wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
Diff: wolfssl/internal.h
- Revision:
- 16:8e0d178b1d1e
- Parent:
- 15:117db924cf7c
--- a/wolfssl/internal.h Sat Aug 18 22:20:43 2018 +0000
+++ b/wolfssl/internal.h Thu Jun 04 23:57:22 2020 +0000
@@ -1,6 +1,6 @@
/* internal.h
*
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -105,6 +105,12 @@
#ifdef HAVE_CURVE25519
#include <wolfssl/wolfcrypt/curve25519.h>
#endif
+#ifdef HAVE_ED448
+ #include <wolfssl/wolfcrypt/ed448.h>
+#endif
+#ifdef HAVE_CURVE448
+ #include <wolfssl/wolfcrypt/curve448.h>
+#endif
#include <wolfssl/wolfcrypt/wc_encrypt.h>
#include <wolfssl/wolfcrypt/hash.h>
@@ -130,6 +136,9 @@
#ifndef SINGLE_THREADED
#include "tx_api.h"
#endif
+
+#elif defined(WOLFSSL_DEOS)
+ /* do nothing, just don't pick Unix */
#elif defined(MICRIUM)
/* do nothing, just don't pick Unix */
#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
@@ -146,14 +155,14 @@
/* do nothing */
#elif defined(WOLFSSL_CMSIS_RTOS)
#include "cmsis_os.h"
+#elif defined(WOLFSSL_CMSIS_RTOSv2)
+ #include "cmsis_os2.h"
#elif defined(WOLFSSL_MDK_ARM)
#if defined(WOLFSSL_MDK5)
- #include "cmsis_os.h"
+ #include "cmsis_os.h"
#else
#include <rtl.h>
#endif
-#elif defined(WOLFSSL_CMSIS_RTOS)
- #include "cmsis_os.h"
#elif defined(MBED)
#elif defined(WOLFSSL_TIRTOS)
/* do nothing */
@@ -161,12 +170,23 @@
#include <rt.h>
#elif defined(WOLFSSL_NUCLEUS_1_2)
/* do nothing */
+#elif defined(WOLFSSL_APACHE_MYNEWT)
+ #if !defined(WOLFSSL_LWIP)
+ void mynewt_ctx_clear(void *ctx);
+ void* mynewt_ctx_new();
+ #endif
+#elif defined(WOLFSSL_ZEPHYR)
+ #ifndef SINGLE_THREADED
+ #include <kernel.h>
+ #endif
+#elif defined(WOLFSSL_TELIT_M2MB)
+ /* do nothing */
#else
#ifndef SINGLE_THREADED
#define WOLFSSL_PTHREADS
#include <pthread.h>
#endif
- #ifdef OPENSSL_EXTRA
+ #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
#include <unistd.h> /* for close of BIO */
#endif
#endif
@@ -242,8 +262,16 @@
#define BUILD_TLS_QSH
#endif
+#ifndef WOLFSSL_NO_TLS12
+
#ifndef WOLFSSL_MAX_STRENGTH
+#ifdef WOLFSSL_AEAD_ONLY
+ /* AES CBC ciphers are not allowed in AEAD only mode */
+ #undef HAVE_AES_CBC
+#endif
+
+#ifndef WOLFSSL_AEAD_ONLY
#if !defined(NO_RSA) && !defined(NO_RC4)
#if defined(WOLFSSL_STATIC_RSA)
#if !defined(NO_SHA)
@@ -276,9 +304,10 @@
#define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
#endif
#endif
+#endif /* !WOLFSSL_AEAD_ONLY */
#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
- #if !defined(NO_SHA)
+ #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
#if defined(WOLFSSL_STATIC_RSA)
#ifdef WOLFSSL_AES_128
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
@@ -297,7 +326,7 @@
#endif
#endif
#if defined(WOLFSSL_STATIC_RSA)
- #if !defined (NO_SHA256)
+ #if !defined (NO_SHA256) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
#endif
@@ -321,18 +350,10 @@
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
#endif
#endif
- #if defined(HAVE_BLAKE2)
- #ifdef WOLFSSL_AES_128
- #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
- #endif
- #ifdef WOLFSSL_AES_256
- #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
- #endif
- #endif
#endif
#endif
- #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
+ #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC)
#ifndef NO_RSA
#if defined(WOLFSSL_STATIC_RSA)
#if !defined(NO_SHA)
@@ -369,10 +390,12 @@
#endif
#ifndef NO_SHA256
#ifdef WOLFSSL_AES_128
- #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
- #ifdef HAVE_AESGCM
- #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
- #endif
+ #ifdef HAVE_AES_CBC
+ #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
+ #endif
+ #ifdef HAVE_AESGCM
+ #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
+ #endif
#endif /* WOLFSSL_AES_128 */
#ifdef HAVE_AESCCM
#ifdef WOLFSSL_AES_128
@@ -386,7 +409,9 @@
#endif
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
+ #ifdef HAVE_AES_CBC
+ #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
+ #endif
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
#endif
@@ -397,6 +422,9 @@
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
#if !defined(NO_RSA)
#if defined(WOLFSSL_STATIC_RSA)
+ #ifndef NO_MD5
+ #define BUILD_TLS_RSA_WITH_NULL_MD5
+ #endif
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_NULL_SHA
#endif
@@ -426,9 +454,6 @@
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_HC_128_SHA
#endif
- #if defined(HAVE_BLAKE2)
- #define BUILD_TLS_RSA_WITH_HC_128_B2B256
- #endif
#endif
#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
@@ -442,10 +467,10 @@
!defined(NO_RSA)
#if !defined(NO_SHA)
- #ifdef WOLFSSL_AES_128
+ #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#endif
- #ifdef WOLFSSL_AES_256
+ #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#endif
#if !defined(NO_DES3)
@@ -464,7 +489,9 @@
#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
!defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
+ #ifdef HAVE_AES_CBC
+ #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
+ #endif
#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
#define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
@@ -473,7 +500,8 @@
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
#ifndef NO_SHA256
- #if !defined(NO_AES) && defined(WOLFSSL_AES_128)
+ #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \
+ defined(HAVE_AES_CBC)
#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
#endif
#ifdef HAVE_NULL_CIPHER
@@ -481,7 +509,8 @@
#endif
#endif
#ifdef WOLFSSL_SHA384
- #if !defined(NO_AES) && defined(WOLFSSL_AES_256)
+ #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \
+ defined(HAVE_AES_CBC)
#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
#endif
#ifdef HAVE_NULL_CIPHER
@@ -490,9 +519,10 @@
#endif
#endif
- #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS)
+ #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
+ defined(HAVE_CURVE448)) && !defined(NO_TLS)
#if !defined(NO_AES)
- #if !defined(NO_SHA)
+ #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
#if !defined(NO_RSA)
#ifdef WOLFSSL_AES_128
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
@@ -510,8 +540,9 @@
#endif
#endif
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#ifdef WOLFSSL_AES_128
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#endif
@@ -529,15 +560,17 @@
#endif
#endif
#endif /* NO_SHA */
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+ #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
+ defined(HAVE_AES_CBC)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
#endif
#endif
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#endif
#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
@@ -545,15 +578,17 @@
#endif
#endif
- #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+ #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
+ defined(HAVE_AES_CBC)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
#endif
#endif
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
#endif
#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
@@ -593,15 +628,20 @@
#if !defined(NO_RC4)
#if !defined(NO_SHA)
#if !defined(NO_RSA)
- #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ #ifndef WOLFSSL_AEAD_ONLY
+ #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ #endif
#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
#endif
#endif
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
- #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
+ #ifndef WOLFSSL_AEAD_ONLY
+ #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ #endif
#endif
#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
@@ -617,8 +657,9 @@
#endif
#endif
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#endif
#if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
@@ -628,8 +669,9 @@
#endif
#if defined(HAVE_NULL_CIPHER)
#if !defined(NO_SHA)
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
#endif
#endif
@@ -638,17 +680,18 @@
#endif
#endif
#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
- defined(WOLFSSL_AES_128)
+ defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
#endif
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
#if !defined(NO_OLD_POLY1305)
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
#endif
- #ifndef NO_RSA
+ #if !defined(NO_RSA) && defined(HAVE_ECC)
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
#endif
#if !defined(NO_DH) && !defined(NO_RSA)
@@ -657,7 +700,8 @@
#endif /* NO_OLD_POLY1305 */
#if !defined(NO_PSK)
#define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
- #if defined(HAVE_ECC) || defined(HAVE_ED25519)
+ #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \
+ defined(HAVE_ED448)
#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
#endif
#ifndef NO_DH
@@ -700,12 +744,13 @@
#endif
#endif
-#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \
- !defined(NO_AES)
+#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \
+ && !defined(NO_TLS) && !defined(NO_AES)
#ifdef HAVE_AESGCM
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#endif
#ifndef NO_RSA
@@ -713,8 +758,9 @@
#endif
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#endif
#ifndef NO_RSA
@@ -723,8 +769,9 @@
#endif
#endif
#if defined(HAVE_AESCCM) && !defined(NO_SHA256)
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#ifdef WOLFSSL_AES_128
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
@@ -737,9 +784,10 @@
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
- #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
- #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
- defined(HAVE_ED25519))
+ #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
+ #if defined(HAVE_ECC) || \
+ (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
+ (defined(HAVE_CURVE448) && defined(HAVE_ED448))
#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#endif
#ifndef NO_RSA
@@ -751,6 +799,8 @@
#endif
#endif
+#endif
+
#if defined(WOLFSSL_TLS13)
#ifdef HAVE_AESGCM
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
@@ -773,6 +823,14 @@
#define BUILD_TLS_AES_128_CCM_8_SHA256
#endif
#endif
+ #ifdef HAVE_NULL_CIPHER
+ #ifndef NO_SHA256
+ #define BUILD_TLS_SHA256_SHA256
+ #endif
+ #ifdef WOLFSSL_SHA384
+ #define BUILD_TLS_SHA384_SHA384
+ #endif
+ #endif
#endif
#ifdef WOLFSSL_MULTICAST
@@ -807,7 +865,9 @@
defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
- defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384)
+ defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \
+ defined(BUILD_TLS_AES_128_GCM_SHA256) || \
+ defined(BUILD_TLS_AES_256_GCM_SHA384)
#define BUILD_AESGCM
#else
/* No AES-GCM cipher suites available with build */
@@ -831,8 +891,7 @@
#endif
#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
- defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
- defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
+ defined(BUILD_TLS_RSA_WITH_HC_128_MD5)
#define BUILD_HC128
#endif
@@ -867,7 +926,9 @@
#if defined(WOLFSSL_MAX_STRENGTH) || \
(defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \
defined(HAVE_AESCCM) || \
- (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD))
+ (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
+ !defined(NO_CHAPOL_AEAD)) || \
+ (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER))
#define HAVE_AEAD
#endif
@@ -890,6 +951,7 @@
TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
+ TLS_RSA_WITH_NULL_MD5 = 0x01,
TLS_RSA_WITH_NULL_SHA = 0x02,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
@@ -940,11 +1002,6 @@
TLS_RSA_WITH_RABBIT_SHA = 0xFD,
WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
- /* wolfSSL extension - Blake2b 256 */
- TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
- TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
- TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
-
/* wolfSSL extension - NTRU */
TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
@@ -1035,6 +1092,12 @@
TLS_AES_128_CCM_SHA256 = 0x04,
TLS_AES_128_CCM_8_SHA256 = 0x05,
+ /* TLS v1.3 Integity only cipher suites - 0xC0 (ECC) first byte */
+ TLS_SHA256_SHA256 = 0xB4,
+ TLS_SHA384_SHA384 = 0xB5,
+
+ /* Fallback SCSV (Signaling Cipher Suite Value) */
+ TLS_FALLBACK_SCSV = 0x56,
/* Renegotiation Indication Extension Special Suite */
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
};
@@ -1085,7 +1148,11 @@
#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
/* set maximum DH key size allowed */
#ifndef WOLFSSL_MAX_DHKEY_BITS
- #define WOLFSSL_MAX_DHKEY_BITS 4096
+ #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
+ #define WOLFSSL_MAX_DHKEY_BITS 8192
+ #else
+ #define WOLFSSL_MAX_DHKEY_BITS 4096
+ #endif
#endif
#if (WOLFSSL_MAX_DHKEY_BITS % 8)
#error DH maximum bit size must be multiple of 8
@@ -1095,7 +1162,19 @@
#endif
#define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
-
+#ifndef MAX_PSK_ID_LEN
+ /* max psk identity/hint supported */
+ #if defined(WOLFSSL_TLS13)
+ #define MAX_PSK_ID_LEN 256
+ #else
+ #define MAX_PSK_ID_LEN 128
+ #endif
+#endif
+
+#ifndef MAX_EARLY_DATA_SZ
+ /* maximum early data size */
+ #define MAX_EARLY_DATA_SZ 4096
+#endif
enum Misc {
CIPHER_BYTE = 0x00, /* Default ciphers */
@@ -1116,8 +1195,8 @@
TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
-#ifndef WOLFSSL_TLS13_FINAL
TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
+#ifdef WOLFSSL_TLS13_DRAFT
#ifdef WOLFSSL_TLS13_DRAFT_18
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
#elif defined(WOLFSSL_TLS13_DRAFT_22)
@@ -1138,14 +1217,29 @@
HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
/* pre RSA and all master */
-#if defined(WOLFSSL_MYSQL_COMPATIBLE)
- ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
+#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+ (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
+#ifndef NO_PSK
+ ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */
+#else
+ ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */
+#endif
+#else
+#ifndef NO_PSK
+ ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */
#else
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
#endif
+#endif
SIZEOF_SENDER = 4, /* clnt or srvr */
FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
+ MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */
+ MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */
+#ifdef WOLFSSL_TLS13
+ MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */
+ MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */
+#endif
MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
/* max added to msg, mac + pad from */
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
@@ -1153,7 +1247,7 @@
MAX_COMP_EXTRA = 1024, /* max compression extra */
MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
- MAX_DH_SZ = (MAX_DHKEY_SZ * 2) + 12,
+ MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */
/* 4096 p, pub, g + 2 byte size for each */
MAX_STR_VERSION = 8, /* string rep of protocol version */
@@ -1171,13 +1265,14 @@
MAX_DH_SIZE = MAX_DHKEY_SZ+1,
/* Max size plus possible leading 0 */
NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
+ MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */
+ MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */
SESSION_HINT_SZ = 4, /* session timeout hint */
SESSION_ADD_SZ = 4, /* session age add */
TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
- MAX_TICKET_NONCE_SZ = 4, /* maximum ticket nonce size */
+ MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */
MAX_LIFETIME = 604800, /* maximum ticket lifetime */
- MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */
RAN_LEN = 32, /* random length */
SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
@@ -1216,26 +1311,26 @@
DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
+ DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */
DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */
DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */
DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
/* max amount of bytes used from Keys */
- DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
+ DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2),
/* min amount of bytes used from Keys */
DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
+ MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN),
+ /* max size of buffer for exporting state */
FINISHED_LABEL_SZ = 15, /* TLS finished label size */
TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
- MAX_PRF_HALF = 256, /* Maximum half secret len */
- MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
- MAX_PRF_DIG = 224, /* Maximum digest len */
PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
MAX_LABEL_SZ = 34, /* Maximum length of a label */
MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
@@ -1253,9 +1348,13 @@
#endif
#ifdef HAVE_SELFTEST
- AES_256_KEY_SIZE = 32,
+ #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
+ #define WOLFSSL_AES_KEY_SIZE_ENUM
AES_IV_SIZE = 16,
AES_128_KEY_SIZE = 16,
+ AES_192_KEY_SIZE = 24,
+ AES_256_KEY_SIZE = 32,
+ #endif
#endif
MAX_IV_SZ = AES_BLOCK_SIZE,
@@ -1293,6 +1392,8 @@
POLY1305_AUTH_SZ = 16, /* 128 bits */
+ HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */
+
HC_128_KEY_SIZE = 16, /* 128 bits */
HC_128_IV_SIZE = 16, /* also 128 bits */
@@ -1301,11 +1402,13 @@
EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
+#ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */
ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
+#endif
MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
- NEW_SA_MAJOR = 8, /* Most signicant byte used with new sig algos */
+ NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */
ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
@@ -1314,7 +1417,17 @@
MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
- MAX_CERT_VERIFY_SZ = 1024, /* max */
+#ifndef NO_RSA
+ MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */
+#elif defined(HAVE_ECC)
+ MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */
+#elif defined(HAVE_ED448)
+ MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */
+#elif defined(HAVE_ED25519)
+ MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */
+#else
+ MAX_CERT_VERIFY_SZ = 1024, /* max default */
+#endif
CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
@@ -1322,17 +1435,14 @@
DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
- MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
NULL_TERM_LEN = 1, /* length of null '\0' termination character */
MAX_PSK_KEY_LEN = 64, /* max psk key supported */
MIN_PSK_ID_LEN = 6, /* min length of identities */
MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */
- MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
-
-#if defined(HAVE_EX_DATA) || defined(FORTRESS)
- MAX_EX_DATA = 5, /* allow for five items of ex_data */
+#ifndef MAX_WOLFSSL_FILE_SIZE
+ MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */
#endif
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
@@ -1394,9 +1504,9 @@
#endif
#endif /* WOLFSSL_MIN_ECC_BITS */
#if (WOLFSSL_MIN_ECC_BITS % 8)
- /* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1.
- In these cases round down to the nearest value divisable by 8. The
- restriction of being divisable by 8 is in place to match wc_ecc_size
+ /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1.
+ In these cases round down to the nearest value divisible by 8. The
+ restriction of being divisible by 8 is in place to match wc_ecc_size
function from wolfSSL.
*/
#error ECC minimum bit size must be a multiple of 8
@@ -1413,7 +1523,7 @@
#endif /* WOLFSSL_MIN_RSA_BITS */
#if (WOLFSSL_MIN_RSA_BITS % 8)
/* This is to account for the example case of a min size of 2050 bits but
- still allows 2049 bit key. So we need the measurment to be in bytes. */
+ still allows 2049 bit key. So we need the measurement to be in bytes. */
#error RSA minimum bit size must be a multiple of 8
#endif
#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
@@ -1474,6 +1584,7 @@
SERVER_CHANGECIPHERSPEC_COMPLETE,
SERVER_FINISHED_COMPLETE,
+ CLIENT_HELLO_RETRY,
CLIENT_HELLO_COMPLETE,
CLIENT_KEYEXCHANGE_COMPLETE,
CLIENT_CHANGECIPHERSPEC_COMPLETE,
@@ -1504,42 +1615,15 @@
word32 sz);
WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
word32 sz);
+ WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl,
+ byte* buf, word32 sz);
+ WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl,
+ byte* buf, word32 sz);
WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
#endif
#endif
-/* wolfSSL BIO_METHOD type */
-struct WOLFSSL_BIO_METHOD {
- byte type; /* method type */
-};
-
-
-/* wolfSSL BIO type */
-struct WOLFSSL_BIO {
- WOLFSSL_BUF_MEM* mem_buf;
- WOLFSSL* ssl; /* possible associated ssl */
-#ifndef NO_FILESYSTEM
- XFILE file;
-#endif
- WOLFSSL_BIO* prev; /* previous in chain */
- WOLFSSL_BIO* next; /* next in chain */
- WOLFSSL_BIO* pair; /* BIO paired with */
- void* heap; /* user heap hint */
- byte* mem; /* memory buffer */
- int wrSz; /* write buffer size (mem) */
- int wrIdx; /* current index for write buffer */
- int rdIdx; /* current read index */
- int readRq; /* read request */
- int memLen; /* memory buffer length */
- int fd; /* possible file descriptor */
- int eof; /* eof flag */
- int flags;
- byte type; /* method type */
- byte close; /* close flag */
-};
-
-
/* wolfSSL method type */
struct WOLFSSL_METHOD {
ProtocolVersion version;
@@ -1556,6 +1640,9 @@
/* defaults to client */
WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
+WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
+WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
+
/* for sniffer */
WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 size, word32 totalSz, int sniff);
@@ -1563,6 +1650,9 @@
/* TLS v1.3 needs these */
WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
Suites* clSuites);
+#ifdef WOLFSSL_TLS13
+WOLFSSL_LOCAL int FindSuite(Suites* suites, byte first, byte second);
+#endif
WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
word32);
#ifdef WOLFSSL_TLS13
@@ -1573,7 +1663,7 @@
word32);
WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
-WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
+WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
word32 hashSigAlgoSz);
WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
#ifdef HAVE_PK_CALLBACKS
@@ -1583,10 +1673,14 @@
#endif
#endif
WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
+WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
#ifndef NO_CERTS
WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc);
+#endif
#endif
WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
@@ -1697,6 +1791,9 @@
byte setSuites; /* user set suites from default */
byte hashAlgo; /* selected hash algorithm */
byte sigAlgo; /* selected sig algorithm */
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+ WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */
+#endif
};
@@ -1713,6 +1810,13 @@
unsigned int, unsigned char*, unsigned int);
typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
unsigned char*, unsigned int);
+#ifdef WOLFSSL_TLS13
+ typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
+ char*, unsigned int, unsigned char*, unsigned int,
+ const char**);
+ typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
+ unsigned char*, unsigned int, const char**);
+#endif
#endif /* PSK_TYPES_DEFINED */
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
!defined(WOLFSSL_DTLS_EXPORT_TYPES)
@@ -1722,48 +1826,45 @@
#endif /* WOLFSSL_DTLS_EXPORT_TYPES */
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+#define MAX_DESCRIPTION_SZ 255
+#endif
/* wolfSSL Cipher type just points back to SSL */
struct WOLFSSL_CIPHER {
+ byte cipherSuite0;
+ byte cipherSuite;
WOLFSSL* ssl;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ char description[MAX_DESCRIPTION_SZ];
+ unsigned long offset;
+ unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */
+ int bits;
+#endif
};
-typedef struct OcspEntry OcspEntry;
-
-#ifdef NO_SHA
- #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
-#else
- #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
-#endif
-
#ifdef NO_ASN
/* no_asn won't have */
typedef struct CertStatus CertStatus;
#endif
-struct OcspEntry {
- OcspEntry* next; /* next entry */
- byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
- byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
- CertStatus* status; /* OCSP response list */
- int totalStatus; /* number on list */
-};
-
-
#ifndef HAVE_OCSP
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
#endif
/* wolfSSL OCSP controller */
+#ifdef HAVE_OCSP
struct WOLFSSL_OCSP {
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
OcspEntry* ocspList; /* OCSP response list */
wolfSSL_Mutex ocspLock; /* OCSP list lock */
+ int error;
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int(*statusCb)(WOLFSSL*, void*);
#endif
};
+#endif
#ifndef MAX_DATE_SIZE
#define MAX_DATE_SIZE 32
@@ -1799,7 +1900,7 @@
byte* signature;
word32 signatureSz;
word32 signatureOID;
-#if !defined(NO_SKID) && defined(CRL_SKID_READY)
+#if !defined(NO_SKID) && !defined(NO_ASN)
byte extAuthKeyIdSet;
byte extAuthKeyId[KEYID_SIZE];
#endif
@@ -1869,6 +1970,9 @@
#endif
char* ocspOverrideURL; /* use this responder */
void* ocspIOCtx; /* I/O callback CTX */
+#ifndef NO_WOLFSSL_CM_VERIFY
+ VerifyCallback verifyCallback; /* Verify callback */
+#endif
CallbackCACache caCacheCallback; /* CA cache addition callback */
CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
@@ -1885,7 +1989,7 @@
#ifndef NO_RSA
short minRsaKeySz; /* minimum allowed RSA key size */
#endif
-#if defined(HAVE_ECC) || defined(HAVE_ED25519)
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum allowed ECC key size */
#endif
};
@@ -1895,6 +1999,42 @@
WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
+WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
+ long sz, int format, int err_val);
+
+
+#ifndef NO_CERTS
+#if !defined NOCERTS &&\
+ (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
+typedef struct ProcPeerCertArgs {
+ buffer* certs;
+#ifdef WOLFSSL_TLS13
+ buffer* exts; /* extensions */
+#endif
+ DecodedCert* dCert;
+ word32 idx;
+ word32 begin;
+ int totalCerts; /* number of certs in certs buffer */
+ int count;
+ int certIdx;
+ int lastErr;
+#ifdef WOLFSSL_TLS13
+ byte ctxSz;
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ char untrustedDepth;
+#endif
+ word16 fatal:1;
+ word16 verifyErr:1;
+ word16 dCertInit:1;
+#ifdef WOLFSSL_TRUST_PEER_CERT
+ word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */
+#endif
+} ProcPeerCertArgs;
+WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
+ int ret, ProcPeerCertArgs* args);
+#endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */
+#endif /* !defined NO_CERTS */
/* wolfSSL Sock Addr */
struct WOLFSSL_SOCKADDR {
@@ -1933,8 +2073,10 @@
/* keys and secrets
* keep as a constant size (no additional ifdefs) for session export */
typedef struct Keys {
+#if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13)
byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */
byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
+#endif
byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */
byte server_write_key[MAX_SYM_KEY_SIZE];
byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
@@ -1978,6 +2120,10 @@
byte updateResponseReq:1; /* KeyUpdate response from peer required. */
byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
#endif
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
+ byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
+ byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
+#endif
} Keys;
@@ -1988,13 +2134,19 @@
typedef enum {
TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
+ TLSX_TRUSTED_CA_KEYS = 0x0003,
TLSX_TRUNCATED_HMAC = 0x0004,
TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
TLSX_EC_POINT_FORMATS = 0x000b,
+#if !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS = 0x000d,
+#endif
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
+#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+ TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
+#endif
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
TLSX_SESSION_TICKET = 0x0023,
#ifdef WOLFSSL_TLS13
@@ -2037,7 +2189,7 @@
WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
-WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
+WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
word16* pLength);
WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
byte msgType, word16* pOffset);
@@ -2045,17 +2197,20 @@
#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
/* TLS 1.3 Certificate messages have extensions. */
-WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
+WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
word16* pLength);
-WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType,
+WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType,
word16* pOffset);
#endif
+WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length,
+ byte msgType, int* found);
WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte msgType, Suites *suites);
#elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
+ || defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
@@ -2098,6 +2253,21 @@
#endif /* HAVE_SNI */
+/* Trusted CA Key Indication - RFC 6066 (section 6) */
+#ifdef HAVE_TRUSTED_CA
+
+typedef struct TCA {
+ byte type; /* TCA Type */
+ byte* id; /* TCA identifier */
+ word16 idSz; /* TCA identifier size */
+ struct TCA* next; /* List Behavior */
+} TCA;
+
+WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type,
+ const byte* id, word16 idSz, void* heap);
+
+#endif /* HAVE_TRUSTED_CA */
+
/* Application-Layer Protocol Negotiation - RFC 7301 */
#ifdef HAVE_ALPN
typedef struct ALPN {
@@ -2205,6 +2375,7 @@
WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first,
byte second);
WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
+WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
#endif
WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
int checkSupported);
@@ -2226,11 +2397,13 @@
/* Additional Connection State according to rfc5746 section 3.1 */
typedef struct SecureRenegotiation {
byte enabled; /* secure_renegotiation flag in rfc */
+ byte verifySet;
byte startScr; /* server requested client to start scr */
enum key_cache_state cache_status; /* track key cache state */
byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
- byte subject_hash[WC_SHA_DIGEST_SIZE]; /* peer cert hash */
+ byte subject_hash_set; /* if peer cert hash is set */
+ byte subject_hash[KEYID_SIZE]; /* peer cert hash */
Keys tmp_keys; /* can't overwrite real keys yet */
} SecureRenegotiation;
@@ -2356,17 +2529,18 @@
byte cipherSuite0; /* Cipher Suite */
byte cipherSuite; /* Cipher Suite */
word32 binderLen; /* Length of HMAC */
- byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of hanshake */
+ byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */
byte hmac; /* HMAC algorithm */
byte resumption:1; /* Resumption PSK */
byte chosen:1; /* Server's choice */
struct PreSharedKey* next; /* List pointer */
} PreSharedKey;
-WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
- byte* output, byte msgType);
-WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
- byte msgType);
+WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
+ byte* output, byte msgType,
+ word16* pSz);
+WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
+ byte msgType, word16* pSz);
WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
word16 len, word32 age, byte hmac,
byte cipherSuite0, byte cipherSuite,
@@ -2413,7 +2587,7 @@
enum SetCBIO {
WOLFSSL_CBIO_NONE = 0,
WOLFSSL_CBIO_RECV = 0x1,
- WOLFSSL_CBIO_SEND = 0x2,
+ WOLFSSL_CBIO_SEND = 0x2,
};
#endif
@@ -2434,19 +2608,22 @@
DerBuffer* certificate;
DerBuffer* certChain;
/* chain after self, in DER, with leading size for each cert */
- #ifdef OPENSSL_EXTRA
+ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
#endif
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
+ client_cert_cb CBClientCert; /* client certificate callback */
#endif
#ifdef WOLFSSL_TLS13
int certChainCnt;
#endif
DerBuffer* privateKey;
- byte privateKeyType;
+ byte privateKeyType:7;
+ byte privateKeyId:1;
int privateKeySz;
+ int privateKeyDevId;
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
#endif
#ifdef KEEP_OUR_CERT
@@ -2465,7 +2642,7 @@
#ifdef HAVE_EXT_CACHE
byte internalCacheOff:1;
#endif
- byte sendVerify; /* for client side (can not be single bit) */
+ byte sendVerify:2; /* for client side (can not be single bit) */
byte haveRSA:1; /* RSA available */
byte haveECC:1; /* ECC available */
byte haveDH:1; /* server DH parms set by user */
@@ -2482,15 +2659,34 @@
byte noTicketTls13:1; /* Server won't create new Ticket */
byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
#endif
+ byte mutualAuth:1; /* Mutual authentication required */
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
byte postHandshakeAuth:1; /* Post-handshake auth supported. */
#endif
+#ifndef NO_DH
+ #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+ !defined(HAVE_SELFTEST)
+ byte dhKeyTested:1; /* Set when key has been tested. */
+ #endif
+#endif
+#ifdef HAVE_SECURE_RENEGOTIATION
+ byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */
+#endif
+#ifdef HAVE_ENCRYPT_THEN_MAC
+ byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
+#endif
+#ifdef WOLFSSL_STATIC_MEMORY
+ byte onHeap:1; /* whether the ctx/method is put on heap hint */
+#endif
#ifdef WOLFSSL_MULTICAST
byte haveMcast; /* multicast requested */
byte mcastID; /* multicast group ID */
#endif
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
byte dtlsSctp; /* DTLS-over-SCTP mode */
+#endif
+#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+ defined(WOLFSSL_DTLS)
word16 dtlsMtuSz; /* DTLS MTU size */
#endif
#ifndef NO_DH
@@ -2500,13 +2696,15 @@
#ifndef NO_RSA
short minRsaKeySz; /* minimum RSA key size */
#endif
-#if defined(HAVE_ECC) || defined(HAVE_ED25519)
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum ECC key size */
#endif
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+ unsigned long mask; /* store SSL_OP_ flags */
+#endif
#ifdef OPENSSL_EXTRA
byte sessionCtx[ID_LEN]; /* app session context ID */
word32 disabledCurves; /* curves disabled by user */
- unsigned long mask; /* store SSL_OP_ flags */
const unsigned char *alpn_cli_protos;/* ALPN client protocol list */
unsigned int alpn_cli_protos_len;
byte sessionCtxSz;
@@ -2524,20 +2722,28 @@
#endif
#endif /* WOLFSSL_DTLS */
VerifyCallback verifyCallback; /* cert verification callback */
+#ifdef OPENSSL_ALL
+ CertVerifyCallback verifyCertCb;
+ void* verifyCertCbArg;
+#endif /* OPENSSL_ALL */
word32 timeout; /* session timeout */
-#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448)
word32 ecdhCurveOID; /* curve Ecc_Sum */
#endif
#ifdef HAVE_ECC
word16 eccTempKeySz; /* in octets 20 - 66 */
#endif
-#if defined(HAVE_ECC) || defined(HAVE_ED25519)
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
word32 pkCurveOID; /* curve Ecc_Sum */
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
byte havePSK; /* psk key set by user */
wc_psk_client_callback client_psk_cb; /* client callback */
wc_psk_server_callback server_psk_cb; /* server callback */
+#ifdef WOLFSSL_TLS13
+ wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
+ wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
+#endif
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
#endif /* HAVE_SESSION_TICKET || !NO_PSK */
#ifdef WOLFSSL_TLS13
@@ -2561,20 +2767,22 @@
void* userPRFArg; /* passed to prf callback */
#endif
#ifdef HAVE_EX_DATA
- void* ex_data[MAX_EX_DATA];
+ WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
CallbackALPNSelect alpnSelect;
void* alpnSelectArg;
#endif
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)))
+#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
+ defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
+ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
CallbackSniRecv sniRecvCb;
void* sniRecvCbArg;
#endif
#if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
word32 mcastFirstSeq; /* first trigger level */
- word32 mcastSecondSeq; /* second tigger level */
+ word32 mcastSecondSeq; /* second trigger level */
word32 mcastMaxSeq; /* max level */
#endif
#ifdef HAVE_OCSP
@@ -2604,6 +2812,10 @@
#ifdef ATOMIC_USER
CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
+ #ifdef HAVE_ENCRYPT_THEN_MAC
+ CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */
+ CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */
+ #endif
#endif
#ifdef HAVE_PK_CALLBACKS
#ifdef HAVE_ECC
@@ -2623,6 +2835,18 @@
/* User X25519 SharedSecret Callback handler */
CallbackX25519SharedSecret X25519SharedSecretCb;
#endif
+ #ifdef HAVE_ED448
+ /* User Ed448Sign Callback handler */
+ CallbackEd448Sign Ed448SignCb;
+ /* User Ed448Verify Callback handler */
+ CallbackEd448Verify Ed448VerifyCb;
+ #endif
+ #ifdef HAVE_CURVE448
+ /* User X448 KeyGen Callback Handler */
+ CallbackX448KeyGen X448KeyGenCb;
+ /* User X448 SharedSecret Callback handler */
+ CallbackX448SharedSecret X448SharedSecretCb;
+ #endif
#endif /* HAVE_ECC */
#ifndef NO_DH
CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */
@@ -2655,8 +2879,6 @@
};
WOLFSSL_LOCAL
-WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
-WOLFSSL_LOCAL
int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
WOLFSSL_LOCAL
void FreeSSL_Ctx(WOLFSSL_CTX*);
@@ -2703,20 +2925,6 @@
void InitCipherSpecs(CipherSpecs* cs);
-/* Supported Message Authentication Codes from page 43 */
-enum MACAlgorithm {
- no_mac,
- md5_mac,
- sha_mac,
- sha224_mac,
- sha256_mac, /* needs to match external KDF_MacAlgorithm */
- sha384_mac,
- sha512_mac,
- rmd_mac,
- blake2b_mac
-};
-
-
/* Supported Key Exchange Protocols */
enum KeyExchangeAlgorithm {
no_kea,
@@ -2739,7 +2947,21 @@
dsa_sa_algo = 2,
ecc_dsa_sa_algo = 3,
rsa_pss_sa_algo = 8,
- ed25519_sa_algo = 9
+ ed25519_sa_algo = 9,
+ rsa_pss_pss_algo = 10,
+ ed448_sa_algo = 11
+};
+
+#define PSS_RSAE_TO_PSS_PSS(macAlgo) \
+ (macAlgo + (pss_sha256 - sha256_mac))
+
+#define PSS_PSS_HASH_TO_MAC(macAlgo) \
+ (macAlgo - (pss_sha256 - sha256_mac))
+
+enum SigAlgRsaPss {
+ pss_sha256 = 0x09,
+ pss_sha384 = 0x0a,
+ pss_sha512 = 0x0b,
};
@@ -2764,11 +2986,17 @@
};
+#ifndef WOLFSSL_AEAD_ONLY
enum CipherType { stream, block, aead };
-
-
-
-
+#else
+enum CipherType { aead };
+#endif
+
+
+#if defined(BUILD_AES) || defined(BUILD_AESGCM) || (defined(HAVE_CHACHA) && \
+ defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13)
+ #define CIPHER_NONCE
+#endif
/* cipher for now */
@@ -2781,11 +3009,14 @@
#endif
#if defined(BUILD_AES) || defined(BUILD_AESGCM)
Aes* aes;
- #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(WOLFSSL_TLS13)
+ #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \
+ !defined(WOLFSSL_NO_TLS12)
byte* additional;
- byte* nonce;
#endif
#endif
+#ifdef CIPHER_NONCE
+ byte* nonce;
+#endif
#ifdef HAVE_CAMELLIA
Camellia* cam;
#endif
@@ -2801,6 +3032,9 @@
#ifdef HAVE_IDEA
Idea* idea;
#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
+ Hmac* hmac;
+#endif
byte state;
byte setup; /* have we set it up flag for detection */
} Ciphers;
@@ -2880,6 +3114,9 @@
byte masterSecret[SECRET_LEN]; /* stored secret */
word16 haveEMS; /* ext master secret flag */
#ifdef SESSION_CERTS
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_X509* peer; /* peer cert */
+#endif
WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
#ifdef WOLFSSL_ALT_CERT_CHAINS
WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
@@ -2888,6 +3125,9 @@
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
defined(HAVE_SESSION_TICKET))
ProtocolVersion version; /* which version was used */
+#endif
+#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
+ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
byte cipherSuite0; /* first byte, normally 0 */
byte cipherSuite; /* 2nd byte, actual suite */
#endif
@@ -2924,7 +3164,7 @@
byte isAlloced;
#endif
#ifdef HAVE_EX_DATA
- void* ex_data[MAX_EX_DATA];
+ WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
};
@@ -2959,6 +3199,7 @@
/* server accept state for nonblocking restart */
enum AcceptState {
ACCEPT_BEGIN = 0,
+ ACCEPT_BEGIN_RENEG,
ACCEPT_CLIENT_HELLO_DONE,
ACCEPT_HELLO_RETRY_REQUEST_DONE,
ACCEPT_FIRST_REPLY_DONE,
@@ -2980,6 +3221,7 @@
/* TLS 1.3 server accept state for nonblocking restart */
enum AcceptStateTls13 {
TLS13_ACCEPT_BEGIN = 0,
+ TLS13_ACCEPT_BEGIN_RENEG,
TLS13_ACCEPT_CLIENT_HELLO_DONE,
TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE,
TLS13_ACCEPT_FIRST_REPLY_DONE,
@@ -3022,8 +3264,10 @@
#ifndef NO_CERTS
DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
- byte keyType; /* Type of key: RSA, ECC, Ed25519 */
+ byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */
+ byte keyId:1; /* Key data is an id not data */
int keySz; /* Size of RSA key */
+ int keyDevId; /* Device Id for key */
DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
/* chain after self, in DER, with leading size for each cert */
#ifdef WOLFSSL_TLS13
@@ -3047,6 +3291,9 @@
#ifdef HAVE_ED25519
buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
#endif /* HAVE_ED25519 */
+ #ifdef HAVE_ED448
+ buffer peerEd448Key; /* for Ed448 Verify Callbacks */
+ #endif /* HAVE_ED448 */
#ifndef NO_RSA
buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
#endif /* NO_RSA */
@@ -3070,6 +3317,7 @@
BUILD_MSG_HASH,
BUILD_MSG_VERIFY_MAC,
BUILD_MSG_ENCRYPT,
+ BUILD_MSG_ENCRYPTED_VERIFY_MAC,
};
/* sub-states for cipher operations */
@@ -3083,8 +3331,12 @@
#ifndef NO_PSK
wc_psk_client_callback client_psk_cb;
wc_psk_server_callback server_psk_cb;
+#ifdef WOLFSSL_TLS13
+ wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
+ wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
+#endif
#endif /* NO_PSK */
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
unsigned long mask; /* store SSL_OP_ flags */
#endif
@@ -3098,7 +3350,7 @@
#ifdef HAVE_EXT_CACHE
word16 internalCacheOff:1;
#endif
- word16 side:1; /* client or server end */
+ word16 side:2; /* client, server or neither end */
word16 verifyPeer:1;
word16 verifyNone:1;
word16 failNoCert:1;
@@ -3163,9 +3415,10 @@
#endif
word16 keepResources:1; /* Keep resources after handshake */
word16 useClientOrder:1; /* Use client's cipher order */
+ word16 mutualAuth:1; /* Mutual authentication is rquired */
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
word16 postHandshakeAuth:1;/* Client send post_handshake_auth
- * extendion. */
+ * extension */
#endif
#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
word16 sendCookie:1; /* Server creates a Cookie in HRR */
@@ -3176,10 +3429,27 @@
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
word16 sentChangeCipher:1; /* Change Cipher Spec sent */
#endif
-#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \
- !defined(NO_ED25519_CLIENT_AUTH)
+#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
+ ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
+ (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
word16 cacheMessages:1; /* Cache messages for sign/verify */
#endif
+#ifndef NO_DH
+ #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
+ !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+ word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */
+ word16 dhKeyTested:1; /* Set when key has been tested. */
+ #endif
+#endif
+#ifdef SINGLE_THREADED
+ word16 ownSuites:1; /* if suites are malloced in ssl object */
+#endif
+#ifdef HAVE_ENCRYPT_THEN_MAC
+ word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
+ word16 encThenMac:1; /* Doing Encrypt-Then-MAC */
+ word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */
+ word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */
+#endif
/* need full byte values for this section */
byte processReply; /* nonblocking resume */
@@ -3206,10 +3476,10 @@
#ifndef NO_RSA
short minRsaKeySz; /* minimum RSA key size */
#endif
-#if defined(HAVE_ECC) || defined(HAVE_ED25519)
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum ECC key size */
#endif
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte verifyDepth; /* maximum verification depth */
#endif
#ifdef WOLFSSL_EARLY_DATA
@@ -3238,11 +3508,13 @@
byte sessionID[ID_LEN];
byte sessionIDSz;
#ifdef WOLFSSL_TLS13
- byte clientSecret[SECRET_LEN];
- byte serverSecret[SECRET_LEN];
byte secret[SECRET_LEN];
#endif
byte masterSecret[SECRET_LEN];
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+ !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
+ byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE];
+#endif
#ifdef WOLFSSL_DTLS
byte cookie[MAX_COOKIE_LEN];
byte cookieSz;
@@ -3258,20 +3530,45 @@
#define MAX_DATE_SZ 32
#endif
+#define STACK_TYPE_X509 0
+#define STACK_TYPE_GEN_NAME 1
+#define STACK_TYPE_BIO 2
+#define STACK_TYPE_OBJ 3
+#define STACK_TYPE_STRING 4
+#define STACK_TYPE_CIPHER 5
+#define STACK_TYPE_ACCESS_DESCRIPTION 6
+#define STACK_TYPE_X509_EXT 7
+#define STACK_TYPE_NULL 8
+#define STACK_TYPE_X509_NAME 9
+#define STACK_TYPE_CONF_VALUE 10
+#define STACK_TYPE_X509_INFO 11
+
struct WOLFSSL_STACK {
unsigned long num; /* number of nodes in stack
- * (saftey measure for freeing and shortcut for count) */
+ * (safety measure for freeing and shortcut for count) */
+ #if defined(OPENSSL_ALL)
+ wolf_sk_compare_cb comp;
+ #endif
+
union {
- WOLFSSL_X509* x509;
- WOLFSSL_X509_NAME* name;
- WOLFSSL_BIO* bio;
- WOLFSSL_ASN1_OBJECT* obj;
- char* string;
+ WOLFSSL_X509* x509;
+ WOLFSSL_X509_NAME* name;
+ WOLFSSL_X509_INFO* info;
+ WOLFSSL_BIO* bio;
+ WOLFSSL_ASN1_OBJECT* obj;
+ WOLFSSL_CIPHER cipher;
+ WOLFSSL_ACCESS_DESCRIPTION* access;
+ WOLFSSL_X509_EXTENSION* ext;
+ WOLFSSL_CONF_VALUE* conf;
+ void* generic;
+ char* string;
+ WOLFSSL_GENERAL_NAME* gn;
} data;
+ void* heap; /* memory heap hint */
WOLFSSL_STACK* next;
+ byte type; /* Identifies type of stack. */
};
-
struct WOLFSSL_X509_NAME {
char *name;
int dynamicName;
@@ -3308,27 +3605,33 @@
byte hwType[EXTERNAL_SERIAL_SIZE];
int hwSerialNumSz;
byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- byte certPolicySet;
- byte certPolicyCrit;
- #endif /* OPENSSL_EXTRA */
-#endif
- int notBeforeSz;
- int notAfterSz;
- byte notBefore[MAX_DATE_SZ];
- byte notAfter[MAX_DATE_SZ];
+#endif /* WOLFSSL_SEP */
+#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \
+ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+ byte certPolicySet;
+ byte certPolicyCrit;
+#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+ WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
+ WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
+#endif /* WOLFSSL_QT || OPENSSL_ALL */
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
+#endif
+ WOLFSSL_ASN1_TIME notBefore;
+ WOLFSSL_ASN1_TIME notAfter;
buffer sig;
int sigOID;
DNS_entry* altNames; /* alt names list */
buffer pubKey;
int pubKeyOID;
DNS_entry* altNamesNext; /* hint for retrieval */
- #if defined(HAVE_ECC) || defined(HAVE_ED25519)
- word32 pkCurveOID;
- #endif /* HAVE_ECC */
- #ifndef NO_CERTS
- DerBuffer* derCert; /* may need */
- #endif
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
+ word32 pkCurveOID;
+#endif /* HAVE_ECC */
+#ifndef NO_CERTS
+ DerBuffer* derCert; /* may need */
+#endif
void* heap; /* heap hint */
byte dynamicMemory; /* dynamic memory flag */
byte isCa:1;
@@ -3336,15 +3639,23 @@
char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
int certPoliciesNb;
#endif /* WOLFSSL_CERT_EXT */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
+ wolfSSL_Mutex refMutex; /* ref count mutex */
+ int refCount; /* reference count */
+#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef HAVE_EX_DATA
- void* ex_data[MAX_EX_DATA];
+ WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
byte* authKeyId;
byte* subjKeyId;
byte* extKeyUsageSrc;
- byte* CRLInfo;
+ const byte* CRLInfo;
byte* authInfo;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ byte* authInfoCaIssuer;
+ int authInfoCaIssuerSz;
+#endif
word32 pathLength;
word16 keyUsage;
int CRLInfoSz;
@@ -3379,6 +3690,11 @@
#endif
WOLFSSL_X509_NAME issuer;
WOLFSSL_X509_NAME subject;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
+ WOLFSSL_X509_ALGOR algor;
+ WOLFSSL_X509_PUBKEY key;
+#endif
+ byte issuerSet:1;
};
@@ -3415,7 +3731,7 @@
DtlsFrag* fragList;
word32 fragSz; /* Length of fragments received */
word32 seq; /* Handshake sequence number */
- word32 sz; /* Length of whole mesage */
+ word32 sz; /* Length of whole message */
byte type;
} DtlsMsg;
@@ -3432,7 +3748,6 @@
#endif
-
/* Handshake messages received from peer (plus change cipher */
typedef struct MsgsReceived {
word16 got_hello_request:1;
@@ -3475,9 +3790,10 @@
#ifdef WOLFSSL_SHA512
wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
#endif
-#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH)
+#if (defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
+ !defined(WOLFSSL_NO_CLIENT_AUTH)
byte* messages; /* handshake messages */
- int length; /* length of handhsake messages' data */
+ int length; /* length of handshake messages' data */
int prevLen; /* length of messages but last */
#endif
} HS_Hashes;
@@ -3522,6 +3838,7 @@
#ifdef WOLFSSL_EARLY_DATA
typedef enum EarlyDataState {
no_early_data,
+ early_data_ext,
expecting_early_data,
process_early_data,
done_early_data
@@ -3533,6 +3850,10 @@
WOLFSSL_CTX* ctx;
Suites* suites; /* only need during handshake */
Arrays* arrays;
+#ifdef WOLFSSL_TLS13
+ byte clientSecret[SECRET_LEN];
+ byte serverSecret[SECRET_LEN];
+#endif
HS_Hashes* hsHashes;
void* IOCB_ReadCtx;
void* IOCB_WriteCtx;
@@ -3565,7 +3886,9 @@
void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
word32 hsType; /* Type of Handshake key (hsKey) */
WOLFSSL_CIPHER cipher;
+#ifndef WOLFSSL_AEAD_ONLY
hmacfp hmac;
+#endif
Ciphers encrypt;
Ciphers decrypt;
Buffers buffers;
@@ -3597,7 +3920,12 @@
WOLFSSL_BIO* biord; /* socket bio read to free/close */
WOLFSSL_BIO* biowr; /* socket bio write to free/close */
byte sessionCtx[ID_LEN]; /* app session context ID */
+ WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
unsigned long peerVerifyRet;
+#endif
+#ifdef OPENSSL_EXTRA
byte readAhead;
byte sessionCtxSz; /* size of sessionCtx stored */
#ifdef HAVE_PK_CALLBACKS
@@ -3606,6 +3934,9 @@
#endif /* OPENSSL_EXTRA */
#ifndef NO_RSA
RsaKey* peerRsaKey;
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
+ byte *peerTsipEncRsaKeyIndex;
+#endif
byte peerRsaKeyPresent;
#endif
#ifdef HAVE_QSH
@@ -3620,12 +3951,14 @@
byte maxRequest;
byte user_set_QSHSchemes;
#endif
+#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
+ word16 namedGroup;
+#endif
#ifdef WOLFSSL_TLS13
- word16 namedGroup;
word16 group[WOLFSSL_MAX_GROUP_COUNT];
byte numGroups;
#endif
- byte pssAlgo;
+ word16 pssAlgo;
#ifdef WOLFSSL_TLS13
#if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
@@ -3638,10 +3971,10 @@
byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
byte peerNtruKeyPresent;
#endif
-#if defined(HAVE_ECC) || defined(HAVE_ED25519)
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
int eccVerifyRes;
#endif
-#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
word32 ecdhCurveOID; /* curve Ecc_Sum */
ecc_key* eccTempKey; /* private ECDHE key */
byte eccTempKeyPresent; /* also holds type */
@@ -3653,7 +3986,7 @@
word16 eccTempKeySz; /* in octets 20 - 66 */
byte peerEccDsaKeyPresent;
#endif
-#if defined(HAVE_ECC) || defined(HAVE_ED25519)
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE448)
word32 pkCurveOID; /* curve Ecc_Sum */
#endif
#ifdef HAVE_ED25519
@@ -3664,6 +3997,14 @@
curve25519_key* peerX25519Key;
byte peerX25519KeyPresent;
#endif
+#ifdef HAVE_ED448
+ ed448_key* peerEd448Key;
+ byte peerEd448KeyPresent;
+#endif
+#ifdef HAVE_CURVE448
+ curve448_key* peerX448Key;
+ byte peerX448KeyPresent;
+#endif
#ifdef HAVE_LIBZ
z_stream c_stream; /* compression stream */
z_stream d_stream; /* decompression stream */
@@ -3676,15 +4017,16 @@
word32 dtls_tx_msg_list_sz;
word32 dtls_rx_msg_list_sz;
DtlsMsg* dtls_tx_msg_list;
+ DtlsMsg* dtls_tx_msg;
DtlsMsg* dtls_rx_msg_list;
void* IOCB_CookieCtx; /* gen cookie ctx */
word32 dtls_expected_rx;
#ifdef WOLFSSL_SESSION_EXPORT
wc_dtls_export dtls_export; /* export function for session */
#endif
-#ifdef WOLFSSL_SCTP
+#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
word16 dtlsMtuSz;
-#endif /* WOLFSSL_SCTP */
+#endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */
#ifdef WOLFSSL_MULTICAST
void* mcastHwCbCtx; /* Multicast highwater callback ctx */
#endif /* WOLFSSL_MULTICAST */
@@ -3722,7 +4064,7 @@
#endif
byte keepCert; /* keep certificate after handshake */
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
- void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
+ WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */
#endif
int devId; /* async device id to use */
#ifdef HAVE_ONE_TIME_AUTH
@@ -3744,6 +4086,7 @@
#endif
#if defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
+ int secure_rene_count; /* how many times */
SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
#endif /* user turned on */
#ifdef HAVE_ALPN
@@ -3772,12 +4115,22 @@
#ifdef HAVE_NETX
NetX_Ctx nxCtx; /* NetX IO Context */
#endif
+#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
+ void* mnCtx; /* mynewt mn_socket IO Context */
+#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
+#ifdef WOLFSSL_GNRC
+ struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */
+#endif
#ifdef SESSION_INDEX
int sessionIndex; /* Session's location in the cache. */
#endif
#ifdef ATOMIC_USER
void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
+ #ifdef HAVE_ENCRYPT_THEN_MAC
+ void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */
+ void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */
+ #endif
#endif
#ifdef HAVE_PK_CALLBACKS
#ifdef HAVE_ECC
@@ -3793,6 +4146,14 @@
void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */
void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
#endif
+ #ifdef HAVE_ED448
+ void* Ed448SignCtx; /* ED448 Sign Callback Context */
+ void* Ed448VerifyCtx; /* ED448 Verify Callback Context */
+ #endif
+ #ifdef HAVE_CURVE448
+ void* X448KeyGenCtx; /* X448 KeyGen Callback Context */
+ void* X448SharedSecretCtx; /* X448 Pms Callback Context */
+ #endif
#endif /* HAVE_ECC */
#ifndef NO_DH
void* DhAgreeCtx; /* DH Pms Callback Context */
@@ -3811,6 +4172,10 @@
#ifdef HAVE_SECRET_CALLBACK
SessionSecretCb sessionSecretCb;
void* sessionSecretCtx;
+ #ifdef WOLFSSL_TLS13
+ Tls13SecretCb tls13SecretCb;
+ void* tls13SecretCtx;
+ #endif
#endif /* HAVE_SECRET_CALLBACK */
#ifdef WOLFSSL_JNI
void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
@@ -3819,27 +4184,31 @@
EarlyDataState earlyData;
word32 earlyDataSz;
#endif
+#ifdef OPENSSL_ALL
+ long verifyCallbackResult;
+#endif
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
+ WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
+#endif
};
-WOLFSSL_LOCAL
-int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
-WOLFSSL_LOCAL
-int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
-WOLFSSL_LOCAL
-void FreeSSL(WOLFSSL*, void* heap);
-WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
-
+WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr);
+WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
+WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
+WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap);
+WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
#ifndef NO_CERTS
WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
long sz, int format, int type, WOLFSSL* ssl,
- long* used, int userChain);
+ long* used, int userChain, int verify);
WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
int type, WOLFSSL* ssl, int userChain,
- WOLFSSL_CRL* crl);
+ WOLFSSL_CRL* crl, int verify);
#ifdef OPENSSL_EXTRA
WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
@@ -3935,6 +4304,17 @@
static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
+#ifdef OPENSSL_EXTRA
+typedef struct {
+ int name_len;
+ const char *name;
+ int nid;
+} WOLF_EC_NIST_NAME;
+extern const WOLF_EC_NIST_NAME kNistCurves[];
+/* This is the longest and shortest curve name in the kNistCurves list */
+#define kNistCurves_MIN_NAME_LEN 5
+#define kNistCurves_MAX_NAME_LEN 7
+#endif
/* internal functions */
WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
@@ -3954,6 +4334,10 @@
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*);
#endif
+#if defined(HAVE_SECURE_RENEGOTIATION) && \
+ defined(HAVE_SERVER_RENEGOTIATION_INFO)
+WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*);
+#endif
WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
@@ -3982,12 +4366,20 @@
WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
+WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey);
+WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey);
+#endif
+
+WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
+ int *initTmpRng);
+
#ifndef NO_CERTS
#ifndef NO_RSA
#ifdef WC_RSA_PSS
WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
byte* out, word32 sigSz, enum wc_HashType hashType);
- WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
+ WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
enum wc_HashType* hashType, int* mgf);
#endif
WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
@@ -4022,6 +4414,14 @@
word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
buffer* keyBufInfo);
#endif /* HAVE_ED25519 */
+ #ifdef HAVE_ED448
+ WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl);
+ WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
+ byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo);
+ WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in,
+ word32 inSz, const byte* msg, word32 msgSz, ed448_key* key,
+ buffer* keyBufInfo);
+ #endif /* HAVE_ED448 */
#ifdef WOLFSSL_TRUST_PEER_CERT
@@ -4051,9 +4451,11 @@
#ifndef NO_TLS
WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
+#ifndef WOLFSSL_AEAD_ONLY
WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
word32 sz, int padSz, int content, int verify);
#endif
+#endif
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
@@ -4105,21 +4507,49 @@
WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
#endif
+#ifndef MAX_CIPHER_NAME
+#define MAX_CIPHER_NAME 50
+#endif
+
+#ifdef WOLFSSL_NAMES_STATIC
+typedef char cipher_name[MAX_CIPHER_NAME];
+#else
+typedef const char* cipher_name;
+#endif
+
typedef struct CipherSuiteInfo {
- const char* name;
+ cipher_name name;
#ifndef NO_ERROR_STRINGS
- const char* name_iana;
+ cipher_name name_iana;
#endif
byte cipherSuite0;
byte cipherSuite;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ byte minor;
+ byte major;
+#endif
} CipherSuiteInfo;
WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
WOLFSSL_LOCAL int GetCipherNamesSize(void);
WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite);
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+/* used in wolfSSL_sk_CIPHER_description */
+#define MAX_SEGMENTS 5
+#define MAX_SEGMENT_SZ 20
+WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*);
+WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor);
+WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]);
+WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]);
+WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]);
+WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]);
+WOLFSSL_LOCAL int SetCipherBits(const char* enc);
+#endif
WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite);
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
+WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
+ byte* cipherSuite);
enum encrypt_side {
ENCRYPT_SIDE_ONLY = 1,
@@ -4129,6 +4559,15 @@
WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
+/* Set*Internal and Set*External functions */
+WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
+WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
+#ifndef HAVE_USER_RSA
+WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
+WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa);
+#endif
+WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh);
+WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
#ifndef NO_DH
WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
@@ -4142,6 +4581,7 @@
#ifdef HAVE_ECC
WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
+ WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum);
#endif
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);