wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
Embed:
(wiki syntax)
Show/hide line numbers
internal.h
00001 /* internal.h 00002 * 00003 * Copyright (C) 2006-2020 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 00024 #ifndef WOLFSSL_INT_H 00025 #define WOLFSSL_INT_H 00026 00027 00028 #include <wolfssl/wolfcrypt/types.h > 00029 #include <wolfssl/ssl.h> 00030 #ifdef HAVE_CRL 00031 #include <wolfssl/crl.h> 00032 #endif 00033 #include <wolfssl/wolfcrypt/random.h > 00034 #ifndef NO_DES3 00035 #include <wolfssl/wolfcrypt/des3.h > 00036 #endif 00037 #ifndef NO_HC128 00038 #include <wolfssl/wolfcrypt/hc128.h > 00039 #endif 00040 #ifndef NO_RABBIT 00041 #include <wolfssl/wolfcrypt/rabbit.h > 00042 #endif 00043 #ifdef HAVE_CHACHA 00044 #include <wolfssl/wolfcrypt/chacha.h > 00045 #endif 00046 #ifndef NO_ASN 00047 #include <wolfssl/wolfcrypt/asn.h > 00048 #include <wolfssl/wolfcrypt/pkcs12.h> 00049 #endif 00050 #ifndef NO_MD5 00051 #include <wolfssl/wolfcrypt/md5.h > 00052 #endif 00053 #ifndef NO_SHA 00054 #include <wolfssl/wolfcrypt/sha.h > 00055 #endif 00056 #ifndef NO_AES 00057 #include <wolfssl/wolfcrypt/aes.h > 00058 #endif 00059 #ifdef HAVE_POLY1305 00060 #include <wolfssl/wolfcrypt/poly1305.h > 00061 #endif 00062 #ifdef HAVE_CAMELLIA 00063 #include <wolfssl/wolfcrypt/camellia.h > 00064 #endif 00065 #include <wolfssl/wolfcrypt/logging.h > 00066 #ifndef NO_HMAC 00067 #include <wolfssl/wolfcrypt/hmac.h > 00068 #endif 00069 #ifndef NO_RC4 00070 #include <wolfssl/wolfcrypt/arc4.h > 00071 #endif 00072 #ifndef NO_SHA256 00073 #include <wolfssl/wolfcrypt/sha256.h > 00074 #endif 00075 #ifdef HAVE_OCSP 00076 #include <wolfssl/ocsp.h> 00077 #endif 00078 #ifdef WOLFSSL_SHA384 00079 #include <wolfssl/wolfcrypt/sha512.h > 00080 #endif 00081 #ifdef WOLFSSL_SHA512 00082 #include <wolfssl/wolfcrypt/sha512.h > 00083 #endif 00084 #ifdef HAVE_AESGCM 00085 #include <wolfssl/wolfcrypt/sha512.h > 00086 #endif 00087 #ifdef WOLFSSL_RIPEMD 00088 #include <wolfssl/wolfcrypt/ripemd.h > 00089 #endif 00090 #ifdef HAVE_IDEA 00091 #include <wolfssl/wolfcrypt/idea.h > 00092 #endif 00093 #ifndef NO_RSA 00094 #include <wolfssl/wolfcrypt/rsa.h > 00095 #endif 00096 #ifdef HAVE_ECC 00097 #include <wolfssl/wolfcrypt/ecc.h > 00098 #endif 00099 #ifndef NO_DH 00100 #include <wolfssl/wolfcrypt/dh.h > 00101 #endif 00102 #ifdef HAVE_ED25519 00103 #include <wolfssl/wolfcrypt/ed25519.h > 00104 #endif 00105 #ifdef HAVE_CURVE25519 00106 #include <wolfssl/wolfcrypt/curve25519.h > 00107 #endif 00108 #ifdef HAVE_ED448 00109 #include <wolfssl/wolfcrypt/ed448.h > 00110 #endif 00111 #ifdef HAVE_CURVE448 00112 #include <wolfssl/wolfcrypt/curve448.h> 00113 #endif 00114 00115 #include <wolfssl/wolfcrypt/wc_encrypt.h > 00116 #include <wolfssl/wolfcrypt/hash.h > 00117 00118 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 00119 #include <wolfssl/callbacks.h> 00120 #endif 00121 #ifdef WOLFSSL_CALLBACKS 00122 #include <signal.h> 00123 #endif 00124 00125 #ifdef USE_WINDOWS_API 00126 #ifdef WOLFSSL_GAME_BUILD 00127 #include "system/xtl.h" 00128 #else 00129 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) 00130 /* On WinCE winsock2.h must be included before windows.h */ 00131 #include <winsock2.h> 00132 #endif 00133 #include <windows.h> 00134 #endif 00135 #elif defined(THREADX) 00136 #ifndef SINGLE_THREADED 00137 #include "tx_api.h" 00138 #endif 00139 00140 #elif defined(WOLFSSL_DEOS) 00141 /* do nothing, just don't pick Unix */ 00142 #elif defined(MICRIUM) 00143 /* do nothing, just don't pick Unix */ 00144 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) 00145 /* do nothing */ 00146 #elif defined(EBSNET) 00147 /* do nothing */ 00148 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 00149 /* do nothing */ 00150 #elif defined(FREESCALE_FREE_RTOS) 00151 #include "fsl_os_abstraction.h" 00152 #elif defined(WOLFSSL_uITRON4) 00153 /* do nothing */ 00154 #elif defined(WOLFSSL_uTKERNEL2) 00155 /* do nothing */ 00156 #elif defined(WOLFSSL_CMSIS_RTOS) 00157 #include "cmsis_os.h" 00158 #elif defined(WOLFSSL_CMSIS_RTOSv2) 00159 #include "cmsis_os2.h" 00160 #elif defined(WOLFSSL_MDK_ARM) 00161 #if defined(WOLFSSL_MDK5) 00162 #include "cmsis_os.h" 00163 #else 00164 #include <rtl.h> 00165 #endif 00166 #elif defined(MBED) 00167 #elif defined(WOLFSSL_TIRTOS) 00168 /* do nothing */ 00169 #elif defined(INTIME_RTOS) 00170 #include <rt.h> 00171 #elif defined(WOLFSSL_NUCLEUS_1_2) 00172 /* do nothing */ 00173 #elif defined(WOLFSSL_APACHE_MYNEWT) 00174 #if !defined(WOLFSSL_LWIP) 00175 void mynewt_ctx_clear(void *ctx); 00176 void* mynewt_ctx_new(); 00177 #endif 00178 #elif defined(WOLFSSL_ZEPHYR) 00179 #ifndef SINGLE_THREADED 00180 #include <kernel.h> 00181 #endif 00182 #elif defined(WOLFSSL_TELIT_M2MB) 00183 /* do nothing */ 00184 #else 00185 #ifndef SINGLE_THREADED 00186 #define WOLFSSL_PTHREADS 00187 #include <pthread.h> 00188 #endif 00189 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) 00190 #include <unistd.h> /* for close of BIO */ 00191 #endif 00192 #endif 00193 00194 #ifndef CHAR_BIT 00195 /* Needed for DTLS without big math */ 00196 #include <limits.h> 00197 #endif 00198 00199 00200 #ifdef HAVE_LIBZ 00201 #include "zlib.h" 00202 #endif 00203 00204 #ifdef WOLFSSL_ASYNC_CRYPT 00205 #include <wolfssl/wolfcrypt/async.h> 00206 #endif 00207 00208 #ifdef OPENSSL_EXTRA 00209 #ifdef WOLFCRYPT_HAVE_SRP 00210 #include <wolfssl/wolfcrypt/srp.h > 00211 #endif 00212 #endif 00213 00214 #ifdef _MSC_VER 00215 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ 00216 #pragma warning(disable: 4996) 00217 #endif 00218 00219 #ifdef NO_SHA 00220 #define WC_SHA_DIGEST_SIZE 20 00221 #endif 00222 00223 #ifdef NO_SHA256 00224 #define WC_SHA256_DIGEST_SIZE 32 00225 #endif 00226 00227 #ifdef NO_MD5 00228 #define WC_MD5_DIGEST_SIZE 16 00229 #endif 00230 00231 00232 #ifdef __cplusplus 00233 extern "C" { 00234 #endif 00235 00236 /* Define or comment out the cipher suites you'd like to be compiled in 00237 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined 00238 00239 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx 00240 00241 Now that there is a maximum strength crypto build, the following BUILD_XXX 00242 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. 00243 Those that do not use Perfect Forward Security and do not use AEAD ciphers 00244 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or 00245 CHACHA-POLY. 00246 */ 00247 00248 /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are 00249 * not turned off. */ 00250 #if defined(WOLFSSL_MAX_STRENGTH) && \ 00251 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ 00252 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ 00253 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ 00254 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ 00255 !defined(NO_OLD_TLS)) 00256 00257 #error "You are trying to build max strength with requirements disabled." 00258 #endif 00259 00260 /* Have QSH : Quantum-safe Handshake */ 00261 #if defined(HAVE_QSH) 00262 #define BUILD_TLS_QSH 00263 #endif 00264 00265 #ifndef WOLFSSL_NO_TLS12 00266 00267 #ifndef WOLFSSL_MAX_STRENGTH 00268 00269 #ifdef WOLFSSL_AEAD_ONLY 00270 /* AES CBC ciphers are not allowed in AEAD only mode */ 00271 #undef HAVE_AES_CBC 00272 #endif 00273 00274 #ifndef WOLFSSL_AEAD_ONLY 00275 #if !defined(NO_RSA) && !defined(NO_RC4) 00276 #if defined(WOLFSSL_STATIC_RSA) 00277 #if !defined(NO_SHA) 00278 #define BUILD_SSL_RSA_WITH_RC4_128_SHA 00279 #endif 00280 #if !defined(NO_MD5) 00281 #define BUILD_SSL_RSA_WITH_RC4_128_MD5 00282 #endif 00283 #endif 00284 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \ 00285 && defined(WOLFSSL_STATIC_RSA) 00286 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 00287 #endif 00288 #endif 00289 00290 #if !defined(NO_RSA) && !defined(NO_DES3) 00291 #if !defined(NO_SHA) 00292 #if defined(WOLFSSL_STATIC_RSA) 00293 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 00294 #endif 00295 #if !defined(NO_TLS) && defined(HAVE_NTRU) \ 00296 && defined(WOLFSSL_STATIC_RSA) 00297 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 00298 #endif 00299 #endif 00300 #endif 00301 00302 #if !defined(NO_RSA) && defined(HAVE_IDEA) 00303 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA) 00304 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 00305 #endif 00306 #endif 00307 #endif /* !WOLFSSL_AEAD_ONLY */ 00308 00309 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) 00310 #if !defined(NO_SHA) && defined(HAVE_AES_CBC) 00311 #if defined(WOLFSSL_STATIC_RSA) 00312 #ifdef WOLFSSL_AES_128 00313 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 00314 #endif 00315 #ifdef WOLFSSL_AES_256 00316 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 00317 #endif 00318 #endif 00319 #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) 00320 #ifdef WOLFSSL_AES_128 00321 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 00322 #endif 00323 #ifdef WOLFSSL_AES_256 00324 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 00325 #endif 00326 #endif 00327 #endif 00328 #if defined(WOLFSSL_STATIC_RSA) 00329 #if !defined (NO_SHA256) && defined(HAVE_AES_CBC) 00330 #ifdef WOLFSSL_AES_128 00331 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 00332 #endif 00333 #ifdef WOLFSSL_AES_256 00334 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 00335 #endif 00336 #endif 00337 #if defined (HAVE_AESGCM) 00338 #ifdef WOLFSSL_AES_128 00339 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 00340 #endif 00341 #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 00342 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 00343 #endif 00344 #endif 00345 #if defined (HAVE_AESCCM) 00346 #ifdef WOLFSSL_AES_128 00347 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 00348 #endif 00349 #ifdef WOLFSSL_AES_256 00350 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 00351 #endif 00352 #endif 00353 #endif 00354 #endif 00355 00356 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC) 00357 #ifndef NO_RSA 00358 #if defined(WOLFSSL_STATIC_RSA) 00359 #if !defined(NO_SHA) 00360 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00361 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00362 #endif 00363 #ifndef NO_SHA256 00364 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00365 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00366 #endif 00367 #endif 00368 #if !defined(NO_DH) 00369 #if !defined(NO_SHA) 00370 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00371 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00372 #endif 00373 #ifndef NO_SHA256 00374 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00375 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00376 #endif 00377 #endif 00378 #endif 00379 #endif 00380 00381 #if defined(WOLFSSL_STATIC_PSK) 00382 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) 00383 #if !defined(NO_SHA) 00384 #ifdef WOLFSSL_AES_128 00385 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 00386 #endif 00387 #ifdef WOLFSSL_AES_256 00388 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 00389 #endif 00390 #endif 00391 #ifndef NO_SHA256 00392 #ifdef WOLFSSL_AES_128 00393 #ifdef HAVE_AES_CBC 00394 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 00395 #endif 00396 #ifdef HAVE_AESGCM 00397 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 00398 #endif 00399 #endif /* WOLFSSL_AES_128 */ 00400 #ifdef HAVE_AESCCM 00401 #ifdef WOLFSSL_AES_128 00402 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 00403 #define BUILD_TLS_PSK_WITH_AES_128_CCM 00404 #endif 00405 #ifdef WOLFSSL_AES_256 00406 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 00407 #define BUILD_TLS_PSK_WITH_AES_256_CCM 00408 #endif 00409 #endif 00410 #endif 00411 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 00412 #ifdef HAVE_AES_CBC 00413 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 00414 #endif 00415 #ifdef HAVE_AESGCM 00416 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 00417 #endif 00418 #endif 00419 #endif 00420 #endif 00421 00422 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) 00423 #if !defined(NO_RSA) 00424 #if defined(WOLFSSL_STATIC_RSA) 00425 #ifndef NO_MD5 00426 #define BUILD_TLS_RSA_WITH_NULL_MD5 00427 #endif 00428 #if !defined(NO_SHA) 00429 #define BUILD_TLS_RSA_WITH_NULL_SHA 00430 #endif 00431 #ifndef NO_SHA256 00432 #define BUILD_TLS_RSA_WITH_NULL_SHA256 00433 #endif 00434 #endif 00435 #endif 00436 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) 00437 #if !defined(NO_SHA) 00438 #define BUILD_TLS_PSK_WITH_NULL_SHA 00439 #endif 00440 #ifndef NO_SHA256 00441 #define BUILD_TLS_PSK_WITH_NULL_SHA256 00442 #endif 00443 #ifdef WOLFSSL_SHA384 00444 #define BUILD_TLS_PSK_WITH_NULL_SHA384 00445 #endif 00446 #endif 00447 #endif 00448 00449 #if defined(WOLFSSL_STATIC_RSA) 00450 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) 00451 #ifndef NO_MD5 00452 #define BUILD_TLS_RSA_WITH_HC_128_MD5 00453 #endif 00454 #if !defined(NO_SHA) 00455 #define BUILD_TLS_RSA_WITH_HC_128_SHA 00456 #endif 00457 #endif 00458 00459 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) 00460 #if !defined(NO_SHA) 00461 #define BUILD_TLS_RSA_WITH_RABBIT_SHA 00462 #endif 00463 #endif 00464 #endif 00465 00466 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 00467 !defined(NO_RSA) 00468 00469 #if !defined(NO_SHA) 00470 #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) 00471 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00472 #endif 00473 #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) 00474 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00475 #endif 00476 #if !defined(NO_DES3) 00477 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00478 #endif 00479 #endif 00480 #if !defined(NO_SHA256) && defined(HAVE_AES_CBC) 00481 #ifdef WOLFSSL_AES_128 00482 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00483 #endif 00484 #ifdef WOLFSSL_AES_256 00485 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00486 #endif 00487 #endif 00488 #endif 00489 00490 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ 00491 !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) 00492 #ifdef HAVE_AES_CBC 00493 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 00494 #endif 00495 00496 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) 00497 #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 00498 #endif 00499 #endif 00500 00501 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) 00502 #ifndef NO_SHA256 00503 #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \ 00504 defined(HAVE_AES_CBC) 00505 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00506 #endif 00507 #ifdef HAVE_NULL_CIPHER 00508 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 00509 #endif 00510 #endif 00511 #ifdef WOLFSSL_SHA384 00512 #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \ 00513 defined(HAVE_AES_CBC) 00514 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00515 #endif 00516 #ifdef HAVE_NULL_CIPHER 00517 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 00518 #endif 00519 #endif 00520 #endif 00521 00522 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ 00523 defined(HAVE_CURVE448)) && !defined(NO_TLS) 00524 #if !defined(NO_AES) 00525 #if !defined(NO_SHA) && defined(HAVE_AES_CBC) 00526 #if !defined(NO_RSA) 00527 #ifdef WOLFSSL_AES_128 00528 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00529 #endif 00530 #ifdef WOLFSSL_AES_256 00531 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00532 #endif 00533 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00534 #ifdef WOLFSSL_AES_128 00535 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00536 #endif 00537 #ifdef WOLFSSL_AES_256 00538 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00539 #endif 00540 #endif 00541 #endif 00542 00543 #if defined(HAVE_ECC) || \ 00544 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00545 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00546 #ifdef WOLFSSL_AES_128 00547 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00548 #endif 00549 #ifdef WOLFSSL_AES_256 00550 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00551 #endif 00552 #endif 00553 00554 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00555 #ifdef WOLFSSL_AES_128 00556 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00557 #endif 00558 #ifdef WOLFSSL_AES_256 00559 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00560 #endif 00561 #endif 00562 #endif /* NO_SHA */ 00563 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ 00564 defined(HAVE_AES_CBC) 00565 #if !defined(NO_RSA) 00566 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00567 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00568 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00569 #endif 00570 #endif 00571 #if defined(HAVE_ECC) || \ 00572 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00573 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00574 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00575 #endif 00576 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00577 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00578 #endif 00579 #endif 00580 00581 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ 00582 defined(HAVE_AES_CBC) 00583 #if !defined(NO_RSA) 00584 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00585 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00586 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00587 #endif 00588 #endif 00589 #if defined(HAVE_ECC) || \ 00590 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00591 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00592 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00593 #endif 00594 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00595 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00596 #endif 00597 #endif 00598 00599 #if defined (HAVE_AESGCM) 00600 #if !defined(NO_RSA) 00601 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00602 #ifdef WOLFSSL_AES_128 00603 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00604 #endif 00605 #endif 00606 #if defined(WOLFSSL_SHA384) 00607 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00608 #ifdef WOLFSSL_AES_256 00609 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00610 #endif 00611 #endif 00612 #endif 00613 #endif 00614 00615 #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \ 00616 defined(HAVE_ECC) 00617 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00618 #endif 00619 00620 #if defined(WOLFSSL_SHA384) 00621 #if defined(WOLFSSL_STATIC_DH) && \ 00622 defined(WOLFSSL_AES_256) && defined(HAVE_ECC) 00623 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00624 #endif 00625 #endif 00626 #endif 00627 #endif /* NO_AES */ 00628 #if !defined(NO_RC4) 00629 #if !defined(NO_SHA) 00630 #if !defined(NO_RSA) 00631 #ifndef WOLFSSL_AEAD_ONLY 00632 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00633 #endif 00634 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00635 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 00636 #endif 00637 #endif 00638 00639 #if defined(HAVE_ECC) || \ 00640 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00641 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00642 #ifndef WOLFSSL_AEAD_ONLY 00643 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00644 #endif 00645 #endif 00646 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00647 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00648 #endif 00649 #endif 00650 #endif 00651 #if !defined(NO_DES3) 00652 #ifndef NO_SHA 00653 #if !defined(NO_RSA) 00654 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00655 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00656 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00657 #endif 00658 #endif 00659 00660 #if defined(HAVE_ECC) || \ 00661 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00662 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00663 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00664 #endif 00665 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 00666 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00667 #endif 00668 #endif /* NO_SHA */ 00669 #endif 00670 #if defined(HAVE_NULL_CIPHER) 00671 #if !defined(NO_SHA) 00672 #if defined(HAVE_ECC) || \ 00673 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00674 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00675 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00676 #endif 00677 #endif 00678 #if !defined(NO_PSK) && !defined(NO_SHA256) 00679 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 00680 #endif 00681 #endif 00682 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ 00683 defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) 00684 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00685 #endif 00686 #endif 00687 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) 00688 #if !defined(NO_OLD_POLY1305) 00689 #if defined(HAVE_ECC) || \ 00690 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00691 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00692 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00693 #endif 00694 #if !defined(NO_RSA) && defined(HAVE_ECC) 00695 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00696 #endif 00697 #if !defined(NO_DH) && !defined(NO_RSA) 00698 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00699 #endif 00700 #endif /* NO_OLD_POLY1305 */ 00701 #if !defined(NO_PSK) 00702 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 00703 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ 00704 defined(HAVE_ED448) 00705 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00706 #endif 00707 #ifndef NO_DH 00708 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00709 #endif 00710 #endif /* !NO_PSK */ 00711 #endif 00712 00713 #endif /* !WOLFSSL_MAX_STRENGTH */ 00714 00715 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 00716 !defined(NO_RSA) && defined(HAVE_AESGCM) 00717 00718 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) 00719 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00720 #endif 00721 00722 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 00723 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00724 #endif 00725 #endif 00726 00727 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) 00728 #ifndef NO_SHA256 00729 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) 00730 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00731 #endif 00732 #ifdef HAVE_AESCCM 00733 #ifdef WOLFSSL_AES_128 00734 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM 00735 #endif 00736 #ifdef WOLFSSL_AES_256 00737 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM 00738 #endif 00739 #endif 00740 #endif 00741 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \ 00742 defined(WOLFSSL_AES_256) 00743 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00744 #endif 00745 #endif 00746 00747 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \ 00748 && !defined(NO_TLS) && !defined(NO_AES) 00749 #ifdef HAVE_AESGCM 00750 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) 00751 #if defined(HAVE_ECC) || \ 00752 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00753 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00754 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00755 #endif 00756 #ifndef NO_RSA 00757 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00758 #endif 00759 #endif 00760 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 00761 #if defined(HAVE_ECC) || \ 00762 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00763 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00764 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00765 #endif 00766 #ifndef NO_RSA 00767 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00768 #endif 00769 #endif 00770 #endif 00771 #if defined(HAVE_AESCCM) && !defined(NO_SHA256) 00772 #if defined(HAVE_ECC) || \ 00773 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00774 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00775 #ifdef WOLFSSL_AES_128 00776 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 00777 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 00778 #endif 00779 #ifdef WOLFSSL_AES_256 00780 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 00781 #endif 00782 #endif 00783 #endif 00784 #endif 00785 00786 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) 00787 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) 00788 #if defined(HAVE_ECC) || \ 00789 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 00790 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 00791 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 00792 #endif 00793 #ifndef NO_RSA 00794 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00795 #endif 00796 #endif 00797 #if !defined(NO_DH) && !defined(NO_RSA) 00798 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00799 #endif 00800 #endif 00801 00802 #endif 00803 00804 #if defined(WOLFSSL_TLS13) 00805 #ifdef HAVE_AESGCM 00806 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) 00807 #define BUILD_TLS_AES_128_GCM_SHA256 00808 #endif 00809 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 00810 #define BUILD_TLS_AES_256_GCM_SHA384 00811 #endif 00812 #endif 00813 00814 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) 00815 #ifndef NO_SHA256 00816 #define BUILD_TLS_CHACHA20_POLY1305_SHA256 00817 #endif 00818 #endif 00819 00820 #ifdef HAVE_AESCCM 00821 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) 00822 #define BUILD_TLS_AES_128_CCM_SHA256 00823 #define BUILD_TLS_AES_128_CCM_8_SHA256 00824 #endif 00825 #endif 00826 #ifdef HAVE_NULL_CIPHER 00827 #ifndef NO_SHA256 00828 #define BUILD_TLS_SHA256_SHA256 00829 #endif 00830 #ifdef WOLFSSL_SHA384 00831 #define BUILD_TLS_SHA384_SHA384 00832 #endif 00833 #endif 00834 #endif 00835 00836 #ifdef WOLFSSL_MULTICAST 00837 #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) 00838 #define BUILD_WDM_WITH_NULL_SHA256 00839 #endif 00840 #endif 00841 00842 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ 00843 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) 00844 #define BUILD_ARC4 00845 #endif 00846 00847 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) 00848 #define BUILD_DES3 00849 #endif 00850 00851 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ 00852 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ 00853 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ 00854 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) 00855 #undef BUILD_AES 00856 #define BUILD_AES 00857 #endif 00858 00859 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ 00860 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ 00861 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ 00862 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ 00863 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ 00864 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ 00865 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ 00866 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ 00867 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ 00868 defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \ 00869 defined(BUILD_TLS_AES_128_GCM_SHA256) || \ 00870 defined(BUILD_TLS_AES_256_GCM_SHA384) 00871 #define BUILD_AESGCM 00872 #else 00873 /* No AES-GCM cipher suites available with build */ 00874 #define NO_AESGCM_AEAD 00875 #endif 00876 00877 #if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ 00878 defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ 00879 defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ 00880 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \ 00881 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ 00882 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ 00883 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ 00884 defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ 00885 defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ 00886 defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) 00887 /* Have an available ChaCha Poly cipher suite */ 00888 #else 00889 /* No ChaCha Poly cipher suites available with build */ 00890 #define NO_CHAPOL_AEAD 00891 #endif 00892 00893 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ 00894 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) 00895 #define BUILD_HC128 00896 #endif 00897 00898 #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) 00899 #define BUILD_RABBIT 00900 #endif 00901 00902 #ifdef NO_DES3 00903 #define DES_BLOCK_SIZE 8 00904 #else 00905 #undef BUILD_DES3 00906 #define BUILD_DES3 00907 #endif 00908 00909 #if defined(NO_AES) || defined(NO_AES_DECRYPT) 00910 #define AES_BLOCK_SIZE 16 00911 #undef BUILD_AES 00912 #else 00913 #undef BUILD_AES 00914 #define BUILD_AES 00915 #endif 00916 00917 #ifndef NO_RC4 00918 #undef BUILD_ARC4 00919 #define BUILD_ARC4 00920 #endif 00921 00922 #ifdef HAVE_CHACHA 00923 #define CHACHA20_BLOCK_SIZE 16 00924 #endif 00925 00926 #if defined(WOLFSSL_MAX_STRENGTH) || \ 00927 (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \ 00928 defined(HAVE_AESCCM) || \ 00929 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ 00930 !defined(NO_CHAPOL_AEAD)) || \ 00931 (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)) 00932 00933 #define HAVE_AEAD 00934 #endif 00935 00936 #if defined(WOLFSSL_MAX_STRENGTH) || \ 00937 defined(HAVE_ECC) || !defined(NO_DH) 00938 00939 #define HAVE_PFS 00940 #endif 00941 00942 #if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA) 00943 #define BUILD_IDEA 00944 #endif 00945 00946 /* actual cipher values, 2nd byte */ 00947 enum { 00948 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, 00949 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, 00950 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, 00951 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, 00952 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, 00953 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, 00954 TLS_RSA_WITH_NULL_MD5 = 0x01, 00955 TLS_RSA_WITH_NULL_SHA = 0x02, 00956 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, 00957 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, 00958 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, 00959 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, 00960 TLS_PSK_WITH_NULL_SHA256 = 0xb0, 00961 TLS_PSK_WITH_NULL_SHA384 = 0xb1, 00962 TLS_PSK_WITH_NULL_SHA = 0x2c, 00963 SSL_RSA_WITH_RC4_128_SHA = 0x05, 00964 SSL_RSA_WITH_RC4_128_MD5 = 0x04, 00965 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, 00966 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07, 00967 00968 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ 00969 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, 00970 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, 00971 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, 00972 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, 00973 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, 00974 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, 00975 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, 00976 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, 00977 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, 00978 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, 00979 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, 00980 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, 00981 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06, 00982 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a, 00983 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37, 00984 00985 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ 00986 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, 00987 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, 00988 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, 00989 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, 00990 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, 00991 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, 00992 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, 00993 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, 00994 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, 00995 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, 00996 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, 00997 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, 00998 00999 /* wolfSSL extension - eSTREAM */ 01000 TLS_RSA_WITH_HC_128_MD5 = 0xFB, 01001 TLS_RSA_WITH_HC_128_SHA = 0xFC, 01002 TLS_RSA_WITH_RABBIT_SHA = 0xFD, 01003 WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ 01004 01005 /* wolfSSL extension - NTRU */ 01006 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, 01007 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, 01008 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ 01009 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, 01010 01011 /* wolfSSL extension - NTRU , Quantum-safe Handshake 01012 first byte is 0xD0 (QSH_BYTE) */ 01013 TLS_QSH = 0x01, 01014 01015 /* SHA256 */ 01016 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, 01017 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, 01018 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, 01019 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, 01020 TLS_RSA_WITH_NULL_SHA256 = 0x3b, 01021 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, 01022 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, 01023 01024 /* SHA384 */ 01025 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, 01026 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, 01027 01028 /* AES-GCM */ 01029 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, 01030 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, 01031 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, 01032 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, 01033 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7, 01034 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, 01035 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, 01036 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, 01037 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, 01038 01039 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ 01040 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, 01041 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, 01042 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, 01043 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, 01044 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, 01045 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, 01046 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, 01047 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, 01048 01049 /* AES-CCM, first byte is 0xC0 but isn't ECC, 01050 * also, in some of the other AES-CCM suites 01051 * there will be second byte number conflicts 01052 * with non-ECC AES-GCM */ 01053 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, 01054 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, 01055 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac, 01056 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, 01057 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, 01058 TLS_PSK_WITH_AES_128_CCM = 0xa4, 01059 TLS_PSK_WITH_AES_256_CCM = 0xa5, 01060 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, 01061 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, 01062 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, 01063 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, 01064 01065 /* Camellia */ 01066 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, 01067 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, 01068 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, 01069 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, 01070 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, 01071 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, 01072 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, 01073 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, 01074 01075 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ 01076 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8, 01077 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9, 01078 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa, 01079 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac, 01080 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab, 01081 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad, 01082 01083 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ 01084 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13, 01085 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14, 01086 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15, 01087 01088 /* TLS v1.3 cipher suites */ 01089 TLS_AES_128_GCM_SHA256 = 0x01, 01090 TLS_AES_256_GCM_SHA384 = 0x02, 01091 TLS_CHACHA20_POLY1305_SHA256 = 0x03, 01092 TLS_AES_128_CCM_SHA256 = 0x04, 01093 TLS_AES_128_CCM_8_SHA256 = 0x05, 01094 01095 /* TLS v1.3 Integity only cipher suites - 0xC0 (ECC) first byte */ 01096 TLS_SHA256_SHA256 = 0xB4, 01097 TLS_SHA384_SHA384 = 0xB5, 01098 01099 /* Fallback SCSV (Signaling Cipher Suite Value) */ 01100 TLS_FALLBACK_SCSV = 0x56, 01101 /* Renegotiation Indication Extension Special Suite */ 01102 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff 01103 }; 01104 01105 01106 #ifndef WOLFSSL_SESSION_TIMEOUT 01107 #define WOLFSSL_SESSION_TIMEOUT 500 01108 /* default session resumption cache timeout in seconds */ 01109 #endif 01110 01111 01112 #ifndef WOLFSSL_DTLS_WINDOW_WORDS 01113 #define WOLFSSL_DTLS_WINDOW_WORDS 2 01114 #endif /* WOLFSSL_DTLS_WINDOW_WORDS */ 01115 #define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT) 01116 #define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS) 01117 #define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS) 01118 01119 #ifndef WOLFSSL_MULTICAST 01120 #define WOLFSSL_DTLS_PEERSEQ_SZ 1 01121 #else 01122 #ifndef WOLFSSL_MULTICAST_PEERS 01123 /* max allowed multicast group peers */ 01124 #define WOLFSSL_MULTICAST_PEERS 100 01125 #endif 01126 #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS 01127 #endif /* WOLFSSL_MULTICAST */ 01128 01129 #ifndef WOLFSSL_MAX_MTU 01130 #define WOLFSSL_MAX_MTU 1500 01131 #endif /* WOLFSSL_MAX_MTU */ 01132 01133 01134 /* set minimum DH key size allowed */ 01135 #ifndef WOLFSSL_MIN_DHKEY_BITS 01136 #ifdef WOLFSSL_MAX_STRENGTH 01137 #define WOLFSSL_MIN_DHKEY_BITS 2048 01138 #else 01139 #define WOLFSSL_MIN_DHKEY_BITS 1024 01140 #endif 01141 #endif 01142 #if (WOLFSSL_MIN_DHKEY_BITS % 8) 01143 #error DH minimum bit size must be multiple of 8 01144 #endif 01145 #if (WOLFSSL_MIN_DHKEY_BITS > 16000) 01146 #error DH minimum bit size must not be greater than 16000 01147 #endif 01148 #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) 01149 /* set maximum DH key size allowed */ 01150 #ifndef WOLFSSL_MAX_DHKEY_BITS 01151 #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) 01152 #define WOLFSSL_MAX_DHKEY_BITS 8192 01153 #else 01154 #define WOLFSSL_MAX_DHKEY_BITS 4096 01155 #endif 01156 #endif 01157 #if (WOLFSSL_MAX_DHKEY_BITS % 8) 01158 #error DH maximum bit size must be multiple of 8 01159 #endif 01160 #if (WOLFSSL_MAX_DHKEY_BITS > 16000) 01161 #error DH maximum bit size must not be greater than 16000 01162 #endif 01163 #define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8) 01164 01165 #ifndef MAX_PSK_ID_LEN 01166 /* max psk identity/hint supported */ 01167 #if defined(WOLFSSL_TLS13) 01168 #define MAX_PSK_ID_LEN 256 01169 #else 01170 #define MAX_PSK_ID_LEN 128 01171 #endif 01172 #endif 01173 01174 #ifndef MAX_EARLY_DATA_SZ 01175 /* maximum early data size */ 01176 #define MAX_EARLY_DATA_SZ 4096 01177 #endif 01178 01179 enum Misc { 01180 CIPHER_BYTE = 0x00, /* Default ciphers */ 01181 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ 01182 QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */ 01183 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ 01184 TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */ 01185 01186 SEND_CERT = 1, 01187 SEND_BLANK_CERT = 2, 01188 01189 DTLS_MAJOR = 0xfe, /* DTLS major version number */ 01190 DTLS_MINOR = 0xff, /* DTLS minor version number */ 01191 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ 01192 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ 01193 SSLv3_MINOR = 0, /* TLSv1 minor version number */ 01194 TLSv1_MINOR = 1, /* TLSv1 minor version number */ 01195 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ 01196 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ 01197 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ 01198 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ 01199 #ifdef WOLFSSL_TLS13_DRAFT 01200 #ifdef WOLFSSL_TLS13_DRAFT_18 01201 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ 01202 #elif defined(WOLFSSL_TLS13_DRAFT_22) 01203 TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */ 01204 #elif defined(WOLFSSL_TLS13_DRAFT_23) 01205 TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */ 01206 #elif defined(WOLFSSL_TLS13_DRAFT_26) 01207 TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */ 01208 #else 01209 TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */ 01210 #endif 01211 #endif 01212 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ 01213 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ 01214 NO_COMPRESSION = 0, 01215 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ 01216 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ 01217 HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ 01218 SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, 01219 /* pre RSA and all master */ 01220 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ 01221 (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192) 01222 #ifndef NO_PSK 01223 ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */ 01224 #else 01225 ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ 01226 #endif 01227 #else 01228 #ifndef NO_PSK 01229 ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */ 01230 #else 01231 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ 01232 #endif 01233 #endif 01234 SIZEOF_SENDER = 4, /* clnt or srvr */ 01235 FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ 01236 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ 01237 MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */ 01238 MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */ 01239 #ifdef WOLFSSL_TLS13 01240 MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */ 01241 MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */ 01242 #endif 01243 MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE, 01244 /* max added to msg, mac + pad from */ 01245 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max 01246 digest sz + BLOC_SZ (iv) + pad byte (1) */ 01247 MAX_COMP_EXTRA = 1024, /* max compression extra */ 01248 MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */ 01249 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ 01250 MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */ 01251 /* 4096 p, pub, g + 2 byte size for each */ 01252 MAX_STR_VERSION = 8, /* string rep of protocol version */ 01253 01254 PAD_MD5 = 48, /* pad length for finished */ 01255 PAD_SHA = 40, /* pad length for finished */ 01256 MAX_PAD_SIZE = 256, /* maximum length of padding */ 01257 01258 LENGTH_SZ = 2, /* length field for HMAC, data only */ 01259 VERSION_SZ = 2, /* length of proctocol version */ 01260 SEQ_SZ = 8, /* 64 bit sequence number */ 01261 ALERT_SIZE = 2, /* level + description */ 01262 VERIFY_HEADER = 2, /* always use 2 bytes */ 01263 EXTS_SZ = 2, /* always use 2 bytes */ 01264 EXT_ID_SZ = 2, /* always use 2 bytes */ 01265 MAX_DH_SIZE = MAX_DHKEY_SZ+1, 01266 /* Max size plus possible leading 0 */ 01267 NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */ 01268 MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */ 01269 MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */ 01270 SESSION_HINT_SZ = 4, /* session timeout hint */ 01271 SESSION_ADD_SZ = 4, /* session age add */ 01272 TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */ 01273 DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */ 01274 MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */ 01275 MAX_LIFETIME = 604800, /* maximum ticket lifetime */ 01276 01277 RAN_LEN = 32, /* random length */ 01278 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ 01279 ID_LEN = 32, /* session id length */ 01280 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */ 01281 MAX_COOKIE_LEN = 32, /* max dtls cookie size */ 01282 COOKIE_SZ = 20, /* use a 20 byte cookie */ 01283 SUITE_LEN = 2, /* cipher suite sz length */ 01284 ENUM_LEN = 1, /* always a byte */ 01285 OPAQUE8_LEN = 1, /* 1 byte */ 01286 OPAQUE16_LEN = 2, /* 2 bytes */ 01287 OPAQUE24_LEN = 3, /* 3 bytes */ 01288 OPAQUE32_LEN = 4, /* 4 bytes */ 01289 OPAQUE64_LEN = 8, /* 8 bytes */ 01290 COMP_LEN = 1, /* compression length */ 01291 CURVE_LEN = 2, /* ecc named curve length */ 01292 KE_GROUP_LEN = 2, /* key exchange group length */ 01293 SERVER_ID_LEN = 20, /* server session id length */ 01294 01295 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ 01296 RECORD_HEADER_SZ = 5, /* type + version + len(2) */ 01297 CERT_HEADER_SZ = 3, /* always 3 bytes */ 01298 REQ_HEADER_SZ = 2, /* cert request header sz */ 01299 HINT_LEN_SZ = 2, /* length of hint size field */ 01300 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ 01301 HELLO_EXT_SZ = 4, /* base length of a hello extension */ 01302 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ 01303 HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */ 01304 HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */ 01305 01306 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ 01307 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ 01308 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ 01309 DTLS_RECORD_EXTRA = 8, /* diff from normal */ 01310 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ 01311 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ 01312 DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */ 01313 DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ 01314 DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */ 01315 DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */ 01316 DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */ 01317 DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ 01318 DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */ 01319 DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), 01320 /* max amount of bytes used from Keys */ 01321 DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2), 01322 /* min amount of bytes used from Keys */ 01323 DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ 01324 DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ 01325 DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ 01326 MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ 01327 MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN), 01328 /* max size of buffer for exporting state */ 01329 FINISHED_LABEL_SZ = 15, /* TLS finished label size */ 01330 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ 01331 EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */ 01332 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ 01333 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ 01334 PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */ 01335 MAX_LABEL_SZ = 34, /* Maximum length of a label */ 01336 MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + 01337 OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ + 01338 OPAQUE8_LEN + WC_MAX_DIGEST_SIZE, 01339 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ 01340 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ 01341 TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ 01342 01343 #if defined(HAVE_FIPS) && \ 01344 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) 01345 MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, 01346 #else 01347 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, 01348 #endif 01349 01350 #ifdef HAVE_SELFTEST 01351 #ifndef WOLFSSL_AES_KEY_SIZE_ENUM 01352 #define WOLFSSL_AES_KEY_SIZE_ENUM 01353 AES_IV_SIZE = 16, 01354 AES_128_KEY_SIZE = 16, 01355 AES_192_KEY_SIZE = 24, 01356 AES_256_KEY_SIZE = 32, 01357 #endif 01358 #endif 01359 01360 MAX_IV_SZ = AES_BLOCK_SIZE, 01361 01362 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ 01363 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ 01364 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ 01365 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ 01366 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ 01367 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ 01368 AEAD_NONCE_SZ = 12, 01369 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ 01370 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ 01371 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, 01372 01373 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ 01374 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ 01375 CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ 01376 01377 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ 01378 01379 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ 01380 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ 01381 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ 01382 AESCCM_NONCE_SZ = 12, 01383 01384 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ 01385 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ 01386 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ 01387 CAMELLIA_IV_SIZE = 16, /* always block size */ 01388 01389 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ 01390 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ 01391 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */ 01392 01393 POLY1305_AUTH_SZ = 16, /* 128 bits */ 01394 01395 HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */ 01396 01397 HC_128_KEY_SIZE = 16, /* 128 bits */ 01398 HC_128_IV_SIZE = 16, /* also 128 bits */ 01399 01400 RABBIT_KEY_SIZE = 16, /* 128 bits */ 01401 RABBIT_IV_SIZE = 8, /* 64 bits for iv */ 01402 01403 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ 01404 01405 #ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */ 01406 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ 01407 #endif 01408 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ 01409 MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */ 01410 01411 NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ 01412 ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ 01413 ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ 01414 ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ 01415 ED448_SA_MINOR = 8, /* Least significant byte for ED448 */ 01416 01417 MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ 01418 MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ 01419 01420 #ifndef NO_RSA 01421 MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */ 01422 #elif defined(HAVE_ECC) 01423 MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */ 01424 #elif defined(HAVE_ED448) 01425 MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */ 01426 #elif defined(HAVE_ED25519) 01427 MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */ 01428 #else 01429 MAX_CERT_VERIFY_SZ = 1024, /* max default */ 01430 #endif 01431 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ 01432 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ 01433 01434 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ 01435 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ 01436 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ 01437 01438 NULL_TERM_LEN = 1, /* length of null '\0' termination character */ 01439 MAX_PSK_KEY_LEN = 64, /* max psk key supported */ 01440 MIN_PSK_ID_LEN = 6, /* min length of identities */ 01441 MIN_PSK_BINDERS_LEN= 33, /* min length of binders */ 01442 MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */ 01443 01444 #ifndef MAX_WOLFSSL_FILE_SIZE 01445 MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */ 01446 #endif 01447 01448 MAX_X509_SIZE = 2048, /* max static x509 buffer size */ 01449 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ 01450 01451 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ 01452 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ 01453 MAX_NTRU_BITS = 256, /* max symmetric bit strength */ 01454 NO_SNIFF = 0, /* not sniffing */ 01455 SNIFF = 1, /* currently sniffing */ 01456 01457 HASH_SIG_SIZE = 2, /* default SHA1 RSA */ 01458 01459 NO_COPY = 0, /* should we copy static buffer for write */ 01460 COPY = 1, /* should we copy static buffer for write */ 01461 01462 INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */ 01463 01464 PREV_ORDER = -1, /* Sequence number is in previous epoch. */ 01465 PEER_ORDER = 1, /* Peer sequence number for verify. */ 01466 CUR_ORDER = 0, /* Current sequence number. */ 01467 WRITE_PROTO = 1, /* writing a protocol message */ 01468 READ_PROTO = 0 /* reading a protocol message */ 01469 }; 01470 01471 /* minimum Downgrade Minor version */ 01472 #ifndef WOLFSSL_MIN_DOWNGRADE 01473 #ifndef NO_OLD_TLS 01474 #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR 01475 #else 01476 #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR 01477 #endif 01478 #endif 01479 01480 /* Set max implicit IV size for AEAD cipher suites */ 01481 #define AEAD_MAX_IMP_SZ 12 01482 01483 /* Set max explicit IV size for AEAD cipher suites */ 01484 #define AEAD_MAX_EXP_SZ 8 01485 01486 01487 #ifndef WOLFSSL_MAX_SUITE_SZ 01488 #define WOLFSSL_MAX_SUITE_SZ 300 01489 /* 150 suites for now! */ 01490 #endif 01491 01492 /* number of items in the signature algo list */ 01493 #ifndef WOLFSSL_MAX_SIGALGO 01494 #define WOLFSSL_MAX_SIGALGO 32 01495 #endif 01496 01497 01498 /* set minimum ECC key size allowed */ 01499 #ifndef WOLFSSL_MIN_ECC_BITS 01500 #ifdef WOLFSSL_MAX_STRENGTH 01501 #define WOLFSSL_MIN_ECC_BITS 256 01502 #else 01503 #define WOLFSSL_MIN_ECC_BITS 224 01504 #endif 01505 #endif /* WOLFSSL_MIN_ECC_BITS */ 01506 #if (WOLFSSL_MIN_ECC_BITS % 8) 01507 /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1. 01508 In these cases round down to the nearest value divisible by 8. The 01509 restriction of being divisible by 8 is in place to match wc_ecc_size 01510 function from wolfSSL. 01511 */ 01512 #error ECC minimum bit size must be a multiple of 8 01513 #endif 01514 #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) 01515 01516 /* set minimum RSA key size allowed */ 01517 #ifndef WOLFSSL_MIN_RSA_BITS 01518 #ifdef WOLFSSL_MAX_STRENGTH 01519 #define WOLFSSL_MIN_RSA_BITS 2048 01520 #else 01521 #define WOLFSSL_MIN_RSA_BITS 1024 01522 #endif 01523 #endif /* WOLFSSL_MIN_RSA_BITS */ 01524 #if (WOLFSSL_MIN_RSA_BITS % 8) 01525 /* This is to account for the example case of a min size of 2050 bits but 01526 still allows 2049 bit key. So we need the measurement to be in bytes. */ 01527 #error RSA minimum bit size must be a multiple of 8 01528 #endif 01529 #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8) 01530 01531 #ifdef SESSION_INDEX 01532 /* Shift values for making a session index */ 01533 #define SESSIDX_ROW_SHIFT 4 01534 #define SESSIDX_IDX_MASK 0x0F 01535 #endif 01536 01537 01538 /* max cert chain peer depth */ 01539 #ifndef MAX_CHAIN_DEPTH 01540 #define MAX_CHAIN_DEPTH 9 01541 #endif 01542 01543 /* max size of a certificate message payload */ 01544 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ 01545 #ifndef MAX_CERTIFICATE_SZ 01546 #define MAX_CERTIFICATE_SZ \ 01547 CERT_HEADER_SZ + \ 01548 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH 01549 #endif 01550 01551 /* max size of a handshake message, currently set to the certificate */ 01552 #ifndef MAX_HANDSHAKE_SZ 01553 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ 01554 #endif 01555 01556 #ifndef SESSION_TICKET_LEN 01557 #define SESSION_TICKET_LEN 256 01558 #endif 01559 01560 #ifndef SESSION_TICKET_HINT_DEFAULT 01561 #define SESSION_TICKET_HINT_DEFAULT 300 01562 #endif 01563 01564 01565 /* don't use extra 3/4k stack space unless need to */ 01566 #ifdef HAVE_NTRU 01567 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ 01568 #else 01569 #define MAX_ENCRYPT_SZ ENCRYPT_LEN 01570 #endif 01571 01572 01573 /* states */ 01574 enum states { 01575 NULL_STATE = 0, 01576 01577 SERVER_HELLOVERIFYREQUEST_COMPLETE, 01578 SERVER_HELLO_RETRY_REQUEST_COMPLETE, 01579 SERVER_HELLO_COMPLETE, 01580 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, 01581 SERVER_CERT_COMPLETE, 01582 SERVER_KEYEXCHANGE_COMPLETE, 01583 SERVER_HELLODONE_COMPLETE, 01584 SERVER_CHANGECIPHERSPEC_COMPLETE, 01585 SERVER_FINISHED_COMPLETE, 01586 01587 CLIENT_HELLO_RETRY, 01588 CLIENT_HELLO_COMPLETE, 01589 CLIENT_KEYEXCHANGE_COMPLETE, 01590 CLIENT_CHANGECIPHERSPEC_COMPLETE, 01591 CLIENT_FINISHED_COMPLETE, 01592 01593 HANDSHAKE_DONE 01594 }; 01595 01596 /* SSL Version */ 01597 typedef struct ProtocolVersion { 01598 byte major; 01599 byte minor; 01600 } WOLFSSL_PACK ProtocolVersion; 01601 01602 01603 WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); 01604 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); 01605 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); 01606 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); 01607 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); 01608 01609 #ifdef WOLFSSL_DTLS 01610 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); 01611 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); 01612 01613 #ifdef WOLFSSL_SESSION_EXPORT 01614 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, 01615 word32 sz); 01616 WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, 01617 word32 sz); 01618 WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, 01619 byte* buf, word32 sz); 01620 WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, 01621 byte* buf, word32 sz); 01622 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); 01623 #endif 01624 #endif 01625 01626 01627 /* wolfSSL method type */ 01628 struct WOLFSSL_METHOD { 01629 ProtocolVersion version; 01630 byte side; /* connection side, server or client */ 01631 byte downgrade; /* whether to downgrade version, default no */ 01632 }; 01633 01634 /* wolfSSL buffer type - internal uses "buffer" type */ 01635 typedef WOLFSSL_BUFFER_INFO buffer; 01636 01637 typedef struct Suites Suites; 01638 01639 01640 /* defaults to client */ 01641 WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); 01642 01643 WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl); 01644 WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side); 01645 01646 /* for sniffer */ 01647 WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 01648 word32 size, word32 totalSz, int sniff); 01649 WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); 01650 /* TLS v1.3 needs these */ 01651 WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, 01652 Suites* clSuites); 01653 #ifdef WOLFSSL_TLS13 01654 WOLFSSL_LOCAL int FindSuite(Suites* suites, byte first, byte second); 01655 #endif 01656 WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, 01657 word32); 01658 #ifdef WOLFSSL_TLS13 01659 WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, 01660 word32* inOutIdx, word32 helloSz); 01661 #endif 01662 WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, 01663 word32); 01664 WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); 01665 WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); 01666 WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, 01667 word32 hashSigAlgoSz); 01668 WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); 01669 #ifdef HAVE_PK_CALLBACKS 01670 WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); 01671 #ifndef NO_ASN 01672 WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); 01673 #endif 01674 #endif 01675 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); 01676 WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); 01677 WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); 01678 WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); 01679 #ifndef NO_CERTS 01680 WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); 01681 #ifdef OPENSSL_EXTRA 01682 WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc); 01683 #endif 01684 #endif 01685 WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); 01686 WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); 01687 WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, 01688 int ivSz); 01689 WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); 01690 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 01691 WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); 01692 #endif 01693 #ifdef WOLFSSL_TLS13 01694 WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, 01695 word16 sz, const byte* aad, word16 aadSz); 01696 WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, 01697 word32* inOutIdx, byte type, 01698 word32 size, word32 totalSz); 01699 WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, 01700 word32* inOutIdx, word32 totalSz); 01701 WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, 01702 word32* inOutIdx, word32 helloSz, 01703 byte* extMsgType); 01704 #endif 01705 int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, 01706 int pLen, int content); 01707 01708 01709 enum { 01710 FORCED_FREE = 1, 01711 NO_FORCED_FREE = 0 01712 }; 01713 01714 01715 /* only use compression extra if using compression */ 01716 #ifdef HAVE_LIBZ 01717 #define COMP_EXTRA MAX_COMP_EXTRA 01718 #else 01719 #define COMP_EXTRA 0 01720 #endif 01721 01722 /* only the sniffer needs space in the buffer for extra MTU record(s) */ 01723 #ifdef WOLFSSL_SNIFFER 01724 #define MTU_EXTRA MAX_MTU * 3 01725 #else 01726 #define MTU_EXTRA 0 01727 #endif 01728 01729 01730 /* embedded callbacks require large static buffers, make sure on */ 01731 #ifdef WOLFSSL_CALLBACKS 01732 #undef LARGE_STATIC_BUFFERS 01733 #define LARGE_STATIC_BUFFERS 01734 #endif 01735 01736 01737 /* give user option to use 16K static buffers */ 01738 #if defined(LARGE_STATIC_BUFFERS) 01739 #define RECORD_SIZE MAX_RECORD_SIZE 01740 #else 01741 #ifdef WOLFSSL_DTLS 01742 #define RECORD_SIZE MAX_MTU 01743 #else 01744 #define RECORD_SIZE 128 01745 #endif 01746 #endif 01747 01748 01749 /* user option to turn off 16K output option */ 01750 /* if using small static buffers (default) and SSL_write tries to write data 01751 larger than the record we have, dynamically get it, unless user says only 01752 write in static buffer chunks */ 01753 #ifndef STATIC_CHUNKS_ONLY 01754 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE 01755 #else 01756 #define OUTPUT_RECORD_SIZE RECORD_SIZE 01757 #endif 01758 01759 /* wolfSSL input buffer 01760 01761 RFC 2246: 01762 01763 length 01764 The length (in bytes) of the following TLSPlaintext.fragment. 01765 The length should not exceed 2^14. 01766 */ 01767 #if defined(LARGE_STATIC_BUFFERS) 01768 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ 01769 MTU_EXTRA + MAX_MSG_EXTRA 01770 #else 01771 /* don't fragment memory from the record header */ 01772 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ 01773 #endif 01774 01775 typedef struct { 01776 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; 01777 byte* buffer; /* place holder for static or dynamic buffer */ 01778 word32 length; /* total buffer length used */ 01779 word32 idx; /* idx to part of length already consumed */ 01780 word32 bufferSize; /* current buffer size */ 01781 byte dynamicFlag; /* dynamic memory currently in use */ 01782 byte offset; /* alignment offset attempt */ 01783 } bufferStatic; 01784 01785 /* Cipher Suites holder */ 01786 struct Suites { 01787 word16 suiteSz; /* suite length in bytes */ 01788 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ 01789 byte suites[WOLFSSL_MAX_SUITE_SZ]; 01790 byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */ 01791 byte setSuites; /* user set suites from default */ 01792 byte hashAlgo; /* selected hash algorithm */ 01793 byte sigAlgo; /* selected sig algorithm */ 01794 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 01795 WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */ 01796 #endif 01797 }; 01798 01799 01800 WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, 01801 int haveRSAsig, int haveAnon, 01802 int tls1_2, int keySz); 01803 WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16, 01804 word16, word16, word16, word16, word16, int); 01805 WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); 01806 WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); 01807 01808 #ifndef PSK_TYPES_DEFINED 01809 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, 01810 unsigned int, unsigned char*, unsigned int); 01811 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, 01812 unsigned char*, unsigned int); 01813 #ifdef WOLFSSL_TLS13 01814 typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*, 01815 char*, unsigned int, unsigned char*, unsigned int, 01816 const char**); 01817 typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*, 01818 unsigned char*, unsigned int, const char**); 01819 #endif 01820 #endif /* PSK_TYPES_DEFINED */ 01821 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ 01822 !defined(WOLFSSL_DTLS_EXPORT_TYPES) 01823 typedef int (*wc_dtls_export)(WOLFSSL* ssl, 01824 unsigned char* exportBuffer, unsigned int sz, void* userCtx); 01825 #define WOLFSSL_DTLS_EXPORT_TYPES 01826 #endif /* WOLFSSL_DTLS_EXPORT_TYPES */ 01827 01828 01829 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 01830 #define MAX_DESCRIPTION_SZ 255 01831 #endif 01832 /* wolfSSL Cipher type just points back to SSL */ 01833 struct WOLFSSL_CIPHER { 01834 byte cipherSuite0; 01835 byte cipherSuite; 01836 WOLFSSL* ssl; 01837 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 01838 char description[MAX_DESCRIPTION_SZ]; 01839 unsigned long offset; 01840 unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */ 01841 int bits; 01842 #endif 01843 }; 01844 01845 01846 #ifdef NO_ASN 01847 /* no_asn won't have */ 01848 typedef struct CertStatus CertStatus; 01849 #endif 01850 01851 #ifndef HAVE_OCSP 01852 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; 01853 #endif 01854 01855 /* wolfSSL OCSP controller */ 01856 #ifdef HAVE_OCSP 01857 struct WOLFSSL_OCSP { 01858 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 01859 OcspEntry* ocspList; /* OCSP response list */ 01860 wolfSSL_Mutex ocspLock; /* OCSP list lock */ 01861 int error; 01862 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ 01863 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 01864 int(*statusCb)(WOLFSSL*, void*); 01865 #endif 01866 }; 01867 #endif 01868 01869 #ifndef MAX_DATE_SIZE 01870 #define MAX_DATE_SIZE 32 01871 #endif 01872 01873 typedef struct CRL_Entry CRL_Entry; 01874 01875 #ifdef NO_SHA 01876 #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE 01877 #else 01878 #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE 01879 #endif 01880 01881 #ifdef NO_ASN 01882 typedef struct RevokedCert RevokedCert; 01883 #endif 01884 01885 /* Complete CRL */ 01886 struct CRL_Entry { 01887 CRL_Entry* next; /* next entry */ 01888 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ 01889 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ 01890 /* restore the hash here if needed for optimized comparisons */ 01891 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 01892 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 01893 byte lastDateFormat; /* last date format */ 01894 byte nextDateFormat; /* next date format */ 01895 RevokedCert* certs; /* revoked cert list */ 01896 int totalCerts; /* number on list */ 01897 int verified; 01898 byte* toBeSigned; 01899 word32 tbsSz; 01900 byte* signature; 01901 word32 signatureSz; 01902 word32 signatureOID; 01903 #if !defined(NO_SKID) && !defined(NO_ASN) 01904 byte extAuthKeyIdSet; 01905 byte extAuthKeyId[KEYID_SIZE]; 01906 #endif 01907 }; 01908 01909 01910 typedef struct CRL_Monitor CRL_Monitor; 01911 01912 /* CRL directory monitor */ 01913 struct CRL_Monitor { 01914 char* path; /* full dir path, if valid pointer we're using */ 01915 int type; /* PEM or ASN1 type */ 01916 }; 01917 01918 01919 #if defined(HAVE_CRL) && defined(NO_FILESYSTEM) 01920 #undef HAVE_CRL_MONITOR 01921 #endif 01922 01923 /* wolfSSL CRL controller */ 01924 struct WOLFSSL_CRL { 01925 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 01926 CRL_Entry* crlList; /* our CRL list */ 01927 #ifdef HAVE_CRL_IO 01928 CbCrlIO crlIOCb; 01929 #endif 01930 wolfSSL_Mutex crlLock; /* CRL list lock */ 01931 CRL_Monitor monitors[2]; /* PEM and DER possible */ 01932 #ifdef HAVE_CRL_MONITOR 01933 pthread_cond_t cond; /* condition to signal setup */ 01934 pthread_t tid; /* monitoring thread */ 01935 int mfd; /* monitor fd, -1 if no init yet */ 01936 int setup; /* thread is setup predicate */ 01937 #endif 01938 void* heap; /* heap hint for dynamic memory */ 01939 }; 01940 01941 01942 #ifdef NO_ASN 01943 typedef struct Signer Signer; 01944 #ifdef WOLFSSL_TRUST_PEER_CERT 01945 typedef struct TrustedPeerCert TrustedPeerCert; 01946 #endif 01947 #endif 01948 01949 01950 #ifndef CA_TABLE_SIZE 01951 #define CA_TABLE_SIZE 11 01952 #endif 01953 #ifdef WOLFSSL_TRUST_PEER_CERT 01954 #define TP_TABLE_SIZE 11 01955 #endif 01956 01957 /* wolfSSL Certificate Manager */ 01958 struct WOLFSSL_CERT_MANAGER { 01959 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ 01960 void* heap; /* heap helper */ 01961 #ifdef WOLFSSL_TRUST_PEER_CERT 01962 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */ 01963 wolfSSL_Mutex tpLock; /* trusted peer list lock */ 01964 #endif 01965 WOLFSSL_CRL* crl; /* CRL checker */ 01966 WOLFSSL_OCSP* ocsp; /* OCSP checker */ 01967 #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 01968 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) 01969 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ 01970 #endif 01971 char* ocspOverrideURL; /* use this responder */ 01972 void* ocspIOCtx; /* I/O callback CTX */ 01973 #ifndef NO_WOLFSSL_CM_VERIFY 01974 VerifyCallback verifyCallback; /* Verify callback */ 01975 #endif 01976 CallbackCACache caCacheCallback; /* CA cache addition callback */ 01977 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ 01978 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ 01979 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ 01980 wolfSSL_Mutex caLock; /* CA list lock */ 01981 byte crlEnabled; /* is CRL on ? */ 01982 byte crlCheckAll; /* always leaf, but all ? */ 01983 byte ocspEnabled; /* is OCSP on ? */ 01984 byte ocspCheckAll; /* always leaf, but all ? */ 01985 byte ocspSendNonce; /* send the OCSP nonce ? */ 01986 byte ocspUseOverrideURL; /* ignore cert's responder, override */ 01987 byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ 01988 01989 #ifndef NO_RSA 01990 short minRsaKeySz; /* minimum allowed RSA key size */ 01991 #endif 01992 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 01993 short minEccKeySz; /* minimum allowed ECC key size */ 01994 #endif 01995 }; 01996 01997 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); 01998 WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); 01999 WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); 02000 WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); 02001 WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); 02002 WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff, 02003 long sz, int format, int err_val); 02004 02005 02006 #ifndef NO_CERTS 02007 #if !defined NOCERTS &&\ 02008 (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) 02009 typedef struct ProcPeerCertArgs { 02010 buffer* certs; 02011 #ifdef WOLFSSL_TLS13 02012 buffer* exts; /* extensions */ 02013 #endif 02014 DecodedCert* dCert; 02015 word32 idx; 02016 word32 begin; 02017 int totalCerts; /* number of certs in certs buffer */ 02018 int count; 02019 int certIdx; 02020 int lastErr; 02021 #ifdef WOLFSSL_TLS13 02022 byte ctxSz; 02023 #endif 02024 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 02025 char untrustedDepth; 02026 #endif 02027 word16 fatal:1; 02028 word16 verifyErr:1; 02029 word16 dCertInit:1; 02030 #ifdef WOLFSSL_TRUST_PEER_CERT 02031 word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */ 02032 #endif 02033 } ProcPeerCertArgs; 02034 WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, 02035 int ret, ProcPeerCertArgs* args); 02036 #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ 02037 #endif /* !defined NO_CERTS */ 02038 02039 /* wolfSSL Sock Addr */ 02040 struct WOLFSSL_SOCKADDR { 02041 unsigned int sz; /* sockaddr size */ 02042 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ 02043 }; 02044 02045 typedef struct WOLFSSL_DTLS_CTX { 02046 WOLFSSL_SOCKADDR peer; 02047 int rfd; 02048 int wfd; 02049 } WOLFSSL_DTLS_CTX; 02050 02051 02052 typedef struct WOLFSSL_DTLS_PEERSEQ { 02053 word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; 02054 /* Sliding window for current epoch */ 02055 word16 nextEpoch; /* Expected epoch in next record */ 02056 word16 nextSeq_hi; /* Expected sequence in next record */ 02057 word32 nextSeq_lo; 02058 02059 word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS]; 02060 /* Sliding window for old epoch */ 02061 word32 prevSeq_lo; 02062 word16 prevSeq_hi; /* Next sequence in allowed old epoch */ 02063 02064 #ifdef WOLFSSL_MULTICAST 02065 word16 peerId; 02066 word32 highwaterMark; 02067 #endif 02068 } WOLFSSL_DTLS_PEERSEQ; 02069 02070 02071 #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ 02072 02073 /* keys and secrets 02074 * keep as a constant size (no additional ifdefs) for session export */ 02075 typedef struct Keys { 02076 #if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13) 02077 byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */ 02078 byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE]; 02079 #endif 02080 byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */ 02081 byte server_write_key[MAX_SYM_KEY_SIZE]; 02082 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ 02083 byte server_write_IV[MAX_WRITE_IV_SZ]; 02084 #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT) 02085 byte aead_exp_IV[AEAD_MAX_EXP_SZ]; 02086 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; 02087 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; 02088 #endif 02089 02090 word32 peer_sequence_number_hi; 02091 word32 peer_sequence_number_lo; 02092 word32 sequence_number_hi; 02093 word32 sequence_number_lo; 02094 02095 #ifdef WOLFSSL_DTLS 02096 word16 curEpoch; /* Received epoch in current record */ 02097 word16 curSeq_hi; /* Received sequence in current record */ 02098 word32 curSeq_lo; 02099 #ifdef WOLFSSL_MULTICAST 02100 byte curPeerId; /* Received peer group ID in current record */ 02101 #endif 02102 WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ]; 02103 02104 word16 dtls_peer_handshake_number; 02105 word16 dtls_expected_peer_handshake_number; 02106 02107 word16 dtls_epoch; /* Current epoch */ 02108 word16 dtls_sequence_number_hi; /* Current epoch */ 02109 word32 dtls_sequence_number_lo; 02110 word16 dtls_prev_sequence_number_hi; /* Previous epoch */ 02111 word32 dtls_prev_sequence_number_lo; 02112 word16 dtls_handshake_number; /* Current tx handshake seq */ 02113 #endif 02114 02115 word32 encryptSz; /* last size of encrypted data */ 02116 word32 padSz; /* how much to advance after decrypt part */ 02117 byte encryptionOn; /* true after change cipher spec */ 02118 byte decryptedCur; /* only decrypt current record once */ 02119 #ifdef WOLFSSL_TLS13 02120 byte updateResponseReq:1; /* KeyUpdate response from peer required. */ 02121 byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ 02122 #endif 02123 #ifdef WOLFSSL_RENESAS_TSIP_TLS 02124 byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; 02125 byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; 02126 #endif 02127 } Keys; 02128 02129 02130 02131 /** TLS Extensions - RFC 6066 */ 02132 #ifdef HAVE_TLS_EXTENSIONS 02133 02134 typedef enum { 02135 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ 02136 TLSX_MAX_FRAGMENT_LENGTH = 0x0001, 02137 TLSX_TRUSTED_CA_KEYS = 0x0003, 02138 TLSX_TRUNCATED_HMAC = 0x0004, 02139 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ 02140 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ 02141 TLSX_EC_POINT_FORMATS = 0x000b, 02142 #if !defined(WOLFSSL_NO_SIGALG) 02143 TLSX_SIGNATURE_ALGORITHMS = 0x000d, 02144 #endif 02145 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ 02146 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ 02147 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) 02148 TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ 02149 #endif 02150 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ 02151 TLSX_SESSION_TICKET = 0x0023, 02152 #ifdef WOLFSSL_TLS13 02153 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 02154 TLSX_PRE_SHARED_KEY = 0x0029, 02155 #endif 02156 #ifdef WOLFSSL_EARLY_DATA 02157 TLSX_EARLY_DATA = 0x002a, 02158 #endif 02159 TLSX_SUPPORTED_VERSIONS = 0x002b, 02160 TLSX_COOKIE = 0x002c, 02161 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 02162 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, 02163 #endif 02164 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH 02165 TLSX_POST_HANDSHAKE_AUTH = 0x0031, 02166 #endif 02167 #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22) 02168 TLSX_KEY_SHARE = 0x0028, 02169 #else 02170 TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, 02171 TLSX_KEY_SHARE = 0x0033, 02172 #endif 02173 #endif 02174 TLSX_RENEGOTIATION_INFO = 0xff01 02175 } TLSX_Type; 02176 02177 typedef struct TLSX { 02178 TLSX_Type type; /* Extension Type */ 02179 void* data; /* Extension Data */ 02180 word32 val; /* Extension Value */ 02181 byte resp; /* IsResponse Flag */ 02182 struct TLSX* next; /* List Behavior */ 02183 } TLSX; 02184 02185 WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); 02186 WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap); 02187 WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); 02188 WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); 02189 WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); 02190 02191 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) 02192 WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, 02193 word16* pLength); 02194 WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, 02195 byte msgType, word16* pOffset); 02196 #endif 02197 02198 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) 02199 /* TLS 1.3 Certificate messages have extensions. */ 02200 WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, 02201 word16* pLength); 02202 WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, 02203 word16* pOffset); 02204 #endif 02205 02206 WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length, 02207 byte msgType, int* found); 02208 WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, 02209 byte msgType, Suites *suites); 02210 02211 #elif defined(HAVE_SNI) \ 02212 || defined(HAVE_MAX_FRAGMENT) \ 02213 || defined(HAVE_TRUSTED_CA) \ 02214 || defined(HAVE_TRUNCATED_HMAC) \ 02215 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 02216 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ 02217 || defined(HAVE_SUPPORTED_CURVES) \ 02218 || defined(HAVE_ALPN) \ 02219 || defined(HAVE_QSH) \ 02220 || defined(HAVE_SESSION_TICKET) \ 02221 || defined(HAVE_SECURE_RENEGOTIATION) \ 02222 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 02223 02224 #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. 02225 02226 #endif /* HAVE_TLS_EXTENSIONS */ 02227 02228 /** Server Name Indication - RFC 6066 (session 3) */ 02229 #ifdef HAVE_SNI 02230 02231 typedef struct SNI { 02232 byte type; /* SNI Type */ 02233 union { char* host_name; } data; /* SNI Data */ 02234 struct SNI* next; /* List Behavior */ 02235 byte status; /* Matching result */ 02236 #ifndef NO_WOLFSSL_SERVER 02237 byte options; /* Behavior options */ 02238 #endif 02239 } SNI; 02240 02241 WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, 02242 word16 size, void* heap); 02243 WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); 02244 WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, 02245 void** data); 02246 02247 #ifndef NO_WOLFSSL_SERVER 02248 WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, 02249 byte options); 02250 WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, 02251 byte type, byte* sni, word32* inOutSz); 02252 #endif 02253 02254 #endif /* HAVE_SNI */ 02255 02256 /* Trusted CA Key Indication - RFC 6066 (section 6) */ 02257 #ifdef HAVE_TRUSTED_CA 02258 02259 typedef struct TCA { 02260 byte type; /* TCA Type */ 02261 byte* id; /* TCA identifier */ 02262 word16 idSz; /* TCA identifier size */ 02263 struct TCA* next; /* List Behavior */ 02264 } TCA; 02265 02266 WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type, 02267 const byte* id, word16 idSz, void* heap); 02268 02269 #endif /* HAVE_TRUSTED_CA */ 02270 02271 /* Application-Layer Protocol Negotiation - RFC 7301 */ 02272 #ifdef HAVE_ALPN 02273 typedef struct ALPN { 02274 char* protocol_name; /* ALPN protocol name */ 02275 struct ALPN* next; /* List Behavior */ 02276 byte options; /* Behavior options */ 02277 byte negotiated; /* ALPN protocol negotiated or not */ 02278 } ALPN; 02279 02280 WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, 02281 void** data, word16 *dataSz); 02282 02283 WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, 02284 word16 size, byte options, void* heap); 02285 02286 WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); 02287 02288 #endif /* HAVE_ALPN */ 02289 02290 /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */ 02291 #ifdef HAVE_MAX_FRAGMENT 02292 02293 WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap); 02294 02295 #endif /* HAVE_MAX_FRAGMENT */ 02296 02297 /** Truncated HMAC - RFC 6066 (session 7) */ 02298 #ifdef HAVE_TRUNCATED_HMAC 02299 02300 WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap); 02301 02302 #endif /* HAVE_TRUNCATED_HMAC */ 02303 02304 /** Certificate Status Request - RFC 6066 (session 8) */ 02305 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 02306 02307 typedef struct { 02308 byte status_type; 02309 byte options; 02310 WOLFSSL* ssl; 02311 union { 02312 OcspRequest ocsp; 02313 } request; 02314 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) 02315 buffer response; 02316 #endif 02317 } CertificateStatusRequest; 02318 02319 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, 02320 byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId); 02321 #ifndef NO_CERTS 02322 WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, 02323 void* heap); 02324 #endif 02325 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); 02326 WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); 02327 02328 #endif 02329 02330 /** Certificate Status Request v2 - RFC 6961 */ 02331 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 02332 02333 typedef struct CSRIv2 { 02334 byte status_type; 02335 byte options; 02336 word16 requests; 02337 union { 02338 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; 02339 } request; 02340 struct CSRIv2* next; 02341 } CertificateStatusRequestItemV2; 02342 02343 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, 02344 byte status_type, byte options, void* heap, int devId); 02345 #ifndef NO_CERTS 02346 WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, 02347 byte isPeer, void* heap); 02348 #endif 02349 WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, 02350 byte index); 02351 WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); 02352 02353 #endif 02354 02355 /** Supported Elliptic Curves - RFC 4492 (session 4) */ 02356 #ifdef HAVE_SUPPORTED_CURVES 02357 02358 typedef struct SupportedCurve { 02359 word16 name; /* Curve Names */ 02360 struct SupportedCurve* next; /* List Behavior */ 02361 } SupportedCurve; 02362 02363 typedef struct PointFormat { 02364 byte format; /* PointFormat */ 02365 struct PointFormat* next; /* List Behavior */ 02366 } PointFormat; 02367 02368 WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, 02369 void* heap); 02370 02371 WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, 02372 void* heap); 02373 02374 #ifndef NO_WOLFSSL_SERVER 02375 WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, 02376 byte second); 02377 WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); 02378 WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl); 02379 #endif 02380 WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, 02381 int checkSupported); 02382 02383 #endif /* HAVE_SUPPORTED_CURVES */ 02384 02385 /** Renegotiation Indication - RFC 5746 */ 02386 #if defined(HAVE_SECURE_RENEGOTIATION) \ 02387 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 02388 02389 enum key_cache_state { 02390 SCR_CACHE_NULL = 0, /* empty / begin state */ 02391 SCR_CACHE_NEEDED, /* need to cache keys */ 02392 SCR_CACHE_COPY, /* we have a cached copy */ 02393 SCR_CACHE_PARTIAL, /* partial restore to real keys */ 02394 SCR_CACHE_COMPLETE /* complete restore to real keys */ 02395 }; 02396 02397 /* Additional Connection State according to rfc5746 section 3.1 */ 02398 typedef struct SecureRenegotiation { 02399 byte enabled; /* secure_renegotiation flag in rfc */ 02400 byte verifySet; 02401 byte startScr; /* server requested client to start scr */ 02402 enum key_cache_state cache_status; /* track key cache state */ 02403 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ 02404 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ 02405 byte subject_hash_set; /* if peer cert hash is set */ 02406 byte subject_hash[KEYID_SIZE]; /* peer cert hash */ 02407 Keys tmp_keys; /* can't overwrite real keys yet */ 02408 } SecureRenegotiation; 02409 02410 WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap); 02411 02412 #ifdef HAVE_SERVER_RENEGOTIATION_INFO 02413 WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap); 02414 #endif 02415 02416 #endif /* HAVE_SECURE_RENEGOTIATION */ 02417 02418 /** Session Ticket - RFC 5077 (session 3.2) */ 02419 #ifdef HAVE_SESSION_TICKET 02420 02421 typedef struct SessionTicket { 02422 word32 lifetime; 02423 #ifdef WOLFSSL_TLS13 02424 word64 seen; 02425 word32 ageAdd; 02426 #endif 02427 byte* data; 02428 word16 size; 02429 } SessionTicket; 02430 02431 WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, 02432 SessionTicket* ticket, void* heap); 02433 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, 02434 byte* data, word16 size, void* heap); 02435 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap); 02436 02437 #endif /* HAVE_SESSION_TICKET */ 02438 02439 /** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */ 02440 #ifdef HAVE_QSH 02441 02442 typedef struct QSHScheme { 02443 struct QSHScheme* next; /* List Behavior */ 02444 byte* PK; 02445 word16 name; /* QSHScheme Names */ 02446 word16 PKLen; 02447 } QSHScheme; 02448 02449 typedef struct QSHkey { 02450 struct QSHKey* next; 02451 word16 name; 02452 buffer pub; 02453 buffer pri; 02454 } QSHKey; 02455 02456 typedef struct QSHSecret { 02457 QSHScheme* list; 02458 buffer* SerSi; 02459 buffer* CliSi; 02460 } QSHSecret; 02461 02462 /* used in key exchange during handshake */ 02463 WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, 02464 word16 length, byte isServer); 02465 WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output); 02466 WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest); 02467 02468 /* used by api for setting a specific QSH scheme */ 02469 WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name, 02470 byte* pKey, word16 pKeySz, void* heap); 02471 02472 /* used when parsing in QSHCipher structs */ 02473 WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, 02474 byte* out, word16* szOut); 02475 #ifndef NO_WOLFSSL_SERVER 02476 WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name); 02477 #endif 02478 02479 #endif /* HAVE_QSH */ 02480 02481 #ifdef WOLFSSL_TLS13 02482 /* Cookie extension information - cookie data. */ 02483 typedef struct Cookie { 02484 word16 len; 02485 byte data; 02486 } Cookie; 02487 02488 WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, 02489 byte* mac, byte macSz, int resp); 02490 02491 02492 /* Key Share - TLS v1.3 Specification */ 02493 02494 /* The KeyShare extension information - entry in a linked list. */ 02495 typedef struct KeyShareEntry { 02496 word16 group; /* NamedGroup */ 02497 byte* ke; /* Key exchange data */ 02498 word32 keLen; /* Key exchange data length */ 02499 void* key; /* Private key */ 02500 word32 keyLen; /* Private key length */ 02501 byte* pubKey; /* Public key */ 02502 word32 pubKeyLen; /* Public key length */ 02503 struct KeyShareEntry* next; /* List pointer */ 02504 } KeyShareEntry; 02505 02506 WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, 02507 byte* data, KeyShareEntry **kse); 02508 WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl); 02509 WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl); 02510 WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl); 02511 02512 02513 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 02514 #ifndef WOLFSSL_TLS13_DRAFT_18 02515 /* Ticket nonce - for deriving PSK. 02516 * Length allowed to be: 1..255. Only support 4 bytes. 02517 */ 02518 typedef struct TicketNonce { 02519 byte len; 02520 byte data[MAX_TICKET_NONCE_SZ]; 02521 } TicketNonce; 02522 #endif 02523 02524 /* The PreSharedKey extension information - entry in a linked list. */ 02525 typedef struct PreSharedKey { 02526 word16 identityLen; /* Length of identity */ 02527 byte* identity; /* PSK identity */ 02528 word32 ticketAge; /* Age of the ticket */ 02529 byte cipherSuite0; /* Cipher Suite */ 02530 byte cipherSuite; /* Cipher Suite */ 02531 word32 binderLen; /* Length of HMAC */ 02532 byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */ 02533 byte hmac; /* HMAC algorithm */ 02534 byte resumption:1; /* Resumption PSK */ 02535 byte chosen:1; /* Server's choice */ 02536 struct PreSharedKey* next; /* List pointer */ 02537 } PreSharedKey; 02538 02539 WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, 02540 byte* output, byte msgType, 02541 word16* pSz); 02542 WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, 02543 byte msgType, word16* pSz); 02544 WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, 02545 word16 len, word32 age, byte hmac, 02546 byte cipherSuite0, byte cipherSuite, 02547 byte resumption, 02548 PreSharedKey **preSharedKey); 02549 02550 /* The possible Pre-Shared Key key exchange modes. */ 02551 enum PskKeyExchangeMode { 02552 PSK_KE, 02553 PSK_DHE_KE 02554 }; 02555 02556 /* User can define this. */ 02557 #ifndef WOLFSSL_DEF_PSK_CIPHER 02558 #define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256 02559 #endif 02560 02561 WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes); 02562 02563 #ifdef WOLFSSL_EARLY_DATA 02564 WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max); 02565 #endif 02566 #endif /* HAVE_SESSION_TICKET || !NO_PSK */ 02567 02568 02569 /* The types of keys to derive for. */ 02570 enum DeriveKeyType { 02571 no_key, 02572 early_data_key, 02573 handshake_key, 02574 traffic_key, 02575 update_traffic_key 02576 }; 02577 02578 /* The key update request values for KeyUpdate message. */ 02579 enum KeyUpdateRequest { 02580 update_not_requested, 02581 update_requested 02582 }; 02583 #endif /* WOLFSSL_TLS13 */ 02584 02585 02586 #ifdef OPENSSL_EXTRA 02587 enum SetCBIO { 02588 WOLFSSL_CBIO_NONE = 0, 02589 WOLFSSL_CBIO_RECV = 0x1, 02590 WOLFSSL_CBIO_SEND = 0x2, 02591 }; 02592 #endif 02593 02594 /* wolfSSL context type */ 02595 struct WOLFSSL_CTX { 02596 WOLFSSL_METHOD* method; 02597 #ifdef SINGLE_THREADED 02598 WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */ 02599 #endif 02600 wolfSSL_Mutex countMutex; /* reference count mutex */ 02601 int refCount; /* reference count */ 02602 int err; /* error code in case of mutex not created */ 02603 #ifndef NO_DH 02604 buffer serverDH_P; 02605 buffer serverDH_G; 02606 #endif 02607 #ifndef NO_CERTS 02608 DerBuffer* certificate; 02609 DerBuffer* certChain; 02610 /* chain after self, in DER, with leading size for each cert */ 02611 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) 02612 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; 02613 #endif 02614 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ 02615 defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) 02616 WOLF_STACK_OF(WOLFSSL_X509)* x509Chain; 02617 client_cert_cb CBClientCert; /* client certificate callback */ 02618 #endif 02619 #ifdef WOLFSSL_TLS13 02620 int certChainCnt; 02621 #endif 02622 DerBuffer* privateKey; 02623 byte privateKeyType:7; 02624 byte privateKeyId:1; 02625 int privateKeySz; 02626 int privateKeyDevId; 02627 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ 02628 #endif 02629 #ifdef KEEP_OUR_CERT 02630 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */ 02631 int ownOurCert; /* Dispose of certificate if we own */ 02632 #endif 02633 Suites* suites; /* make dynamic, user may not need/set */ 02634 void* heap; /* for user memory overrides */ 02635 byte verifyDepth; 02636 byte verifyPeer:1; 02637 byte verifyNone:1; 02638 byte failNoCert:1; 02639 byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/ 02640 byte sessionCacheOff:1; 02641 byte sessionCacheFlushOff:1; 02642 #ifdef HAVE_EXT_CACHE 02643 byte internalCacheOff:1; 02644 #endif 02645 byte sendVerify:2; /* for client side (can not be single bit) */ 02646 byte haveRSA:1; /* RSA available */ 02647 byte haveECC:1; /* ECC available */ 02648 byte haveDH:1; /* server DH parms set by user */ 02649 byte haveNTRU:1; /* server private NTRU key loaded */ 02650 byte haveECDSAsig:1; /* server cert signed w/ ECDSA */ 02651 byte haveStaticECC:1; /* static server ECC private key */ 02652 byte partialWrite:1; /* only one msg per write call */ 02653 byte quietShutdown:1; /* don't send close notify */ 02654 byte groupMessages:1; /* group handshake messages before sending */ 02655 byte minDowngrade; /* minimum downgrade version */ 02656 byte haveEMS:1; /* have extended master secret extension */ 02657 byte useClientOrder:1; /* Use client's cipher preference order */ 02658 #ifdef WOLFSSL_TLS13 02659 byte noTicketTls13:1; /* Server won't create new Ticket */ 02660 byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ 02661 #endif 02662 byte mutualAuth:1; /* Mutual authentication required */ 02663 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 02664 byte postHandshakeAuth:1; /* Post-handshake auth supported. */ 02665 #endif 02666 #ifndef NO_DH 02667 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ 02668 !defined(HAVE_SELFTEST) 02669 byte dhKeyTested:1; /* Set when key has been tested. */ 02670 #endif 02671 #endif 02672 #ifdef HAVE_SECURE_RENEGOTIATION 02673 byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */ 02674 #endif 02675 #ifdef HAVE_ENCRYPT_THEN_MAC 02676 byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ 02677 #endif 02678 #ifdef WOLFSSL_STATIC_MEMORY 02679 byte onHeap:1; /* whether the ctx/method is put on heap hint */ 02680 #endif 02681 #ifdef WOLFSSL_MULTICAST 02682 byte haveMcast; /* multicast requested */ 02683 byte mcastID; /* multicast group ID */ 02684 #endif 02685 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) 02686 byte dtlsSctp; /* DTLS-over-SCTP mode */ 02687 #endif 02688 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ 02689 defined(WOLFSSL_DTLS) 02690 word16 dtlsMtuSz; /* DTLS MTU size */ 02691 #endif 02692 #ifndef NO_DH 02693 word16 minDhKeySz; /* minimum DH key size */ 02694 word16 maxDhKeySz; /* maximum DH key size */ 02695 #endif 02696 #ifndef NO_RSA 02697 short minRsaKeySz; /* minimum RSA key size */ 02698 #endif 02699 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 02700 short minEccKeySz; /* minimum ECC key size */ 02701 #endif 02702 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 02703 unsigned long mask; /* store SSL_OP_ flags */ 02704 #endif 02705 #ifdef OPENSSL_EXTRA 02706 byte sessionCtx[ID_LEN]; /* app session context ID */ 02707 word32 disabledCurves; /* curves disabled by user */ 02708 const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ 02709 unsigned int alpn_cli_protos_len; 02710 byte sessionCtxSz; 02711 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ 02712 CallbackInfoState* CBIS; /* used to get info about SSL state */ 02713 #endif 02714 CallbackIORecv CBIORecv; 02715 CallbackIOSend CBIOSend; 02716 #ifdef WOLFSSL_DTLS 02717 CallbackGenCookie CBIOCookie; /* gen cookie callback */ 02718 #ifdef WOLFSSL_SESSION_EXPORT 02719 wc_dtls_export dtls_export; /* export function for DTLS session */ 02720 CallbackGetPeer CBGetPeer; 02721 CallbackSetPeer CBSetPeer; 02722 #endif 02723 #endif /* WOLFSSL_DTLS */ 02724 VerifyCallback verifyCallback; /* cert verification callback */ 02725 #ifdef OPENSSL_ALL 02726 CertVerifyCallback verifyCertCb; 02727 void* verifyCertCbArg; 02728 #endif /* OPENSSL_ALL */ 02729 word32 timeout; /* session timeout */ 02730 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448) 02731 word32 ecdhCurveOID; /* curve Ecc_Sum */ 02732 #endif 02733 #ifdef HAVE_ECC 02734 word16 eccTempKeySz; /* in octets 20 - 66 */ 02735 #endif 02736 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 02737 word32 pkCurveOID; /* curve Ecc_Sum */ 02738 #endif 02739 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 02740 byte havePSK; /* psk key set by user */ 02741 wc_psk_client_callback client_psk_cb; /* client callback */ 02742 wc_psk_server_callback server_psk_cb; /* server callback */ 02743 #ifdef WOLFSSL_TLS13 02744 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ 02745 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ 02746 #endif 02747 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 02748 #endif /* HAVE_SESSION_TICKET || !NO_PSK */ 02749 #ifdef WOLFSSL_TLS13 02750 word16 group[WOLFSSL_MAX_GROUP_COUNT]; 02751 byte numGroups; 02752 #endif 02753 #ifdef WOLFSSL_EARLY_DATA 02754 word32 maxEarlyDataSz; 02755 #endif 02756 #ifdef HAVE_ANON 02757 byte haveAnon; /* User wants to allow Anon suites */ 02758 #endif /* HAVE_ANON */ 02759 #ifdef WOLFSSL_ENCRYPTED_KEYS 02760 pem_password_cb* passwd_cb; 02761 void* passwd_userdata; 02762 #endif 02763 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 02764 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ 02765 WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ 02766 byte readAhead; 02767 void* userPRFArg; /* passed to prf callback */ 02768 #endif 02769 #ifdef HAVE_EX_DATA 02770 WOLFSSL_CRYPTO_EX_DATA ex_data; 02771 #endif 02772 #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) 02773 CallbackALPNSelect alpnSelect; 02774 void* alpnSelectArg; 02775 #endif 02776 #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ 02777 defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ 02778 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) )) 02779 CallbackSniRecv sniRecvCb; 02780 void* sniRecvCbArg; 02781 #endif 02782 #if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS) 02783 CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */ 02784 word32 mcastFirstSeq; /* first trigger level */ 02785 word32 mcastSecondSeq; /* second trigger level */ 02786 word32 mcastMaxSeq; /* max level */ 02787 #endif 02788 #ifdef HAVE_OCSP 02789 WOLFSSL_OCSP ocsp; 02790 #endif 02791 int devId; /* async device id to use */ 02792 #ifdef HAVE_TLS_EXTENSIONS 02793 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 02794 #ifndef NO_WOLFSSL_SERVER 02795 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 02796 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 02797 OcspRequest* certOcspRequest; 02798 #endif 02799 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 02800 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; 02801 #endif 02802 #endif 02803 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) 02804 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ 02805 void* ticketEncCtx; /* session encrypt context */ 02806 int ticketHint; /* ticket hint in seconds */ 02807 #endif 02808 #ifdef HAVE_SUPPORTED_CURVES 02809 byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */ 02810 #endif 02811 #endif 02812 #ifdef ATOMIC_USER 02813 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ 02814 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ 02815 #ifdef HAVE_ENCRYPT_THEN_MAC 02816 CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */ 02817 CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */ 02818 #endif 02819 #endif 02820 #ifdef HAVE_PK_CALLBACKS 02821 #ifdef HAVE_ECC 02822 CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */ 02823 CallbackEccSign EccSignCb; /* User EccSign Callback handler */ 02824 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ 02825 CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */ 02826 #ifdef HAVE_ED25519 02827 /* User Ed25519Sign Callback handler */ 02828 CallbackEd25519Sign Ed25519SignCb; 02829 /* User Ed25519Verify Callback handler */ 02830 CallbackEd25519Verify Ed25519VerifyCb; 02831 #endif 02832 #ifdef HAVE_CURVE25519 02833 /* User X25519 KeyGen Callback Handler */ 02834 CallbackX25519KeyGen X25519KeyGenCb; 02835 /* User X25519 SharedSecret Callback handler */ 02836 CallbackX25519SharedSecret X25519SharedSecretCb; 02837 #endif 02838 #ifdef HAVE_ED448 02839 /* User Ed448Sign Callback handler */ 02840 CallbackEd448Sign Ed448SignCb; 02841 /* User Ed448Verify Callback handler */ 02842 CallbackEd448Verify Ed448VerifyCb; 02843 #endif 02844 #ifdef HAVE_CURVE448 02845 /* User X448 KeyGen Callback Handler */ 02846 CallbackX448KeyGen X448KeyGenCb; 02847 /* User X448 SharedSecret Callback handler */ 02848 CallbackX448SharedSecret X448SharedSecretCb; 02849 #endif 02850 #endif /* HAVE_ECC */ 02851 #ifndef NO_DH 02852 CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ 02853 #endif 02854 #ifndef NO_RSA 02855 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */ 02856 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */ 02857 CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */ 02858 #ifdef WC_RSA_PSS 02859 CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */ 02860 CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */ 02861 CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */ 02862 #endif 02863 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ 02864 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ 02865 #endif /* NO_RSA */ 02866 #endif /* HAVE_PK_CALLBACKS */ 02867 #ifdef HAVE_WOLF_EVENT 02868 WOLF_EVENT_QUEUE event_queue; 02869 #endif /* HAVE_WOLF_EVENT */ 02870 #ifdef HAVE_EXT_CACHE 02871 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*); 02872 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); 02873 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); 02874 #endif 02875 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) 02876 Srp* srp; /* TLS Secure Remote Password Protocol*/ 02877 byte* srp_password; 02878 #endif 02879 }; 02880 02881 WOLFSSL_LOCAL 02882 int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap); 02883 WOLFSSL_LOCAL 02884 void FreeSSL_Ctx(WOLFSSL_CTX*); 02885 WOLFSSL_LOCAL 02886 void SSL_CtxResourceFree(WOLFSSL_CTX*); 02887 02888 WOLFSSL_LOCAL 02889 int DeriveTlsKeys(WOLFSSL* ssl); 02890 WOLFSSL_LOCAL 02891 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 02892 word32 inSz, word16 sz); 02893 02894 #ifndef NO_CERTS 02895 WOLFSSL_LOCAL 02896 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); 02897 WOLFSSL_LOCAL 02898 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); 02899 #ifdef WOLFSSL_TRUST_PEER_CERT 02900 WOLFSSL_LOCAL 02901 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); 02902 WOLFSSL_LOCAL 02903 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash); 02904 #endif 02905 #endif 02906 02907 /* All cipher suite related info 02908 * Keep as a constant size (no ifdefs) for session export */ 02909 typedef struct CipherSpecs { 02910 word16 key_size; 02911 word16 iv_size; 02912 word16 block_size; 02913 word16 aead_mac_size; 02914 byte bulk_cipher_algorithm; 02915 byte cipher_type; /* block, stream, or aead */ 02916 byte mac_algorithm; 02917 byte kea; /* key exchange algo */ 02918 byte sig_algo; 02919 byte hash_size; 02920 byte pad_size; 02921 byte static_ecdh; 02922 } CipherSpecs; 02923 02924 02925 void InitCipherSpecs(CipherSpecs* cs); 02926 02927 02928 /* Supported Key Exchange Protocols */ 02929 enum KeyExchangeAlgorithm { 02930 no_kea, 02931 rsa_kea, 02932 diffie_hellman_kea, 02933 fortezza_kea, 02934 psk_kea, 02935 dhe_psk_kea, 02936 ecdhe_psk_kea, 02937 ntru_kea, 02938 ecc_diffie_hellman_kea, 02939 ecc_static_diffie_hellman_kea /* for verify suite only */ 02940 }; 02941 02942 02943 /* Supported Authentication Schemes */ 02944 enum SignatureAlgorithm { 02945 anonymous_sa_algo = 0, 02946 rsa_sa_algo = 1, 02947 dsa_sa_algo = 2, 02948 ecc_dsa_sa_algo = 3, 02949 rsa_pss_sa_algo = 8, 02950 ed25519_sa_algo = 9, 02951 rsa_pss_pss_algo = 10, 02952 ed448_sa_algo = 11 02953 }; 02954 02955 #define PSS_RSAE_TO_PSS_PSS(macAlgo) \ 02956 (macAlgo + (pss_sha256 - sha256_mac)) 02957 02958 #define PSS_PSS_HASH_TO_MAC(macAlgo) \ 02959 (macAlgo - (pss_sha256 - sha256_mac)) 02960 02961 enum SigAlgRsaPss { 02962 pss_sha256 = 0x09, 02963 pss_sha384 = 0x0a, 02964 pss_sha512 = 0x0b, 02965 }; 02966 02967 02968 /* Supprted ECC Curve Types */ 02969 enum EccCurves { 02970 named_curve = 3 02971 }; 02972 02973 02974 /* Valid client certificate request types from page 27 */ 02975 enum ClientCertificateType { 02976 rsa_sign = 1, 02977 dss_sign = 2, 02978 rsa_fixed_dh = 3, 02979 dss_fixed_dh = 4, 02980 rsa_ephemeral_dh = 5, 02981 dss_ephemeral_dh = 6, 02982 fortezza_kea_cert = 20, 02983 ecdsa_sign = 64, 02984 rsa_fixed_ecdh = 65, 02985 ecdsa_fixed_ecdh = 66 02986 }; 02987 02988 02989 #ifndef WOLFSSL_AEAD_ONLY 02990 enum CipherType { stream, block, aead }; 02991 #else 02992 enum CipherType { aead }; 02993 #endif 02994 02995 02996 #if defined(BUILD_AES) || defined(BUILD_AESGCM) || (defined(HAVE_CHACHA) && \ 02997 defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13) 02998 #define CIPHER_NONCE 02999 #endif 03000 03001 03002 /* cipher for now */ 03003 typedef struct Ciphers { 03004 #ifdef BUILD_ARC4 03005 Arc4* arc4; 03006 #endif 03007 #ifdef BUILD_DES3 03008 Des3* des3; 03009 #endif 03010 #if defined(BUILD_AES) || defined(BUILD_AESGCM) 03011 Aes* aes; 03012 #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \ 03013 !defined(WOLFSSL_NO_TLS12) 03014 byte* additional; 03015 #endif 03016 #endif 03017 #ifdef CIPHER_NONCE 03018 byte* nonce; 03019 #endif 03020 #ifdef HAVE_CAMELLIA 03021 Camellia* cam; 03022 #endif 03023 #ifdef HAVE_CHACHA 03024 ChaCha* chacha; 03025 #endif 03026 #ifdef HAVE_HC128 03027 HC128* hc128; 03028 #endif 03029 #ifdef BUILD_RABBIT 03030 Rabbit* rabbit; 03031 #endif 03032 #ifdef HAVE_IDEA 03033 Idea* idea; 03034 #endif 03035 #if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) 03036 Hmac* hmac; 03037 #endif 03038 byte state; 03039 byte setup; /* have we set it up flag for detection */ 03040 } Ciphers; 03041 03042 03043 #ifdef HAVE_ONE_TIME_AUTH 03044 /* Ciphers for one time authentication such as poly1305 */ 03045 typedef struct OneTimeAuth { 03046 #ifdef HAVE_POLY1305 03047 Poly1305* poly1305; 03048 #endif 03049 byte setup; /* flag for if a cipher has been set */ 03050 03051 } OneTimeAuth; 03052 #endif 03053 03054 03055 WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); 03056 WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); 03057 03058 03059 /* hashes type */ 03060 typedef struct Hashes { 03061 #if !defined(NO_MD5) && !defined(NO_OLD_TLS) 03062 byte md5[WC_MD5_DIGEST_SIZE]; 03063 #endif 03064 #if !defined(NO_SHA) 03065 byte sha[WC_SHA_DIGEST_SIZE]; 03066 #endif 03067 #ifndef NO_SHA256 03068 byte sha256[WC_SHA256_DIGEST_SIZE]; 03069 #endif 03070 #ifdef WOLFSSL_SHA384 03071 byte sha384[WC_SHA384_DIGEST_SIZE]; 03072 #endif 03073 #ifdef WOLFSSL_SHA512 03074 byte sha512[WC_SHA512_DIGEST_SIZE]; 03075 #endif 03076 } Hashes; 03077 03078 WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); 03079 03080 #ifdef WOLFSSL_TLS13 03081 typedef union Digest { 03082 #ifndef NO_WOLFSSL_SHA256 03083 wc_Sha256 sha256; 03084 #endif 03085 #ifdef WOLFSSL_SHA384 03086 wc_Sha384 sha384; 03087 #endif 03088 #ifdef WOLFSSL_SHA512 03089 wc_Sha512 sha512; 03090 #endif 03091 } Digest; 03092 #endif 03093 03094 /* Static x509 buffer */ 03095 typedef struct x509_buffer { 03096 int length; /* actual size */ 03097 byte buffer[MAX_X509_SIZE]; /* max static cert size */ 03098 } x509_buffer; 03099 03100 03101 /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ 03102 struct WOLFSSL_X509_CHAIN { 03103 int count; /* total number in chain */ 03104 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ 03105 }; 03106 03107 03108 /* wolfSSL session type */ 03109 struct WOLFSSL_SESSION { 03110 word32 bornOn; /* create time in seconds */ 03111 word32 timeout; /* timeout in seconds */ 03112 byte sessionID[ID_LEN]; /* id for protocol */ 03113 byte sessionIDSz; 03114 byte masterSecret[SECRET_LEN]; /* stored secret */ 03115 word16 haveEMS; /* ext master secret flag */ 03116 #ifdef SESSION_CERTS 03117 #ifdef OPENSSL_EXTRA 03118 WOLFSSL_X509* peer; /* peer cert */ 03119 #endif 03120 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ 03121 #ifdef WOLFSSL_ALT_CERT_CHAINS 03122 WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ 03123 #endif 03124 #endif 03125 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ 03126 defined(HAVE_SESSION_TICKET)) 03127 ProtocolVersion version; /* which version was used */ 03128 #endif 03129 #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ 03130 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) 03131 byte cipherSuite0; /* first byte, normally 0 */ 03132 byte cipherSuite; /* 2nd byte, actual suite */ 03133 #endif 03134 #ifndef NO_CLIENT_CACHE 03135 word16 idLen; /* serverID length */ 03136 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ 03137 #endif 03138 #ifdef OPENSSL_EXTRA 03139 byte sessionCtxSz; /* sessionCtx length */ 03140 byte sessionCtx[ID_LEN]; /* app specific context id */ 03141 #endif 03142 #ifdef WOLFSSL_TLS13 03143 word16 namedGroup; 03144 #endif 03145 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 03146 #ifdef WOLFSSL_TLS13 03147 word32 ticketSeen; /* Time ticket seen (ms) */ 03148 word32 ticketAdd; /* Added by client */ 03149 #ifndef WOLFSSL_TLS13_DRAFT_18 03150 TicketNonce ticketNonce; /* Nonce used to derive PSK */ 03151 #endif 03152 #endif 03153 #ifdef WOLFSSL_EARLY_DATA 03154 word32 maxEarlyDataSz; 03155 #endif 03156 #endif 03157 #ifdef HAVE_SESSION_TICKET 03158 byte* ticket; 03159 word16 ticketLen; 03160 byte staticTicket[SESSION_TICKET_LEN]; 03161 byte isDynamic; 03162 #endif 03163 #ifdef HAVE_EXT_CACHE 03164 byte isAlloced; 03165 #endif 03166 #ifdef HAVE_EX_DATA 03167 WOLFSSL_CRYPTO_EX_DATA ex_data; 03168 #endif 03169 }; 03170 03171 03172 WOLFSSL_LOCAL 03173 WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); 03174 WOLFSSL_LOCAL 03175 int SetSession(WOLFSSL*, WOLFSSL_SESSION*); 03176 03177 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); 03178 03179 #ifndef NO_CLIENT_CACHE 03180 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); 03181 #endif 03182 03183 /* client connect state for nonblocking restart */ 03184 enum ConnectState { 03185 CONNECT_BEGIN = 0, 03186 CLIENT_HELLO_SENT, 03187 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ 03188 HELLO_AGAIN_REPLY, 03189 FIRST_REPLY_DONE, 03190 FIRST_REPLY_FIRST, 03191 FIRST_REPLY_SECOND, 03192 FIRST_REPLY_THIRD, 03193 FIRST_REPLY_FOURTH, 03194 FINISHED_DONE, 03195 SECOND_REPLY_DONE 03196 }; 03197 03198 03199 /* server accept state for nonblocking restart */ 03200 enum AcceptState { 03201 ACCEPT_BEGIN = 0, 03202 ACCEPT_BEGIN_RENEG, 03203 ACCEPT_CLIENT_HELLO_DONE, 03204 ACCEPT_HELLO_RETRY_REQUEST_DONE, 03205 ACCEPT_FIRST_REPLY_DONE, 03206 SERVER_HELLO_SENT, 03207 SERVER_EXTENSIONS_SENT, 03208 CERT_SENT, 03209 CERT_VERIFY_SENT, 03210 CERT_STATUS_SENT, 03211 KEY_EXCHANGE_SENT, 03212 CERT_REQ_SENT, 03213 SERVER_HELLO_DONE, 03214 ACCEPT_SECOND_REPLY_DONE, 03215 TICKET_SENT, 03216 CHANGE_CIPHER_SENT, 03217 ACCEPT_FINISHED_DONE, 03218 ACCEPT_THIRD_REPLY_DONE 03219 }; 03220 03221 /* TLS 1.3 server accept state for nonblocking restart */ 03222 enum AcceptStateTls13 { 03223 TLS13_ACCEPT_BEGIN = 0, 03224 TLS13_ACCEPT_BEGIN_RENEG, 03225 TLS13_ACCEPT_CLIENT_HELLO_DONE, 03226 TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE, 03227 TLS13_ACCEPT_FIRST_REPLY_DONE, 03228 TLS13_ACCEPT_SECOND_REPLY_DONE, 03229 TLS13_SERVER_HELLO_SENT, 03230 TLS13_ACCEPT_THIRD_REPLY_DONE, 03231 TLS13_SERVER_EXTENSIONS_SENT, 03232 TLS13_CERT_REQ_SENT, 03233 TLS13_CERT_SENT, 03234 TLS13_CERT_VERIFY_SENT, 03235 TLS13_ACCEPT_FINISHED_SENT, 03236 TLS13_PRE_TICKET_SENT, 03237 TLS13_ACCEPT_FINISHED_DONE, 03238 TLS13_TICKET_SENT 03239 }; 03240 03241 /* buffers for struct WOLFSSL */ 03242 typedef struct Buffers { 03243 bufferStatic inputBuffer; 03244 bufferStatic outputBuffer; 03245 buffer domainName; /* for client check */ 03246 buffer clearOutputBuffer; 03247 buffer sig; /* signature data */ 03248 buffer digest; /* digest data */ 03249 int prevSent; /* previous plain text bytes sent 03250 when got WANT_WRITE */ 03251 int plainSz; /* plain text bytes in buffer to send 03252 when got WANT_WRITE */ 03253 byte weOwnCert; /* SSL own cert flag */ 03254 byte weOwnCertChain; /* SSL own cert chain flag */ 03255 byte weOwnKey; /* SSL own key flag */ 03256 byte weOwnDH; /* SSL own dh (p,g) flag */ 03257 #ifndef NO_DH 03258 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ 03259 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ 03260 buffer serverDH_Pub; 03261 buffer serverDH_Priv; 03262 DhKey* serverDH_Key; 03263 #endif 03264 #ifndef NO_CERTS 03265 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ 03266 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ 03267 byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */ 03268 byte keyId:1; /* Key data is an id not data */ 03269 int keySz; /* Size of RSA key */ 03270 int keyDevId; /* Device Id for key */ 03271 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ 03272 /* chain after self, in DER, with leading size for each cert */ 03273 #ifdef WOLFSSL_TLS13 03274 int certChainCnt; 03275 DerBuffer* certExts; 03276 #endif 03277 #endif 03278 #ifdef WOLFSSL_SEND_HRR_COOKIE 03279 buffer tls13CookieSecret; /* HRR cookie secret */ 03280 #endif 03281 #ifdef WOLFSSL_DTLS 03282 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ 03283 #ifndef NO_WOLFSSL_SERVER 03284 buffer dtlsCookieSecret; /* DTLS cookie secret */ 03285 #endif /* NO_WOLFSSL_SERVER */ 03286 #endif 03287 #ifdef HAVE_PK_CALLBACKS 03288 #ifdef HAVE_ECC 03289 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ 03290 #endif /* HAVE_ECC */ 03291 #ifdef HAVE_ED25519 03292 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */ 03293 #endif /* HAVE_ED25519 */ 03294 #ifdef HAVE_ED448 03295 buffer peerEd448Key; /* for Ed448 Verify Callbacks */ 03296 #endif /* HAVE_ED448 */ 03297 #ifndef NO_RSA 03298 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ 03299 #endif /* NO_RSA */ 03300 #endif /* HAVE_PK_CALLBACKS */ 03301 } Buffers; 03302 03303 /* sub-states for send/do key share (key exchange) */ 03304 enum asyncState { 03305 TLS_ASYNC_BEGIN = 0, 03306 TLS_ASYNC_BUILD, 03307 TLS_ASYNC_DO, 03308 TLS_ASYNC_VERIFY, 03309 TLS_ASYNC_FINALIZE, 03310 TLS_ASYNC_END 03311 }; 03312 03313 /* sub-states for build message */ 03314 enum buildMsgState { 03315 BUILD_MSG_BEGIN = 0, 03316 BUILD_MSG_SIZE, 03317 BUILD_MSG_HASH, 03318 BUILD_MSG_VERIFY_MAC, 03319 BUILD_MSG_ENCRYPT, 03320 BUILD_MSG_ENCRYPTED_VERIFY_MAC, 03321 }; 03322 03323 /* sub-states for cipher operations */ 03324 enum cipherState { 03325 CIPHER_STATE_BEGIN = 0, 03326 CIPHER_STATE_DO, 03327 CIPHER_STATE_END, 03328 }; 03329 03330 typedef struct Options { 03331 #ifndef NO_PSK 03332 wc_psk_client_callback client_psk_cb; 03333 wc_psk_server_callback server_psk_cb; 03334 #ifdef WOLFSSL_TLS13 03335 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ 03336 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ 03337 #endif 03338 #endif /* NO_PSK */ 03339 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 03340 unsigned long mask; /* store SSL_OP_ flags */ 03341 #endif 03342 03343 /* on/off or small bit flags, optimize layout */ 03344 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 03345 word16 havePSK:1; /* psk key set by user */ 03346 #endif /* HAVE_SESSION_TICKET || !NO_PSK */ 03347 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ 03348 word16 sessionCacheOff:1; 03349 word16 sessionCacheFlushOff:1; 03350 #ifdef HAVE_EXT_CACHE 03351 word16 internalCacheOff:1; 03352 #endif 03353 word16 side:2; /* client, server or neither end */ 03354 word16 verifyPeer:1; 03355 word16 verifyNone:1; 03356 word16 failNoCert:1; 03357 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ 03358 word16 downgrade:1; /* allow downgrade of versions */ 03359 word16 resuming:1; 03360 word16 haveSessionId:1; /* server may not send */ 03361 word16 tls:1; /* using TLS ? */ 03362 word16 tls1_1:1; /* using TLSv1.1+ ? */ 03363 word16 tls1_3:1; /* using TLSv1.3+ ? */ 03364 word16 dtls:1; /* using datagrams ? */ 03365 word16 connReset:1; /* has the peer reset */ 03366 word16 isClosed:1; /* if we consider conn closed */ 03367 word16 closeNotify:1; /* we've received a close notify */ 03368 word16 sentNotify:1; /* we've sent a close notify */ 03369 word16 usingCompression:1; /* are we using compression */ 03370 word16 haveRSA:1; /* RSA available */ 03371 word16 haveECC:1; /* ECC available */ 03372 word16 haveDH:1; /* server DH parms set by user */ 03373 word16 haveNTRU:1; /* server NTRU private key loaded */ 03374 word16 haveQSH:1; /* have QSH ability */ 03375 word16 haveECDSAsig:1; /* server ECDSA signed cert */ 03376 word16 haveStaticECC:1; /* static server ECC private key */ 03377 word16 havePeerCert:1; /* do we have peer's cert */ 03378 word16 havePeerVerify:1; /* and peer's cert verify */ 03379 word16 usingPSK_cipher:1; /* are using psk as cipher */ 03380 word16 usingAnon_cipher:1; /* are we using an anon cipher */ 03381 word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */ 03382 word16 sendAlertState:1; /* nonblocking resume */ 03383 word16 partialWrite:1; /* only one msg per write call */ 03384 word16 quietShutdown:1; /* don't send close notify */ 03385 word16 certOnly:1; /* stop once we get cert */ 03386 word16 groupMessages:1; /* group handshake messages */ 03387 word16 saveArrays:1; /* save array Memory for user get keys 03388 or psk */ 03389 word16 weOwnRng:1; /* will be true unless CTX owns */ 03390 word16 haveEMS:1; /* using extended master secret */ 03391 #ifdef HAVE_POLY1305 03392 word16 oldPoly:1; /* set when to use old rfc way of poly*/ 03393 #endif 03394 #ifdef HAVE_ANON 03395 word16 haveAnon:1; /* User wants to allow Anon suites */ 03396 #endif 03397 #ifdef HAVE_SESSION_TICKET 03398 word16 createTicket:1; /* Server to create new Ticket */ 03399 word16 useTicket:1; /* Use Ticket not session cache */ 03400 word16 rejectTicket:1; /* Callback rejected ticket */ 03401 #ifdef WOLFSSL_TLS13 03402 word16 noTicketTls13:1; /* Server won't create new Ticket */ 03403 #endif 03404 #endif 03405 #ifdef WOLFSSL_DTLS 03406 word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ 03407 word16 dtlsHsRetain:1; /* DTLS retaining HS data */ 03408 word16 haveMcast:1; /* using multicast ? */ 03409 #ifdef WOLFSSL_SCTP 03410 word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ 03411 #endif 03412 #endif 03413 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES) 03414 word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */ 03415 #endif 03416 word16 keepResources:1; /* Keep resources after handshake */ 03417 word16 useClientOrder:1; /* Use client's cipher order */ 03418 word16 mutualAuth:1; /* Mutual authentication is rquired */ 03419 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 03420 word16 postHandshakeAuth:1;/* Client send post_handshake_auth 03421 * extension */ 03422 #endif 03423 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) 03424 word16 sendCookie:1; /* Server creates a Cookie in HRR */ 03425 #endif 03426 #ifdef WOLFSSL_ALT_CERT_CHAINS 03427 word16 usingAltCertChain:1;/* Alternate cert chain was used */ 03428 #endif 03429 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) 03430 word16 sentChangeCipher:1; /* Change Cipher Spec sent */ 03431 #endif 03432 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ 03433 ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ 03434 (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH))) 03435 word16 cacheMessages:1; /* Cache messages for sign/verify */ 03436 #endif 03437 #ifndef NO_DH 03438 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ 03439 !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) 03440 word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */ 03441 word16 dhKeyTested:1; /* Set when key has been tested. */ 03442 #endif 03443 #endif 03444 #ifdef SINGLE_THREADED 03445 word16 ownSuites:1; /* if suites are malloced in ssl object */ 03446 #endif 03447 #ifdef HAVE_ENCRYPT_THEN_MAC 03448 word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ 03449 word16 encThenMac:1; /* Doing Encrypt-Then-MAC */ 03450 word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */ 03451 word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */ 03452 #endif 03453 03454 /* need full byte values for this section */ 03455 byte processReply; /* nonblocking resume */ 03456 byte cipherSuite0; /* first byte, normally 0 */ 03457 byte cipherSuite; /* second byte, actual suite */ 03458 byte serverState; 03459 byte clientState; 03460 byte handShakeState; 03461 byte handShakeDone; /* at least one handshake complete */ 03462 byte minDowngrade; /* minimum downgrade version */ 03463 byte connectState; /* nonblocking resume */ 03464 byte acceptState; /* nonblocking resume */ 03465 byte asyncState; /* sub-state for enum asyncState */ 03466 byte buildMsgState; /* sub-state for enum buildMsgState */ 03467 byte alertCount; /* detect warning dos attempt */ 03468 #ifdef WOLFSSL_MULTICAST 03469 word16 mcastID; /* Multicast group ID */ 03470 #endif 03471 #ifndef NO_DH 03472 word16 minDhKeySz; /* minimum DH key size */ 03473 word16 maxDhKeySz; /* minimum DH key size */ 03474 word16 dhKeySz; /* actual DH key size */ 03475 #endif 03476 #ifndef NO_RSA 03477 short minRsaKeySz; /* minimum RSA key size */ 03478 #endif 03479 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 03480 short minEccKeySz; /* minimum ECC key size */ 03481 #endif 03482 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 03483 byte verifyDepth; /* maximum verification depth */ 03484 #endif 03485 #ifdef WOLFSSL_EARLY_DATA 03486 word16 pskIdIndex; 03487 word32 maxEarlyDataSz; 03488 #endif 03489 #ifdef WOLFSSL_TLS13 03490 byte oldMinor; /* client preferred version < TLS 1.3 */ 03491 #endif 03492 } Options; 03493 03494 typedef struct Arrays { 03495 byte* pendingMsg; /* defrag buffer */ 03496 byte* preMasterSecret; 03497 word32 preMasterSz; /* differs for DH, actual size */ 03498 word32 pendingMsgSz; /* defrag buffer size */ 03499 word32 pendingMsgOffset; /* current offset into defrag buffer */ 03500 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 03501 word32 psk_keySz; /* actual size */ 03502 char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 03503 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 03504 byte psk_key[MAX_PSK_KEY_LEN]; 03505 #endif 03506 byte clientRandom[RAN_LEN]; 03507 byte serverRandom[RAN_LEN]; 03508 byte sessionID[ID_LEN]; 03509 byte sessionIDSz; 03510 #ifdef WOLFSSL_TLS13 03511 byte secret[SECRET_LEN]; 03512 #endif 03513 byte masterSecret[SECRET_LEN]; 03514 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ 03515 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) 03516 byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE]; 03517 #endif 03518 #ifdef WOLFSSL_DTLS 03519 byte cookie[MAX_COOKIE_LEN]; 03520 byte cookieSz; 03521 #endif 03522 byte pendingMsgType; /* defrag buffer message type */ 03523 } Arrays; 03524 03525 #ifndef ASN_NAME_MAX 03526 #define ASN_NAME_MAX 256 03527 #endif 03528 03529 #ifndef MAX_DATE_SZ 03530 #define MAX_DATE_SZ 32 03531 #endif 03532 03533 #define STACK_TYPE_X509 0 03534 #define STACK_TYPE_GEN_NAME 1 03535 #define STACK_TYPE_BIO 2 03536 #define STACK_TYPE_OBJ 3 03537 #define STACK_TYPE_STRING 4 03538 #define STACK_TYPE_CIPHER 5 03539 #define STACK_TYPE_ACCESS_DESCRIPTION 6 03540 #define STACK_TYPE_X509_EXT 7 03541 #define STACK_TYPE_NULL 8 03542 #define STACK_TYPE_X509_NAME 9 03543 #define STACK_TYPE_CONF_VALUE 10 03544 #define STACK_TYPE_X509_INFO 11 03545 03546 struct WOLFSSL_STACK { 03547 unsigned long num; /* number of nodes in stack 03548 * (safety measure for freeing and shortcut for count) */ 03549 #if defined(OPENSSL_ALL) 03550 wolf_sk_compare_cb comp; 03551 #endif 03552 03553 union { 03554 WOLFSSL_X509* x509; 03555 WOLFSSL_X509_NAME* name; 03556 WOLFSSL_X509_INFO* info; 03557 WOLFSSL_BIO* bio; 03558 WOLFSSL_ASN1_OBJECT* obj; 03559 WOLFSSL_CIPHER cipher; 03560 WOLFSSL_ACCESS_DESCRIPTION* access; 03561 WOLFSSL_X509_EXTENSION* ext; 03562 WOLFSSL_CONF_VALUE* conf; 03563 void* generic; 03564 char* string; 03565 WOLFSSL_GENERAL_NAME* gn; 03566 } data; 03567 void* heap; /* memory heap hint */ 03568 WOLFSSL_STACK* next; 03569 byte type; /* Identifies type of stack. */ 03570 }; 03571 03572 struct WOLFSSL_X509_NAME { 03573 char *name; 03574 int dynamicName; 03575 int sz; 03576 char staticName[ASN_NAME_MAX]; 03577 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 03578 !defined(NO_ASN) 03579 DecodedName fullName; 03580 WOLFSSL_X509_NAME_ENTRY cnEntry; 03581 WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */ 03582 WOLFSSL_X509* x509; /* x509 that struct belongs to */ 03583 #endif /* OPENSSL_EXTRA */ 03584 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 03585 byte raw[ASN_NAME_MAX]; 03586 int rawLen; 03587 #endif 03588 }; 03589 03590 #ifndef EXTERNAL_SERIAL_SIZE 03591 #define EXTERNAL_SERIAL_SIZE 32 03592 #endif 03593 03594 #ifdef NO_ASN 03595 typedef struct DNS_entry DNS_entry; 03596 #endif 03597 03598 struct WOLFSSL_X509 { 03599 int version; 03600 int serialSz; 03601 #ifdef WOLFSSL_SEP 03602 int deviceTypeSz; 03603 int hwTypeSz; 03604 byte deviceType[EXTERNAL_SERIAL_SIZE]; 03605 byte hwType[EXTERNAL_SERIAL_SIZE]; 03606 int hwSerialNumSz; 03607 byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; 03608 #endif /* WOLFSSL_SEP */ 03609 #if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \ 03610 (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 03611 byte certPolicySet; 03612 byte certPolicyCrit; 03613 #endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 03614 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 03615 WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ 03616 WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ 03617 #endif /* WOLFSSL_QT || OPENSSL_ALL */ 03618 #ifdef OPENSSL_EXTRA 03619 WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ 03620 #endif 03621 WOLFSSL_ASN1_TIME notBefore; 03622 WOLFSSL_ASN1_TIME notAfter; 03623 buffer sig; 03624 int sigOID; 03625 DNS_entry* altNames; /* alt names list */ 03626 buffer pubKey; 03627 int pubKeyOID; 03628 DNS_entry* altNamesNext; /* hint for retrieval */ 03629 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 03630 word32 pkCurveOID; 03631 #endif /* HAVE_ECC */ 03632 #ifndef NO_CERTS 03633 DerBuffer* derCert; /* may need */ 03634 #endif 03635 void* heap; /* heap hint */ 03636 byte dynamicMemory; /* dynamic memory flag */ 03637 byte isCa:1; 03638 #ifdef WOLFSSL_CERT_EXT 03639 char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; 03640 int certPoliciesNb; 03641 #endif /* WOLFSSL_CERT_EXT */ 03642 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) 03643 wolfSSL_Mutex refMutex; /* ref count mutex */ 03644 int refCount; /* reference count */ 03645 #endif 03646 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 03647 #ifdef HAVE_EX_DATA 03648 WOLFSSL_CRYPTO_EX_DATA ex_data; 03649 #endif 03650 byte* authKeyId; 03651 byte* subjKeyId; 03652 byte* extKeyUsageSrc; 03653 const byte* CRLInfo; 03654 byte* authInfo; 03655 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 03656 byte* authInfoCaIssuer; 03657 int authInfoCaIssuerSz; 03658 #endif 03659 word32 pathLength; 03660 word16 keyUsage; 03661 int CRLInfoSz; 03662 int authInfoSz; 03663 word32 authKeyIdSz; 03664 word32 subjKeyIdSz; 03665 word32 extKeyUsageSz; 03666 word32 extKeyUsageCount; 03667 03668 byte CRLdistSet:1; 03669 byte CRLdistCrit:1; 03670 byte authInfoSet:1; 03671 byte authInfoCrit:1; 03672 byte keyUsageSet:1; 03673 byte keyUsageCrit:1; 03674 byte extKeyUsageCrit:1; 03675 byte subjKeyIdSet:1; 03676 03677 byte subjKeyIdCrit:1; 03678 byte basicConstSet:1; 03679 byte basicConstCrit:1; 03680 byte basicConstPlSet:1; 03681 byte subjAltNameSet:1; 03682 byte subjAltNameCrit:1; 03683 byte authKeyIdSet:1; 03684 byte authKeyIdCrit:1; 03685 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 03686 byte serial[EXTERNAL_SERIAL_SIZE]; 03687 char subjectCN[ASN_NAME_MAX]; /* common name short cut */ 03688 #ifdef WOLFSSL_CERT_REQ 03689 char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ 03690 #endif 03691 WOLFSSL_X509_NAME issuer; 03692 WOLFSSL_X509_NAME subject; 03693 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) 03694 WOLFSSL_X509_ALGOR algor; 03695 WOLFSSL_X509_PUBKEY key; 03696 #endif 03697 byte issuerSet:1; 03698 }; 03699 03700 03701 /* record layer header for PlainText, Compressed, and CipherText */ 03702 typedef struct RecordLayerHeader { 03703 byte type; 03704 byte pvMajor; 03705 byte pvMinor; 03706 byte length[2]; 03707 } RecordLayerHeader; 03708 03709 03710 /* record layer header for DTLS PlainText, Compressed, and CipherText */ 03711 typedef struct DtlsRecordLayerHeader { 03712 byte type; 03713 byte pvMajor; 03714 byte pvMinor; 03715 byte sequence_number[8]; /* per record */ 03716 byte length[2]; 03717 } DtlsRecordLayerHeader; 03718 03719 03720 typedef struct DtlsFrag { 03721 word32 begin; 03722 word32 end; 03723 struct DtlsFrag* next; 03724 } DtlsFrag; 03725 03726 03727 typedef struct DtlsMsg { 03728 struct DtlsMsg* next; 03729 byte* buf; 03730 byte* msg; 03731 DtlsFrag* fragList; 03732 word32 fragSz; /* Length of fragments received */ 03733 word32 seq; /* Handshake sequence number */ 03734 word32 sz; /* Length of whole message */ 03735 byte type; 03736 } DtlsMsg; 03737 03738 03739 #ifdef HAVE_NETX 03740 03741 /* NETX I/O Callback default */ 03742 typedef struct NetX_Ctx { 03743 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ 03744 NX_PACKET* nxPacket; /* incoming packet handle for short reads */ 03745 ULONG nxOffset; /* offset already read from nxPacket */ 03746 ULONG nxWait; /* wait option flag */ 03747 } NetX_Ctx; 03748 03749 #endif 03750 03751 /* Handshake messages received from peer (plus change cipher */ 03752 typedef struct MsgsReceived { 03753 word16 got_hello_request:1; 03754 word16 got_client_hello:2; 03755 word16 got_server_hello:2; 03756 word16 got_hello_verify_request:1; 03757 word16 got_session_ticket:1; 03758 word16 got_end_of_early_data:1; 03759 word16 got_hello_retry_request:1; 03760 word16 got_encrypted_extensions:1; 03761 word16 got_certificate:1; 03762 word16 got_certificate_status:1; 03763 word16 got_server_key_exchange:1; 03764 word16 got_certificate_request:1; 03765 word16 got_server_hello_done:1; 03766 word16 got_certificate_verify:1; 03767 word16 got_client_key_exchange:1; 03768 word16 got_finished:1; 03769 word16 got_key_update:1; 03770 word16 got_change_cipher:1; 03771 } MsgsReceived; 03772 03773 03774 /* Handshake hashes */ 03775 typedef struct HS_Hashes { 03776 Hashes verifyHashes; 03777 Hashes certHashes; /* for cert verify */ 03778 #ifndef NO_SHA 03779 wc_Sha hashSha; /* sha hash of handshake msgs */ 03780 #endif 03781 #if !defined(NO_MD5) && !defined(NO_OLD_TLS) 03782 wc_Md5 hashMd5; /* md5 hash of handshake msgs */ 03783 #endif 03784 #ifndef NO_SHA256 03785 wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */ 03786 #endif 03787 #ifdef WOLFSSL_SHA384 03788 wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */ 03789 #endif 03790 #ifdef WOLFSSL_SHA512 03791 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ 03792 #endif 03793 #if (defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ 03794 !defined(WOLFSSL_NO_CLIENT_AUTH) 03795 byte* messages; /* handshake messages */ 03796 int length; /* length of handshake messages' data */ 03797 int prevLen; /* length of messages but last */ 03798 #endif 03799 } HS_Hashes; 03800 03801 03802 #ifdef WOLFSSL_ASYNC_CRYPT 03803 #define MAX_ASYNC_ARGS 18 03804 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); 03805 03806 struct WOLFSSL_ASYNC { 03807 WC_ASYNC_DEV* dev; 03808 FreeArgsCb freeArgs; /* function pointer to cleanup args */ 03809 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ 03810 }; 03811 #endif 03812 03813 #ifdef HAVE_WRITE_DUP 03814 03815 #define WRITE_DUP_SIDE 1 03816 #define READ_DUP_SIDE 2 03817 03818 typedef struct WriteDup { 03819 wolfSSL_Mutex dupMutex; /* reference count mutex */ 03820 int dupCount; /* reference count */ 03821 int dupErr; /* under dupMutex, pass to other side */ 03822 } WriteDup; 03823 03824 WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl); 03825 WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err); 03826 #endif /* HAVE_WRITE_DUP */ 03827 03828 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 03829 typedef struct CertReqCtx CertReqCtx; 03830 03831 struct CertReqCtx { 03832 CertReqCtx* next; 03833 byte len; 03834 byte ctx; 03835 }; 03836 #endif 03837 03838 #ifdef WOLFSSL_EARLY_DATA 03839 typedef enum EarlyDataState { 03840 no_early_data, 03841 early_data_ext, 03842 expecting_early_data, 03843 process_early_data, 03844 done_early_data 03845 } EarlyDataState; 03846 #endif 03847 03848 /* wolfSSL ssl type */ 03849 struct WOLFSSL { 03850 WOLFSSL_CTX* ctx; 03851 Suites* suites; /* only need during handshake */ 03852 Arrays* arrays; 03853 #ifdef WOLFSSL_TLS13 03854 byte clientSecret[SECRET_LEN]; 03855 byte serverSecret[SECRET_LEN]; 03856 #endif 03857 HS_Hashes* hsHashes; 03858 void* IOCB_ReadCtx; 03859 void* IOCB_WriteCtx; 03860 WC_RNG* rng; 03861 void* verifyCbCtx; /* cert verify callback user ctx*/ 03862 VerifyCallback verifyCallback; /* cert verification callback */ 03863 void* heap; /* for user overrides */ 03864 #ifdef HAVE_WRITE_DUP 03865 WriteDup* dupWrite; /* valid pointer indicates ON */ 03866 /* side that decrements dupCount to zero frees overall structure */ 03867 byte dupSide; /* write side or read side */ 03868 #endif 03869 #ifdef OPENSSL_EXTRA 03870 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ 03871 #endif 03872 CallbackIORecv CBIORecv; 03873 CallbackIOSend CBIOSend; 03874 #ifdef WOLFSSL_STATIC_MEMORY 03875 WOLFSSL_HEAP_HINT heap_hint; 03876 #endif 03877 #ifndef NO_HANDSHAKE_DONE_CB 03878 HandShakeDoneCb hsDoneCb; /* notify user handshake done */ 03879 void* hsDoneCtx; /* user handshake cb context */ 03880 #endif 03881 #ifdef WOLFSSL_ASYNC_CRYPT 03882 struct WOLFSSL_ASYNC async; 03883 #elif defined(WOLFSSL_NONBLOCK_OCSP) 03884 void* nonblockarg; /* dynamic arg for handling non-block resume */ 03885 #endif 03886 void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ 03887 word32 hsType; /* Type of Handshake key (hsKey) */ 03888 WOLFSSL_CIPHER cipher; 03889 #ifndef WOLFSSL_AEAD_ONLY 03890 hmacfp hmac; 03891 #endif 03892 Ciphers encrypt; 03893 Ciphers decrypt; 03894 Buffers buffers; 03895 WOLFSSL_SESSION session; 03896 #ifdef HAVE_EXT_CACHE 03897 WOLFSSL_SESSION* extSession; 03898 #endif 03899 WOLFSSL_ALERT_HISTORY alert_history; 03900 int error; 03901 int rfd; /* read file descriptor */ 03902 int wfd; /* write file descriptor */ 03903 int rflags; /* user read flags */ 03904 int wflags; /* user write flags */ 03905 word32 timeout; /* session timeout */ 03906 word32 fragOffset; /* fragment offset */ 03907 word16 curSize; 03908 byte verifyDepth; 03909 RecordLayerHeader curRL; 03910 MsgsReceived msgsReceived; /* peer messages received */ 03911 ProtocolVersion version; /* negotiated version */ 03912 ProtocolVersion chVersion; /* client hello version */ 03913 CipherSpecs specs; 03914 Keys keys; 03915 Options options; 03916 #ifdef OPENSSL_EXTRA 03917 CallbackInfoState* CBIS; /* used to get info about SSL state */ 03918 int cbmode; /* read or write on info callback */ 03919 int cbtype; /* event type in info callback */ 03920 WOLFSSL_BIO* biord; /* socket bio read to free/close */ 03921 WOLFSSL_BIO* biowr; /* socket bio write to free/close */ 03922 byte sessionCtx[ID_LEN]; /* app session context ID */ 03923 WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ 03924 #endif 03925 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 03926 unsigned long peerVerifyRet; 03927 #endif 03928 #ifdef OPENSSL_EXTRA 03929 byte readAhead; 03930 byte sessionCtxSz; /* size of sessionCtx stored */ 03931 #ifdef HAVE_PK_CALLBACKS 03932 void* loggingCtx; /* logging callback argument */ 03933 #endif 03934 #endif /* OPENSSL_EXTRA */ 03935 #ifndef NO_RSA 03936 RsaKey* peerRsaKey; 03937 #ifdef WOLFSSL_RENESAS_TSIP_TLS 03938 byte *peerTsipEncRsaKeyIndex; 03939 #endif 03940 byte peerRsaKeyPresent; 03941 #endif 03942 #ifdef HAVE_QSH 03943 QSHKey* QSH_Key; 03944 QSHKey* peerQSHKey; 03945 QSHSecret* QSH_secret; 03946 byte isQSH; /* is the handshake a QSH? */ 03947 byte sendQSHKeys; /* flag for if the client should sen 03948 public keys */ 03949 byte peerQSHKeyPresent; 03950 byte minRequest; 03951 byte maxRequest; 03952 byte user_set_QSHSchemes; 03953 #endif 03954 #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) 03955 word16 namedGroup; 03956 #endif 03957 #ifdef WOLFSSL_TLS13 03958 word16 group[WOLFSSL_MAX_GROUP_COUNT]; 03959 byte numGroups; 03960 #endif 03961 word16 pssAlgo; 03962 #ifdef WOLFSSL_TLS13 03963 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) 03964 word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ 03965 byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to 03966 * offer */ 03967 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ 03968 #endif 03969 #ifdef HAVE_NTRU 03970 word16 peerNtruKeyLen; 03971 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; 03972 byte peerNtruKeyPresent; 03973 #endif 03974 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 03975 int eccVerifyRes; 03976 #endif 03977 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) 03978 word32 ecdhCurveOID; /* curve Ecc_Sum */ 03979 ecc_key* eccTempKey; /* private ECDHE key */ 03980 byte eccTempKeyPresent; /* also holds type */ 03981 byte peerEccKeyPresent; 03982 #endif 03983 #ifdef HAVE_ECC 03984 ecc_key* peerEccKey; /* peer's ECDHE key */ 03985 ecc_key* peerEccDsaKey; /* peer's ECDSA key */ 03986 word16 eccTempKeySz; /* in octets 20 - 66 */ 03987 byte peerEccDsaKeyPresent; 03988 #endif 03989 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE448) 03990 word32 pkCurveOID; /* curve Ecc_Sum */ 03991 #endif 03992 #ifdef HAVE_ED25519 03993 ed25519_key* peerEd25519Key; 03994 byte peerEd25519KeyPresent; 03995 #endif 03996 #ifdef HAVE_CURVE25519 03997 curve25519_key* peerX25519Key; 03998 byte peerX25519KeyPresent; 03999 #endif 04000 #ifdef HAVE_ED448 04001 ed448_key* peerEd448Key; 04002 byte peerEd448KeyPresent; 04003 #endif 04004 #ifdef HAVE_CURVE448 04005 curve448_key* peerX448Key; 04006 byte peerX448KeyPresent; 04007 #endif 04008 #ifdef HAVE_LIBZ 04009 z_stream c_stream; /* compression stream */ 04010 z_stream d_stream; /* decompression stream */ 04011 byte didStreamInit; /* for stream init and end */ 04012 #endif 04013 #ifdef WOLFSSL_DTLS 04014 int dtls_timeout_init; /* starting timeout value */ 04015 int dtls_timeout_max; /* maximum timeout value */ 04016 int dtls_timeout; /* current timeout value, changes */ 04017 word32 dtls_tx_msg_list_sz; 04018 word32 dtls_rx_msg_list_sz; 04019 DtlsMsg* dtls_tx_msg_list; 04020 DtlsMsg* dtls_tx_msg; 04021 DtlsMsg* dtls_rx_msg_list; 04022 void* IOCB_CookieCtx; /* gen cookie ctx */ 04023 word32 dtls_expected_rx; 04024 #ifdef WOLFSSL_SESSION_EXPORT 04025 wc_dtls_export dtls_export; /* export function for session */ 04026 #endif 04027 #if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) 04028 word16 dtlsMtuSz; 04029 #endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */ 04030 #ifdef WOLFSSL_MULTICAST 04031 void* mcastHwCbCtx; /* Multicast highwater callback ctx */ 04032 #endif /* WOLFSSL_MULTICAST */ 04033 #ifdef WOLFSSL_DTLS_DROP_STATS 04034 word32 macDropCount; 04035 word32 replayDropCount; 04036 #endif /* WOLFSSL_DTLS_DROP_STATS */ 04037 #endif /* WOLFSSL_DTLS */ 04038 #ifdef WOLFSSL_CALLBACKS 04039 TimeoutInfo timeoutInfo; /* info saved during handshake */ 04040 HandShakeInfo handShakeInfo; /* info saved during handshake */ 04041 #endif 04042 #ifdef OPENSSL_EXTRA 04043 SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ 04044 void* protoMsgCtx; /* user set context with msg callback */ 04045 #endif 04046 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 04047 byte hsInfoOn; /* track handshake info */ 04048 byte toInfoOn; /* track timeout info */ 04049 #endif 04050 #ifdef HAVE_FUZZER 04051 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ 04052 void* fuzzerCtx; /* user defined pointer */ 04053 #endif 04054 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 04055 CertReqCtx* certReqCtx; 04056 #endif 04057 #ifdef KEEP_PEER_CERT 04058 WOLFSSL_X509 peerCert; /* X509 peer cert */ 04059 #endif 04060 #ifdef KEEP_OUR_CERT 04061 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert. 04062 points to ctx if not owned (owned 04063 flag found in buffers.weOwnCert) */ 04064 #endif 04065 byte keepCert; /* keep certificate after handshake */ 04066 #if defined(HAVE_EX_DATA) || defined(FORTRESS) 04067 WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */ 04068 #endif 04069 int devId; /* async device id to use */ 04070 #ifdef HAVE_ONE_TIME_AUTH 04071 OneTimeAuth auth; 04072 #endif 04073 #ifdef HAVE_TLS_EXTENSIONS 04074 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 04075 #ifdef HAVE_MAX_FRAGMENT 04076 word16 max_fragment; 04077 #endif 04078 #ifdef HAVE_TRUNCATED_HMAC 04079 byte truncated_hmac; 04080 #endif 04081 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 04082 byte status_request; 04083 #endif 04084 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 04085 byte status_request_v2; 04086 #endif 04087 #if defined(HAVE_SECURE_RENEGOTIATION) \ 04088 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 04089 int secure_rene_count; /* how many times */ 04090 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ 04091 #endif /* user turned on */ 04092 #ifdef HAVE_ALPN 04093 char* alpn_client_list; /* keep the client's list */ 04094 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 04095 CallbackALPNSelect alpnSelect; 04096 void* alpnSelectArg; 04097 #endif 04098 #endif /* of accepted protocols */ 04099 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) 04100 CallbackSessionTicket session_ticket_cb; 04101 void* session_ticket_ctx; 04102 byte expect_session_ticket; 04103 #endif 04104 #endif /* HAVE_TLS_EXTENSIONS */ 04105 #ifdef HAVE_OCSP 04106 void* ocspIOCtx; 04107 #ifdef OPENSSL_EXTRA 04108 byte* ocspResp; 04109 int ocspRespSz; 04110 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 04111 char* url; 04112 #endif 04113 #endif 04114 #endif 04115 #ifdef HAVE_NETX 04116 NetX_Ctx nxCtx; /* NetX IO Context */ 04117 #endif 04118 #if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) 04119 void* mnCtx; /* mynewt mn_socket IO Context */ 04120 #endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */ 04121 #ifdef WOLFSSL_GNRC 04122 struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */ 04123 #endif 04124 #ifdef SESSION_INDEX 04125 int sessionIndex; /* Session's location in the cache. */ 04126 #endif 04127 #ifdef ATOMIC_USER 04128 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ 04129 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ 04130 #ifdef HAVE_ENCRYPT_THEN_MAC 04131 void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */ 04132 void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */ 04133 #endif 04134 #endif 04135 #ifdef HAVE_PK_CALLBACKS 04136 #ifdef HAVE_ECC 04137 void* EccKeyGenCtx; /* EccKeyGen Callback Context */ 04138 void* EccSignCtx; /* Ecc Sign Callback Context */ 04139 void* EccVerifyCtx; /* Ecc Verify Callback Context */ 04140 void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ 04141 #ifdef HAVE_ED25519 04142 void* Ed25519SignCtx; /* ED25519 Sign Callback Context */ 04143 void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */ 04144 #endif 04145 #ifdef HAVE_CURVE25519 04146 void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ 04147 void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ 04148 #endif 04149 #ifdef HAVE_ED448 04150 void* Ed448SignCtx; /* ED448 Sign Callback Context */ 04151 void* Ed448VerifyCtx; /* ED448 Verify Callback Context */ 04152 #endif 04153 #ifdef HAVE_CURVE448 04154 void* X448KeyGenCtx; /* X448 KeyGen Callback Context */ 04155 void* X448SharedSecretCtx; /* X448 Pms Callback Context */ 04156 #endif 04157 #endif /* HAVE_ECC */ 04158 #ifndef NO_DH 04159 void* DhAgreeCtx; /* DH Pms Callback Context */ 04160 #endif /* !NO_DH */ 04161 #ifndef NO_RSA 04162 void* RsaSignCtx; /* Rsa Sign Callback Context */ 04163 void* RsaVerifyCtx; /* Rsa Verify Callback Context */ 04164 #ifdef WC_RSA_PSS 04165 void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */ 04166 void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */ 04167 #endif 04168 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ 04169 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ 04170 #endif /* NO_RSA */ 04171 #endif /* HAVE_PK_CALLBACKS */ 04172 #ifdef HAVE_SECRET_CALLBACK 04173 SessionSecretCb sessionSecretCb; 04174 void* sessionSecretCtx; 04175 #ifdef WOLFSSL_TLS13 04176 Tls13SecretCb tls13SecretCb; 04177 void* tls13SecretCtx; 04178 #endif 04179 #endif /* HAVE_SECRET_CALLBACK */ 04180 #ifdef WOLFSSL_JNI 04181 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ 04182 #endif /* WOLFSSL_JNI */ 04183 #ifdef WOLFSSL_EARLY_DATA 04184 EarlyDataState earlyData; 04185 word32 earlyDataSz; 04186 #endif 04187 #ifdef OPENSSL_ALL 04188 long verifyCallbackResult; 04189 #endif 04190 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 04191 WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ 04192 WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ 04193 #endif 04194 }; 04195 04196 04197 WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr); 04198 WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); 04199 WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); 04200 WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap); 04201 WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ 04202 04203 04204 #ifndef NO_CERTS 04205 04206 WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, 04207 long sz, int format, int type, WOLFSSL* ssl, 04208 long* used, int userChain, int verify); 04209 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, 04210 int type, WOLFSSL* ssl, int userChain, 04211 WOLFSSL_CRL* crl, int verify); 04212 04213 #ifdef OPENSSL_EXTRA 04214 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName, 04215 size_t domainNameLen); 04216 #endif 04217 #endif 04218 04219 04220 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 04221 WOLFSSL_LOCAL 04222 void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*); 04223 WOLFSSL_LOCAL 04224 void FinishHandShakeInfo(HandShakeInfo*); 04225 WOLFSSL_LOCAL 04226 void AddPacketName(WOLFSSL* ssl, const char* name); 04227 04228 WOLFSSL_LOCAL 04229 void InitTimeoutInfo(TimeoutInfo*); 04230 WOLFSSL_LOCAL 04231 void FreeTimeoutInfo(TimeoutInfo*, void*); 04232 WOLFSSL_LOCAL 04233 void AddPacketInfo(WOLFSSL* ssl, const char* name, int type, 04234 const byte* data, int sz, int write, void* heap); 04235 WOLFSSL_LOCAL 04236 void AddLateName(const char*, TimeoutInfo*); 04237 WOLFSSL_LOCAL 04238 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); 04239 #endif 04240 04241 04242 /* Record Layer Header identifier from page 12 */ 04243 enum ContentType { 04244 no_type = 0, 04245 change_cipher_spec = 20, 04246 alert = 21, 04247 handshake = 22, 04248 application_data = 23 04249 }; 04250 04251 04252 /* handshake header, same for each message type, pgs 20/21 */ 04253 typedef struct HandShakeHeader { 04254 byte type; 04255 word24 length; 04256 } HandShakeHeader; 04257 04258 04259 /* DTLS handshake header, same for each message type */ 04260 typedef struct DtlsHandShakeHeader { 04261 byte type; 04262 word24 length; 04263 byte message_seq[2]; /* start at 0, retransmit gets same # */ 04264 word24 fragment_offset; /* bytes in previous fragments */ 04265 word24 fragment_length; /* length of this fragment */ 04266 } DtlsHandShakeHeader; 04267 04268 04269 enum HandShakeType { 04270 hello_request = 0, 04271 client_hello = 1, 04272 server_hello = 2, 04273 hello_verify_request = 3, /* DTLS addition */ 04274 session_ticket = 4, 04275 end_of_early_data = 5, 04276 hello_retry_request = 6, 04277 encrypted_extensions = 8, 04278 certificate = 11, 04279 server_key_exchange = 12, 04280 certificate_request = 13, 04281 server_hello_done = 14, 04282 certificate_verify = 15, 04283 client_key_exchange = 16, 04284 finished = 20, 04285 certificate_status = 22, 04286 key_update = 24, 04287 change_cipher_hs = 55, /* simulate unique handshake type for sanity 04288 checks. record layer change_cipher 04289 conflicts with handshake finished */ 04290 message_hash = 254, /* synthetic message type for TLS v1.3 */ 04291 no_shake = 255 /* used to initialize the DtlsMsg record */ 04292 }; 04293 04294 enum ProvisionSide { 04295 PROVISION_CLIENT = 1, 04296 PROVISION_SERVER = 2, 04297 PROVISION_CLIENT_SERVER = 3 04298 }; 04299 04300 04301 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; 04302 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; 04303 04304 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; 04305 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; 04306 04307 #ifdef OPENSSL_EXTRA 04308 typedef struct { 04309 int name_len; 04310 const char *name; 04311 int nid; 04312 } WOLF_EC_NIST_NAME; 04313 extern const WOLF_EC_NIST_NAME kNistCurves[]; 04314 /* This is the longest and shortest curve name in the kNistCurves list */ 04315 #define kNistCurves_MIN_NAME_LEN 5 04316 #define kNistCurves_MAX_NAME_LEN 7 04317 #endif 04318 04319 /* internal functions */ 04320 WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); 04321 WOLFSSL_LOCAL int SendTicket(WOLFSSL*); 04322 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); 04323 WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); 04324 #ifdef WOLFSSL_TLS13 04325 #ifdef WOLFSSL_TLS13_DRAFT_18 04326 WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*); 04327 #else 04328 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); 04329 #endif 04330 #endif 04331 WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); 04332 WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); 04333 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 04334 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 04335 WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*); 04336 #endif 04337 #if defined(HAVE_SECURE_RENEGOTIATION) && \ 04338 defined(HAVE_SERVER_RENEGOTIATION_INFO) 04339 WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*); 04340 #endif 04341 WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); 04342 WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); 04343 WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); 04344 WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); 04345 WOLFSSL_LOCAL int SendFinished(WOLFSSL*); 04346 WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); 04347 WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); 04348 04349 WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); 04350 WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); 04351 04352 WOLFSSL_LOCAL int AddSession(WOLFSSL*); 04353 WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); 04354 WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); 04355 04356 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); 04357 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); 04358 WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); 04359 04360 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); 04361 WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); 04362 WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); 04363 04364 WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); 04365 04366 WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); 04367 WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); 04368 04369 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) 04370 WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey); 04371 WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); 04372 #endif 04373 04374 WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, 04375 int *initTmpRng); 04376 04377 #ifndef NO_CERTS 04378 #ifndef NO_RSA 04379 #ifdef WC_RSA_PSS 04380 WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz, 04381 byte* out, word32 sigSz, enum wc_HashType hashType); 04382 WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, 04383 enum wc_HashType* hashType, int* mgf); 04384 #endif 04385 WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, 04386 word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo, 04387 int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo); 04388 WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, 04389 byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key, 04390 DerBuffer* keyBufInfo); 04391 WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, 04392 byte** out, int sigAlgo, int hashAlgo, RsaKey* key, 04393 buffer* keyBufInfo); 04394 WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, 04395 word32* outSz, RsaKey* key, DerBuffer* keyBufInfo); 04396 WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, 04397 word32* outSz, RsaKey* key, buffer* keyBufInfo); 04398 #endif /* !NO_RSA */ 04399 04400 #ifdef HAVE_ECC 04401 WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, 04402 byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo); 04403 WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, 04404 const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo); 04405 WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, 04406 ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out, 04407 word32* outlen, int side); 04408 #endif /* HAVE_ECC */ 04409 #ifdef HAVE_ED25519 04410 WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl); 04411 WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, 04412 byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo); 04413 WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in, 04414 word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key, 04415 buffer* keyBufInfo); 04416 #endif /* HAVE_ED25519 */ 04417 #ifdef HAVE_ED448 04418 WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl); 04419 WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, 04420 byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo); 04421 WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in, 04422 word32 inSz, const byte* msg, word32 msgSz, ed448_key* key, 04423 buffer* keyBufInfo); 04424 #endif /* HAVE_ED448 */ 04425 04426 04427 #ifdef WOLFSSL_TRUST_PEER_CERT 04428 04429 /* options for searching hash table for a matching trusted peer cert */ 04430 #define WC_MATCH_SKID 0 04431 #define WC_MATCH_NAME 1 04432 04433 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, 04434 int type); 04435 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, 04436 DecodedCert* cert); 04437 #endif 04438 04439 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); 04440 #ifndef NO_SKID 04441 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); 04442 #endif 04443 #endif /* !NO_CERTS */ 04444 WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, 04445 word32* hashLen); 04446 WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, 04447 const byte* sender); 04448 WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); 04449 WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); 04450 WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); 04451 04452 #ifndef NO_TLS 04453 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); 04454 #ifndef WOLFSSL_AEAD_ONLY 04455 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, 04456 word32 sz, int padSz, int content, int verify); 04457 #endif 04458 #endif 04459 04460 #ifndef NO_WOLFSSL_CLIENT 04461 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); 04462 #ifdef WOLFSSL_TLS13 04463 WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*); 04464 #endif 04465 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); 04466 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); 04467 #endif /* NO_WOLFSSL_CLIENT */ 04468 04469 #ifndef NO_WOLFSSL_SERVER 04470 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); 04471 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); 04472 #endif /* NO_WOLFSSL_SERVER */ 04473 04474 #ifdef WOLFSSL_DTLS 04475 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); 04476 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); 04477 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); 04478 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, 04479 word32, word32, void*); 04480 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); 04481 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32, 04482 byte, word32, word32, void*); 04483 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); 04484 04485 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32); 04486 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); 04487 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); 04488 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); 04489 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); 04490 #endif /* WOLFSSL_DTLS */ 04491 04492 #ifndef NO_TLS 04493 04494 04495 #endif /* NO_TLS */ 04496 04497 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) 04498 WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); 04499 #endif 04500 WOLFSSL_LOCAL word32 LowResTimer(void); 04501 04502 #ifndef NO_CERTS 04503 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); 04504 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap); 04505 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); 04506 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); 04507 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); 04508 #endif 04509 04510 #ifndef MAX_CIPHER_NAME 04511 #define MAX_CIPHER_NAME 50 04512 #endif 04513 04514 #ifdef WOLFSSL_NAMES_STATIC 04515 typedef char cipher_name[MAX_CIPHER_NAME]; 04516 #else 04517 typedef const char* cipher_name; 04518 #endif 04519 04520 typedef struct CipherSuiteInfo { 04521 cipher_name name; 04522 #ifndef NO_ERROR_STRINGS 04523 cipher_name name_iana; 04524 #endif 04525 byte cipherSuite0; 04526 byte cipherSuite; 04527 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 04528 byte minor; 04529 byte major; 04530 #endif 04531 } CipherSuiteInfo; 04532 04533 WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); 04534 WOLFSSL_LOCAL int GetCipherNamesSize(void); 04535 WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); 04536 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 04537 /* used in wolfSSL_sk_CIPHER_description */ 04538 #define MAX_SEGMENTS 5 04539 #define MAX_SEGMENT_SZ 20 04540 WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*); 04541 WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor); 04542 WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]); 04543 WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]); 04544 WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]); 04545 WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); 04546 WOLFSSL_LOCAL int SetCipherBits(const char* enc); 04547 #endif 04548 WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); 04549 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); 04550 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); 04551 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, 04552 byte* cipherSuite); 04553 04554 enum encrypt_side { 04555 ENCRYPT_SIDE_ONLY = 1, 04556 DECRYPT_SIDE_ONLY, 04557 ENCRYPT_AND_DECRYPT_SIDE 04558 }; 04559 04560 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); 04561 04562 /* Set*Internal and Set*External functions */ 04563 WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa); 04564 WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa); 04565 #ifndef HAVE_USER_RSA 04566 WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa); 04567 WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa); 04568 #endif 04569 WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); 04570 WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); 04571 04572 #ifndef NO_DH 04573 WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, 04574 byte* priv, word32* privSz, 04575 byte* pub, word32* pubSz); 04576 WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey, 04577 const byte* priv, word32 privSz, 04578 const byte* otherPub, word32 otherPubSz, 04579 byte* agree, word32* agreeSz); 04580 #endif /* !NO_DH */ 04581 04582 #ifdef HAVE_ECC 04583 WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer); 04584 WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum); 04585 #endif 04586 04587 WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); 04588 WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); 04589 04590 WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, 04591 const byte* input, int inSz, int type, int hashOutput, 04592 int sizeOnly, int asyncOkay); 04593 04594 #ifdef WOLFSSL_TLS13 04595 int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, 04596 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay); 04597 #endif 04598 04599 WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey); 04600 WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); 04601 04602 #ifdef WOLFSSL_ASYNC_CRYPT 04603 WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags); 04604 WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state); 04605 WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev); 04606 #endif 04607 04608 04609 #ifdef __cplusplus 04610 } /* extern "C" */ 04611 #endif 04612 04613 #endif /* wolfSSL_INT_H */ 04614
Generated on Tue Jul 12 2022 20:58:40 by
1.7.2