timeout; /* session timeout */ -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448) word32 ecdhCurveOID; /* curve Ecc_Sum */ #endif #ifdef HAVE_ECC word16 eccTempKeySz; /* in octets 20 - 66 */ #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) word32 pkCurveOID; /* curve Ecc_Sum */ #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) byte havePSK; /* psk key set by user */ wc_psk_client_callback client_psk_cb; /* client callback */ wc_psk_server_callback server_psk_cb; /* server callback */ +#ifdef WOLFSSL_TLS13 + wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ + wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ +#endif char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; #endif /* HAVE_SESSION_TICKET || !NO_PSK */ #ifdef WOLFSSL_TLS13 @@ -2561,20 +2767,22 @@ void* userPRFArg; /* passed to prf callback */ #endif #ifdef HAVE_EX_DATA - void* ex_data[MAX_EX_DATA]; + WOLFSSL_CRYPTO_EX_DATA ex_data; #endif #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))) +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) )) CallbackSniRecv sniRecvCb; void* sniRecvCbArg; #endif #if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS) CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */ word32 mcastFirstSeq; /* first trigger level */ - word32 mcastSecondSeq; /* second tigger level */ + word32 mcastSecondSeq; /* second trigger level */ word32 mcastMaxSeq; /* max level */ #endif #ifdef HAVE_OCSP @@ -2604,6 +2812,10 @@ #ifdef ATOMIC_USER CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ + #ifdef HAVE_ENCRYPT_THEN_MAC + CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */ + CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */ + #endif #endif #ifdef HAVE_PK_CALLBACKS #ifdef HAVE_ECC @@ -2623,6 +2835,18 @@ /* User X25519 SharedSecret Callback handler */ CallbackX25519SharedSecret X25519SharedSecretCb; #endif + #ifdef HAVE_ED448 + /* User Ed448Sign Callback handler */ + CallbackEd448Sign Ed448SignCb; + /* User Ed448Verify Callback handler */ + CallbackEd448Verify Ed448VerifyCb; + #endif + #ifdef HAVE_CURVE448 + /* User X448 KeyGen Callback Handler */ + CallbackX448KeyGen X448KeyGenCb; + /* User X448 SharedSecret Callback handler */ + CallbackX448SharedSecret X448SharedSecretCb; + #endif #endif /* HAVE_ECC */ #ifndef NO_DH CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ @@ -2655,8 +2879,6 @@ }; WOLFSSL_LOCAL -WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); -WOLFSSL_LOCAL int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap); WOLFSSL_LOCAL void FreeSSL_Ctx(WOLFSSL_CTX*); @@ -2703,20 +2925,6 @@ void InitCipherSpecs(CipherSpecs* cs); -/* Supported Message Authentication Codes from page 43 */ -enum MACAlgorithm { - no_mac, - md5_mac, - sha_mac, - sha224_mac, - sha256_mac, /* needs to match external KDF_MacAlgorithm */ - sha384_mac, - sha512_mac, - rmd_mac, - blake2b_mac -}; - - /* Supported Key Exchange Protocols */ enum KeyExchangeAlgorithm { no_kea, @@ -2739,7 +2947,21 @@ dsa_sa_algo = 2, ecc_dsa_sa_algo = 3, rsa_pss_sa_algo = 8, - ed25519_sa_algo = 9 + ed25519_sa_algo = 9, + rsa_pss_pss_algo = 10, + ed448_sa_algo = 11 +}; + +#define PSS_RSAE_TO_PSS_PSS(macAlgo) \ + (macAlgo + (pss_sha256 - sha256_mac)) + +#define PSS_PSS_HASH_TO_MAC(macAlgo) \ + (macAlgo - (pss_sha256 - sha256_mac)) + +enum SigAlgRsaPss { + pss_sha256 = 0x09, + pss_sha384 = 0x0a, + pss_sha512 = 0x0b, }; @@ -2764,11 +2986,17 @@ }; +#ifndef WOLFSSL_AEAD_ONLY enum CipherType { stream, block, aead }; - - - - +#else +enum CipherType { aead }; +#endif + + +#if defined(BUILD_AES) || defined(BUILD_AESGCM) || (defined(HAVE_CHACHA) && \ + defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13) + #define CIPHER_NONCE +#endif /* cipher for now */ @@ -2781,11 +3009,14 @@ #endif #if defined(BUILD_AES) || defined(BUILD_AESGCM) Aes* aes; - #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(WOLFSSL_TLS13) + #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \ + !defined(WOLFSSL_NO_TLS12) byte* additional; - byte* nonce; #endif #endif +#ifdef CIPHER_NONCE + byte* nonce; +#endif #ifdef HAVE_CAMELLIA Camellia* cam; #endif @@ -2801,6 +3032,9 @@ #ifdef HAVE_IDEA Idea* idea; #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) + Hmac* hmac; +#endif byte state; byte setup; /* have we set it up flag for detection */ } Ciphers; @@ -2880,6 +3114,9 @@ byte masterSecret[SECRET_LEN]; /* stored secret */ word16 haveEMS; /* ext master secret flag */ #ifdef SESSION_CERTS +#ifdef OPENSSL_EXTRA + WOLFSSL_X509* peer; /* peer cert */ +#endif WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ #ifdef WOLFSSL_ALT_CERT_CHAINS WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ @@ -2888,6 +3125,9 @@ #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ defined(HAVE_SESSION_TICKET)) ProtocolVersion version; /* which version was used */ +#endif +#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) byte cipherSuite0; /* first byte, normally 0 */ byte cipherSuite; /* 2nd byte, actual suite */ #endif @@ -2924,7 +3164,7 @@ byte isAlloced; #endif #ifdef HAVE_EX_DATA - void* ex_data[MAX_EX_DATA]; + WOLFSSL_CRYPTO_EX_DATA ex_data; #endif }; @@ -2959,6 +3199,7 @@ /* server accept state for nonblocking restart */ enum AcceptState { ACCEPT_BEGIN = 0, + ACCEPT_BEGIN_RENEG, ACCEPT_CLIENT_HELLO_DONE, ACCEPT_HELLO_RETRY_REQUEST_DONE, ACCEPT_FIRST_REPLY_DONE, @@ -2980,6 +3221,7 @@ /* TLS 1.3 server accept state for nonblocking restart */ enum AcceptStateTls13 { TLS13_ACCEPT_BEGIN = 0, + TLS13_ACCEPT_BEGIN_RENEG, TLS13_ACCEPT_CLIENT_HELLO_DONE, TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE, TLS13_ACCEPT_FIRST_REPLY_DONE, @@ -3022,8 +3264,10 @@ #ifndef NO_CERTS DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ - byte keyType; /* Type of key: RSA, ECC, Ed25519 */ + byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */ + byte keyId:1; /* Key data is an id not data */ int keySz; /* Size of RSA key */ + int keyDevId; /* Device Id for key */ DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ /* chain after self, in DER, with leading size for each cert */ #ifdef WOLFSSL_TLS13 @@ -3047,6 +3291,9 @@ #ifdef HAVE_ED25519 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */ #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED448 + buffer peerEd448Key; /* for Ed448 Verify Callbacks */ + #endif /* HAVE_ED448 */ #ifndef NO_RSA buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ #endif /* NO_RSA */ @@ -3070,6 +3317,7 @@ BUILD_MSG_HASH, BUILD_MSG_VERIFY_MAC, BUILD_MSG_ENCRYPT, + BUILD_MSG_ENCRYPTED_VERIFY_MAC, }; /* sub-states for cipher operations */ @@ -3083,8 +3331,12 @@ #ifndef NO_PSK wc_psk_client_callback client_psk_cb; wc_psk_server_callback server_psk_cb; +#ifdef WOLFSSL_TLS13 + wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ + wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ +#endif #endif /* NO_PSK */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) unsigned long mask; /* store SSL_OP_ flags */ #endif @@ -3098,7 +3350,7 @@ #ifdef HAVE_EXT_CACHE word16 internalCacheOff:1; #endif - word16 side:1; /* client or server end */ + word16 side:2; /* client, server or neither end */ word16 verifyPeer:1; word16 verifyNone:1; word16 failNoCert:1; @@ -3163,9 +3415,10 @@ #endif word16 keepResources:1; /* Keep resources after handshake */ word16 useClientOrder:1; /* Use client's cipher order */ + word16 mutualAuth:1; /* Mutual authentication is rquired */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) word16 postHandshakeAuth:1;/* Client send post_handshake_auth - * extendion. */ + * extension */ #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) word16 sendCookie:1; /* Server creates a Cookie in HRR */ @@ -3176,10 +3429,27 @@ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) word16 sentChangeCipher:1; /* Change Cipher Spec sent */ #endif -#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ - !defined(NO_ED25519_CLIENT_AUTH) +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ + ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ + (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH))) word16 cacheMessages:1; /* Cache messages for sign/verify */ #endif +#ifndef NO_DH + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */ + word16 dhKeyTested:1; /* Set when key has been tested. */ + #endif +#endif +#ifdef SINGLE_THREADED + word16 ownSuites:1; /* if suites are malloced in ssl object */ +#endif +#ifdef HAVE_ENCRYPT_THEN_MAC + word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ + word16 encThenMac:1; /* Doing Encrypt-Then-MAC */ + word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */ + word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */ +#endif /* need full byte values for this section */ byte processReply; /* nonblocking resume */ @@ -3206,10 +3476,10 @@ #ifndef NO_RSA short minRsaKeySz; /* minimum RSA key size */ #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ #endif -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) byte verifyDepth; /* maximum verification depth */ #endif #ifdef WOLFSSL_EARLY_DATA @@ -3238,11 +3508,13 @@ byte sessionID[ID_LEN]; byte sessionIDSz; #ifdef WOLFSSL_TLS13 - byte clientSecret[SECRET_LEN]; - byte serverSecret[SECRET_LEN]; byte secret[SECRET_LEN]; #endif byte masterSecret[SECRET_LEN]; +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) + byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE]; +#endif #ifdef WOLFSSL_DTLS byte cookie[MAX_COOKIE_LEN]; byte cookieSz; @@ -3258,20 +3530,45 @@ #define MAX_DATE_SZ 32 #endif +#define STACK_TYPE_X509 0 +#define STACK_TYPE_GEN_NAME 1 +#define STACK_TYPE_BIO 2 +#define STACK_TYPE_OBJ 3 +#define STACK_TYPE_STRING 4 +#define STACK_TYPE_CIPHER 5 +#define STACK_TYPE_ACCESS_DESCRIPTION 6 +#define STACK_TYPE_X509_EXT 7 +#define STACK_TYPE_NULL 8 +#define STACK_TYPE_X509_NAME 9 +#define STACK_TYPE_CONF_VALUE 10 +#define STACK_TYPE_X509_INFO 11 + struct WOLFSSL_STACK { unsigned long num; /* number of nodes in stack - * (saftey measure for freeing and shortcut for count) */ + * (safety measure for freeing and shortcut for count) */ + #if defined(OPENSSL_ALL) + wolf_sk_compare_cb comp; + #endif + union { - WOLFSSL_X509* x509; - WOLFSSL_X509_NAME* name; - WOLFSSL_BIO* bio; - WOLFSSL_ASN1_OBJECT* obj; - char* string; + WOLFSSL_X509* x509; + WOLFSSL_X509_NAME* name; + WOLFSSL_X509_INFO* info; + WOLFSSL_BIO* bio; + WOLFSSL_ASN1_OBJECT* obj; + WOLFSSL_CIPHER cipher; + WOLFSSL_ACCESS_DESCRIPTION* access; + WOLFSSL_X509_EXTENSION* ext; + WOLFSSL_CONF_VALUE* conf; + void* generic; + char* string; + WOLFSSL_GENERAL_NAME* gn; } data; + void* heap; /* memory heap hint */ WOLFSSL_STACK* next; + byte type; /* Identifies type of stack. */ }; - struct WOLFSSL_X509_NAME { char *name; int dynamicName; @@ -3308,27 +3605,33 @@ byte hwType[EXTERNAL_SERIAL_SIZE]; int hwSerialNumSz; byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - byte certPolicySet; - byte certPolicyCrit; - #endif /* OPENSSL_EXTRA */ -#endif - int notBeforeSz; - int notAfterSz; - byte notBefore[MAX_DATE_SZ]; - byte notAfter[MAX_DATE_SZ]; +#endif /* WOLFSSL_SEP */ +#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + byte certPolicySet; + byte certPolicyCrit; +#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ + WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ +#endif /* WOLFSSL_QT || OPENSSL_ALL */ +#ifdef OPENSSL_EXTRA + WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ +#endif + WOLFSSL_ASN1_TIME notBefore; + WOLFSSL_ASN1_TIME notAfter; buffer sig; int sigOID; DNS_entry* altNames; /* alt names list */ buffer pubKey; int pubKeyOID; DNS_entry* altNamesNext; /* hint for retrieval */ - #if defined(HAVE_ECC) || defined(HAVE_ED25519) - word32 pkCurveOID; - #endif /* HAVE_ECC */ - #ifndef NO_CERTS - DerBuffer* derCert; /* may need */ - #endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) + word32 pkCurveOID; +#endif /* HAVE_ECC */ +#ifndef NO_CERTS + DerBuffer* derCert; /* may need */ +#endif void* heap; /* heap hint */ byte dynamicMemory; /* dynamic memory flag */ byte isCa:1; @@ -3336,15 +3639,23 @@ char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; int certPoliciesNb; #endif /* WOLFSSL_CERT_EXT */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + wolfSSL_Mutex refMutex; /* ref count mutex */ + int refCount; /* reference count */ +#endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef HAVE_EX_DATA - void* ex_data[MAX_EX_DATA]; + WOLFSSL_CRYPTO_EX_DATA ex_data; #endif byte* authKeyId; byte* subjKeyId; byte* extKeyUsageSrc; - byte* CRLInfo; + const byte* CRLInfo; byte* authInfo; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + byte* authInfoCaIssuer; + int authInfoCaIssuerSz; +#endif word32 pathLength; word16 keyUsage; int CRLInfoSz; @@ -3379,6 +3690,11 @@ #endif WOLFSSL_X509_NAME issuer; WOLFSSL_X509_NAME subject; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) + WOLFSSL_X509_ALGOR algor; + WOLFSSL_X509_PUBKEY key; +#endif + byte issuerSet:1; }; @@ -3415,7 +3731,7 @@ DtlsFrag* fragList; word32 fragSz; /* Length of fragments received */ word32 seq; /* Handshake sequence number */ - word32 sz; /* Length of whole mesage */ + word32 sz; /* Length of whole message */ byte type; } DtlsMsg; @@ -3432,7 +3748,6 @@ #endif - /* Handshake messages received from peer (plus change cipher */ typedef struct MsgsReceived { word16 got_hello_request:1; @@ -3475,9 +3790,10 @@ #ifdef WOLFSSL_SHA512 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ #endif -#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) +#if (defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) byte* messages; /* handshake messages */ - int length; /* length of handhsake messages' data */ + int length; /* length of handshake messages' data */ int prevLen; /* length of messages but last */ #endif } HS_Hashes; @@ -3522,6 +3838,7 @@ #ifdef WOLFSSL_EARLY_DATA typedef enum EarlyDataState { no_early_data, + early_data_ext, expecting_early_data, process_early_data, done_early_data @@ -3533,6 +3850,10 @@ WOLFSSL_CTX* ctx; Suites* suites; /* only need during handshake */ Arrays* arrays; +#ifdef WOLFSSL_TLS13 + byte clientSecret[SECRET_LEN]; + byte serverSecret[SECRET_LEN]; +#endif HS_Hashes* hsHashes; void* IOCB_ReadCtx; void* IOCB_WriteCtx; @@ -3565,7 +3886,9 @@ void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ word32 hsType; /* Type of Handshake key (hsKey) */ WOLFSSL_CIPHER cipher; +#ifndef WOLFSSL_AEAD_ONLY hmacfp hmac; +#endif Ciphers encrypt; Ciphers decrypt; Buffers buffers; @@ -3597,7 +3920,12 @@ WOLFSSL_BIO* biord; /* socket bio read to free/close */ WOLFSSL_BIO* biowr; /* socket bio write to free/close */ byte sessionCtx[ID_LEN]; /* app session context ID */ + WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) unsigned long peerVerifyRet; +#endif +#ifdef OPENSSL_EXTRA byte readAhead; byte sessionCtxSz; /* size of sessionCtx stored */ #ifdef HAVE_PK_CALLBACKS @@ -3606,6 +3934,9 @@ #endif /* OPENSSL_EXTRA */ #ifndef NO_RSA RsaKey* peerRsaKey; +#ifdef WOLFSSL_RENESAS_TSIP_TLS + byte *peerTsipEncRsaKeyIndex; +#endif byte peerRsaKeyPresent; #endif #ifdef HAVE_QSH @@ -3620,12 +3951,14 @@ byte maxRequest; byte user_set_QSHSchemes; #endif +#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) + word16 namedGroup; +#endif #ifdef WOLFSSL_TLS13 - word16 namedGroup; word16 group[WOLFSSL_MAX_GROUP_COUNT]; byte numGroups; #endif - byte pssAlgo; + word16 pssAlgo; #ifdef WOLFSSL_TLS13 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ @@ -3638,10 +3971,10 @@ byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; byte peerNtruKeyPresent; #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) int eccVerifyRes; #endif -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) word32 ecdhCurveOID; /* curve Ecc_Sum */ ecc_key* eccTempKey; /* private ECDHE key */ byte eccTempKeyPresent; /* also holds type */ @@ -3653,7 +3986,7 @@ word16 eccTempKeySz; /* in octets 20 - 66 */ byte peerEccDsaKeyPresent; #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE448) word32 pkCurveOID; /* curve Ecc_Sum */ #endif #ifdef HAVE_ED25519 @@ -3664,6 +3997,14 @@ curve25519_key* peerX25519Key; byte peerX25519KeyPresent; #endif +#ifdef HAVE_ED448 + ed448_key* peerEd448Key; + byte peerEd448KeyPresent; +#endif +#ifdef HAVE_CURVE448 + curve448_key* peerX448Key; + byte peerX448KeyPresent; +#endif #ifdef HAVE_LIBZ z_stream c_stream; /* compression stream */ z_stream d_stream; /* decompression stream */ @@ -3676,15 +4017,16 @@ word32 dtls_tx_msg_list_sz; word32 dtls_rx_msg_list_sz; DtlsMsg* dtls_tx_msg_list; + DtlsMsg* dtls_tx_msg; DtlsMsg* dtls_rx_msg_list; void* IOCB_CookieCtx; /* gen cookie ctx */ word32 dtls_expected_rx; #ifdef WOLFSSL_SESSION_EXPORT wc_dtls_export dtls_export; /* export function for session */ #endif -#ifdef WOLFSSL_SCTP +#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) word16 dtlsMtuSz; -#endif /* WOLFSSL_SCTP */ +#endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */ #ifdef WOLFSSL_MULTICAST void* mcastHwCbCtx; /* Multicast highwater callback ctx */ #endif /* WOLFSSL_MULTICAST */ @@ -3722,7 +4064,7 @@ #endif byte keepCert; /* keep certificate after handshake */ #if defined(HAVE_EX_DATA) || defined(FORTRESS) - void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ + WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */ #endif int devId; /* async device id to use */ #ifdef HAVE_ONE_TIME_AUTH @@ -3744,6 +4086,7 @@ #endif #if defined(HAVE_SECURE_RENEGOTIATION) \ || defined(HAVE_SERVER_RENEGOTIATION_INFO) + int secure_rene_count; /* how many times */ SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ #endif /* user turned on */ #ifdef HAVE_ALPN @@ -3772,12 +4115,22 @@ #ifdef HAVE_NETX NetX_Ctx nxCtx; /* NetX IO Context */ #endif +#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) + void* mnCtx; /* mynewt mn_socket IO Context */ +#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */ +#ifdef WOLFSSL_GNRC + struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */ +#endif #ifdef SESSION_INDEX int sessionIndex; /* Session's location in the cache. */ #endif #ifdef ATOMIC_USER void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ + #ifdef HAVE_ENCRYPT_THEN_MAC + void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */ + void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */ + #endif #endif #ifdef HAVE_PK_CALLBACKS #ifdef HAVE_ECC @@ -3793,6 +4146,14 @@ void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ #endif + #ifdef HAVE_ED448 + void* Ed448SignCtx; /* ED448 Sign Callback Context */ + void* Ed448VerifyCtx; /* ED448 Verify Callback Context */ + #endif + #ifdef HAVE_CURVE448 + void* X448KeyGenCtx; /* X448 KeyGen Callback Context */ + void* X448SharedSecretCtx; /* X448 Pms Callback Context */ + #endif #endif /* HAVE_ECC */ #ifndef NO_DH void* DhAgreeCtx; /* DH Pms Callback Context */ @@ -3811,6 +4172,10 @@ #ifdef HAVE_SECRET_CALLBACK SessionSecretCb sessionSecretCb; void* sessionSecretCtx; + #ifdef WOLFSSL_TLS13 + Tls13SecretCb tls13SecretCb; + void* tls13SecretCtx; + #endif #endif /* HAVE_SECRET_CALLBACK */ #ifdef WOLFSSL_JNI void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ @@ -3819,27 +4184,31 @@ EarlyDataState earlyData; word32 earlyDataSz; #endif +#ifdef OPENSSL_ALL + long verifyCallbackResult; +#endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ + WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ +#endif }; -WOLFSSL_LOCAL -int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); -WOLFSSL_LOCAL -int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); -WOLFSSL_LOCAL -void FreeSSL(WOLFSSL*, void* heap); -WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ - +WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr); +WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); +WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); +WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap); +WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ #ifndef NO_CERTS WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, int format, int type, WOLFSSL* ssl, - long* used, int userChain); + long* used, int userChain, int verify); WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, WOLFSSL* ssl, int userChain, - WOLFSSL_CRL* crl); + WOLFSSL_CRL* crl, int verify); #ifdef OPENSSL_EXTRA WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName, @@ -3935,6 +4304,17 @@ static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; +#ifdef OPENSSL_EXTRA +typedef struct { + int name_len; + const char *name; + int nid; +} WOLF_EC_NIST_NAME; +extern const WOLF_EC_NIST_NAME kNistCurves[]; +/* This is the longest and shortest curve name in the kNistCurves list */ +#define kNistCurves_MIN_NAME_LEN 5 +#define kNistCurves_MAX_NAME_LEN 7 +#endif /* internal functions */ WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); @@ -3954,6 +4334,10 @@ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*); #endif +#if defined(HAVE_SECURE_RENEGOTIATION) && \ + defined(HAVE_SERVER_RENEGOTIATION_INFO) +WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*); +#endif WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); @@ -3982,12 +4366,20 @@ WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey); +WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); +#endif + +WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, + int *initTmpRng); + #ifndef NO_CERTS #ifndef NO_RSA #ifdef WC_RSA_PSS WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz, byte* out, word32 sigSz, enum wc_HashType hashType); - WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, + WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf); #endif WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, @@ -4022,6 +4414,14 @@ word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key, buffer* keyBufInfo); #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED448 + WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl); + WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo); + WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in, + word32 inSz, const byte* msg, word32 msgSz, ed448_key* key, + buffer* keyBufInfo); + #endif /* HAVE_ED448 */ #ifdef WOLFSSL_TRUST_PEER_CERT @@ -4051,9 +4451,11 @@ #ifndef NO_TLS WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); +#ifndef WOLFSSL_AEAD_ONLY WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, int content, int verify); #endif +#endif #ifndef NO_WOLFSSL_CLIENT WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); @@ -4105,21 +4507,49 @@ WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); #endif +#ifndef MAX_CIPHER_NAME +#define MAX_CIPHER_NAME 50 +#endif + +#ifdef WOLFSSL_NAMES_STATIC +typedef char cipher_name[MAX_CIPHER_NAME]; +#else +typedef const char* cipher_name; +#endif + typedef struct CipherSuiteInfo { - const char* name; + cipher_name name; #ifndef NO_ERROR_STRINGS - const char* name_iana; + cipher_name name_iana; #endif byte cipherSuite0; byte cipherSuite; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + byte minor; + byte major; +#endif } CipherSuiteInfo; WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +/* used in wolfSSL_sk_CIPHER_description */ +#define MAX_SEGMENTS 5 +#define MAX_SEGMENT_SZ 20 +WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*); +WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor); +WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL int SetCipherBits(const char* enc); +#endif WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); +WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, + byte* cipherSuite); enum encrypt_side { ENCRYPT_SIDE_ONLY = 1, @@ -4129,6 +4559,15 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); +/* Set*Internal and Set*External functions */ +WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa); +WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa); +#ifndef HAVE_USER_RSA +WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa); +WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa); +#endif +WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); +WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); #ifndef NO_DH WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, @@ -4142,6 +4581,7 @@ #ifdef HAVE_ECC WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer); + WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum); #endif WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);