1 /* internal.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 23 24 #ifndef WOLFSSL_INT_H 25 #define WOLFSSL_INT_H 26 27 #include <wolfssl/wolfcrypt/types.h> 28 #include <wolfssl/ssl.h> 29 #ifdef HAVE_CRL 30 #include <wolfssl/crl.h> 31 #endif 32 #include <wolfssl/wolfcrypt/random.h> 33 #ifndef NO_DES3 34 #include <wolfssl/wolfcrypt/des3.h> 35 #endif 36 #ifndef NO_HC128 37 #include <wolfssl/wolfcrypt/hc128.h> 38 #endif 39 #ifndef NO_RABBIT 40 #include <wolfssl/wolfcrypt/rabbit.h> 41 #endif 42 #ifdef HAVE_CHACHA 43 #include <wolfssl/wolfcrypt/chacha.h> 44 #endif 45 #ifndef NO_ASN 46 #include <wolfssl/wolfcrypt/asn.h> 47 #include <wolfssl/wolfcrypt/pkcs12.h> 48 #endif 49 #ifndef NO_MD5 50 #include <wolfssl/wolfcrypt/md5.h> 51 #endif 52 #ifndef NO_SHA 53 #include <wolfssl/wolfcrypt/sha.h> 54 #endif 55 #ifndef NO_AES 56 #include <wolfssl/wolfcrypt/aes.h> 57 #endif 58 #ifdef HAVE_POLY1305 59 #include <wolfssl/wolfcrypt/poly1305.h> 60 #endif 61 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && defined(OPENSSL_EXTRA) 62 #include <wolfssl/wolfcrypt/chacha20_poly1305.h> 63 #endif 64 #ifdef HAVE_CAMELLIA 65 #include <wolfssl/wolfcrypt/camellia.h> 66 #endif 67 #include <wolfssl/wolfcrypt/logging.h> 68 #ifndef NO_HMAC 69 #include <wolfssl/wolfcrypt/hmac.h> 70 #endif 71 #ifndef NO_RC4 72 #include <wolfssl/wolfcrypt/arc4.h> 73 #endif 74 #ifndef NO_SHA256 75 #include <wolfssl/wolfcrypt/sha256.h> 76 #endif 77 #if defined(WOLFSSL_SHA384) 78 #include <wolfssl/wolfcrypt/sha512.h> 79 #endif 80 #ifdef HAVE_OCSP 81 #include <wolfssl/ocsp.h> 82 #endif 83 #ifdef WOLFSSL_SHA384 84 #include <wolfssl/wolfcrypt/sha512.h> 85 #endif 86 #ifdef WOLFSSL_SHA512 87 #include <wolfssl/wolfcrypt/sha512.h> 88 #endif 89 #ifdef HAVE_AESGCM 90 #include <wolfssl/wolfcrypt/sha512.h> 91 #endif 92 #ifdef WOLFSSL_RIPEMD 93 #include <wolfssl/wolfcrypt/ripemd.h> 94 #endif 95 #ifdef HAVE_IDEA 96 #include <wolfssl/wolfcrypt/idea.h> 97 #endif 98 #ifndef NO_RSA 99 #include <wolfssl/wolfcrypt/rsa.h> 100 #endif 101 #ifdef HAVE_ECC 102 #include <wolfssl/wolfcrypt/ecc.h> 103 #endif 104 #ifndef NO_DH 105 #include <wolfssl/wolfcrypt/dh.h> 106 #endif 107 #ifdef HAVE_ED25519 108 #include <wolfssl/wolfcrypt/ed25519.h> 109 #endif 110 #ifdef HAVE_CURVE25519 111 #include <wolfssl/wolfcrypt/curve25519.h> 112 #endif 113 #ifdef HAVE_ED448 114 #include <wolfssl/wolfcrypt/ed448.h> 115 #endif 116 #ifdef HAVE_CURVE448 117 #include <wolfssl/wolfcrypt/curve448.h> 118 #endif 119 #ifdef HAVE_PQC 120 #include <wolfssl/wolfcrypt/falcon.h> 121 #endif 122 #ifdef HAVE_HKDF 123 #include <wolfssl/wolfcrypt/kdf.h> 124 #endif 125 #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB 126 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ 127 !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ 128 !defined(WOLFSSL_TICKET_ENC_AES256_GCM) 129 #include <wolfssl/wolfcrypt/chacha20_poly1305.h> 130 #else 131 #include <wolfssl/wolfcrypt/aes.h> 132 #endif 133 #endif 134 135 #include <wolfssl/wolfcrypt/wc_encrypt.h> 136 #include <wolfssl/wolfcrypt/hash.h> 137 138 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 139 #include <wolfssl/callbacks.h> 140 #endif 141 #ifdef WOLFSSL_CALLBACKS 142 #include <signal.h> 143 #endif 144 145 #ifdef USE_WINDOWS_API 146 #ifdef WOLFSSL_GAME_BUILD 147 #include "system/xtl.h" 148 #else 149 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) 150 /* On WinCE winsock2.h must be included before windows.h */ 151 #include <winsock2.h> 152 #endif 153 #include <windows.h> 154 #endif 155 #elif defined(THREADX) 156 #ifndef SINGLE_THREADED 157 #include "tx_api.h" 158 #endif 159 160 #elif defined(WOLFSSL_DEOS) 161 /* do nothing, just don't pick Unix */ 162 #elif defined(MICRIUM) 163 /* do nothing, just don't pick Unix */ 164 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) 165 /* do nothing */ 166 #elif defined(RTTHREAD) 167 /* do nothing */ 168 #elif defined(EBSNET) 169 /* do nothing */ 170 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 171 /* do nothing */ 172 #elif defined(FREESCALE_FREE_RTOS) 173 #include "fsl_os_abstraction.h" 174 #elif defined(WOLFSSL_uITRON4) 175 /* do nothing */ 176 #elif defined(WOLFSSL_uTKERNEL2) 177 /* do nothing */ 178 #elif defined(WOLFSSL_CMSIS_RTOS) 179 #include "cmsis_os.h" 180 #elif defined(WOLFSSL_CMSIS_RTOSv2) 181 #include "cmsis_os2.h" 182 #elif defined(WOLFSSL_MDK_ARM) 183 #if defined(WOLFSSL_MDK5) 184 #include "cmsis_os.h" 185 #else 186 #include <rtl.h> 187 #endif 188 #elif defined(MBED) 189 #elif defined(WOLFSSL_TIRTOS) 190 /* do nothing */ 191 #elif defined(INTIME_RTOS) 192 #include <rt.h> 193 #elif defined(WOLFSSL_NUCLEUS_1_2) 194 /* do nothing */ 195 #elif defined(WOLFSSL_APACHE_MYNEWT) 196 #if !defined(WOLFSSL_LWIP) 197 void mynewt_ctx_clear(void *ctx); 198 void* mynewt_ctx_new(); 199 #endif 200 #elif defined(WOLFSSL_ZEPHYR) 201 #ifndef SINGLE_THREADED 202 #include <kernel.h> 203 #endif 204 #elif defined(WOLFSSL_TELIT_M2MB) 205 /* do nothing */ 206 #else 207 #ifndef SINGLE_THREADED 208 #if defined(WOLFSSL_LINUXKM) 209 #define WOLFSSL_KTHREADS 210 #include <linux/kthread.h> 211 #elif defined(WOLFSSL_USER_MUTEX) 212 /* do nothing */ 213 #else 214 #define WOLFSSL_PTHREADS 215 #include <pthread.h> 216 #endif 217 #endif 218 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) 219 #ifdef FUSION_RTOS 220 #include <fclunistd.h> 221 #else 222 #include <unistd.h> /* for close of BIO */ 223 #endif 224 #endif 225 #endif 226 227 #ifndef CHAR_BIT 228 /* Needed for DTLS without big math */ 229 #include <limits.h> 230 #endif 231 232 233 #ifdef HAVE_LIBZ 234 #include "zlib.h" 235 #endif 236 237 #ifdef WOLFSSL_ASYNC_CRYPT 238 #include <wolfssl/wolfcrypt/async.h> 239 #endif 240 241 #ifdef OPENSSL_EXTRA 242 #ifdef WOLFCRYPT_HAVE_SRP 243 #include <wolfssl/wolfcrypt/srp.h> 244 #endif 245 #endif 246 247 #ifdef _MSC_VER 248 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ 249 #pragma warning(disable: 4996) 250 #endif 251 252 #ifdef NO_SHA 253 #define WC_SHA_DIGEST_SIZE 20 254 #endif 255 256 #ifdef NO_SHA256 257 #define WC_SHA256_DIGEST_SIZE 32 258 #endif 259 260 #ifdef NO_MD5 261 #define WC_MD5_DIGEST_SIZE 16 262 #endif 263 264 #ifdef WOLFSSL_IOTSAFE 265 #include <wolfssl/wolfcrypt/port/iotsafe/iotsafe.h> 266 #endif 267 268 269 #ifdef __cplusplus 270 extern "C" { 271 #endif 272 273 /* Define or comment out the cipher suites you'd like to be compiled in 274 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined 275 276 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx 277 278 Now that there is a maximum strength crypto build, the following BUILD_XXX 279 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. 280 Those that do not use Perfect Forward Security and do not use AEAD ciphers 281 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or 282 CHACHA-POLY. 283 */ 284 285 /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are 286 * not turned off. */ 287 #if defined(WOLFSSL_MAX_STRENGTH) && \ 288 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ 289 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ 290 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ 291 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ 292 !defined(NO_OLD_TLS)) 293 294 #error "You are trying to build max strength with requirements disabled." 295 #endif 296 297 #ifndef WOLFSSL_NO_TLS12 298 299 #ifndef WOLFSSL_MAX_STRENGTH 300 301 #ifdef WOLFSSL_AEAD_ONLY 302 /* AES CBC ciphers are not allowed in AEAD only mode */ 303 #undef HAVE_AES_CBC 304 #endif 305 306 #ifndef WOLFSSL_AEAD_ONLY 307 #if !defined(NO_RSA) && !defined(NO_RC4) 308 #if defined(WOLFSSL_STATIC_RSA) 309 #if !defined(NO_SHA) 310 #define BUILD_SSL_RSA_WITH_RC4_128_SHA 311 #endif 312 #if !defined(NO_MD5) 313 #define BUILD_SSL_RSA_WITH_RC4_128_MD5 314 #endif 315 #endif 316 #endif 317 318 #if !defined(NO_RSA) && !defined(NO_DES3) 319 #if !defined(NO_SHA) 320 #if defined(WOLFSSL_STATIC_RSA) 321 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 322 #endif 323 #endif 324 #endif 325 326 #if !defined(NO_RSA) && defined(HAVE_IDEA) 327 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA) 328 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 329 #endif 330 #endif 331 #endif /* !WOLFSSL_AEAD_ONLY */ 332 333 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) 334 #if !defined(NO_SHA) && defined(HAVE_AES_CBC) 335 #if defined(WOLFSSL_STATIC_RSA) 336 #ifdef WOLFSSL_AES_128 337 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 338 #endif 339 #ifdef WOLFSSL_AES_256 340 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 341 #endif 342 #endif 343 #endif 344 #if defined(WOLFSSL_STATIC_RSA) 345 #if !defined (NO_SHA256) && defined(HAVE_AES_CBC) 346 #ifdef WOLFSSL_AES_128 347 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 348 #endif 349 #ifdef WOLFSSL_AES_256 350 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 351 #endif 352 #endif 353 #if defined (HAVE_AESGCM) 354 #ifdef WOLFSSL_AES_128 355 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 356 #endif 357 #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 358 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 359 #endif 360 #endif 361 #if defined (HAVE_AESCCM) 362 #ifdef WOLFSSL_AES_128 363 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 364 #endif 365 #ifdef WOLFSSL_AES_256 366 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 367 #endif 368 #endif 369 #endif 370 #endif 371 372 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC) 373 #ifndef NO_RSA 374 #if defined(WOLFSSL_STATIC_RSA) 375 #if !defined(NO_SHA) 376 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 377 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 378 #endif 379 #ifndef NO_SHA256 380 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 381 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 382 #endif 383 #endif 384 #if !defined(NO_DH) 385 #if !defined(NO_SHA) 386 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 387 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 388 #endif 389 #ifndef NO_SHA256 390 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 391 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 392 #endif 393 #endif 394 #endif 395 #endif 396 397 #if defined(WOLFSSL_STATIC_PSK) 398 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) 399 #if !defined(NO_SHA) 400 #ifdef WOLFSSL_AES_128 401 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 402 #endif 403 #ifdef WOLFSSL_AES_256 404 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 405 #endif 406 #endif 407 #ifndef NO_SHA256 408 #ifdef WOLFSSL_AES_128 409 #ifdef HAVE_AES_CBC 410 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 411 #endif 412 #ifdef HAVE_AESGCM 413 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 414 #endif 415 #endif /* WOLFSSL_AES_128 */ 416 #ifdef HAVE_AESCCM 417 #ifdef WOLFSSL_AES_128 418 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 419 #define BUILD_TLS_PSK_WITH_AES_128_CCM 420 #endif 421 #ifdef WOLFSSL_AES_256 422 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 423 #define BUILD_TLS_PSK_WITH_AES_256_CCM 424 #endif 425 #endif 426 #endif 427 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 428 #ifdef HAVE_AES_CBC 429 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 430 #endif 431 #ifdef HAVE_AESGCM 432 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 433 #endif 434 #endif 435 #endif 436 #endif 437 438 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) 439 #if !defined(NO_RSA) 440 #if defined(WOLFSSL_STATIC_RSA) 441 #ifndef NO_MD5 442 #define BUILD_TLS_RSA_WITH_NULL_MD5 443 #endif 444 #if !defined(NO_SHA) 445 #define BUILD_TLS_RSA_WITH_NULL_SHA 446 #endif 447 #ifndef NO_SHA256 448 #define BUILD_TLS_RSA_WITH_NULL_SHA256 449 #endif 450 #endif 451 #endif 452 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) 453 #if !defined(NO_SHA) 454 #define BUILD_TLS_PSK_WITH_NULL_SHA 455 #endif 456 #ifndef NO_SHA256 457 #define BUILD_TLS_PSK_WITH_NULL_SHA256 458 #endif 459 #ifdef WOLFSSL_SHA384 460 #define BUILD_TLS_PSK_WITH_NULL_SHA384 461 #endif 462 #endif 463 #endif 464 465 #if defined(WOLFSSL_STATIC_RSA) 466 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) 467 #ifndef NO_MD5 468 #define BUILD_TLS_RSA_WITH_HC_128_MD5 469 #endif 470 #if !defined(NO_SHA) 471 #define BUILD_TLS_RSA_WITH_HC_128_SHA 472 #endif 473 #endif 474 475 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) 476 #if !defined(NO_SHA) 477 #define BUILD_TLS_RSA_WITH_RABBIT_SHA 478 #endif 479 #endif 480 #endif 481 482 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 483 !defined(NO_RSA) 484 485 #if !defined(NO_SHA) 486 #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) 487 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 488 #endif 489 #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) 490 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 491 #endif 492 #if !defined(NO_DES3) 493 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 494 #endif 495 #endif 496 #if !defined(NO_SHA256) && defined(HAVE_AES_CBC) 497 #ifdef WOLFSSL_AES_128 498 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 499 #endif 500 #ifdef WOLFSSL_AES_256 501 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 502 #endif 503 #endif 504 #endif 505 506 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ 507 !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) 508 #ifdef HAVE_AES_CBC 509 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 510 #endif 511 512 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) 513 #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 514 #endif 515 #endif 516 517 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) 518 #ifndef NO_SHA256 519 #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \ 520 defined(HAVE_AES_CBC) 521 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 522 #endif 523 #ifdef HAVE_NULL_CIPHER 524 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 525 #endif 526 #endif 527 #ifdef WOLFSSL_SHA384 528 #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \ 529 defined(HAVE_AES_CBC) 530 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 531 #endif 532 #ifdef HAVE_NULL_CIPHER 533 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 534 #endif 535 #endif 536 #endif 537 538 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ 539 defined(HAVE_CURVE448)) && !defined(NO_TLS) 540 #if !defined(NO_AES) 541 #if !defined(NO_SHA) && defined(HAVE_AES_CBC) 542 #if !defined(NO_RSA) 543 #ifdef WOLFSSL_AES_128 544 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 545 #endif 546 #ifdef WOLFSSL_AES_256 547 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 548 #endif 549 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 550 #ifdef WOLFSSL_AES_128 551 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 552 #endif 553 #ifdef WOLFSSL_AES_256 554 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 555 #endif 556 #endif 557 #endif 558 559 #if defined(HAVE_ECC) || \ 560 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 561 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 562 #ifdef WOLFSSL_AES_128 563 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 564 #endif 565 #ifdef WOLFSSL_AES_256 566 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 567 #endif 568 #endif 569 570 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 571 #ifdef WOLFSSL_AES_128 572 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 573 #endif 574 #ifdef WOLFSSL_AES_256 575 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 576 #endif 577 #endif 578 #endif /* NO_SHA */ 579 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ 580 defined(HAVE_AES_CBC) 581 #if !defined(NO_RSA) 582 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 583 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 584 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 585 #endif 586 #endif 587 #if defined(HAVE_ECC) || \ 588 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 589 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 590 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 591 #endif 592 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 593 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 594 #endif 595 #endif 596 597 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ 598 defined(HAVE_AES_CBC) 599 #if !defined(NO_RSA) 600 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 601 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 602 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 603 #endif 604 #endif 605 #if defined(HAVE_ECC) || \ 606 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 607 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 608 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 609 #endif 610 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 611 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 612 #endif 613 #endif 614 615 #if defined (HAVE_AESGCM) 616 #if !defined(NO_RSA) 617 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 618 #ifdef WOLFSSL_AES_128 619 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 620 #endif 621 #endif 622 #if defined(WOLFSSL_SHA384) 623 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 624 #ifdef WOLFSSL_AES_256 625 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 626 #endif 627 #endif 628 #endif 629 #endif 630 631 #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \ 632 defined(HAVE_ECC) 633 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 634 #endif 635 636 #if defined(WOLFSSL_SHA384) 637 #if defined(WOLFSSL_STATIC_DH) && \ 638 defined(WOLFSSL_AES_256) && defined(HAVE_ECC) 639 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 640 #endif 641 #endif 642 #endif 643 #endif /* NO_AES */ 644 #if !defined(NO_RC4) 645 #if !defined(NO_SHA) 646 #if !defined(NO_RSA) 647 #ifndef WOLFSSL_AEAD_ONLY 648 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 649 #endif 650 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 651 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 652 #endif 653 #endif 654 655 #if defined(HAVE_ECC) || \ 656 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 657 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 658 #ifndef WOLFSSL_AEAD_ONLY 659 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 660 #endif 661 #endif 662 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 663 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 664 #endif 665 #endif 666 #endif 667 #if !defined(NO_DES3) 668 #ifndef NO_SHA 669 #if !defined(NO_RSA) 670 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 671 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 672 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 673 #endif 674 #endif 675 676 #if defined(HAVE_ECC) || \ 677 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 678 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 679 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 680 #endif 681 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) 682 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 683 #endif 684 #endif /* NO_SHA */ 685 #endif 686 #if defined(HAVE_NULL_CIPHER) 687 #if !defined(NO_SHA) 688 #if defined(HAVE_ECC) || \ 689 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 690 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 691 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA 692 #endif 693 #endif 694 #if !defined(NO_PSK) && !defined(NO_SHA256) 695 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 696 #endif 697 #endif 698 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ 699 defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) 700 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 701 #endif 702 #endif 703 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) 704 #if !defined(NO_OLD_POLY1305) 705 #if defined(HAVE_ECC) || \ 706 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 707 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 708 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 709 #endif 710 #if !defined(NO_RSA) && defined(HAVE_ECC) 711 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 712 #endif 713 #if !defined(NO_DH) && !defined(NO_RSA) 714 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 715 #endif 716 #endif /* NO_OLD_POLY1305 */ 717 #if !defined(NO_PSK) 718 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 719 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ 720 defined(HAVE_ED448) 721 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 722 #endif 723 #ifndef NO_DH 724 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 725 #endif 726 #endif /* !NO_PSK */ 727 #endif 728 729 #endif /* !WOLFSSL_MAX_STRENGTH */ 730 731 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ 732 !defined(NO_RSA) && defined(HAVE_AESGCM) 733 734 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) 735 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 736 #endif 737 738 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 739 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 740 #endif 741 #endif 742 743 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) 744 #ifndef NO_SHA256 745 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) 746 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 747 #endif 748 #ifdef HAVE_AESCCM 749 #ifdef WOLFSSL_AES_128 750 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM 751 #endif 752 #ifdef WOLFSSL_AES_256 753 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM 754 #endif 755 #endif 756 #endif 757 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \ 758 defined(WOLFSSL_AES_256) 759 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 760 #endif 761 #endif 762 763 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \ 764 && !defined(NO_TLS) && !defined(NO_AES) 765 #ifdef HAVE_AESGCM 766 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) 767 #if defined(HAVE_ECC) || \ 768 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 769 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 770 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 771 #endif 772 #ifndef NO_RSA 773 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 774 #endif 775 #endif 776 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 777 #if defined(HAVE_ECC) || \ 778 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 779 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 780 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 781 #endif 782 #ifndef NO_RSA 783 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 784 #endif 785 #endif 786 #endif 787 #if defined(HAVE_AESCCM) && !defined(NO_SHA256) 788 #if defined(HAVE_ECC) || \ 789 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 790 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 791 #ifdef WOLFSSL_AES_128 792 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 793 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 794 #endif 795 #ifdef WOLFSSL_AES_256 796 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 797 #endif 798 #endif 799 #endif 800 #endif 801 802 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) 803 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) 804 #if defined(HAVE_ECC) || \ 805 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ 806 (defined(HAVE_CURVE448) && defined(HAVE_ED448)) 807 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 808 #endif 809 #ifndef NO_RSA 810 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 811 #endif 812 #endif 813 #if !defined(NO_DH) && !defined(NO_RSA) 814 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 815 #endif 816 #endif 817 818 #endif 819 820 #if defined(WOLFSSL_TLS13) 821 #ifdef HAVE_AESGCM 822 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) 823 #define BUILD_TLS_AES_128_GCM_SHA256 824 #endif 825 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) 826 #define BUILD_TLS_AES_256_GCM_SHA384 827 #endif 828 #endif 829 830 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) 831 #ifndef NO_SHA256 832 #define BUILD_TLS_CHACHA20_POLY1305_SHA256 833 #endif 834 #endif 835 836 #ifdef HAVE_AESCCM 837 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) 838 #define BUILD_TLS_AES_128_CCM_SHA256 839 #define BUILD_TLS_AES_128_CCM_8_SHA256 840 #endif 841 #endif 842 #ifdef HAVE_NULL_CIPHER 843 #ifndef NO_SHA256 844 #define BUILD_TLS_SHA256_SHA256 845 #endif 846 #ifdef WOLFSSL_SHA384 847 #define BUILD_TLS_SHA384_SHA384 848 #endif 849 #endif 850 #endif 851 852 #if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && \ 853 (defined(NO_DH) || !defined(HAVE_ANON)) && \ 854 defined(NO_RSA) && !defined(HAVE_ECC) && \ 855 !defined(HAVE_ED25519) && !defined(HAVE_ED448) 856 #error "No cipher suites available with this build" 857 #endif 858 859 #ifdef WOLFSSL_MULTICAST 860 #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) 861 #define BUILD_WDM_WITH_NULL_SHA256 862 #endif 863 #endif 864 865 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ 866 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) 867 #define BUILD_ARC4 868 #endif 869 870 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) 871 #define BUILD_DES3 872 #endif 873 874 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ 875 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ 876 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ 877 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) 878 #undef BUILD_AES 879 #define BUILD_AES 880 #endif 881 882 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ 883 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ 884 defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \ 885 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ 886 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ 887 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ 888 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ 889 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ 890 defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \ 891 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ 892 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ 893 defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \ 894 defined(BUILD_TLS_AES_128_GCM_SHA256) || \ 895 defined(BUILD_TLS_AES_256_GCM_SHA384) 896 #define BUILD_AESGCM 897 #else 898 /* No AES-GCM cipher suites available with build */ 899 #define NO_AESGCM_AEAD 900 #endif 901 902 #if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ 903 defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ 904 defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ 905 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \ 906 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ 907 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ 908 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ 909 defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ 910 defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ 911 defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) 912 /* Have an available ChaCha Poly cipher suite */ 913 #else 914 /* No ChaCha Poly cipher suites available with build */ 915 #define NO_CHAPOL_AEAD 916 #endif 917 918 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ 919 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) 920 #define BUILD_HC128 921 #endif 922 923 #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) 924 #define BUILD_RABBIT 925 #endif 926 927 #ifdef NO_DES3 928 #define DES_BLOCK_SIZE 8 929 #else 930 #undef BUILD_DES3 931 #define BUILD_DES3 932 #endif 933 934 #if defined(NO_AES) || !defined(HAVE_AES_DECRYPT) 935 #define AES_BLOCK_SIZE 16 936 #undef BUILD_AES 937 #else 938 #undef BUILD_AES 939 #define BUILD_AES 940 #endif 941 942 #ifndef NO_RC4 943 #undef BUILD_ARC4 944 #define BUILD_ARC4 945 #endif 946 947 #ifdef HAVE_CHACHA 948 #define CHACHA20_BLOCK_SIZE 16 949 #endif 950 951 #if defined(WOLFSSL_MAX_STRENGTH) || \ 952 (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \ 953 defined(HAVE_AESCCM) || \ 954 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ 955 !defined(NO_CHAPOL_AEAD)) || \ 956 (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)) 957 958 #define HAVE_AEAD 959 #endif 960 961 #if defined(WOLFSSL_MAX_STRENGTH) || \ 962 defined(HAVE_ECC) || !defined(NO_DH) 963 964 #define HAVE_PFS 965 #endif 966 967 #if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA) 968 #define BUILD_IDEA 969 #endif 970 971 /* actual cipher values, 2nd byte */ 972 enum { 973 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, 974 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, 975 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, 976 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, 977 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, 978 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, 979 TLS_RSA_WITH_NULL_MD5 = 0x01, 980 TLS_RSA_WITH_NULL_SHA = 0x02, 981 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, 982 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, 983 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, 984 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, 985 TLS_PSK_WITH_NULL_SHA256 = 0xb0, 986 TLS_PSK_WITH_NULL_SHA384 = 0xb1, 987 TLS_PSK_WITH_NULL_SHA = 0x2c, 988 SSL_RSA_WITH_RC4_128_SHA = 0x05, 989 SSL_RSA_WITH_RC4_128_MD5 = 0x04, 990 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, 991 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07, 992 993 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ 994 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, 995 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, 996 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, 997 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, 998 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, 999 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, 1000 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, 1001 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, 1002 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, 1003 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, 1004 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, 1005 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, 1006 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06, 1007 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a, 1008 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37, 1009 1010 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ 1011 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, 1012 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, 1013 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, 1014 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, 1015 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, 1016 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, 1017 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, 1018 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, 1019 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, 1020 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, 1021 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, 1022 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, 1023 1024 /* wolfSSL extension - eSTREAM */ 1025 TLS_RSA_WITH_HC_128_MD5 = 0xFB, 1026 TLS_RSA_WITH_HC_128_SHA = 0xFC, 1027 TLS_RSA_WITH_RABBIT_SHA = 0xFD, 1028 WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ 1029 1030 /* SHA256 */ 1031 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, 1032 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, 1033 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, 1034 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, 1035 TLS_RSA_WITH_NULL_SHA256 = 0x3b, 1036 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, 1037 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, 1038 1039 /* SHA384 */ 1040 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, 1041 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, 1042 1043 /* AES-GCM */ 1044 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, 1045 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, 1046 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, 1047 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, 1048 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7, 1049 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, 1050 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, 1051 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, 1052 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, 1053 1054 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ 1055 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, 1056 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, 1057 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, 1058 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, 1059 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, 1060 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, 1061 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, 1062 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, 1063 1064 /* AES-CCM, first byte is 0xC0 but isn't ECC, 1065 * also, in some of the other AES-CCM suites 1066 * there will be second byte number conflicts 1067 * with non-ECC AES-GCM */ 1068 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, 1069 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, 1070 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac, 1071 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, 1072 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, 1073 TLS_PSK_WITH_AES_128_CCM = 0xa4, 1074 TLS_PSK_WITH_AES_256_CCM = 0xa5, 1075 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, 1076 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, 1077 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, 1078 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, 1079 1080 /* Camellia */ 1081 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, 1082 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, 1083 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, 1084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, 1085 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, 1086 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, 1087 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, 1088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, 1089 1090 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ 1091 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8, 1092 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9, 1093 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa, 1094 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac, 1095 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab, 1096 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad, 1097 1098 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ 1099 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13, 1100 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14, 1101 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15, 1102 1103 /* TLS v1.3 cipher suites */ 1104 TLS_AES_128_GCM_SHA256 = 0x01, 1105 TLS_AES_256_GCM_SHA384 = 0x02, 1106 TLS_CHACHA20_POLY1305_SHA256 = 0x03, 1107 TLS_AES_128_CCM_SHA256 = 0x04, 1108 TLS_AES_128_CCM_8_SHA256 = 0x05, 1109 1110 /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */ 1111 TLS_SHA256_SHA256 = 0xB4, 1112 TLS_SHA384_SHA384 = 0xB5, 1113 1114 /* Fallback SCSV (Signaling Cipher Suite Value) */ 1115 TLS_FALLBACK_SCSV = 0x56, 1116 /* Renegotiation Indication Extension Special Suite */ 1117 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff 1118 }; 1119 1120 1121 #ifndef WOLFSSL_SESSION_TIMEOUT 1122 #define WOLFSSL_SESSION_TIMEOUT 500 1123 /* default session resumption cache timeout in seconds */ 1124 #endif 1125 1126 1127 #ifndef WOLFSSL_DTLS_WINDOW_WORDS 1128 #define WOLFSSL_DTLS_WINDOW_WORDS 2 1129 #endif /* WOLFSSL_DTLS_WINDOW_WORDS */ 1130 #define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT) 1131 #define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS) 1132 #define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS) 1133 1134 #ifndef WOLFSSL_MULTICAST 1135 #define WOLFSSL_DTLS_PEERSEQ_SZ 1 1136 #else 1137 #ifndef WOLFSSL_MULTICAST_PEERS 1138 /* max allowed multicast group peers */ 1139 #define WOLFSSL_MULTICAST_PEERS 100 1140 #endif 1141 #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS 1142 #endif /* WOLFSSL_MULTICAST */ 1143 1144 #ifndef WOLFSSL_MAX_MTU 1145 /* 1500 - 100 bytes to account for UDP and IP headers */ 1146 #define WOLFSSL_MAX_MTU 1400 1147 #endif /* WOLFSSL_MAX_MTU */ 1148 1149 #ifndef WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER 1150 #define WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER 500 1151 #endif /* WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER */ 1152 1153 1154 /* set minimum DH key size allowed */ 1155 #ifndef WOLFSSL_MIN_DHKEY_BITS 1156 #ifdef WOLFSSL_MAX_STRENGTH 1157 #define WOLFSSL_MIN_DHKEY_BITS 2048 1158 #else 1159 #define WOLFSSL_MIN_DHKEY_BITS 1024 1160 #endif 1161 #endif 1162 #if (WOLFSSL_MIN_DHKEY_BITS % 8) 1163 #error DH minimum bit size must be multiple of 8 1164 #endif 1165 #if (WOLFSSL_MIN_DHKEY_BITS > 16000) 1166 #error DH minimum bit size must not be greater than 16000 1167 #endif 1168 #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) 1169 /* set maximum DH key size allowed */ 1170 #ifndef WOLFSSL_MAX_DHKEY_BITS 1171 #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) 1172 #define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2) 1173 #else 1174 #define WOLFSSL_MAX_DHKEY_BITS 4096 1175 #endif 1176 #endif 1177 #if (WOLFSSL_MAX_DHKEY_BITS % 8) 1178 #error DH maximum bit size must be multiple of 8 1179 #endif 1180 #if (WOLFSSL_MAX_DHKEY_BITS > 16384) 1181 #error DH maximum bit size must not be greater than 16384 1182 #endif 1183 #define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8) 1184 1185 #ifndef MAX_PSK_ID_LEN 1186 /* max psk identity/hint supported */ 1187 #if defined(WOLFSSL_TLS13) 1188 /* OpenSSL has a 1472 byte session ticket */ 1189 #define MAX_PSK_ID_LEN 1536 1190 #else 1191 #define MAX_PSK_ID_LEN 128 1192 #endif 1193 #endif 1194 1195 #ifndef MAX_EARLY_DATA_SZ 1196 /* maximum early data size */ 1197 #define MAX_EARLY_DATA_SZ 4096 1198 #endif 1199 1200 #ifndef WOLFSSL_MAX_RSA_BITS 1201 #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) 1202 #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2) 1203 #else 1204 #define WOLFSSL_MAX_RSA_BITS 4096 1205 #endif 1206 #endif 1207 #if (WOLFSSL_MAX_RSA_BITS % 8) 1208 #error RSA maximum bit size must be multiple of 8 1209 #endif 1210 1211 enum Misc { 1212 CIPHER_BYTE = 0x00, /* Default ciphers */ 1213 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ 1214 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ 1215 TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */ 1216 1217 SEND_CERT = 1, 1218 SEND_BLANK_CERT = 2, 1219 1220 DTLS_MAJOR = 0xfe, /* DTLS major version number */ 1221 DTLS_MINOR = 0xff, /* DTLS minor version number */ 1222 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ 1223 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ 1224 SSLv3_MINOR = 0, /* TLSv1 minor version number */ 1225 TLSv1_MINOR = 1, /* TLSv1 minor version number */ 1226 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ 1227 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ 1228 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ 1229 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ 1230 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ 1231 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ 1232 NO_COMPRESSION = 0, 1233 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ 1234 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ 1235 HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ 1236 SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, 1237 /* pre RSA and all master */ 1238 #ifdef HAVE_PQC 1239 ENCRYPT_LEN = 1500, /* allow 1500 bit static buffer for falcon */ 1240 #else 1241 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ 1242 (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) 1243 #if !defined(NO_PSK) && defined(USE_FAST_MATH) 1244 ENCRYPT_LEN = (FP_MAX_BITS / 2 / 8) + MAX_PSK_ID_LEN + 2, 1245 #else 1246 ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ 1247 #endif 1248 #else 1249 #ifndef NO_PSK 1250 ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */ 1251 #else 1252 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ 1253 #endif 1254 #endif 1255 #endif 1256 SIZEOF_SENDER = 4, /* clnt or srvr */ 1257 FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ 1258 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ 1259 MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */ 1260 MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */ 1261 #ifdef WOLFSSL_TLS13 1262 MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */ 1263 MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */ 1264 #endif 1265 MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE, 1266 /* max added to msg, mac + pad from */ 1267 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max 1268 digest sz + BLOC_SZ (iv) + pad byte (1) */ 1269 MAX_COMP_EXTRA = 1024, /* max compression extra */ 1270 MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */ 1271 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ 1272 MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */ 1273 /* 4096 p, pub, g + 2 byte size for each */ 1274 MAX_STR_VERSION = 8, /* string rep of protocol version */ 1275 1276 PAD_MD5 = 48, /* pad length for finished */ 1277 PAD_SHA = 40, /* pad length for finished */ 1278 MAX_PAD_SIZE = 256, /* maximum length of padding */ 1279 1280 LENGTH_SZ = 2, /* length field for HMAC, data only */ 1281 VERSION_SZ = 2, /* length of proctocol version */ 1282 SEQ_SZ = 8, /* 64 bit sequence number */ 1283 ALERT_SIZE = 2, /* level + description */ 1284 VERIFY_HEADER = 2, /* always use 2 bytes */ 1285 EXTS_SZ = 2, /* always use 2 bytes */ 1286 EXT_ID_SZ = 2, /* always use 2 bytes */ 1287 MAX_DH_SIZE = MAX_DHKEY_SZ+1, 1288 /* Max size plus possible leading 0 */ 1289 MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */ 1290 MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */ 1291 SESSION_HINT_SZ = 4, /* session timeout hint */ 1292 SESSION_ADD_SZ = 4, /* session age add */ 1293 TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */ 1294 DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */ 1295 MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */ 1296 MAX_LIFETIME = 604800, /* maximum ticket lifetime */ 1297 1298 RAN_LEN = 32, /* random length */ 1299 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ 1300 ID_LEN = 32, /* session id length */ 1301 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */ 1302 MAX_COOKIE_LEN = 32, /* max dtls cookie size */ 1303 COOKIE_SZ = 20, /* use a 20 byte cookie */ 1304 SUITE_LEN = 2, /* cipher suite sz length */ 1305 ENUM_LEN = 1, /* always a byte */ 1306 OPAQUE8_LEN = 1, /* 1 byte */ 1307 OPAQUE16_LEN = 2, /* 2 bytes */ 1308 OPAQUE24_LEN = 3, /* 3 bytes */ 1309 OPAQUE32_LEN = 4, /* 4 bytes */ 1310 OPAQUE64_LEN = 8, /* 8 bytes */ 1311 COMP_LEN = 1, /* compression length */ 1312 CURVE_LEN = 2, /* ecc named curve length */ 1313 KE_GROUP_LEN = 2, /* key exchange group length */ 1314 SERVER_ID_LEN = 20, /* server session id length */ 1315 1316 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ 1317 RECORD_HEADER_SZ = 5, /* type + version + len(2) */ 1318 CERT_HEADER_SZ = 3, /* always 3 bytes */ 1319 REQ_HEADER_SZ = 2, /* cert request header sz */ 1320 HINT_LEN_SZ = 2, /* length of hint size field */ 1321 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ 1322 HELLO_EXT_SZ = 4, /* base length of a hello extension */ 1323 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ 1324 HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */ 1325 HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */ 1326 1327 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ 1328 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ 1329 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ 1330 DTLS_RECORD_EXTRA = 8, /* diff from normal */ 1331 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ 1332 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ 1333 DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */ 1334 DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ 1335 DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */ 1336 TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */ 1337 DTLS_EXPORT_OPT_SZ = 61, /* amount of bytes used from Options */ 1338 TLS_EXPORT_OPT_SZ = 65, /* amount of bytes used from Options */ 1339 DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */ 1340 DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), 1341 /* max amount of bytes used from Keys */ 1342 DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2), 1343 /* min amount of bytes used from Keys */ 1344 WOLFSSL_EXPORT_TLS = 1, 1345 WOLFSSL_EXPORT_DTLS = 0, 1346 #ifndef WOLFSSL_EXPORT_SPC_SZ 1347 WOLFSSL_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ 1348 #endif 1349 WOLFSSL_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ 1350 WOLFSSL_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */ 1351 1352 /* older export versions supported */ 1353 WOLFSSL_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ 1354 1355 MAX_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ 1356 DTLS_MTU_ADDITIONAL_READ_BUFFER = WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER, 1357 /* Additional bytes to read so that 1358 * we can work with a peer that has 1359 * a slightly different MTU than us. */ 1360 MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ 1361 MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * WOLFSSL_EXPORT_LEN), 1362 /* max size of buffer for exporting state */ 1363 FINISHED_LABEL_SZ = 15, /* TLS finished label size */ 1364 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ 1365 TLS_FINISHED_SZ_MAX = WC_MAX_DIGEST_SIZE, 1366 /* longest message digest size is SHA512, 64 */ 1367 EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */ 1368 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ 1369 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ 1370 PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */ 1371 MAX_LABEL_SZ = 34, /* Maximum length of a label */ 1372 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ 1373 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ 1374 TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ 1375 1376 #if defined(HAVE_FIPS) && \ 1377 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) 1378 MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, 1379 #else 1380 #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13) 1381 #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48 1382 MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE, 1383 #elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32 1384 MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE, 1385 #else 1386 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, 1387 #endif 1388 #else 1389 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, 1390 #endif 1391 #endif 1392 1393 #if defined(HAVE_SELFTEST) && \ 1394 (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) 1395 #ifndef WOLFSSL_AES_KEY_SIZE_ENUM 1396 #define WOLFSSL_AES_KEY_SIZE_ENUM 1397 AES_IV_SIZE = 16, 1398 AES_128_KEY_SIZE = 16, 1399 AES_192_KEY_SIZE = 24, 1400 AES_256_KEY_SIZE = 32, 1401 #endif 1402 #endif 1403 1404 MAX_IV_SZ = AES_BLOCK_SIZE, 1405 1406 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ 1407 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ 1408 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ 1409 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ 1410 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ 1411 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ 1412 AEAD_NONCE_SZ = 12, 1413 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ 1414 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ 1415 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, 1416 1417 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ 1418 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ 1419 CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ 1420 1421 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ 1422 1423 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ 1424 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ 1425 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ 1426 AESCCM_NONCE_SZ = 12, 1427 1428 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ 1429 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ 1430 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ 1431 CAMELLIA_IV_SIZE = 16, /* always block size */ 1432 1433 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ 1434 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ 1435 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */ 1436 1437 POLY1305_AUTH_SZ = 16, /* 128 bits */ 1438 1439 HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */ 1440 1441 HC_128_KEY_SIZE = 16, /* 128 bits */ 1442 HC_128_IV_SIZE = 16, /* also 128 bits */ 1443 1444 RABBIT_KEY_SIZE = 16, /* 128 bits */ 1445 RABBIT_IV_SIZE = 8, /* 64 bits for iv */ 1446 1447 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ 1448 1449 #ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */ 1450 ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */ 1451 #endif 1452 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ 1453 MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */ 1454 1455 NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ 1456 ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ 1457 ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ 1458 ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ 1459 ED448_SA_MINOR = 8, /* Least significant byte for ED448 */ 1460 1461 PQC_SA_MAJOR = 0xFE,/* Most significant byte used with PQC sig algos 1462 */ 1463 /* These match what OQS has defined in their OpenSSL fork. */ 1464 FALCON_LEVEL1_SA_MAJOR = 0xFE, 1465 FALCON_LEVEL1_SA_MINOR = 0x0B, 1466 FALCON_LEVEL5_SA_MAJOR = 0xFE, 1467 FALCON_LEVEL5_SA_MINOR = 0x0E, 1468 1469 1470 MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ 1471 MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ 1472 1473 #if defined(HAVE_PQC) 1474 MAX_CERT_VERIFY_SZ = 1600, /* For Falcon */ 1475 #elif !defined(NO_RSA) 1476 MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */ 1477 #elif defined(HAVE_ECC) 1478 MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */ 1479 #elif defined(HAVE_ED448) 1480 MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */ 1481 #elif defined(HAVE_ED25519) 1482 MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */ 1483 #else 1484 MAX_CERT_VERIFY_SZ = 1024, /* max default */ 1485 #endif 1486 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ 1487 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ 1488 1489 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ 1490 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ 1491 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ 1492 1493 NULL_TERM_LEN = 1, /* length of null '\0' termination character */ 1494 MAX_PSK_KEY_LEN = 64, /* max psk key supported */ 1495 MIN_PSK_ID_LEN = 6, /* min length of identities */ 1496 MIN_PSK_BINDERS_LEN = 33, /* min length of binders */ 1497 MAX_TICKET_AGE_DIFF = 10, /* maximum ticket age difference in seconds */ 1498 TLS13_MAX_TICKET_AGE = 7*24*60*60, /* max ticket age in seconds, 7 days */ 1499 1500 #ifndef MAX_WOLFSSL_FILE_SIZE 1501 MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */ 1502 #endif 1503 1504 #if defined(HAVE_PQC) 1505 MAX_X509_SIZE = 5120, /* max static x509 buffer size; falcon is big */ 1506 #elif defined(WOLFSSL_HAPROXY) 1507 MAX_X509_SIZE = 3072, /* max static x509 buffer size */ 1508 #else 1509 MAX_X509_SIZE = 2048, /* max static x509 buffer size */ 1510 #endif 1511 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ 1512 1513 NO_SNIFF = 0, /* not sniffing */ 1514 SNIFF = 1, /* currently sniffing */ 1515 1516 HASH_SIG_SIZE = 2, /* default SHA1 RSA */ 1517 1518 NO_COPY = 0, /* should we copy static buffer for write */ 1519 COPY = 1, /* should we copy static buffer for write */ 1520 1521 INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */ 1522 1523 PREV_ORDER = -1, /* Sequence number is in previous epoch. */ 1524 PEER_ORDER = 1, /* Peer sequence number for verify. */ 1525 CUR_ORDER = 0, /* Current sequence number. */ 1526 WRITE_PROTO = 1, /* writing a protocol message */ 1527 READ_PROTO = 0 /* reading a protocol message */ 1528 }; 1529 1530 /* minimum Downgrade Minor version */ 1531 #ifndef WOLFSSL_MIN_DOWNGRADE 1532 #ifndef NO_OLD_TLS 1533 #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR 1534 #else 1535 #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR 1536 #endif 1537 #endif 1538 1539 /* Set max implicit IV size for AEAD cipher suites */ 1540 #define AEAD_MAX_IMP_SZ 12 1541 1542 /* Set max explicit IV size for AEAD cipher suites */ 1543 #define AEAD_MAX_EXP_SZ 8 1544 1545 1546 #ifndef WOLFSSL_MAX_SUITE_SZ 1547 #define WOLFSSL_MAX_SUITE_SZ 300 1548 /* 150 suites for now! */ 1549 #endif 1550 1551 /* number of items in the signature algo list */ 1552 #ifndef WOLFSSL_MAX_SIGALGO 1553 #define WOLFSSL_MAX_SIGALGO 38 1554 #endif 1555 1556 1557 /* set minimum ECC key size allowed */ 1558 #ifndef WOLFSSL_MIN_ECC_BITS 1559 #ifdef WOLFSSL_MAX_STRENGTH 1560 #define WOLFSSL_MIN_ECC_BITS 256 1561 #else 1562 #define WOLFSSL_MIN_ECC_BITS 224 1563 #endif 1564 #endif /* WOLFSSL_MIN_ECC_BITS */ 1565 #if (WOLFSSL_MIN_ECC_BITS % 8) 1566 /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1. 1567 In these cases round down to the nearest value divisible by 8. The 1568 restriction of being divisible by 8 is in place to match wc_ecc_size 1569 function from wolfSSL. 1570 */ 1571 #error ECC minimum bit size must be a multiple of 8 1572 #endif 1573 #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) 1574 1575 #ifdef HAVE_PQC 1576 /* set minimum Falcon key size allowed */ 1577 #ifndef MIN_FALCONKEY_SZ 1578 #define MIN_FALCONKEY_SZ 897 1579 #endif 1580 #endif 1581 1582 /* set minimum RSA key size allowed */ 1583 #ifndef WOLFSSL_MIN_RSA_BITS 1584 #ifdef WOLFSSL_MAX_STRENGTH 1585 #define WOLFSSL_MIN_RSA_BITS 2048 1586 #else 1587 #define WOLFSSL_MIN_RSA_BITS 1024 1588 #endif 1589 #endif /* WOLFSSL_MIN_RSA_BITS */ 1590 #if (WOLFSSL_MIN_RSA_BITS % 8) 1591 /* This is to account for the example case of a min size of 2050 bits but 1592 still allows 2049 bit key. So we need the measurement to be in bytes. */ 1593 #error RSA minimum bit size must be a multiple of 8 1594 #endif 1595 #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8) 1596 1597 #ifdef SESSION_INDEX 1598 /* Shift values for making a session index */ 1599 #define SESSIDX_ROW_SHIFT 4 1600 #define SESSIDX_IDX_MASK 0x0F 1601 #endif 1602 1603 1604 /* max cert chain peer depth */ 1605 #ifndef MAX_CHAIN_DEPTH 1606 #define MAX_CHAIN_DEPTH 9 1607 #endif 1608 1609 /* max size of a certificate message payload */ 1610 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ 1611 #ifndef MAX_CERTIFICATE_SZ 1612 #define MAX_CERTIFICATE_SZ \ 1613 CERT_HEADER_SZ + \ 1614 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH 1615 #endif 1616 1617 /* max size of a handshake message, currently set to the certificate */ 1618 #ifndef MAX_HANDSHAKE_SZ 1619 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ 1620 #endif 1621 1622 #ifndef SESSION_TICKET_LEN 1623 #define SESSION_TICKET_LEN 256 1624 #endif 1625 1626 #ifndef SESSION_TICKET_HINT_DEFAULT 1627 #define SESSION_TICKET_HINT_DEFAULT 300 1628 #endif 1629 1630 #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER) 1631 /* Check chosen encryption is available. */ 1632 #if !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) && \ 1633 defined(WOLFSSL_TICKET_ENC_CHACHA20_POLY1305) 1634 #error "ChaCha20-Poly1305 not available for default ticket encryption" 1635 #endif 1636 #if !defined(HAVE_AESGCM) && (defined(WOLFSSL_TICKET_ENC_AES128_GCM) || \ 1637 defined(WOLFSSL_TICKET_ENC_AES256_GCM)) 1638 #error "AES-GCM not available for default ticket encryption" 1639 #endif 1640 1641 #ifndef WOLFSSL_TICKET_KEY_LIFETIME 1642 /* Default lifetime is 1 hour from issue of first ticket with key. */ 1643 #define WOLFSSL_TICKET_KEY_LIFETIME (60 * 60) 1644 #endif 1645 #if WOLFSSL_TICKET_KEY_LIFETIME <= SESSION_TICKET_HINT_DEFAULT 1646 #error "Ticket Key lifetime must be longer than ticket life hint." 1647 #endif 1648 #endif 1649 1650 #define MAX_ENCRYPT_SZ ENCRYPT_LEN 1651 1652 1653 /* states */ 1654 enum states { 1655 NULL_STATE = 0, 1656 1657 SERVER_HELLOVERIFYREQUEST_COMPLETE, 1658 SERVER_HELLO_RETRY_REQUEST_COMPLETE, 1659 SERVER_HELLO_COMPLETE, 1660 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, 1661 SERVER_CERT_COMPLETE, 1662 SERVER_CERT_VERIFY_COMPLETE, 1663 SERVER_KEYEXCHANGE_COMPLETE, 1664 SERVER_HELLODONE_COMPLETE, 1665 SERVER_CHANGECIPHERSPEC_COMPLETE, 1666 SERVER_FINISHED_COMPLETE, 1667 1668 CLIENT_HELLO_RETRY, 1669 CLIENT_HELLO_COMPLETE, 1670 CLIENT_KEYEXCHANGE_COMPLETE, 1671 CLIENT_CHANGECIPHERSPEC_COMPLETE, 1672 CLIENT_FINISHED_COMPLETE, 1673 1674 HANDSHAKE_DONE 1675 }; 1676 1677 /* SSL Version */ 1678 typedef struct ProtocolVersion { 1679 byte major; 1680 byte minor; 1681 } WOLFSSL_PACK ProtocolVersion; 1682 1683 1684 WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); 1685 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); 1686 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); 1687 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); 1688 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); 1689 1690 #ifdef WOLFSSL_DTLS 1691 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); 1692 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); 1693 1694 #endif 1695 #ifdef WOLFSSL_SESSION_EXPORT 1696 WOLFSSL_LOCAL int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, 1697 word32* sz, int type); 1698 WOLFSSL_LOCAL int wolfSSL_session_import_internal(WOLFSSL* ssl, const byte* buf, 1699 word32 sz, int type); 1700 #ifdef WOLFSSL_DTLS 1701 WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, 1702 byte* buf, word32 sz); 1703 WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, 1704 const byte* buf, word32 sz); 1705 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); 1706 #endif 1707 #endif 1708 1709 struct WOLFSSL_BY_DIR_HASH { 1710 unsigned long hash_value; 1711 int last_suffix; 1712 }; 1713 1714 struct WOLFSSL_BY_DIR_entry { 1715 char* dir_name; 1716 int dir_type; 1717 WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes; 1718 }; 1719 1720 struct WOLFSSL_BY_DIR { 1721 WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry; 1722 wolfSSL_Mutex lock; /* dir list lock */ 1723 }; 1724 1725 /* wolfSSL method type */ 1726 struct WOLFSSL_METHOD { 1727 ProtocolVersion version; 1728 byte side; /* connection side, server or client */ 1729 byte downgrade; /* whether to downgrade version, default no */ 1730 }; 1731 1732 /* wolfSSL buffer type - internal uses "buffer" type */ 1733 typedef WOLFSSL_BUFFER_INFO buffer; 1734 1735 typedef struct Suites Suites; 1736 1737 1738 /* defaults to client */ 1739 WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); 1740 1741 WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl); 1742 WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side); 1743 1744 /* for sniffer */ 1745 WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 1746 word32 size, word32 totalSz, int sniff); 1747 #ifdef WOLFSSL_TLS13 1748 WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 1749 word32 size, word32 totalSz, int sniff); 1750 #endif 1751 WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, 1752 int sniff); 1753 /* TLS v1.3 needs these */ 1754 WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, 1755 Suites* clSuites); 1756 #ifdef WOLFSSL_TLS13 1757 WOLFSSL_LOCAL byte SuiteMac(byte* suite); 1758 #endif 1759 WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, 1760 word32); 1761 #ifdef WOLFSSL_TLS13 1762 WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, 1763 word32* inOutIdx, word32 helloSz); 1764 #endif 1765 WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, 1766 word32); 1767 WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); 1768 WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); 1769 WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, 1770 word32 hashSigAlgoSz); 1771 #ifdef WOLF_CRYPTO_CB 1772 WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* buffer, word32 length, 1773 int hsType, int label, int id, 1774 void* heap, int devId); 1775 #endif 1776 WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); 1777 #ifdef HAVE_PK_CALLBACKS 1778 WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); 1779 #ifndef NO_ASN 1780 WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); 1781 #endif 1782 #endif 1783 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); 1784 WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); 1785 WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); 1786 WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); 1787 #ifndef NO_CERTS 1788 WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN); 1789 WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc); 1790 #endif 1791 WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); 1792 WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* output, int sz); 1793 WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, 1794 int ivSz); 1795 WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); 1796 1797 #ifdef HAVE_SNI 1798 #ifndef NO_WOLFSSL_SERVER 1799 WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); 1800 #endif 1801 #endif 1802 #ifdef WOLFSSL_TLS13 1803 WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, 1804 word16 sz, const byte* aad, word16 aadSz); 1805 WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, 1806 word32* inOutIdx, byte type, 1807 word32 size, word32 totalSz); 1808 WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, 1809 word32* inOutIdx, word32 totalSz); 1810 WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, 1811 word32* inOutIdx, word32 helloSz, 1812 byte* extMsgType); 1813 WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl); 1814 #endif 1815 int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, 1816 int pLen, int content); 1817 1818 1819 enum { 1820 FORCED_FREE = 1, 1821 NO_FORCED_FREE = 0 1822 }; 1823 1824 1825 /* only use compression extra if using compression */ 1826 #ifdef HAVE_LIBZ 1827 #define COMP_EXTRA MAX_COMP_EXTRA 1828 #else 1829 #define COMP_EXTRA 0 1830 #endif 1831 1832 /* only the sniffer needs space in the buffer for extra MTU record(s) */ 1833 #ifdef WOLFSSL_SNIFFER 1834 #define MTU_EXTRA MAX_MTU * 3 1835 #else 1836 #define MTU_EXTRA 0 1837 #endif 1838 1839 1840 /* embedded callbacks require large static buffers, make sure on */ 1841 #ifdef WOLFSSL_CALLBACKS 1842 #undef LARGE_STATIC_BUFFERS 1843 #define LARGE_STATIC_BUFFERS 1844 #endif 1845 1846 1847 /* give user option to use 16K static buffers */ 1848 #if defined(LARGE_STATIC_BUFFERS) 1849 #define RECORD_SIZE MAX_RECORD_SIZE 1850 #else 1851 #ifdef WOLFSSL_DTLS 1852 #define RECORD_SIZE MAX_MTU 1853 #else 1854 #define RECORD_SIZE 128 1855 #endif 1856 #endif 1857 1858 1859 /* user option to turn off 16K output option */ 1860 /* if using small static buffers (default) and SSL_write tries to write data 1861 larger than the record we have, dynamically get it, unless user says only 1862 write in static buffer chunks */ 1863 #ifndef STATIC_CHUNKS_ONLY 1864 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE 1865 #else 1866 #define OUTPUT_RECORD_SIZE RECORD_SIZE 1867 #endif 1868 1869 /* wolfSSL input buffer 1870 1871 RFC 2246: 1872 1873 length 1874 The length (in bytes) of the following TLSPlaintext.fragment. 1875 The length should not exceed 2^14. 1876 */ 1877 #if defined(LARGE_STATIC_BUFFERS) 1878 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ 1879 MTU_EXTRA + MAX_MSG_EXTRA 1880 #else 1881 /* don't fragment memory from the record header */ 1882 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ 1883 #endif 1884 1885 typedef struct { 1886 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; 1887 byte* buffer; /* place holder for static or dynamic buffer */ 1888 word32 length; /* total buffer length used */ 1889 word32 idx; /* idx to part of length already consumed */ 1890 word32 bufferSize; /* current buffer size */ 1891 byte dynamicFlag; /* dynamic memory currently in use */ 1892 byte offset; /* alignment offset attempt */ 1893 } bufferStatic; 1894 1895 /* Cipher Suites holder */ 1896 struct Suites { 1897 word16 suiteSz; /* suite length in bytes */ 1898 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ 1899 byte suites[WOLFSSL_MAX_SUITE_SZ]; 1900 byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */ 1901 byte setSuites; /* user set suites from default */ 1902 byte hashAlgo; /* selected hash algorithm */ 1903 byte sigAlgo; /* selected sig algorithm */ 1904 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 1905 WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */ 1906 #endif 1907 }; 1908 1909 1910 WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, 1911 int haveRSAsig, int haveFalconSig, 1912 int haveAnon, int tls1_2, int keySz); 1913 WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, 1914 word16 haveRSA, word16 havePSK, word16 haveDH, 1915 word16 haveECDSAsig, word16 haveECC, 1916 word16 haveStaticECC, word16 haveFalconSig, 1917 word16 haveAnon, int side); 1918 1919 WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); 1920 WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); 1921 WOLFSSL_LOCAL int SetSuitesHashSigAlgo(Suites*, const char* list); 1922 1923 #ifndef PSK_TYPES_DEFINED 1924 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, 1925 unsigned int, unsigned char*, unsigned int); 1926 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, 1927 unsigned char*, unsigned int); 1928 #ifdef WOLFSSL_TLS13 1929 typedef unsigned int (*wc_psk_client_cs_callback)(WOLFSSL*, const char*, 1930 char*, unsigned int, unsigned char*, unsigned int, 1931 const char* cipherName); 1932 typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*, 1933 char*, unsigned int, unsigned char*, unsigned int, 1934 const char** cipherName); 1935 typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*, 1936 unsigned char*, unsigned int, 1937 const char** cipherName); 1938 #endif 1939 #endif /* PSK_TYPES_DEFINED */ 1940 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ 1941 !defined(WOLFSSL_DTLS_EXPORT_TYPES) 1942 typedef int (*wc_dtls_export)(WOLFSSL* ssl, 1943 unsigned char* exportBuffer, unsigned int sz, void* userCtx); 1944 #define WOLFSSL_DTLS_EXPORT_TYPES 1945 #endif /* WOLFSSL_DTLS_EXPORT_TYPES */ 1946 1947 1948 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 1949 #define MAX_DESCRIPTION_SZ 255 1950 #endif 1951 struct WOLFSSL_CIPHER { 1952 byte cipherSuite0; 1953 byte cipherSuite; 1954 const WOLFSSL* ssl; 1955 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 1956 char description[MAX_DESCRIPTION_SZ]; 1957 unsigned long offset; 1958 unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */ 1959 int bits; 1960 #endif 1961 }; 1962 1963 1964 #ifdef NO_ASN 1965 /* no_asn won't have */ 1966 typedef struct CertStatus CertStatus; 1967 #endif 1968 1969 #ifndef HAVE_OCSP 1970 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; 1971 #endif 1972 1973 /* wolfSSL OCSP controller */ 1974 #ifdef HAVE_OCSP 1975 struct WOLFSSL_OCSP { 1976 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 1977 OcspEntry* ocspList; /* OCSP response list */ 1978 wolfSSL_Mutex ocspLock; /* OCSP list lock */ 1979 int error; 1980 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ 1981 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 1982 int(*statusCb)(WOLFSSL*, void*); 1983 #endif 1984 }; 1985 #endif 1986 1987 #ifndef MAX_DATE_SIZE 1988 #define MAX_DATE_SIZE 32 1989 #endif 1990 1991 typedef struct CRL_Entry CRL_Entry; 1992 1993 #ifdef NO_SHA 1994 #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE 1995 #else 1996 #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE 1997 #endif 1998 1999 #ifdef NO_ASN 2000 typedef struct RevokedCert RevokedCert; 2001 #endif 2002 2003 /* Complete CRL */ 2004 struct CRL_Entry { 2005 CRL_Entry* next; /* next entry */ 2006 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ 2007 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ 2008 /* restore the hash here if needed for optimized comparisons */ 2009 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 2010 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 2011 byte lastDateFormat; /* last date format */ 2012 byte nextDateFormat; /* next date format */ 2013 RevokedCert* certs; /* revoked cert list */ 2014 int totalCerts; /* number on list */ 2015 int verified; 2016 byte* toBeSigned; 2017 word32 tbsSz; 2018 byte* signature; 2019 word32 signatureSz; 2020 word32 signatureOID; 2021 #if !defined(NO_SKID) && !defined(NO_ASN) 2022 byte extAuthKeyIdSet; 2023 byte extAuthKeyId[KEYID_SIZE]; 2024 #endif 2025 }; 2026 2027 2028 typedef struct CRL_Monitor CRL_Monitor; 2029 2030 /* CRL directory monitor */ 2031 struct CRL_Monitor { 2032 char* path; /* full dir path, if valid pointer we're using */ 2033 int type; /* PEM or ASN1 type */ 2034 }; 2035 2036 2037 #if defined(HAVE_CRL) && defined(NO_FILESYSTEM) 2038 #undef HAVE_CRL_MONITOR 2039 #endif 2040 2041 /* wolfSSL CRL controller */ 2042 struct WOLFSSL_CRL { 2043 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ 2044 CRL_Entry* crlList; /* our CRL list */ 2045 #ifdef HAVE_CRL_IO 2046 CbCrlIO crlIOCb; 2047 #endif 2048 wolfSSL_Mutex crlLock; /* CRL list lock */ 2049 CRL_Monitor monitors[2]; /* PEM and DER possible */ 2050 #ifdef HAVE_CRL_MONITOR 2051 pthread_cond_t cond; /* condition to signal setup */ 2052 pthread_t tid; /* monitoring thread */ 2053 int mfd; /* monitor fd, -1 if no init yet */ 2054 int setup; /* thread is setup predicate */ 2055 #endif 2056 void* heap; /* heap hint for dynamic memory */ 2057 }; 2058 2059 2060 #ifdef NO_ASN 2061 typedef struct Signer Signer; 2062 #ifdef WOLFSSL_TRUST_PEER_CERT 2063 typedef struct TrustedPeerCert TrustedPeerCert; 2064 #endif 2065 #endif 2066 2067 2068 #ifndef CA_TABLE_SIZE 2069 #define CA_TABLE_SIZE 11 2070 #endif 2071 #ifdef WOLFSSL_TRUST_PEER_CERT 2072 #define TP_TABLE_SIZE 11 2073 #endif 2074 2075 /* wolfSSL Certificate Manager */ 2076 struct WOLFSSL_CERT_MANAGER { 2077 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ 2078 void* heap; /* heap helper */ 2079 #ifdef WOLFSSL_TRUST_PEER_CERT 2080 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */ 2081 wolfSSL_Mutex tpLock; /* trusted peer list lock */ 2082 #endif 2083 WOLFSSL_CRL* crl; /* CRL checker */ 2084 WOLFSSL_OCSP* ocsp; /* OCSP checker */ 2085 #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 2086 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) 2087 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ 2088 #endif 2089 char* ocspOverrideURL; /* use this responder */ 2090 void* ocspIOCtx; /* I/O callback CTX */ 2091 #ifndef NO_WOLFSSL_CM_VERIFY 2092 VerifyCallback verifyCallback; /* Verify callback */ 2093 #endif 2094 CallbackCACache caCacheCallback; /* CA cache addition callback */ 2095 CbMissingCRL cbMissingCRL; /* notify thru cb of missing crl */ 2096 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ 2097 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ 2098 wolfSSL_Mutex caLock; /* CA list lock */ 2099 byte crlEnabled:1; /* is CRL on ? */ 2100 byte crlCheckAll:1; /* always leaf, but all ? */ 2101 byte ocspEnabled:1; /* is OCSP on ? */ 2102 byte ocspCheckAll:1; /* always leaf, but all ? */ 2103 byte ocspSendNonce:1; /* send the OCSP nonce ? */ 2104 byte ocspUseOverrideURL:1; /* ignore cert responder, override */ 2105 byte ocspStaplingEnabled:1; /* is OCSP Stapling on ? */ 2106 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 2107 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 2108 byte ocspMustStaple:1; /* server must respond with staple */ 2109 #endif 2110 2111 #ifndef NO_RSA 2112 short minRsaKeySz; /* minimum allowed RSA key size */ 2113 #endif 2114 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 2115 short minEccKeySz; /* minimum allowed ECC key size */ 2116 #endif 2117 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) 2118 WOLFSSL_X509_STORE *x509_store_p; /* a pointer back to CTX x509 store */ 2119 /* CTX has ownership and free this */ 2120 /* with CTX free. */ 2121 #endif 2122 #ifndef SINGLE_THREADED 2123 wolfSSL_Mutex refMutex; /* reference count mutex */ 2124 #endif 2125 int refCount; /* reference count */ 2126 #ifdef HAVE_PQC 2127 short minFalconKeySz; /* minimum allowed Falcon key size */ 2128 #endif 2129 2130 }; 2131 2132 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); 2133 WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); 2134 WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); 2135 WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); 2136 WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); 2137 WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff, 2138 long sz, int format, int err_val); 2139 2140 2141 #ifndef NO_CERTS 2142 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) 2143 typedef struct ProcPeerCertArgs { 2144 buffer* certs; 2145 #ifdef WOLFSSL_TLS13 2146 buffer* exts; /* extensions */ 2147 #endif 2148 DecodedCert* dCert; 2149 word32 idx; 2150 word32 begin; 2151 int totalCerts; /* number of certs in certs buffer */ 2152 int count; 2153 int certIdx; 2154 int lastErr; 2155 #ifdef WOLFSSL_TLS13 2156 byte ctxSz; 2157 #endif 2158 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 2159 char untrustedDepth; 2160 #endif 2161 word16 fatal:1; 2162 word16 verifyErr:1; 2163 word16 dCertInit:1; 2164 #ifdef WOLFSSL_TRUST_PEER_CERT 2165 word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */ 2166 #endif 2167 } ProcPeerCertArgs; 2168 WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, 2169 int ret, ProcPeerCertArgs* args); 2170 #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ 2171 #endif /* !defined NO_CERTS */ 2172 2173 /* wolfSSL Sock Addr */ 2174 struct WOLFSSL_SOCKADDR { 2175 unsigned int sz; /* sockaddr size */ 2176 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ 2177 }; 2178 2179 typedef struct WOLFSSL_DTLS_CTX { 2180 WOLFSSL_SOCKADDR peer; 2181 int rfd; 2182 int wfd; 2183 } WOLFSSL_DTLS_CTX; 2184 2185 2186 typedef struct WOLFSSL_DTLS_PEERSEQ { 2187 word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; 2188 /* Sliding window for current epoch */ 2189 word16 nextEpoch; /* Expected epoch in next record */ 2190 word16 nextSeq_hi; /* Expected sequence in next record */ 2191 word32 nextSeq_lo; 2192 2193 word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS]; 2194 /* Sliding window for old epoch */ 2195 word32 prevSeq_lo; 2196 word16 prevSeq_hi; /* Next sequence in allowed old epoch */ 2197 2198 #ifdef WOLFSSL_MULTICAST 2199 word16 peerId; 2200 word32 highwaterMark; 2201 #endif 2202 } WOLFSSL_DTLS_PEERSEQ; 2203 2204 2205 #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ 2206 2207 /* keys and secrets 2208 * keep as a constant size (no additional ifdefs) for session export */ 2209 typedef struct Keys { 2210 #if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13) 2211 byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */ 2212 byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE]; 2213 #endif 2214 byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */ 2215 byte server_write_key[MAX_SYM_KEY_SIZE]; 2216 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ 2217 byte server_write_IV[MAX_WRITE_IV_SZ]; 2218 #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT) 2219 byte aead_exp_IV[AEAD_MAX_EXP_SZ]; 2220 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; 2221 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; 2222 #endif 2223 2224 word32 peer_sequence_number_hi; 2225 word32 peer_sequence_number_lo; 2226 word32 sequence_number_hi; 2227 word32 sequence_number_lo; 2228 2229 #ifdef WOLFSSL_DTLS 2230 word16 curEpoch; /* Received epoch in current record */ 2231 word16 curSeq_hi; /* Received sequence in current record */ 2232 word32 curSeq_lo; 2233 #ifdef WOLFSSL_MULTICAST 2234 byte curPeerId; /* Received peer group ID in current record */ 2235 #endif 2236 WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ]; 2237 2238 word16 dtls_peer_handshake_number; 2239 word16 dtls_expected_peer_handshake_number; 2240 2241 word16 dtls_epoch; /* Current epoch */ 2242 word16 dtls_sequence_number_hi; /* Current epoch */ 2243 word32 dtls_sequence_number_lo; 2244 word16 dtls_prev_sequence_number_hi; /* Previous epoch */ 2245 word32 dtls_prev_sequence_number_lo; 2246 word16 dtls_handshake_number; /* Current tx handshake seq */ 2247 #endif 2248 2249 word32 encryptSz; /* last size of encrypted data */ 2250 word32 padSz; /* how much to advance after decrypt part */ 2251 byte encryptionOn; /* true after change cipher spec */ 2252 byte decryptedCur; /* only decrypt current record once */ 2253 #ifdef WOLFSSL_TLS13 2254 byte updateResponseReq:1; /* KeyUpdate response from peer required. */ 2255 byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ 2256 #endif 2257 #ifdef WOLFSSL_RENESAS_TSIP_TLS 2258 2259 tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret; 2260 tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret; 2261 2262 #endif 2263 #ifdef WOLFSSL_RENESAS_SCEPROTECT 2264 2265 sce_hmac_sha_wrapped_key_t sce_client_write_MAC_secret; 2266 sce_hmac_sha_wrapped_key_t sce_server_write_MAC_secret; 2267 #endif 2268 } Keys; 2269 2270 2271 2272 /** TLS Extensions - RFC 6066 */ 2273 #ifdef HAVE_TLS_EXTENSIONS 2274 2275 typedef enum { 2276 #ifdef HAVE_SNI 2277 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ 2278 #endif 2279 TLSX_MAX_FRAGMENT_LENGTH = 0x0001, 2280 TLSX_TRUSTED_CA_KEYS = 0x0003, 2281 TLSX_TRUNCATED_HMAC = 0x0004, 2282 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ 2283 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ 2284 TLSX_EC_POINT_FORMATS = 0x000b, 2285 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 2286 TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */ 2287 #endif 2288 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ 2289 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ 2290 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) 2291 TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ 2292 #endif 2293 TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */ 2294 TLSX_SESSION_TICKET = 0x0023, 2295 #ifdef WOLFSSL_TLS13 2296 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 2297 TLSX_PRE_SHARED_KEY = 0x0029, 2298 #endif 2299 #ifdef WOLFSSL_EARLY_DATA 2300 TLSX_EARLY_DATA = 0x002a, 2301 #endif 2302 TLSX_SUPPORTED_VERSIONS = 0x002b, 2303 #ifdef WOLFSSL_SEND_HRR_COOKIE 2304 TLSX_COOKIE = 0x002c, 2305 #endif 2306 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 2307 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, 2308 #endif 2309 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH 2310 TLSX_POST_HANDSHAKE_AUTH = 0x0031, 2311 #endif 2312 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) 2313 TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, 2314 #endif 2315 TLSX_KEY_SHARE = 0x0033, 2316 #endif 2317 TLSX_RENEGOTIATION_INFO = 0xff01 2318 } TLSX_Type; 2319 2320 typedef struct TLSX { 2321 TLSX_Type type; /* Extension Type */ 2322 void* data; /* Extension Data */ 2323 word32 val; /* Extension Value */ 2324 byte resp; /* IsResponse Flag */ 2325 struct TLSX* next; /* List Behavior */ 2326 } TLSX; 2327 2328 WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); 2329 WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap); 2330 WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); 2331 WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); 2332 WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); 2333 2334 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) 2335 WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, 2336 word16* pLength); 2337 WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, 2338 byte msgType, word16* pOffset); 2339 #endif 2340 2341 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) 2342 /* TLS 1.3 Certificate messages have extensions. */ 2343 WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, 2344 word16* pLength); 2345 WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, 2346 word16* pOffset); 2347 #endif 2348 2349 WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, const byte* input, 2350 word16 length, byte msgType, int* found); 2351 WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, 2352 byte msgType, Suites *suites); 2353 2354 #elif defined(HAVE_SNI) \ 2355 || defined(HAVE_MAX_FRAGMENT) \ 2356 || defined(HAVE_TRUSTED_CA) \ 2357 || defined(HAVE_TRUNCATED_HMAC) \ 2358 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 2359 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ 2360 || defined(HAVE_SUPPORTED_CURVES) \ 2361 || defined(HAVE_ALPN) \ 2362 || defined(HAVE_SESSION_TICKET) \ 2363 || defined(HAVE_SECURE_RENEGOTIATION) \ 2364 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 2365 2366 #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. 2367 2368 #endif /* HAVE_TLS_EXTENSIONS */ 2369 2370 /** Server Name Indication - RFC 6066 (session 3) */ 2371 #ifdef HAVE_SNI 2372 2373 typedef struct SNI { 2374 byte type; /* SNI Type */ 2375 union { char* host_name; } data; /* SNI Data */ 2376 struct SNI* next; /* List Behavior */ 2377 byte status; /* Matching result */ 2378 #ifndef NO_WOLFSSL_SERVER 2379 byte options; /* Behavior options */ 2380 #endif 2381 } SNI; 2382 2383 WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, 2384 word16 size, void* heap); 2385 WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); 2386 WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, 2387 void** data); 2388 2389 #ifndef NO_WOLFSSL_SERVER 2390 WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, 2391 byte options); 2392 WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, 2393 byte type, byte* sni, word32* inOutSz); 2394 #endif 2395 2396 #endif /* HAVE_SNI */ 2397 2398 /* Trusted CA Key Indication - RFC 6066 (section 6) */ 2399 #ifdef HAVE_TRUSTED_CA 2400 2401 typedef struct TCA { 2402 byte type; /* TCA Type */ 2403 byte* id; /* TCA identifier */ 2404 word16 idSz; /* TCA identifier size */ 2405 struct TCA* next; /* List Behavior */ 2406 } TCA; 2407 2408 WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type, 2409 const byte* id, word16 idSz, void* heap); 2410 2411 #endif /* HAVE_TRUSTED_CA */ 2412 2413 /* Application-Layer Protocol Negotiation - RFC 7301 */ 2414 #ifdef HAVE_ALPN 2415 typedef struct ALPN { 2416 char* protocol_name; /* ALPN protocol name */ 2417 struct ALPN* next; /* List Behavior */ 2418 byte options; /* Behavior options */ 2419 byte negotiated; /* ALPN protocol negotiated or not */ 2420 } ALPN; 2421 2422 WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, 2423 void** data, word16 *dataSz); 2424 2425 WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, 2426 word16 size, byte options, void* heap); 2427 2428 WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); 2429 2430 #endif /* HAVE_ALPN */ 2431 2432 /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */ 2433 #ifdef HAVE_MAX_FRAGMENT 2434 2435 WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap); 2436 2437 #endif /* HAVE_MAX_FRAGMENT */ 2438 2439 /** Truncated HMAC - RFC 6066 (session 7) */ 2440 #ifdef HAVE_TRUNCATED_HMAC 2441 2442 WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap); 2443 2444 #endif /* HAVE_TRUNCATED_HMAC */ 2445 2446 /** Certificate Status Request - RFC 6066 (session 8) */ 2447 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 2448 2449 typedef struct { 2450 byte status_type; 2451 byte options; 2452 WOLFSSL* ssl; 2453 union { 2454 OcspRequest ocsp; 2455 } request; 2456 #if defined(WOLFSSL_TLS13) 2457 buffer response; 2458 #endif 2459 } CertificateStatusRequest; 2460 2461 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, 2462 byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId); 2463 #ifndef NO_CERTS 2464 WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, 2465 void* heap); 2466 #endif 2467 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); 2468 WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); 2469 2470 #endif 2471 2472 /** Certificate Status Request v2 - RFC 6961 */ 2473 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 2474 2475 typedef struct CSRIv2 { 2476 byte status_type; 2477 byte options; 2478 word16 requests; 2479 union { 2480 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; 2481 } request; 2482 struct CSRIv2* next; 2483 } CertificateStatusRequestItemV2; 2484 2485 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, 2486 byte status_type, byte options, void* heap, int devId); 2487 #ifndef NO_CERTS 2488 WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, 2489 byte isPeer, void* heap); 2490 #endif 2491 WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, 2492 byte index); 2493 WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); 2494 2495 #endif 2496 2497 /** Supported Elliptic Curves - RFC 4492 (session 4) */ 2498 #ifdef HAVE_SUPPORTED_CURVES 2499 2500 typedef struct SupportedCurve { 2501 word16 name; /* Curve Names */ 2502 struct SupportedCurve* next; /* List Behavior */ 2503 } SupportedCurve; 2504 2505 typedef struct PointFormat { 2506 byte format; /* PointFormat */ 2507 struct PointFormat* next; /* List Behavior */ 2508 } PointFormat; 2509 2510 WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, 2511 void* heap); 2512 2513 WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, 2514 void* heap); 2515 2516 #ifndef NO_WOLFSSL_SERVER 2517 WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, 2518 byte second); 2519 WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); 2520 WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl); 2521 #endif 2522 WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, 2523 int checkSupported); 2524 2525 #endif /* HAVE_SUPPORTED_CURVES */ 2526 2527 /** Renegotiation Indication - RFC 5746 */ 2528 #if defined(HAVE_SECURE_RENEGOTIATION) \ 2529 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 2530 2531 enum key_cache_state { 2532 SCR_CACHE_NULL = 0, /* empty / begin state */ 2533 SCR_CACHE_NEEDED, /* need to cache keys */ 2534 SCR_CACHE_COPY, /* we have a cached copy */ 2535 SCR_CACHE_PARTIAL, /* partial restore to real keys */ 2536 SCR_CACHE_COMPLETE /* complete restore to real keys */ 2537 }; 2538 2539 /* Additional Connection State according to rfc5746 section 3.1 */ 2540 typedef struct SecureRenegotiation { 2541 byte enabled; /* secure_renegotiation flag in rfc */ 2542 byte verifySet; 2543 byte startScr; /* server requested client to start scr */ 2544 enum key_cache_state cache_status; /* track key cache state */ 2545 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ 2546 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ 2547 byte subject_hash_set; /* if peer cert hash is set */ 2548 byte subject_hash[KEYID_SIZE]; /* peer cert hash */ 2549 Keys tmp_keys; /* can't overwrite real keys yet */ 2550 } SecureRenegotiation; 2551 2552 WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap); 2553 2554 #ifdef HAVE_SERVER_RENEGOTIATION_INFO 2555 WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap); 2556 #endif 2557 2558 #endif /* HAVE_SECURE_RENEGOTIATION */ 2559 2560 /** Session Ticket - RFC 5077 (session 3.2) */ 2561 #ifdef HAVE_SESSION_TICKET 2562 2563 typedef struct SessionTicket { 2564 word32 lifetime; 2565 #ifdef WOLFSSL_TLS13 2566 word64 seen; 2567 word32 ageAdd; 2568 #endif 2569 byte* data; 2570 word16 size; 2571 } SessionTicket; 2572 2573 #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(WOLFSSL_NO_SERVER) 2574 2575 /* Data passed to default SessionTicket enc/dec callback. */ 2576 typedef struct TicketEncCbCtx { 2577 /* Name for this context. */ 2578 byte name[WOLFSSL_TICKET_NAME_SZ]; 2579 /* Current keys - current and next. */ 2580 byte key[2][WOLFSSL_TICKET_KEY_SZ]; 2581 /* Expirary date of keys. */ 2582 word32 expirary[2]; 2583 /* Random number generator to use for generating name, keys and IV. */ 2584 WC_RNG rng; 2585 #ifndef SINGLE_THREADED 2586 /* Mutex for access to changing keys. */ 2587 wolfSSL_Mutex mutex; 2588 #endif 2589 /* Pointer back to SSL_CTX. */ 2590 WOLFSSL_CTX* ctx; 2591 } TicketEncCbCtx; 2592 2593 #endif /* !WOLFSSL_NO_DEF_TICKET_ENC_CB && !WOLFSSL_NO_SERVER */ 2594 2595 WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, 2596 SessionTicket* ticket, void* heap); 2597 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, 2598 byte* data, word16 size, void* heap); 2599 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap); 2600 2601 #endif /* HAVE_SESSION_TICKET */ 2602 2603 #ifdef WOLFSSL_TLS13 2604 /* Cookie extension information - cookie data. */ 2605 typedef struct Cookie { 2606 word16 len; 2607 byte data; 2608 } Cookie; 2609 2610 WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, const byte* data, word16 len, 2611 byte* mac, byte macSz, int resp); 2612 2613 2614 /* Key Share - TLS v1.3 Specification */ 2615 2616 /* The KeyShare extension information - entry in a linked list. */ 2617 typedef struct KeyShareEntry { 2618 word16 group; /* NamedGroup */ 2619 byte* ke; /* Key exchange data */ 2620 word32 keLen; /* Key exchange data length */ 2621 void* key; /* Key struct */ 2622 word32 keyLen; /* Key size (bytes) */ 2623 byte* pubKey; /* Public key */ 2624 word32 pubKeyLen; /* Public key length */ 2625 #if !defined(NO_DH) || defined(HAVE_PQC) 2626 byte* privKey; /* Private key - DH ond PQ KEMs only */ 2627 #endif 2628 #ifdef WOLFSSL_ASYNC_CRYPT 2629 int lastRet; 2630 #endif 2631 struct KeyShareEntry* next; /* List pointer */ 2632 } KeyShareEntry; 2633 2634 WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, 2635 byte* data, KeyShareEntry **kse); 2636 WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl); 2637 WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl, int* doHelloRetry); 2638 WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl); 2639 2640 2641 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 2642 /* Ticket nonce - for deriving PSK. 2643 * Length allowed to be: 1..255. Only support 4 bytes. 2644 */ 2645 typedef struct TicketNonce { 2646 byte len; 2647 byte data[MAX_TICKET_NONCE_SZ]; 2648 } TicketNonce; 2649 2650 /* The PreSharedKey extension information - entry in a linked list. */ 2651 typedef struct PreSharedKey { 2652 word16 identityLen; /* Length of identity */ 2653 byte* identity; /* PSK identity */ 2654 word32 ticketAge; /* Age of the ticket */ 2655 byte cipherSuite0; /* Cipher Suite */ 2656 byte cipherSuite; /* Cipher Suite */ 2657 word32 binderLen; /* Length of HMAC */ 2658 byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */ 2659 byte hmac; /* HMAC algorithm */ 2660 byte resumption:1; /* Resumption PSK */ 2661 byte chosen:1; /* Server's choice */ 2662 struct PreSharedKey* next; /* List pointer */ 2663 } PreSharedKey; 2664 2665 WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, 2666 byte* output, byte msgType, 2667 word16* pSz); 2668 WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, 2669 byte msgType, word16* pSz); 2670 WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, const byte* identity, 2671 word16 len, word32 age, byte hmac, 2672 byte cipherSuite0, byte cipherSuite, 2673 byte resumption, 2674 PreSharedKey **preSharedKey); 2675 2676 /* The possible Pre-Shared Key key exchange modes. */ 2677 enum PskKeyExchangeMode { 2678 PSK_KE, 2679 PSK_DHE_KE 2680 }; 2681 2682 /* User can define this. */ 2683 #ifndef WOLFSSL_DEF_PSK_CIPHER 2684 #define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256 2685 #endif 2686 2687 WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes); 2688 2689 #ifdef WOLFSSL_EARLY_DATA 2690 WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max); 2691 #endif 2692 #endif /* HAVE_SESSION_TICKET || !NO_PSK */ 2693 2694 2695 /* The types of keys to derive for. */ 2696 enum DeriveKeyType { 2697 no_key, 2698 early_data_key, 2699 handshake_key, 2700 traffic_key, 2701 update_traffic_key 2702 }; 2703 2704 WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl); 2705 WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl); 2706 WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store); 2707 WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl); 2708 WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret); 2709 WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key); 2710 2711 WOLFSSL_LOCAL int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen, 2712 const char *label, size_t labelLen, 2713 const unsigned char *context, size_t contextLen); 2714 2715 /* The key update request values for KeyUpdate message. */ 2716 enum KeyUpdateRequest { 2717 update_not_requested, 2718 update_requested 2719 }; 2720 #endif /* WOLFSSL_TLS13 */ 2721 2722 2723 #ifdef OPENSSL_EXTRA 2724 enum SetCBIO { 2725 WOLFSSL_CBIO_NONE = 0, 2726 WOLFSSL_CBIO_RECV = 0x1, 2727 WOLFSSL_CBIO_SEND = 0x2, 2728 }; 2729 #endif 2730 2731 #ifdef WOLFSSL_STATIC_EPHEMERAL 2732 /* contains static ephemeral keys */ 2733 typedef struct { 2734 #ifndef NO_DH 2735 DerBuffer* dhKey; 2736 #endif 2737 #ifdef HAVE_ECC 2738 DerBuffer* ecKey; 2739 #endif 2740 #ifdef HAVE_CURVE25519 2741 DerBuffer* x25519Key; 2742 #endif 2743 #ifdef HAVE_CURVE448 2744 DerBuffer* x448Key; 2745 #endif 2746 } StaticKeyExchangeInfo_t; 2747 #endif /* WOLFSSL_STATIC_EPHEMERAL */ 2748 2749 2750 /* wolfSSL context type */ 2751 struct WOLFSSL_CTX { 2752 WOLFSSL_METHOD* method; 2753 #ifdef SINGLE_THREADED 2754 WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */ 2755 #endif 2756 wolfSSL_Mutex countMutex; /* reference count mutex */ 2757 int refCount; /* reference count */ 2758 int err; /* error code in case of mutex not created */ 2759 #ifndef NO_DH 2760 buffer serverDH_P; 2761 buffer serverDH_G; 2762 #endif 2763 #ifndef NO_CERTS 2764 DerBuffer* certificate; 2765 DerBuffer* certChain; 2766 /* chain after self, in DER, with leading size for each cert */ 2767 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) 2768 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; 2769 #endif 2770 #ifdef OPENSSL_EXTRA 2771 WOLF_STACK_OF(WOLFSSL_X509)* x509Chain; 2772 client_cert_cb CBClientCert; /* client certificate callback */ 2773 CertSetupCallback certSetupCb; 2774 void* certSetupCbArg; 2775 #endif 2776 #ifdef WOLFSSL_TLS13 2777 int certChainCnt; 2778 #endif 2779 DerBuffer* privateKey; 2780 byte privateKeyType:6; 2781 byte privateKeyId:1; 2782 byte privateKeyLabel:1; 2783 int privateKeySz; 2784 int privateKeyDevId; 2785 #ifdef OPENSSL_ALL 2786 WOLFSSL_EVP_PKEY* privateKeyPKey; 2787 #endif 2788 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ 2789 #endif 2790 #ifdef KEEP_OUR_CERT 2791 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */ 2792 int ownOurCert; /* Dispose of certificate if we own */ 2793 #endif 2794 Suites* suites; /* make dynamic, user may not need/set */ 2795 void* heap; /* for user memory overrides */ 2796 byte verifyDepth; 2797 byte verifyPeer:1; 2798 byte verifyNone:1; 2799 byte failNoCert:1; 2800 byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/ 2801 byte sessionCacheOff:1; 2802 byte sessionCacheFlushOff:1; 2803 #ifdef HAVE_EXT_CACHE 2804 byte internalCacheOff:1; 2805 #endif 2806 byte sendVerify:2; /* for client side (can not be single bit) */ 2807 byte haveRSA:1; /* RSA available */ 2808 byte haveECC:1; /* ECC available */ 2809 byte haveDH:1; /* server DH parms set by user */ 2810 byte haveECDSAsig:1; /* server cert signed w/ ECDSA */ 2811 byte haveFalconSig:1; /* server cert signed w/ Falcon */ 2812 byte haveStaticECC:1; /* static server ECC private key */ 2813 byte partialWrite:1; /* only one msg per write call */ 2814 byte autoRetry:1; /* retry read/write on a WANT_{READ|WRITE} */ 2815 byte quietShutdown:1; /* don't send close notify */ 2816 byte groupMessages:1; /* group handshake messages before sending */ 2817 byte minDowngrade; /* minimum downgrade version */ 2818 byte haveEMS:1; /* have extended master secret extension */ 2819 byte useClientOrder:1; /* Use client's cipher preference order */ 2820 #if defined(HAVE_SESSION_TICKET) 2821 byte noTicketTls12:1; /* TLS 1.2 server won't send ticket */ 2822 #endif 2823 #ifdef WOLFSSL_TLS13 2824 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) 2825 unsigned int maxTicketTls13; /* maximum number of tickets to send */ 2826 #endif 2827 byte noTicketTls13:1; /* TLS 1.3 Server won't create new Ticket */ 2828 byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ 2829 #endif 2830 byte mutualAuth:1; /* Mutual authentication required */ 2831 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 2832 byte postHandshakeAuth:1; /* Post-handshake auth supported. */ 2833 byte verifyPostHandshake:1; /* Only send client cert req post 2834 * handshake, not also during */ 2835 #endif 2836 #ifndef NO_DH 2837 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ 2838 !defined(HAVE_SELFTEST) 2839 byte dhKeyTested:1; /* Set when key has been tested. */ 2840 #endif 2841 #endif 2842 #ifdef HAVE_SECURE_RENEGOTIATION 2843 byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */ 2844 #endif 2845 #ifdef HAVE_ENCRYPT_THEN_MAC 2846 byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ 2847 #endif 2848 #ifdef WOLFSSL_STATIC_MEMORY 2849 byte onHeapHint:1; /* whether the ctx/method is put on heap hint */ 2850 #endif 2851 #if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED) 2852 byte staticKELockInit:1; 2853 #endif 2854 2855 #ifdef WOLFSSL_MULTICAST 2856 byte haveMcast; /* multicast requested */ 2857 byte mcastID; /* multicast group ID */ 2858 #endif 2859 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) 2860 byte dtlsSctp; /* DTLS-over-SCTP mode */ 2861 #endif 2862 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ 2863 defined(WOLFSSL_DTLS) 2864 word16 dtlsMtuSz; /* DTLS MTU size */ 2865 #endif 2866 #ifndef NO_DH 2867 word16 minDhKeySz; /* minimum DH key size */ 2868 word16 maxDhKeySz; /* maximum DH key size */ 2869 #endif 2870 #ifndef NO_RSA 2871 short minRsaKeySz; /* minimum RSA key size */ 2872 #endif 2873 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 2874 short minEccKeySz; /* minimum ECC key size */ 2875 #endif 2876 #ifdef HAVE_PQC 2877 short minFalconKeySz; /* minimum Falcon key size */ 2878 #endif 2879 unsigned long mask; /* store SSL_OP_ flags */ 2880 word16 minProto:1; /* sets min to min available */ 2881 word16 maxProto:1; /* sets max to max available */ 2882 #ifdef OPENSSL_EXTRA 2883 byte sessionCtx[ID_LEN]; /* app session context ID */ 2884 word32 disabledCurves; /* curves disabled by user */ 2885 const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ 2886 unsigned int alpn_cli_protos_len; 2887 byte sessionCtxSz; 2888 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ 2889 CallbackInfoState* CBIS; /* used to get info about SSL state */ 2890 WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ 2891 #endif 2892 #ifdef WOLFSSL_WOLFSENTRY_HOOKS 2893 NetworkFilterCallback_t AcceptFilter; 2894 void *AcceptFilter_arg; 2895 NetworkFilterCallback_t ConnectFilter; 2896 void *ConnectFilter_arg; 2897 #endif /* WOLFSSL_WOLFSENTRY_HOOKS */ 2898 CallbackIORecv CBIORecv; 2899 CallbackIOSend CBIOSend; 2900 #ifdef WOLFSSL_DTLS 2901 CallbackGenCookie CBIOCookie; /* gen cookie callback */ 2902 #endif /* WOLFSSL_DTLS */ 2903 #ifdef WOLFSSL_SESSION_EXPORT 2904 #ifdef WOLFSSL_DTLS 2905 wc_dtls_export dtls_export; /* export function for DTLS session */ 2906 #endif 2907 CallbackGetPeer CBGetPeer; 2908 CallbackSetPeer CBSetPeer; 2909 #endif 2910 VerifyCallback verifyCallback; /* cert verification callback */ 2911 #ifdef OPENSSL_ALL 2912 CertVerifyCallback verifyCertCb; 2913 void* verifyCertCbArg; 2914 #endif /* OPENSSL_ALL */ 2915 #ifdef OPENSSL_EXTRA 2916 SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ 2917 void* protoMsgCtx; /* user set context with msg callback */ 2918 #endif 2919 word32 timeout; /* session timeout */ 2920 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448) 2921 word32 ecdhCurveOID; /* curve Ecc_Sum */ 2922 #endif 2923 #ifdef HAVE_ECC 2924 word16 eccTempKeySz; /* in octets 20 - 66 */ 2925 #endif 2926 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 2927 word32 pkCurveOID; /* curve Ecc_Sum */ 2928 #endif 2929 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 2930 byte havePSK; /* psk key set by user */ 2931 wc_psk_client_callback client_psk_cb; /* client callback */ 2932 wc_psk_server_callback server_psk_cb; /* server callback */ 2933 #ifdef WOLFSSL_TLS13 2934 wc_psk_client_cs_callback client_psk_cs_cb; /* client callback */ 2935 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ 2936 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ 2937 #endif 2938 void* psk_ctx; 2939 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 2940 #endif /* HAVE_SESSION_TICKET || !NO_PSK */ 2941 #ifdef WOLFSSL_TLS13 2942 word16 group[WOLFSSL_MAX_GROUP_COUNT]; 2943 byte numGroups; 2944 #endif 2945 #ifdef WOLFSSL_EARLY_DATA 2946 word32 maxEarlyDataSz; 2947 #endif 2948 #ifdef HAVE_ANON 2949 byte haveAnon; /* User wants to allow Anon suites */ 2950 #endif /* HAVE_ANON */ 2951 #ifdef WOLFSSL_ENCRYPTED_KEYS 2952 wc_pem_password_cb* passwd_cb; 2953 void* passwd_userdata; 2954 #endif 2955 #ifdef WOLFSSL_LOCAL_X509_STORE 2956 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ 2957 WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ 2958 #endif 2959 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) 2960 byte readAhead; 2961 void* userPRFArg; /* passed to prf callback */ 2962 #endif 2963 #ifdef HAVE_EX_DATA 2964 WOLFSSL_CRYPTO_EX_DATA ex_data; 2965 #endif 2966 #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) 2967 CallbackALPNSelect alpnSelect; 2968 void* alpnSelectArg; 2969 #endif 2970 #ifdef HAVE_SNI 2971 CallbackSniRecv sniRecvCb; 2972 void* sniRecvCbArg; 2973 #endif 2974 #if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS) 2975 CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */ 2976 word32 mcastFirstSeq; /* first trigger level */ 2977 word32 mcastSecondSeq; /* second trigger level */ 2978 word32 mcastMaxSeq; /* max level */ 2979 #endif 2980 #ifdef HAVE_OCSP 2981 WOLFSSL_OCSP ocsp; 2982 #endif 2983 int devId; /* async device id to use */ 2984 #ifdef HAVE_TLS_EXTENSIONS 2985 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 2986 #ifndef NO_WOLFSSL_SERVER 2987 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 2988 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 2989 OcspRequest* certOcspRequest; 2990 #endif 2991 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 2992 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; 2993 #endif 2994 #endif 2995 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) 2996 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ 2997 void* ticketEncCtx; /* session encrypt context */ 2998 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ 2999 || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) 3000 ticketCompatCb ticketEncWrapCb; /* callback for OpenSSL ticket key callback */ 3001 #endif 3002 int ticketHint; /* ticket hint in seconds */ 3003 #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB 3004 TicketEncCbCtx ticketKeyCtx; 3005 #endif 3006 #endif 3007 #endif 3008 #ifdef HAVE_SUPPORTED_CURVES 3009 byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */ 3010 #endif 3011 #ifdef ATOMIC_USER 3012 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ 3013 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ 3014 #ifdef HAVE_ENCRYPT_THEN_MAC 3015 CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */ 3016 CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */ 3017 #endif 3018 #endif 3019 #ifdef HAVE_PK_CALLBACKS 3020 #ifdef HAVE_ECC 3021 CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */ 3022 CallbackEccSign EccSignCb; /* User EccSign Callback handler */ 3023 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ 3024 CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */ 3025 #endif /* HAVE_ECC */ 3026 #ifdef HAVE_HKDF 3027 CallbackHKDFExtract HkdfExtractCb; /* User hkdf Extract Callback handler */ 3028 #endif 3029 #ifdef HAVE_ED25519 3030 /* User Ed25519Sign Callback handler */ 3031 CallbackEd25519Sign Ed25519SignCb; 3032 /* User Ed25519Verify Callback handler */ 3033 CallbackEd25519Verify Ed25519VerifyCb; 3034 #endif 3035 #ifdef HAVE_CURVE25519 3036 /* User X25519 KeyGen Callback Handler */ 3037 CallbackX25519KeyGen X25519KeyGenCb; 3038 /* User X25519 SharedSecret Callback handler */ 3039 CallbackX25519SharedSecret X25519SharedSecretCb; 3040 #endif 3041 #ifdef HAVE_ED448 3042 /* User Ed448Sign Callback handler */ 3043 CallbackEd448Sign Ed448SignCb; 3044 /* User Ed448Verify Callback handler */ 3045 CallbackEd448Verify Ed448VerifyCb; 3046 #endif 3047 #ifdef HAVE_CURVE448 3048 /* User X448 KeyGen Callback Handler */ 3049 CallbackX448KeyGen X448KeyGenCb; 3050 /* User X448 SharedSecret Callback handler */ 3051 CallbackX448SharedSecret X448SharedSecretCb; 3052 #endif 3053 #ifndef NO_DH 3054 CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ 3055 #endif 3056 #ifndef NO_RSA 3057 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */ 3058 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */ 3059 CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */ 3060 #ifdef WC_RSA_PSS 3061 CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */ 3062 CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */ 3063 CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */ 3064 #endif 3065 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ 3066 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ 3067 #endif /* NO_RSA */ 3068 CallbackGenPreMaster GenPreMasterCb; /* Use generate pre-master handler */ 3069 CallbackGenMasterSecret GenMasterCb; /* Use generate master secret handler */ 3070 CallbackGenSessionKey GenSessionKeyCb; /* Use generate session key handler */ 3071 CallbackEncryptKeys EncryptKeysCb;/* Use setting encrypt keys handler */ 3072 CallbackTlsFinished TlsFinishedCb; /* Use Tls finished handler */ 3073 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) 3074 CallbackVerifyMac VerifyMacCb; /* Use Verify mac handler */ 3075 #endif 3076 #endif /* HAVE_PK_CALLBACKS */ 3077 #ifdef HAVE_WOLF_EVENT 3078 WOLF_EVENT_QUEUE event_queue; 3079 #endif /* HAVE_WOLF_EVENT */ 3080 #ifdef HAVE_EXT_CACHE 3081 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, const unsigned char*, int, int*); 3082 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); 3083 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); 3084 #endif 3085 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) 3086 Srp* srp; /* TLS Secure Remote Password Protocol*/ 3087 byte* srp_password; 3088 #endif 3089 #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) 3090 wolfSSL_CTX_keylog_cb_func keyLogCb; 3091 #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ 3092 #ifdef WOLFSSL_STATIC_EPHEMERAL 3093 StaticKeyExchangeInfo_t staticKE; 3094 #ifndef SINGLE_THREADED 3095 wolfSSL_Mutex staticKELock; 3096 #endif 3097 #endif 3098 }; 3099 3100 WOLFSSL_LOCAL 3101 int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap); 3102 WOLFSSL_LOCAL 3103 void FreeSSL_Ctx(WOLFSSL_CTX*); 3104 WOLFSSL_LOCAL 3105 void SSL_CtxResourceFree(WOLFSSL_CTX*); 3106 3107 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS 3108 void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data); 3109 #endif 3110 3111 WOLFSSL_LOCAL 3112 int DeriveTlsKeys(WOLFSSL* ssl); 3113 WOLFSSL_LOCAL 3114 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 3115 word32 inSz, word16 sz); 3116 3117 #ifndef NO_CERTS 3118 WOLFSSL_LOCAL 3119 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); 3120 WOLFSSL_LOCAL 3121 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); 3122 #ifdef WOLFSSL_TRUST_PEER_CERT 3123 WOLFSSL_LOCAL 3124 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); 3125 WOLFSSL_LOCAL 3126 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash); 3127 #endif 3128 #endif 3129 3130 /* All cipher suite related info 3131 * Keep as a constant size (no ifdefs) for session export */ 3132 typedef struct CipherSpecs { 3133 word16 key_size; 3134 word16 iv_size; 3135 word16 block_size; 3136 word16 aead_mac_size; 3137 byte bulk_cipher_algorithm; 3138 byte cipher_type; /* block, stream, or aead */ 3139 byte mac_algorithm; 3140 byte kea; /* key exchange algo */ 3141 byte sig_algo; 3142 byte hash_size; 3143 byte pad_size; 3144 byte static_ecdh; 3145 } CipherSpecs; 3146 3147 3148 void InitCipherSpecs(CipherSpecs* cs); 3149 3150 3151 /* Supported Key Exchange Protocols */ 3152 enum KeyExchangeAlgorithm { 3153 no_kea, 3154 rsa_kea, 3155 diffie_hellman_kea, 3156 fortezza_kea, 3157 psk_kea, 3158 dhe_psk_kea, 3159 ecdhe_psk_kea, 3160 ecc_diffie_hellman_kea, 3161 ecc_static_diffie_hellman_kea /* for verify suite only */ 3162 }; 3163 3164 /* Supported Authentication Schemes */ 3165 enum SignatureAlgorithm { 3166 anonymous_sa_algo = 0, 3167 rsa_sa_algo = 1, 3168 dsa_sa_algo = 2, 3169 ecc_dsa_sa_algo = 3, 3170 rsa_pss_sa_algo = 8, 3171 ed25519_sa_algo = 9, 3172 rsa_pss_pss_algo = 10, 3173 ed448_sa_algo = 11, 3174 falcon_level1_sa_algo = 12, 3175 falcon_level5_sa_algo = 13, 3176 invalid_sa_algo = 255 3177 }; 3178 3179 #define PSS_RSAE_TO_PSS_PSS(macAlgo) \ 3180 (macAlgo + (pss_sha256 - sha256_mac)) 3181 3182 #define PSS_PSS_HASH_TO_MAC(macAlgo) \ 3183 (macAlgo - (pss_sha256 - sha256_mac)) 3184 3185 enum SigAlgRsaPss { 3186 pss_sha256 = 0x09, 3187 pss_sha384 = 0x0a, 3188 pss_sha512 = 0x0b, 3189 }; 3190 3191 3192 /* Supported ECC Curve Types */ 3193 enum EccCurves { 3194 named_curve = 3 3195 }; 3196 3197 3198 /* Valid client certificate request types from page 27 */ 3199 enum ClientCertificateType { 3200 rsa_sign = 1, 3201 dss_sign = 2, 3202 rsa_fixed_dh = 3, 3203 dss_fixed_dh = 4, 3204 rsa_ephemeral_dh = 5, 3205 dss_ephemeral_dh = 6, 3206 fortezza_kea_cert = 20, 3207 ecdsa_sign = 64, 3208 rsa_fixed_ecdh = 65, 3209 ecdsa_fixed_ecdh = 66, 3210 falcon_sign = 67, 3211 }; 3212 3213 3214 #ifndef WOLFSSL_AEAD_ONLY 3215 enum CipherType { stream, block, aead }; 3216 #else 3217 enum CipherType { aead }; 3218 #endif 3219 3220 3221 #if defined(BUILD_AES) || defined(BUILD_AESGCM) || (defined(HAVE_CHACHA) && \ 3222 defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13) 3223 #define CIPHER_NONCE 3224 #endif 3225 3226 #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) 3227 enum CipherSrc { 3228 KEYS_NOT_SET = 0, 3229 KEYS, /* keys from ssl->keys are loaded */ 3230 SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */ 3231 }; 3232 #endif 3233 3234 /* cipher for now */ 3235 typedef struct Ciphers { 3236 #ifdef BUILD_ARC4 3237 Arc4* arc4; 3238 #endif 3239 #ifdef BUILD_DES3 3240 Des3* des3; 3241 #endif 3242 #if defined(BUILD_AES) || defined(BUILD_AESGCM) 3243 Aes* aes; 3244 #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \ 3245 !defined(WOLFSSL_NO_TLS12) 3246 byte* additional; 3247 #endif 3248 #endif 3249 #ifdef CIPHER_NONCE 3250 byte* nonce; 3251 #endif 3252 #ifdef HAVE_CAMELLIA 3253 Camellia* cam; 3254 #endif 3255 #ifdef HAVE_CHACHA 3256 ChaCha* chacha; 3257 #endif 3258 #ifdef HAVE_HC128 3259 HC128* hc128; 3260 #endif 3261 #ifdef BUILD_RABBIT 3262 Rabbit* rabbit; 3263 #endif 3264 #ifdef HAVE_IDEA 3265 Idea* idea; 3266 #endif 3267 #if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) 3268 Hmac* hmac; 3269 #endif 3270 byte state; 3271 byte setup; /* have we set it up flag for detection */ 3272 #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) 3273 enum CipherSrc src; /* DTLS uses this to determine which keys 3274 * are currently loaded */ 3275 #endif 3276 } Ciphers; 3277 3278 3279 #ifdef HAVE_ONE_TIME_AUTH 3280 /* Ciphers for one time authentication such as poly1305 */ 3281 typedef struct OneTimeAuth { 3282 #ifdef HAVE_POLY1305 3283 Poly1305* poly1305; 3284 #endif 3285 byte setup; /* flag for if a cipher has been set */ 3286 3287 } OneTimeAuth; 3288 #endif 3289 3290 3291 WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); 3292 WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); 3293 3294 3295 /* hashes type */ 3296 typedef struct Hashes { 3297 #if !defined(NO_MD5) && !defined(NO_OLD_TLS) 3298 byte md5[WC_MD5_DIGEST_SIZE]; 3299 #endif 3300 #if !defined(NO_SHA) 3301 byte sha[WC_SHA_DIGEST_SIZE]; 3302 #endif 3303 #ifndef NO_SHA256 3304 byte sha256[WC_SHA256_DIGEST_SIZE]; 3305 #endif 3306 #ifdef WOLFSSL_SHA384 3307 byte sha384[WC_SHA384_DIGEST_SIZE]; 3308 #endif 3309 #ifdef WOLFSSL_SHA512 3310 byte sha512[WC_SHA512_DIGEST_SIZE]; 3311 #endif 3312 } Hashes; 3313 3314 WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); 3315 3316 #ifdef WOLFSSL_TLS13 3317 typedef union Digest { 3318 #ifndef NO_WOLFSSL_SHA256 3319 wc_Sha256 sha256; 3320 #endif 3321 #ifdef WOLFSSL_SHA384 3322 wc_Sha384 sha384; 3323 #endif 3324 #ifdef WOLFSSL_SHA512 3325 wc_Sha512 sha512; 3326 #endif 3327 } Digest; 3328 #endif 3329 3330 /* Static x509 buffer */ 3331 typedef struct x509_buffer { 3332 int length; /* actual size */ 3333 byte buffer[MAX_X509_SIZE]; /* max static cert size */ 3334 } x509_buffer; 3335 3336 3337 /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ 3338 struct WOLFSSL_X509_CHAIN { 3339 int count; /* total number in chain */ 3340 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ 3341 }; 3342 3343 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_SESSION_CACHE_REF) 3344 /* enable allocation of a smaller reference for the internal cache, 3345 * to prevent client from using internal cache reference. */ 3346 #define ENABLE_CLIENT_SESSION_REF 3347 #endif 3348 3349 typedef enum WOLFSSL_SESSION_TYPE { 3350 WOLFSSL_SESSION_TYPE_UNKNOWN, 3351 WOLFSSL_SESSION_TYPE_SSL, /* in ssl->session */ 3352 WOLFSSL_SESSION_TYPE_CACHE, /* pointer to internal cache */ 3353 WOLFSSL_SESSION_TYPE_HEAP /* allocated from heap SESSION_new */ 3354 #ifdef ENABLE_CLIENT_SESSION_REF 3355 ,WOLFSSL_SESSION_TYPE_REF /* smaller allocation with reference to internal cache */ 3356 #endif 3357 } WOLFSSL_SESSION_TYPE; 3358 3359 /* wolfSSL session type */ 3360 struct WOLFSSL_SESSION { 3361 WOLFSSL_SESSION_TYPE type; 3362 byte side; /* Either WOLFSSL_CLIENT_END or 3363 WOLFSSL_SERVER_END */ 3364 3365 int cacheRow; /* row in session cache */ 3366 word32 bornOn; /* create time in seconds */ 3367 word32 timeout; /* timeout in seconds */ 3368 3369 byte sessionID[ID_LEN]; /* id for protocol */ 3370 byte sessionIDSz; 3371 3372 byte* masterSecret; /* stored secret */ 3373 word16 haveEMS; /* ext master secret flag */ 3374 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) 3375 WOLFSSL_X509* peer; /* peer cert */ 3376 #endif 3377 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ 3378 defined(HAVE_SESSION_TICKET)) 3379 ProtocolVersion version; /* which version was used */ 3380 #endif 3381 #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ 3382 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) 3383 byte cipherSuite0; /* first byte, normally 0 */ 3384 byte cipherSuite; /* 2nd byte, actual suite */ 3385 #endif 3386 #ifndef NO_CLIENT_CACHE 3387 word16 idLen; /* serverID length */ 3388 byte* serverID; /* for easier client lookup */ 3389 #endif 3390 #ifdef OPENSSL_EXTRA 3391 byte sessionCtxSz; /* sessionCtx length */ 3392 byte* sessionCtx; /* app specific context id */ 3393 #endif /* OPENSSL_EXTRA */ 3394 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 3395 byte peerVerifyRet; /* cert verify error */ 3396 #endif 3397 #ifdef WOLFSSL_TLS13 3398 word16 namedGroup; 3399 #endif 3400 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 3401 #ifdef WOLFSSL_TLS13 3402 word32 ticketSeen; /* Time ticket seen (ms) */ 3403 word32 ticketAdd; /* Added by client */ 3404 TicketNonce ticketNonce; /* Nonce used to derive PSK */ 3405 #endif 3406 #ifdef WOLFSSL_EARLY_DATA 3407 word32 maxEarlyDataSz; 3408 #endif 3409 #endif 3410 #ifdef HAVE_SESSION_TICKET 3411 byte* ticket; 3412 word16 ticketLen; 3413 word16 ticketLenAlloc; /* is dynamic */ 3414 #endif 3415 int refCount; /* reference count */ 3416 void* heap; 3417 3418 #ifdef ENABLE_CLIENT_SESSION_REF 3419 /* pointer to WOLFSSL_SESSION in internal cache (for WOLFSSL_SESSION_TYPE_REF) */ 3420 void* refPtr; 3421 #endif 3422 3423 /* Below buffers are not allocated for the WOLFSSL_SESSION_TYPE_REF, instead 3424 * the above pointers reference the session cache for backwards 3425 * compatibility. For all other session types the above pointers reference 3426 * these buffers directly */ 3427 byte _masterSecret[SECRET_LEN]; 3428 #ifndef NO_CLIENT_CACHE 3429 byte _serverID[SERVER_ID_LEN]; 3430 #endif 3431 #ifdef HAVE_SESSION_TICKET 3432 byte _staticTicket[SESSION_TICKET_LEN]; 3433 #endif 3434 #ifdef OPENSSL_EXTRA 3435 byte _sessionCtx[ID_LEN]; 3436 #endif 3437 3438 #ifdef SESSION_CERTS 3439 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ 3440 #ifdef WOLFSSL_ALT_CERT_CHAINS 3441 WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ 3442 #endif 3443 #endif 3444 #ifdef HAVE_EX_DATA 3445 WOLFSSL_CRYPTO_EX_DATA ex_data; 3446 #endif 3447 #ifdef OPENSSL_EXTRA 3448 #ifndef SINGLE_THREADED 3449 wolfSSL_Mutex refMutex; /* ref count mutex */ 3450 #endif 3451 #endif 3452 }; 3453 3454 3455 WOLFSSL_LOCAL WOLFSSL_SESSION* NewSession(void* heap); 3456 WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); 3457 WOLFSSL_LOCAL WOLFSSL_SESSION* GetSessionRef(WOLFSSL*); 3458 WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); 3459 WOLFSSL_LOCAL void FreeSession(WOLFSSL_SESSION*); 3460 3461 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int); 3462 3463 #ifndef NO_CLIENT_CACHE 3464 WOLFSSL_LOCAL 3465 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); 3466 #endif 3467 3468 /* client connect state for nonblocking restart */ 3469 enum ConnectState { 3470 CONNECT_BEGIN = 0, 3471 CLIENT_HELLO_SENT, 3472 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ 3473 HELLO_AGAIN_REPLY, 3474 FIRST_REPLY_DONE, 3475 FIRST_REPLY_FIRST, 3476 FIRST_REPLY_SECOND, 3477 FIRST_REPLY_THIRD, 3478 FIRST_REPLY_FOURTH, 3479 FINISHED_DONE, 3480 SECOND_REPLY_DONE 3481 }; 3482 3483 3484 /* server accept state for nonblocking restart */ 3485 enum AcceptState { 3486 ACCEPT_BEGIN = 0, 3487 ACCEPT_BEGIN_RENEG, 3488 ACCEPT_CLIENT_HELLO_DONE, 3489 ACCEPT_HELLO_RETRY_REQUEST_DONE, 3490 ACCEPT_FIRST_REPLY_DONE, 3491 SERVER_HELLO_SENT, 3492 SERVER_EXTENSIONS_SENT, 3493 CERT_SENT, 3494 CERT_VERIFY_SENT, 3495 CERT_STATUS_SENT, 3496 KEY_EXCHANGE_SENT, 3497 CERT_REQ_SENT, 3498 SERVER_HELLO_DONE, 3499 ACCEPT_SECOND_REPLY_DONE, 3500 TICKET_SENT, 3501 CHANGE_CIPHER_SENT, 3502 ACCEPT_FINISHED_DONE, 3503 ACCEPT_THIRD_REPLY_DONE 3504 }; 3505 3506 /* TLS 1.3 server accept state for nonblocking restart */ 3507 enum AcceptStateTls13 { 3508 TLS13_ACCEPT_BEGIN = 0, 3509 TLS13_ACCEPT_BEGIN_RENEG, 3510 TLS13_ACCEPT_CLIENT_HELLO_DONE, 3511 TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE, 3512 TLS13_ACCEPT_FIRST_REPLY_DONE, 3513 TLS13_ACCEPT_SECOND_REPLY_DONE, 3514 TLS13_SERVER_HELLO_SENT, 3515 TLS13_ACCEPT_THIRD_REPLY_DONE, 3516 TLS13_SERVER_EXTENSIONS_SENT, 3517 TLS13_CERT_REQ_SENT, 3518 TLS13_CERT_SENT, 3519 TLS13_CERT_VERIFY_SENT, 3520 TLS13_ACCEPT_FINISHED_SENT, 3521 TLS13_PRE_TICKET_SENT, 3522 TLS13_ACCEPT_FINISHED_DONE, 3523 TLS13_TICKET_SENT 3524 }; 3525 3526 /* buffers for struct WOLFSSL */ 3527 typedef struct Buffers { 3528 bufferStatic inputBuffer; 3529 bufferStatic outputBuffer; 3530 buffer domainName; /* for client check */ 3531 buffer clearOutputBuffer; 3532 buffer sig; /* signature data */ 3533 buffer digest; /* digest data */ 3534 int prevSent; /* previous plain text bytes sent 3535 when got WANT_WRITE */ 3536 int plainSz; /* plain text bytes in buffer to send 3537 when got WANT_WRITE */ 3538 byte weOwnCert; /* SSL own cert flag */ 3539 byte weOwnCertChain; /* SSL own cert chain flag */ 3540 byte weOwnKey; /* SSL own key flag */ 3541 byte weOwnDH; /* SSL own dh (p,g) flag */ 3542 #ifndef NO_DH 3543 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ 3544 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ 3545 buffer serverDH_Pub; 3546 buffer serverDH_Priv; 3547 DhKey* serverDH_Key; 3548 #endif 3549 #ifndef NO_CERTS 3550 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ 3551 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ 3552 byte keyType:6; /* Type of key: RSA, ECC, Ed25519 */ 3553 byte keyId:1; /* Key data is an id not data */ 3554 byte keyLabel:1; /* Key data is a label not data */ 3555 int keySz; /* Size of RSA key */ 3556 int keyDevId; /* Device Id for key */ 3557 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ 3558 /* chain after self, in DER, with leading size for each cert */ 3559 #ifdef WOLFSSL_TLS13 3560 int certChainCnt; 3561 DerBuffer* certExts; 3562 #endif 3563 #endif 3564 #ifdef WOLFSSL_SEND_HRR_COOKIE 3565 buffer tls13CookieSecret; /* HRR cookie secret */ 3566 #endif 3567 #ifdef WOLFSSL_DTLS 3568 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ 3569 #ifndef NO_WOLFSSL_SERVER 3570 buffer dtlsCookieSecret; /* DTLS cookie secret */ 3571 #endif /* NO_WOLFSSL_SERVER */ 3572 #endif 3573 #ifdef HAVE_PK_CALLBACKS 3574 #ifdef HAVE_ECC 3575 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ 3576 #endif /* HAVE_ECC */ 3577 #ifdef HAVE_ED25519 3578 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */ 3579 #endif /* HAVE_ED25519 */ 3580 #ifdef HAVE_ED448 3581 buffer peerEd448Key; /* for Ed448 Verify Callbacks */ 3582 #endif /* HAVE_ED448 */ 3583 #ifndef NO_RSA 3584 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ 3585 #endif /* NO_RSA */ 3586 #endif /* HAVE_PK_CALLBACKS */ 3587 } Buffers; 3588 3589 /* sub-states for send/do key share (key exchange) */ 3590 enum asyncState { 3591 TLS_ASYNC_BEGIN = 0, 3592 TLS_ASYNC_BUILD, 3593 TLS_ASYNC_DO, 3594 TLS_ASYNC_VERIFY, 3595 TLS_ASYNC_FINALIZE, 3596 TLS_ASYNC_END 3597 }; 3598 3599 /* sub-states for build message */ 3600 enum buildMsgState { 3601 BUILD_MSG_BEGIN = 0, 3602 BUILD_MSG_SIZE, 3603 BUILD_MSG_HASH, 3604 BUILD_MSG_VERIFY_MAC, 3605 BUILD_MSG_ENCRYPT, 3606 BUILD_MSG_ENCRYPTED_VERIFY_MAC, 3607 }; 3608 3609 /* sub-states for cipher operations */ 3610 enum cipherState { 3611 CIPHER_STATE_BEGIN = 0, 3612 CIPHER_STATE_DO, 3613 CIPHER_STATE_END, 3614 }; 3615 3616 typedef struct Options { 3617 #ifndef NO_PSK 3618 wc_psk_client_callback client_psk_cb; 3619 wc_psk_server_callback server_psk_cb; 3620 #ifdef OPENSSL_EXTRA 3621 wc_psk_use_session_cb_func session_psk_cb; 3622 #endif 3623 #ifdef WOLFSSL_TLS13 3624 wc_psk_client_cs_callback client_psk_cs_cb; /* client callback */ 3625 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ 3626 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ 3627 #endif 3628 void* psk_ctx; 3629 #endif /* NO_PSK */ 3630 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) 3631 unsigned long mask; /* store SSL_OP_ flags */ 3632 word16 minProto:1; /* sets min to min available */ 3633 word16 maxProto:1; /* sets max to max available */ 3634 #endif 3635 #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) 3636 unsigned int maxTicketTls13; /* maximum number of tickets to send */ 3637 unsigned int ticketsSent; /* keep track of the total sent */ 3638 #endif 3639 3640 /* on/off or small bit flags, optimize layout */ 3641 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 3642 word16 havePSK:1; /* psk key set by user */ 3643 #endif /* HAVE_SESSION_TICKET || !NO_PSK */ 3644 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ 3645 word16 sessionCacheOff:1; 3646 word16 sessionCacheFlushOff:1; 3647 #ifdef HAVE_EXT_CACHE 3648 word16 internalCacheOff:1; 3649 #endif 3650 word16 side:2; /* client, server or neither end */ 3651 word16 verifyPeer:1; 3652 word16 verifyNone:1; 3653 word16 failNoCert:1; 3654 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ 3655 word16 downgrade:1; /* allow downgrade of versions */ 3656 word16 resuming:1; 3657 word16 haveSessionId:1; /* server may not send */ 3658 word16 tls:1; /* using TLS ? */ 3659 word16 tls1_1:1; /* using TLSv1.1+ ? */ 3660 word16 tls1_3:1; /* using TLSv1.3+ ? */ 3661 word16 dtls:1; /* using datagrams ? */ 3662 word16 connReset:1; /* has the peer reset */ 3663 word16 isClosed:1; /* if we consider conn closed */ 3664 word16 closeNotify:1; /* we've received a close notify */ 3665 word16 sentNotify:1; /* we've sent a close notify */ 3666 word16 usingCompression:1; /* are we using compression */ 3667 word16 haveRSA:1; /* RSA available */ 3668 word16 haveECC:1; /* ECC available */ 3669 word16 haveDH:1; /* server DH parms set by user */ 3670 word16 haveECDSAsig:1; /* server ECDSA signed cert */ 3671 word16 haveStaticECC:1; /* static server ECC private key */ 3672 word16 haveFalconSig:1; /* server Falcon signed cert */ 3673 word16 havePeerCert:1; /* do we have peer's cert */ 3674 word16 havePeerVerify:1; /* and peer's cert verify */ 3675 word16 usingPSK_cipher:1; /* are using psk as cipher */ 3676 word16 usingAnon_cipher:1; /* are we using an anon cipher */ 3677 word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */ 3678 word16 sendAlertState:1; /* nonblocking resume */ 3679 word16 partialWrite:1; /* only one msg per write call */ 3680 word16 quietShutdown:1; /* don't send close notify */ 3681 word16 certOnly:1; /* stop once we get cert */ 3682 word16 groupMessages:1; /* group handshake messages */ 3683 word16 saveArrays:1; /* save array Memory for user get keys 3684 or psk */ 3685 word16 weOwnRng:1; /* will be true unless CTX owns */ 3686 word16 haveEMS:1; /* using extended master secret */ 3687 #ifdef HAVE_POLY1305 3688 word16 oldPoly:1; /* set when to use old rfc way of poly*/ 3689 #endif 3690 word16 haveAnon:1; /* User wants to allow Anon suites */ 3691 #ifdef HAVE_SESSION_TICKET 3692 word16 createTicket:1; /* Server to create new Ticket */ 3693 word16 useTicket:1; /* Use Ticket not session cache */ 3694 word16 rejectTicket:1; /* Callback rejected ticket */ 3695 word16 noTicketTls12:1; /* TLS 1.2 server won't send ticket */ 3696 #ifdef WOLFSSL_TLS13 3697 word16 noTicketTls13:1; /* Server won't create new Ticket */ 3698 #endif 3699 #endif 3700 #ifdef WOLFSSL_DTLS 3701 word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ 3702 word16 dtlsHsRetain:1; /* DTLS retaining HS data */ 3703 word16 haveMcast:1; /* using multicast ? */ 3704 #ifdef WOLFSSL_SCTP 3705 word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ 3706 #endif 3707 #endif 3708 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES) 3709 word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */ 3710 #endif 3711 word16 keepResources:1; /* Keep resources after handshake */ 3712 word16 useClientOrder:1; /* Use client's cipher order */ 3713 word16 mutualAuth:1; /* Mutual authentication is required */ 3714 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 3715 word16 postHandshakeAuth:1;/* Client send post_handshake_auth 3716 * extension */ 3717 word16 verifyPostHandshake:1; /* Only send client cert req post 3718 * handshake, not also during */ 3719 #endif 3720 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) 3721 word16 sendCookie:1; /* Server creates a Cookie in HRR */ 3722 #endif 3723 #ifdef WOLFSSL_ALT_CERT_CHAINS 3724 word16 usingAltCertChain:1;/* Alternate cert chain was used */ 3725 #endif 3726 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) 3727 word16 sentChangeCipher:1; /* Change Cipher Spec sent */ 3728 #endif 3729 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ 3730 ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ 3731 (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH))) 3732 word16 cacheMessages:1; /* Cache messages for sign/verify */ 3733 #endif 3734 #ifndef NO_DH 3735 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ 3736 !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) 3737 word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */ 3738 word16 dhKeyTested:1; /* Set when key has been tested. */ 3739 #endif 3740 #endif 3741 #ifdef SINGLE_THREADED 3742 word16 ownSuites:1; /* if suites are malloced in ssl object */ 3743 #endif 3744 #ifdef HAVE_ENCRYPT_THEN_MAC 3745 word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ 3746 word16 encThenMac:1; /* Doing Encrypt-Then-MAC */ 3747 word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */ 3748 word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */ 3749 #endif 3750 3751 /* need full byte values for this section */ 3752 byte processReply; /* nonblocking resume */ 3753 byte cipherSuite0; /* first byte, normally 0 */ 3754 byte cipherSuite; /* second byte, actual suite */ 3755 byte serverState; 3756 byte clientState; 3757 byte handShakeState; 3758 byte handShakeDone; /* at least one handshake complete */ 3759 byte minDowngrade; /* minimum downgrade version */ 3760 byte connectState; /* nonblocking resume */ 3761 byte acceptState; /* nonblocking resume */ 3762 byte asyncState; /* sub-state for enum asyncState */ 3763 byte buildMsgState; /* sub-state for enum buildMsgState */ 3764 byte alertCount; /* detect warning dos attempt */ 3765 #ifdef WOLFSSL_MULTICAST 3766 word16 mcastID; /* Multicast group ID */ 3767 #endif 3768 #ifndef NO_DH 3769 word16 minDhKeySz; /* minimum DH key size */ 3770 word16 maxDhKeySz; /* minimum DH key size */ 3771 word16 dhKeySz; /* actual DH key size */ 3772 #endif 3773 #ifndef NO_RSA 3774 short minRsaKeySz; /* minimum RSA key size */ 3775 #endif 3776 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 3777 short minEccKeySz; /* minimum ECC key size */ 3778 #endif 3779 #if defined(HAVE_PQC) 3780 short minFalconKeySz; /* minimum Falcon key size */ 3781 #endif 3782 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 3783 byte verifyDepth; /* maximum verification depth */ 3784 #endif 3785 #ifdef WOLFSSL_EARLY_DATA 3786 word16 pskIdIndex; 3787 word32 maxEarlyDataSz; 3788 #endif 3789 #ifdef WOLFSSL_TLS13 3790 byte oldMinor; /* client preferred version < TLS 1.3 */ 3791 #endif 3792 } Options; 3793 3794 typedef struct Arrays { 3795 byte* pendingMsg; /* defrag buffer */ 3796 byte* preMasterSecret; 3797 word32 preMasterSz; /* differs for DH, actual size */ 3798 word32 pendingMsgSz; /* defrag buffer size */ 3799 word32 pendingMsgOffset; /* current offset into defrag buffer */ 3800 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) 3801 word32 psk_keySz; /* actual size */ 3802 char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 3803 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; 3804 byte psk_key[MAX_PSK_KEY_LEN]; 3805 #endif 3806 byte clientRandom[RAN_LEN]; 3807 byte serverRandom[RAN_LEN]; 3808 byte sessionID[ID_LEN]; 3809 byte sessionIDSz; 3810 #ifdef WOLFSSL_TLS13 3811 byte secret[SECRET_LEN]; 3812 #endif 3813 #ifdef HAVE_KEYING_MATERIAL 3814 byte exporterSecret[WC_MAX_DIGEST_SIZE]; 3815 #endif 3816 byte masterSecret[SECRET_LEN]; 3817 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ 3818 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) 3819 byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE]; 3820 #endif 3821 #if defined(WOLFSSL_RENESAS_SCEPROTECT) 3822 byte sce_masterSecret[SCE_TLS_MASTERSECRET_SIZE]; 3823 #endif 3824 #ifdef WOLFSSL_DTLS 3825 byte cookie[MAX_COOKIE_LEN]; 3826 byte cookieSz; 3827 #endif 3828 byte pendingMsgType; /* defrag buffer message type */ 3829 } Arrays; 3830 3831 #ifndef ASN_NAME_MAX 3832 #define ASN_NAME_MAX 256 3833 #endif 3834 3835 #ifndef MAX_DATE_SZ 3836 #define MAX_DATE_SZ 32 3837 #endif 3838 3839 typedef enum { 3840 STACK_TYPE_X509 = 0, 3841 STACK_TYPE_GEN_NAME = 1, 3842 STACK_TYPE_BIO = 2, 3843 STACK_TYPE_OBJ = 3, 3844 STACK_TYPE_STRING = 4, 3845 STACK_TYPE_CIPHER = 5, 3846 STACK_TYPE_ACCESS_DESCRIPTION = 6, 3847 STACK_TYPE_X509_EXT = 7, 3848 STACK_TYPE_NULL = 8, 3849 STACK_TYPE_X509_NAME = 9, 3850 STACK_TYPE_CONF_VALUE = 10, 3851 STACK_TYPE_X509_INFO = 11, 3852 STACK_TYPE_BY_DIR_entry = 12, 3853 STACK_TYPE_BY_DIR_hash = 13, 3854 STACK_TYPE_X509_OBJ = 14, 3855 STACK_TYPE_DIST_POINT = 15, 3856 STACK_TYPE_X509_CRL = 16, 3857 } WOLF_STACK_TYPE; 3858 3859 struct WOLFSSL_STACK { 3860 unsigned long num; /* number of nodes in stack 3861 * (safety measure for freeing and shortcut for count) */ 3862 #if defined(OPENSSL_ALL) 3863 wolf_sk_compare_cb comp; 3864 wolf_sk_hash_cb hash_fn; 3865 unsigned long hash; 3866 #endif 3867 3868 union { 3869 WOLFSSL_X509* x509; 3870 WOLFSSL_X509_NAME* name; 3871 WOLFSSL_X509_INFO* info; 3872 WOLFSSL_BIO* bio; 3873 WOLFSSL_ASN1_OBJECT* obj; 3874 WOLFSSL_CIPHER cipher; 3875 WOLFSSL_ACCESS_DESCRIPTION* access; 3876 WOLFSSL_X509_EXTENSION* ext; 3877 #ifdef OPENSSL_EXTRA 3878 WOLFSSL_CONF_VALUE* conf; 3879 #endif 3880 void* generic; 3881 char* string; 3882 WOLFSSL_GENERAL_NAME* gn; 3883 WOLFSSL_BY_DIR_entry* dir_entry; 3884 WOLFSSL_BY_DIR_HASH* dir_hash; 3885 WOLFSSL_X509_OBJECT* x509_obj; 3886 WOLFSSL_DIST_POINT* dp; 3887 WOLFSSL_X509_CRL* crl; 3888 } data; 3889 void* heap; /* memory heap hint */ 3890 WOLFSSL_STACK* next; 3891 WOLF_STACK_TYPE type; /* Identifies type of stack. */ 3892 }; 3893 3894 struct WOLFSSL_X509_NAME { 3895 char *name; 3896 int dynamicName; 3897 int sz; 3898 char staticName[ASN_NAME_MAX]; 3899 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 3900 !defined(NO_ASN) 3901 DecodedName fullName; 3902 int entrySz; /* number of entries */ 3903 WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ 3904 WOLFSSL_X509* x509; /* x509 that struct belongs to */ 3905 #endif /* OPENSSL_EXTRA */ 3906 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) 3907 byte raw[ASN_NAME_MAX]; 3908 int rawLen; 3909 #endif 3910 void* heap; 3911 }; 3912 3913 #ifndef EXTERNAL_SERIAL_SIZE 3914 #define EXTERNAL_SERIAL_SIZE 32 3915 #endif 3916 3917 #ifdef NO_ASN 3918 typedef struct DNS_entry DNS_entry; 3919 #endif 3920 3921 struct WOLFSSL_X509 { 3922 int version; 3923 int serialSz; 3924 #ifdef WOLFSSL_SEP 3925 int deviceTypeSz; 3926 int hwTypeSz; 3927 byte deviceType[EXTERNAL_SERIAL_SIZE]; 3928 byte hwType[EXTERNAL_SERIAL_SIZE]; 3929 int hwSerialNumSz; 3930 byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; 3931 #endif /* WOLFSSL_SEP */ 3932 #if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \ 3933 (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 3934 byte certPolicySet; 3935 byte certPolicyCrit; 3936 #endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 3937 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 3938 WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ 3939 WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */ 3940 WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ 3941 #endif /* WOLFSSL_QT || OPENSSL_ALL */ 3942 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) 3943 WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ 3944 #endif 3945 WOLFSSL_ASN1_TIME notBefore; 3946 WOLFSSL_ASN1_TIME notAfter; 3947 buffer sig; 3948 int sigOID; 3949 DNS_entry* altNames; /* alt names list */ 3950 buffer pubKey; 3951 int pubKeyOID; 3952 DNS_entry* altNamesNext; /* hint for retrieval */ 3953 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ 3954 defined(HAVE_PQC) 3955 word32 pkCurveOID; 3956 #endif /* HAVE_ECC || HAVE_PQC */ 3957 #ifndef NO_CERTS 3958 DerBuffer* derCert; /* may need */ 3959 #endif 3960 void* heap; /* heap hint */ 3961 byte dynamicMemory; /* dynamic memory flag */ 3962 byte isCa:1; 3963 #ifdef WOLFSSL_CERT_EXT 3964 char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; 3965 int certPoliciesNb; 3966 #endif /* WOLFSSL_CERT_EXT */ 3967 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) 3968 #ifndef SINGLE_THREADED 3969 wolfSSL_Mutex refMutex; /* ref count mutex */ 3970 #endif 3971 int refCount; /* reference count */ 3972 #endif 3973 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 3974 #ifdef HAVE_EX_DATA 3975 WOLFSSL_CRYPTO_EX_DATA ex_data; 3976 #endif 3977 byte* authKeyId; /* Points into authKeyIdSrc */ 3978 byte* authKeyIdSrc; 3979 byte* subjKeyId; 3980 byte* extKeyUsageSrc; 3981 #ifdef OPENSSL_ALL 3982 byte* subjAltNameSrc; 3983 #endif 3984 byte* rawCRLInfo; 3985 byte* CRLInfo; 3986 byte* authInfo; 3987 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 3988 byte* authInfoCaIssuer; 3989 int authInfoCaIssuerSz; 3990 #endif 3991 word32 pathLength; 3992 word16 keyUsage; 3993 int rawCRLInfoSz; 3994 int CRLInfoSz; 3995 int authInfoSz; 3996 word32 authKeyIdSz; 3997 word32 authKeyIdSrcSz; 3998 word32 subjKeyIdSz; 3999 byte extKeyUsage; 4000 word32 extKeyUsageSz; 4001 word32 extKeyUsageCount; 4002 #ifndef IGNORE_NETSCAPE_CERT_TYPE 4003 byte nsCertType; 4004 #endif 4005 #ifdef OPENSSL_ALL 4006 word32 subjAltNameSz; 4007 #endif 4008 4009 byte CRLdistSet:1; 4010 byte CRLdistCrit:1; 4011 byte authInfoSet:1; 4012 byte authInfoCrit:1; 4013 byte keyUsageSet:1; 4014 byte keyUsageCrit:1; 4015 byte extKeyUsageCrit:1; 4016 byte subjKeyIdSet:1; 4017 4018 byte subjKeyIdCrit:1; 4019 byte basicConstSet:1; 4020 byte basicConstCrit:1; 4021 byte basicConstPlSet:1; 4022 byte subjAltNameSet:1; 4023 byte subjAltNameCrit:1; 4024 byte authKeyIdSet:1; 4025 byte authKeyIdCrit:1; 4026 byte issuerSet:1; 4027 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 4028 #ifdef WOLFSSL_CERT_REQ 4029 byte isCSR:1; 4030 #endif 4031 byte serial[EXTERNAL_SERIAL_SIZE]; 4032 char subjectCN[ASN_NAME_MAX]; /* common name short cut */ 4033 #ifdef WOLFSSL_CERT_REQ 4034 #ifdef OPENSSL_ALL 4035 WOLFSSL_X509_ATTRIBUTE* challengePwAttr; 4036 #endif 4037 char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ 4038 char contentType[CTC_NAME_SIZE]; 4039 #endif /* WOLFSSL_CERT_REQ */ 4040 WOLFSSL_X509_NAME issuer; 4041 WOLFSSL_X509_NAME subject; 4042 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) 4043 WOLFSSL_X509_ALGOR algor; 4044 WOLFSSL_X509_PUBKEY key; 4045 #endif 4046 #if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \ 4047 defined(SESSION_CERTS) 4048 byte notBeforeData[CTC_DATE_SIZE]; 4049 byte notAfterData[CTC_DATE_SIZE]; 4050 #endif 4051 }; 4052 4053 4054 /* record layer header for PlainText, Compressed, and CipherText */ 4055 typedef struct RecordLayerHeader { 4056 byte type; 4057 byte pvMajor; 4058 byte pvMinor; 4059 byte length[2]; 4060 } RecordLayerHeader; 4061 4062 4063 /* record layer header for DTLS PlainText, Compressed, and CipherText */ 4064 typedef struct DtlsRecordLayerHeader { 4065 byte type; 4066 byte pvMajor; 4067 byte pvMinor; 4068 byte sequence_number[8]; /* per record */ 4069 byte length[2]; 4070 } DtlsRecordLayerHeader; 4071 4072 4073 typedef struct DtlsFrag { 4074 word32 begin; 4075 word32 end; 4076 struct DtlsFrag* next; 4077 } DtlsFrag; 4078 4079 4080 typedef struct DtlsMsg { 4081 struct DtlsMsg* next; 4082 byte* buf; 4083 byte* msg; 4084 DtlsFrag* fragList; 4085 word32 fragSz; /* Length of fragments received */ 4086 word16 epoch; /* Epoch that this message belongs to */ 4087 word32 seq; /* Handshake sequence number */ 4088 word32 sz; /* Length of whole message */ 4089 byte type; 4090 } DtlsMsg; 4091 4092 4093 #ifdef HAVE_NETX 4094 4095 /* NETX I/O Callback default */ 4096 typedef struct NetX_Ctx { 4097 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ 4098 NX_PACKET* nxPacket; /* incoming packet handle for short reads */ 4099 ULONG nxOffset; /* offset already read from nxPacket */ 4100 ULONG nxWait; /* wait option flag */ 4101 } NetX_Ctx; 4102 4103 #endif 4104 4105 /* Handshake messages received from peer (plus change cipher */ 4106 typedef struct MsgsReceived { 4107 word16 got_hello_request:1; 4108 word16 got_client_hello:2; 4109 word16 got_server_hello:2; 4110 word16 got_hello_verify_request:1; 4111 word16 got_session_ticket:1; 4112 word16 got_end_of_early_data:1; 4113 word16 got_hello_retry_request:1; 4114 word16 got_encrypted_extensions:1; 4115 word16 got_certificate:1; 4116 word16 got_certificate_status:1; 4117 word16 got_server_key_exchange:1; 4118 word16 got_certificate_request:1; 4119 word16 got_server_hello_done:1; 4120 word16 got_certificate_verify:1; 4121 word16 got_client_key_exchange:1; 4122 word16 got_finished:1; 4123 word16 got_key_update:1; 4124 word16 got_change_cipher:1; 4125 } MsgsReceived; 4126 4127 4128 /* Handshake hashes */ 4129 typedef struct HS_Hashes { 4130 Hashes verifyHashes; 4131 Hashes certHashes; /* for cert verify */ 4132 #ifndef NO_SHA 4133 wc_Sha hashSha; /* sha hash of handshake msgs */ 4134 #endif 4135 #if !defined(NO_MD5) && !defined(NO_OLD_TLS) 4136 wc_Md5 hashMd5; /* md5 hash of handshake msgs */ 4137 #endif 4138 #ifndef NO_SHA256 4139 wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */ 4140 #endif 4141 #ifdef WOLFSSL_SHA384 4142 wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */ 4143 #endif 4144 #ifdef WOLFSSL_SHA512 4145 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ 4146 #endif 4147 #if (defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ 4148 !defined(WOLFSSL_NO_CLIENT_AUTH) 4149 byte* messages; /* handshake messages */ 4150 int length; /* length of handshake messages' data */ 4151 int prevLen; /* length of messages but last */ 4152 #endif 4153 } HS_Hashes; 4154 4155 4156 #ifndef WOLFSSL_NO_TLS12 4157 /* Persistable BuildMessage arguments */ 4158 typedef struct BuildMsgArgs { 4159 word32 digestSz; 4160 word32 sz; 4161 word32 pad; 4162 word32 idx; 4163 word32 headerSz; 4164 word16 size; 4165 word32 ivSz; /* TLSv1.1 IV */ 4166 byte* iv; 4167 } BuildMsgArgs; 4168 #endif 4169 4170 #ifdef WOLFSSL_ASYNC_CRYPT 4171 #define MAX_ASYNC_ARGS 18 4172 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); 4173 4174 struct WOLFSSL_ASYNC { 4175 WC_ASYNC_DEV* dev; 4176 FreeArgsCb freeArgs; /* function pointer to cleanup args */ 4177 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ 4178 BuildMsgArgs buildArgs; /* holder for current BuildMessage args */ 4179 }; 4180 #endif 4181 4182 #ifdef HAVE_WRITE_DUP 4183 4184 #define WRITE_DUP_SIDE 1 4185 #define READ_DUP_SIDE 2 4186 4187 typedef struct WriteDup { 4188 wolfSSL_Mutex dupMutex; /* reference count mutex */ 4189 int dupCount; /* reference count */ 4190 int dupErr; /* under dupMutex, pass to other side */ 4191 } WriteDup; 4192 4193 WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl); 4194 WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err); 4195 #endif /* HAVE_WRITE_DUP */ 4196 4197 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 4198 typedef struct CertReqCtx CertReqCtx; 4199 4200 struct CertReqCtx { 4201 CertReqCtx* next; 4202 byte len; 4203 byte ctx; 4204 }; 4205 #endif 4206 4207 #ifdef WOLFSSL_EARLY_DATA 4208 typedef enum EarlyDataState { 4209 no_early_data, 4210 early_data_ext, 4211 expecting_early_data, 4212 process_early_data, 4213 done_early_data 4214 } EarlyDataState; 4215 #endif 4216 4217 /* wolfSSL ssl type */ 4218 struct WOLFSSL { 4219 WOLFSSL_CTX* ctx; 4220 Suites* suites; /* only need during handshake */ 4221 Arrays* arrays; 4222 #ifdef WOLFSSL_TLS13 4223 byte clientSecret[SECRET_LEN]; 4224 byte serverSecret[SECRET_LEN]; 4225 #endif 4226 HS_Hashes* hsHashes; 4227 void* IOCB_ReadCtx; 4228 void* IOCB_WriteCtx; 4229 WC_RNG* rng; 4230 void* verifyCbCtx; /* cert verify callback user ctx*/ 4231 VerifyCallback verifyCallback; /* cert verification callback */ 4232 void* heap; /* for user overrides */ 4233 #ifdef HAVE_WRITE_DUP 4234 WriteDup* dupWrite; /* valid pointer indicates ON */ 4235 /* side that decrements dupCount to zero frees overall structure */ 4236 byte dupSide; /* write side or read side */ 4237 #endif 4238 #ifdef OPENSSL_EXTRA 4239 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ 4240 #endif 4241 #ifdef WOLFSSL_WOLFSENTRY_HOOKS 4242 NetworkFilterCallback_t AcceptFilter; 4243 void *AcceptFilter_arg; 4244 NetworkFilterCallback_t ConnectFilter; 4245 void *ConnectFilter_arg; 4246 #endif /* WOLFSSL_WOLFSENTRY_HOOKS */ 4247 CallbackIORecv CBIORecv; 4248 CallbackIOSend CBIOSend; 4249 #ifdef WOLFSSL_STATIC_MEMORY 4250 WOLFSSL_HEAP_HINT heap_hint; 4251 #endif 4252 #ifndef NO_HANDSHAKE_DONE_CB 4253 HandShakeDoneCb hsDoneCb; /* notify user handshake done */ 4254 void* hsDoneCtx; /* user handshake cb context */ 4255 #endif 4256 #ifdef WOLFSSL_ASYNC_CRYPT 4257 struct WOLFSSL_ASYNC async; 4258 #elif defined(WOLFSSL_NONBLOCK_OCSP) 4259 void* nonblockarg; /* dynamic arg for handling non-block resume */ 4260 #endif 4261 void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ 4262 word32 hsType; /* Type of Handshake key (hsKey) */ 4263 WOLFSSL_CIPHER cipher; 4264 #ifndef WOLFSSL_AEAD_ONLY 4265 hmacfp hmac; 4266 #endif 4267 Ciphers encrypt; 4268 Ciphers decrypt; 4269 Buffers buffers; 4270 WOLFSSL_SESSION session; 4271 #ifdef HAVE_EXT_CACHE 4272 WOLFSSL_SESSION* extSession; 4273 #endif 4274 WOLFSSL_ALERT_HISTORY alert_history; 4275 int error; 4276 int rfd; /* read file descriptor */ 4277 int wfd; /* write file descriptor */ 4278 int rflags; /* user read flags */ 4279 int wflags; /* user write flags */ 4280 word32 timeout; /* session timeout */ 4281 word32 fragOffset; /* fragment offset */ 4282 word16 curSize; 4283 byte verifyDepth; 4284 RecordLayerHeader curRL; 4285 MsgsReceived msgsReceived; /* peer messages received */ 4286 ProtocolVersion version; /* negotiated version */ 4287 ProtocolVersion chVersion; /* client hello version */ 4288 CipherSpecs specs; 4289 Keys keys; 4290 Options options; 4291 #ifdef OPENSSL_EXTRA 4292 CallbackInfoState* CBIS; /* used to get info about SSL state */ 4293 int cbmode; /* read or write on info callback */ 4294 int cbtype; /* event type in info callback */ 4295 WOLFSSL_BIO* biord; /* socket bio read to free/close */ 4296 WOLFSSL_BIO* biowr; /* socket bio write to free/close */ 4297 byte sessionCtx[ID_LEN]; /* app session context ID */ 4298 WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ 4299 #endif 4300 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 4301 unsigned long peerVerifyRet; 4302 #endif 4303 #ifdef OPENSSL_EXTRA 4304 byte readAhead; 4305 byte sessionCtxSz; /* size of sessionCtx stored */ 4306 #ifdef HAVE_PK_CALLBACKS 4307 void* loggingCtx; /* logging callback argument */ 4308 #endif 4309 #endif /* OPENSSL_EXTRA */ 4310 #ifndef NO_RSA 4311 RsaKey* peerRsaKey; 4312 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT) 4313 byte* peerSceTsipEncRsaKeyIndex; 4314 #endif 4315 byte peerRsaKeyPresent; 4316 #endif 4317 #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) 4318 word16 namedGroup; 4319 #endif 4320 #ifdef WOLFSSL_TLS13 4321 word16 group[WOLFSSL_MAX_GROUP_COUNT]; 4322 byte numGroups; 4323 #endif 4324 word16 pssAlgo; 4325 #ifdef WOLFSSL_TLS13 4326 word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ 4327 byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to 4328 * offer */ 4329 #endif 4330 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 4331 int eccVerifyRes; 4332 #endif 4333 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) 4334 word32 ecdhCurveOID; /* curve Ecc_Sum */ 4335 ecc_key* eccTempKey; /* private ECDHE key */ 4336 byte eccTempKeyPresent; /* also holds type */ 4337 byte peerEccKeyPresent; 4338 #endif 4339 #ifdef HAVE_ECC 4340 ecc_key* peerEccKey; /* peer's ECDHE key */ 4341 ecc_key* peerEccDsaKey; /* peer's ECDSA key */ 4342 word16 eccTempKeySz; /* in octets 20 - 66 */ 4343 byte peerEccDsaKeyPresent; 4344 #endif 4345 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE448) 4346 word32 pkCurveOID; /* curve Ecc_Sum */ 4347 #endif 4348 #ifdef HAVE_ED25519 4349 ed25519_key* peerEd25519Key; 4350 byte peerEd25519KeyPresent; 4351 #endif 4352 #ifdef HAVE_CURVE25519 4353 curve25519_key* peerX25519Key; 4354 byte peerX25519KeyPresent; 4355 #endif 4356 #ifdef HAVE_ED448 4357 ed448_key* peerEd448Key; 4358 byte peerEd448KeyPresent; 4359 #endif 4360 #ifdef HAVE_CURVE448 4361 curve448_key* peerX448Key; 4362 byte peerX448KeyPresent; 4363 #endif 4364 #ifdef HAVE_PQC 4365 falcon_key* peerFalconKey; 4366 byte peerFalconKeyPresent; 4367 #endif 4368 #ifdef HAVE_LIBZ 4369 z_stream c_stream; /* compression stream */ 4370 z_stream d_stream; /* decompression stream */ 4371 byte didStreamInit; /* for stream init and end */ 4372 #endif 4373 #ifdef WOLFSSL_DTLS 4374 int dtls_timeout_init; /* starting timeout value */ 4375 int dtls_timeout_max; /* maximum timeout value */ 4376 int dtls_timeout; /* current timeout value, changes */ 4377 #ifndef NO_ASN_TIME 4378 word32 dtls_start_timeout; 4379 #endif /* !NO_ASN_TIME */ 4380 word32 dtls_tx_msg_list_sz; 4381 word32 dtls_rx_msg_list_sz; 4382 DtlsMsg* dtls_tx_msg_list; 4383 DtlsMsg* dtls_tx_msg; 4384 DtlsMsg* dtls_rx_msg_list; 4385 void* IOCB_CookieCtx; /* gen cookie ctx */ 4386 word32 dtls_expected_rx; 4387 #ifdef WOLFSSL_SESSION_EXPORT 4388 wc_dtls_export dtls_export; /* export function for session */ 4389 #endif 4390 #if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) 4391 word16 dtlsMtuSz; 4392 #endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */ 4393 #ifdef WOLFSSL_MULTICAST 4394 void* mcastHwCbCtx; /* Multicast highwater callback ctx */ 4395 #endif /* WOLFSSL_MULTICAST */ 4396 #ifdef WOLFSSL_DTLS_DROP_STATS 4397 word32 macDropCount; 4398 word32 replayDropCount; 4399 #endif /* WOLFSSL_DTLS_DROP_STATS */ 4400 #endif /* WOLFSSL_DTLS */ 4401 #ifdef WOLFSSL_CALLBACKS 4402 TimeoutInfo timeoutInfo; /* info saved during handshake */ 4403 HandShakeInfo handShakeInfo; /* info saved during handshake */ 4404 #endif 4405 #ifdef OPENSSL_EXTRA 4406 SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ 4407 void* protoMsgCtx; /* user set context with msg callback */ 4408 #endif 4409 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 4410 byte hsInfoOn; /* track handshake info */ 4411 byte toInfoOn; /* track timeout info */ 4412 #endif 4413 #ifdef HAVE_FUZZER 4414 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ 4415 void* fuzzerCtx; /* user defined pointer */ 4416 #endif 4417 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 4418 CertReqCtx* certReqCtx; 4419 #endif 4420 #ifdef WOLFSSL_LOCAL_X509_STORE 4421 WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ 4422 #endif 4423 #ifdef KEEP_PEER_CERT 4424 WOLFSSL_X509 peerCert; /* X509 peer cert */ 4425 #endif 4426 #ifdef KEEP_OUR_CERT 4427 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert. 4428 points to ctx if not owned (owned 4429 flag found in buffers.weOwnCert) */ 4430 #endif 4431 byte keepCert; /* keep certificate after handshake */ 4432 #ifdef HAVE_EX_DATA 4433 WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */ 4434 #endif 4435 int devId; /* async device id to use */ 4436 #ifdef HAVE_ONE_TIME_AUTH 4437 OneTimeAuth auth; 4438 #endif 4439 #ifdef HAVE_TLS_EXTENSIONS 4440 TLSX* extensions; /* RFC 6066 TLS Extensions data */ 4441 #ifdef HAVE_MAX_FRAGMENT 4442 word16 max_fragment; 4443 #endif 4444 #ifdef HAVE_TRUNCATED_HMAC 4445 byte truncated_hmac; 4446 #endif 4447 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 4448 byte status_request; 4449 #endif 4450 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 4451 byte status_request_v2; 4452 #endif 4453 #if defined(HAVE_SECURE_RENEGOTIATION) \ 4454 || defined(HAVE_SERVER_RENEGOTIATION_INFO) 4455 int secure_rene_count; /* how many times */ 4456 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ 4457 #endif /* user turned on */ 4458 #ifdef HAVE_ALPN 4459 char* alpn_client_list; /* keep the client's list */ 4460 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 4461 CallbackALPNSelect alpnSelect; 4462 void* alpnSelectArg; 4463 #endif 4464 #endif /* of accepted protocols */ 4465 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) 4466 CallbackSessionTicket session_ticket_cb; 4467 void* session_ticket_ctx; 4468 byte expect_session_ticket; 4469 #endif 4470 #endif /* HAVE_TLS_EXTENSIONS */ 4471 #ifdef HAVE_OCSP 4472 void* ocspIOCtx; 4473 byte ocspProducedDate[MAX_DATE_SZ]; 4474 int ocspProducedDateFormat; 4475 #ifdef OPENSSL_EXTRA 4476 byte* ocspResp; 4477 int ocspRespSz; 4478 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 4479 char* url; 4480 #endif 4481 #endif 4482 #endif 4483 #ifdef HAVE_NETX 4484 NetX_Ctx nxCtx; /* NetX IO Context */ 4485 #endif 4486 #if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) 4487 void* mnCtx; /* mynewt mn_socket IO Context */ 4488 #endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */ 4489 #ifdef WOLFSSL_GNRC 4490 struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */ 4491 #endif 4492 #ifdef SESSION_INDEX 4493 int sessionIndex; /* Session's location in the cache. */ 4494 #endif 4495 #ifdef ATOMIC_USER 4496 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ 4497 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ 4498 #ifdef HAVE_ENCRYPT_THEN_MAC 4499 void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */ 4500 void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */ 4501 #endif 4502 #endif 4503 #ifdef HAVE_PK_CALLBACKS 4504 #ifdef HAVE_ECC 4505 void* EccKeyGenCtx; /* EccKeyGen Callback Context */ 4506 void* EccSignCtx; /* Ecc Sign Callback Context */ 4507 void* EccVerifyCtx; /* Ecc Verify Callback Context */ 4508 void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ 4509 #endif /* HAVE_ECC */ 4510 #ifdef HAVE_HKDF 4511 void* HkdfExtractCtx; /* Hkdf extract callback context */ 4512 #endif 4513 #ifdef HAVE_ED25519 4514 void* Ed25519SignCtx; /* ED25519 Sign Callback Context */ 4515 void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */ 4516 #endif 4517 #ifdef HAVE_CURVE25519 4518 void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ 4519 void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ 4520 #endif 4521 #ifdef HAVE_ED448 4522 void* Ed448SignCtx; /* ED448 Sign Callback Context */ 4523 void* Ed448VerifyCtx; /* ED448 Verify Callback Context */ 4524 #endif 4525 #ifdef HAVE_CURVE448 4526 void* X448KeyGenCtx; /* X448 KeyGen Callback Context */ 4527 void* X448SharedSecretCtx; /* X448 Pms Callback Context */ 4528 #endif 4529 #ifndef NO_DH 4530 void* DhAgreeCtx; /* DH Pms Callback Context */ 4531 #endif /* !NO_DH */ 4532 #ifndef NO_RSA 4533 void* RsaSignCtx; /* Rsa Sign Callback Context */ 4534 void* RsaVerifyCtx; /* Rsa Verify Callback Context */ 4535 #ifdef WC_RSA_PSS 4536 void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */ 4537 void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */ 4538 #endif 4539 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ 4540 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ 4541 #endif /* NO_RSA */ 4542 void* GenPreMasterCtx; /* Generate Premaster Callback Context */ 4543 void* GenMasterCtx; /* Generate Master Callback Context */ 4544 void* GenSessionKeyCtx; /* Generate Sesssion Key Callback Context */ 4545 void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */ 4546 void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */ 4547 void* VerifyMacCtx; /* Verify mac Callback Context */ 4548 #endif /* HAVE_PK_CALLBACKS */ 4549 #ifdef HAVE_SECRET_CALLBACK 4550 SessionSecretCb sessionSecretCb; 4551 void* sessionSecretCtx; 4552 #ifdef WOLFSSL_TLS13 4553 Tls13SecretCb tls13SecretCb; 4554 void* tls13SecretCtx; 4555 #endif 4556 #ifdef OPENSSL_EXTRA 4557 SessionSecretCb keyLogCb; 4558 #ifdef WOLFSSL_TLS13 4559 Tls13SecretCb tls13KeyLogCb; 4560 #endif 4561 #endif 4562 #endif /* HAVE_SECRET_CALLBACK */ 4563 #ifdef WOLFSSL_JNI 4564 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ 4565 #endif /* WOLFSSL_JNI */ 4566 #ifdef WOLFSSL_EARLY_DATA 4567 EarlyDataState earlyData; 4568 word32 earlyDataSz; 4569 byte earlyDataStatus; 4570 #endif 4571 #ifdef OPENSSL_ALL 4572 long verifyCallbackResult; 4573 #endif 4574 #if defined(OPENSSL_EXTRA) 4575 WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ 4576 WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ 4577 #ifdef KEEP_OUR_CERT 4578 WOLFSSL_STACK* ourCertChain; /* Used in wolfSSL_add1_chain_cert */ 4579 #endif 4580 #endif 4581 #ifdef WOLFSSL_STATIC_EPHEMERAL 4582 StaticKeyExchangeInfo_t staticKE; 4583 #endif 4584 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) 4585 /* Added in libest port: allow applications to get the 'tls-unique' Channel 4586 * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is 4587 * used in the EST protocol to bind an enrollment to a TLS session through 4588 * 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4 4589 * and https://tools.ietf.org/html/rfc7030#section-3.5). */ 4590 byte clientFinished[TLS_FINISHED_SZ_MAX]; 4591 byte serverFinished[TLS_FINISHED_SZ_MAX]; 4592 byte clientFinished_len; 4593 byte serverFinished_len; 4594 #endif 4595 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) 4596 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; 4597 #endif 4598 #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS) 4599 IOTSAFE iotsafe; 4600 #endif 4601 #ifdef WOLFSSL_LWIP_NATIVE 4602 WOLFSSL_LWIP_NATIVE_STATE lwipCtx; /* LwIP native socket IO Context */ 4603 #endif 4604 }; 4605 4606 /* 4607 * The SSL object may have its own certificate store. The below macros simplify 4608 * logic for choosing which WOLFSSL_CERT_MANAGER and WOLFSSL_X509_STORE to use. 4609 * Always use SSL specific objects when available and revert to CTX otherwise. 4610 */ 4611 #ifdef WOLFSSL_LOCAL_X509_STORE 4612 #define SSL_CM(ssl) (ssl->x509_store_pt ? ssl->x509_store_pt->cm : ssl->ctx->cm) 4613 #define SSL_STORE(ssl) (ssl->x509_store_pt ? ssl->x509_store_pt : \ 4614 (ssl->ctx->x509_store_pt ? ssl->ctx->x509_store_pt : \ 4615 &ssl->ctx->x509_store)) 4616 #else 4617 #define SSL_CM(ssl) ssl->ctx->cm 4618 #endif 4619 4620 #define SSL_CA_NAMES(ssl) (ssl->ca_names != NULL ? ssl->ca_names : \ 4621 ssl->ctx->ca_names) 4622 4623 WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr); 4624 WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); 4625 WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); 4626 WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap); 4627 WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ 4628 4629 4630 #ifndef NO_CERTS 4631 4632 WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, 4633 long sz, int format, int type, WOLFSSL* ssl, 4634 long* used, int userChain, int verify); 4635 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, 4636 int type, WOLFSSL* ssl, int userChain, 4637 WOLFSSL_CRL* crl, int verify); 4638 4639 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName, 4640 size_t domainNameLen); 4641 #endif 4642 4643 4644 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 4645 WOLFSSL_LOCAL 4646 void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*); 4647 WOLFSSL_LOCAL 4648 void FinishHandShakeInfo(HandShakeInfo*); 4649 WOLFSSL_LOCAL 4650 void AddPacketName(WOLFSSL* ssl, const char* name); 4651 4652 WOLFSSL_LOCAL 4653 void InitTimeoutInfo(TimeoutInfo*); 4654 WOLFSSL_LOCAL 4655 void FreeTimeoutInfo(TimeoutInfo*, void*); 4656 WOLFSSL_LOCAL 4657 void AddPacketInfo(WOLFSSL* ssl, const char* name, int type, 4658 const byte* data, int sz, int write, void* heap); 4659 WOLFSSL_LOCAL 4660 void AddLateName(const char*, TimeoutInfo*); 4661 WOLFSSL_LOCAL 4662 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); 4663 #endif 4664 4665 4666 /* Record Layer Header identifier from page 12 */ 4667 enum ContentType { 4668 no_type = 0, 4669 change_cipher_spec = 20, 4670 alert = 21, 4671 handshake = 22, 4672 application_data = 23 4673 }; 4674 4675 4676 /* handshake header, same for each message type, pgs 20/21 */ 4677 typedef struct HandShakeHeader { 4678 byte type; 4679 word24 length; 4680 } HandShakeHeader; 4681 4682 4683 /* DTLS handshake header, same for each message type */ 4684 typedef struct DtlsHandShakeHeader { 4685 byte type; 4686 word24 length; 4687 byte message_seq[2]; /* start at 0, retransmit gets same # */ 4688 word24 fragment_offset; /* bytes in previous fragments */ 4689 word24 fragment_length; /* length of this fragment */ 4690 } DtlsHandShakeHeader; 4691 4692 4693 enum HandShakeType { 4694 hello_request = 0, 4695 client_hello = 1, 4696 server_hello = 2, 4697 hello_verify_request = 3, /* DTLS addition */ 4698 session_ticket = 4, 4699 end_of_early_data = 5, 4700 hello_retry_request = 6, 4701 encrypted_extensions = 8, 4702 certificate = 11, 4703 server_key_exchange = 12, 4704 certificate_request = 13, 4705 server_hello_done = 14, 4706 certificate_verify = 15, 4707 client_key_exchange = 16, 4708 finished = 20, 4709 certificate_status = 22, 4710 key_update = 24, 4711 change_cipher_hs = 55, /* simulate unique handshake type for sanity 4712 checks. record layer change_cipher 4713 conflicts with handshake finished */ 4714 message_hash = 254, /* synthetic message type for TLS v1.3 */ 4715 no_shake = 255 /* used to initialize the DtlsMsg record */ 4716 }; 4717 4718 enum ProvisionSide { 4719 PROVISION_CLIENT = 1, 4720 PROVISION_SERVER = 2, 4721 PROVISION_CLIENT_SERVER = 3 4722 }; 4723 4724 4725 static const byte client[SIZEOF_SENDER+1] = { 0x43, 0x4C, 0x4E, 0x54, 0x00 }; /* CLNT */ 4726 static const byte server[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* SRVR */ 4727 4728 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; 4729 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; 4730 4731 #ifdef OPENSSL_EXTRA 4732 typedef struct { 4733 int name_len; 4734 const char *name; 4735 int nid; 4736 } WOLF_EC_NIST_NAME; 4737 extern const WOLF_EC_NIST_NAME kNistCurves[]; 4738 /* This is the longest and shortest curve name in the kNistCurves list. Note we 4739 * also have quantum-safe group names as well. */ 4740 #define kNistCurves_MIN_NAME_LEN 5 4741 #ifdef HAVE_PQC 4742 #define kNistCurves_MAX_NAME_LEN 32 4743 #else 4744 #define kNistCurves_MAX_NAME_LEN 7 4745 #endif 4746 #endif 4747 4748 /* internal functions */ 4749 WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); 4750 WOLFSSL_LOCAL int SendTicket(WOLFSSL*); 4751 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); 4752 WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); 4753 #ifdef WOLFSSL_TLS13 4754 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); 4755 #endif 4756 WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); 4757 WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); 4758 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 4759 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 4760 WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*); 4761 #endif 4762 #if defined(HAVE_SECURE_RENEGOTIATION) && \ 4763 defined(HAVE_SERVER_RENEGOTIATION_INFO) 4764 WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*); 4765 #endif 4766 WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); 4767 WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); 4768 WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); 4769 WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); 4770 WOLFSSL_LOCAL int SendFinished(WOLFSSL*); 4771 WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); 4772 WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); 4773 WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL*, int); 4774 4775 WOLFSSL_LOCAL const char* AlertTypeToString(int); 4776 4777 WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); 4778 WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); 4779 4780 WOLFSSL_LOCAL int AddSession(WOLFSSL*); 4781 WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); 4782 WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); 4783 4784 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); 4785 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); 4786 WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); 4787 WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl); 4788 4789 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); 4790 WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); 4791 WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); 4792 4793 WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); 4794 4795 WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); 4796 WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment); 4797 4798 #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS) 4799 WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl); 4800 WOLFSSL_LOCAL int wolfSSL_set_iotsafe_ctx(WOLFSSL *ssl, IOTSAFE *iotsafe); 4801 #endif 4802 4803 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) 4804 WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey); 4805 WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); 4806 #endif 4807 4808 WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, 4809 int *initTmpRng); 4810 4811 #ifndef NO_CERTS 4812 #ifndef NO_RSA 4813 #ifdef WC_RSA_PSS 4814 WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz, 4815 byte* out, word32 sigSz, enum wc_HashType hashType); 4816 WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, 4817 enum wc_HashType* hashType, int* mgf); 4818 #endif 4819 WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, 4820 word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo, 4821 int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo); 4822 WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, 4823 byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key, 4824 DerBuffer* keyBufInfo); 4825 WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, 4826 byte** out, int sigAlgo, int hashAlgo, RsaKey* key, 4827 buffer* keyBufInfo); 4828 WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, 4829 word32* outSz, RsaKey* key, DerBuffer* keyBufInfo); 4830 WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, 4831 word32* outSz, RsaKey* key, buffer* keyBufInfo); 4832 #endif /* !NO_RSA */ 4833 4834 #ifdef HAVE_ECC 4835 WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, 4836 byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo); 4837 WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, 4838 const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo); 4839 WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, 4840 ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out, 4841 word32* outlen, int side); 4842 #endif /* HAVE_ECC */ 4843 #ifdef HAVE_ED25519 4844 WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl); 4845 WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, 4846 byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo); 4847 WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in, 4848 word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key, 4849 buffer* keyBufInfo); 4850 #endif /* HAVE_ED25519 */ 4851 #ifdef HAVE_ED448 4852 WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl); 4853 WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, 4854 byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo); 4855 WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in, 4856 word32 inSz, const byte* msg, word32 msgSz, ed448_key* key, 4857 buffer* keyBufInfo); 4858 #endif /* HAVE_ED448 */ 4859 4860 4861 #ifdef WOLFSSL_TRUST_PEER_CERT 4862 4863 /* options for searching hash table for a matching trusted peer cert */ 4864 #define WC_MATCH_SKID 0 4865 #define WC_MATCH_NAME 1 4866 4867 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, 4868 int type); 4869 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, 4870 DecodedCert* cert); 4871 #endif 4872 4873 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); 4874 #ifndef NO_SKID 4875 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); 4876 #endif 4877 #endif /* !NO_CERTS */ 4878 WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, 4879 word32* hashLen); 4880 WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, 4881 const byte* sender); 4882 WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); 4883 WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); 4884 WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); 4885 4886 #ifndef NO_TLS 4887 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); 4888 #ifndef WOLFSSL_AEAD_ONLY 4889 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, 4890 word32 sz, int padSz, int content, int verify, int epochOrder); 4891 #endif 4892 #endif 4893 4894 #ifndef NO_WOLFSSL_CLIENT 4895 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); 4896 #ifdef WOLFSSL_TLS13 4897 WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*); 4898 #endif 4899 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); 4900 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); 4901 #endif /* NO_WOLFSSL_CLIENT */ 4902 4903 #ifndef NO_WOLFSSL_SERVER 4904 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); 4905 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); 4906 #endif /* NO_WOLFSSL_SERVER */ 4907 4908 #ifdef WOLFSSL_DTLS 4909 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); 4910 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); 4911 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); 4912 WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl); 4913 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte, 4914 word32, word32, void*); 4915 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32); 4916 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32, 4917 byte, word32, word32, void*); 4918 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); 4919 4920 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType); 4921 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); 4922 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); 4923 WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head); 4924 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); 4925 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); 4926 #endif /* WOLFSSL_DTLS */ 4927 4928 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) 4929 WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl); 4930 WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl); 4931 WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl); 4932 WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order); 4933 #endif 4934 WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl); 4935 4936 WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); 4937 4938 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) 4939 WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); 4940 4941 WOLFSSL_LOCAL int FindSuiteMac(WOLFSSL* ssl, byte* suite); 4942 #endif 4943 WOLFSSL_LOCAL word32 LowResTimer(void); 4944 4945 #ifndef NO_CERTS 4946 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*); 4947 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); 4948 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); 4949 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); 4950 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); 4951 #endif 4952 4953 #ifndef MAX_CIPHER_NAME 4954 #define MAX_CIPHER_NAME 50 4955 #endif 4956 4957 #ifdef WOLFSSL_NAMES_STATIC 4958 typedef char cipher_name[MAX_CIPHER_NAME]; 4959 #else 4960 typedef const char* cipher_name; 4961 #endif 4962 4963 typedef struct CipherSuiteInfo { 4964 cipher_name name; 4965 #ifndef NO_ERROR_STRINGS 4966 cipher_name name_iana; 4967 #endif 4968 byte cipherSuite0; 4969 byte cipherSuite; 4970 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ 4971 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) 4972 byte minor; 4973 byte major; 4974 #endif 4975 byte flags; 4976 } CipherSuiteInfo; 4977 4978 WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); 4979 WOLFSSL_LOCAL int GetCipherNamesSize(void); 4980 WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); 4981 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 4982 /* used in wolfSSL_sk_CIPHER_description */ 4983 #define MAX_SEGMENTS 5 4984 #define MAX_SEGMENT_SZ 20 4985 WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*); 4986 WOLFSSL_LOCAL const char* GetCipherSegment(const WOLFSSL_CIPHER* cipher, 4987 char n[][MAX_SEGMENT_SZ]); 4988 WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor); 4989 WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]); 4990 WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]); 4991 WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]); 4992 WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); 4993 WOLFSSL_LOCAL int SetCipherBits(const char* enc); 4994 WOLFSSL_LOCAL int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]); 4995 #endif 4996 WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); 4997 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); 4998 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); 4999 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, 5000 byte* cipherSuite, int* flags); 5001 5002 5003 enum encrypt_side { 5004 ENCRYPT_SIDE_ONLY = 1, 5005 DECRYPT_SIDE_ONLY, 5006 ENCRYPT_AND_DECRYPT_SIDE 5007 }; 5008 5009 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); 5010 5011 /* Set*Internal and Set*External functions */ 5012 WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa); 5013 WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa); 5014 #ifndef HAVE_USER_RSA 5015 WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa); 5016 WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa); 5017 #endif 5018 5019 typedef enum elem_set { 5020 ELEMENT_P = 0x01, 5021 ELEMENT_Q = 0x02, 5022 ELEMENT_G = 0x04, 5023 ELEMENT_PUB = 0x08, 5024 ELEMENT_PRV = 0x10, 5025 } Element_Set; 5026 WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, int elm ); 5027 WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); 5028 WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); 5029 5030 #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK)) 5031 WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, 5032 byte* priv, word32* privSz, 5033 byte* pub, word32* pubSz); 5034 WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey, 5035 const byte* priv, word32 privSz, 5036 const byte* otherPub, word32 otherPubSz, 5037 byte* agree, word32* agreeSz, 5038 const byte* prime, word32 primeSz); 5039 #endif /* !NO_DH */ 5040 5041 #ifdef HAVE_ECC 5042 WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer); 5043 WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum); 5044 #endif 5045 5046 WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); 5047 WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); 5048 5049 5050 #ifndef WOLFSSL_NO_TLS12 5051 WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args); 5052 #endif 5053 WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, 5054 const byte* input, int inSz, int type, int hashOutput, 5055 int sizeOnly, int asyncOkay, int epochOrder); 5056 5057 #ifdef WOLFSSL_TLS13 5058 int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, 5059 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay); 5060 #endif 5061 5062 WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey); 5063 WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); 5064 5065 #ifdef WOLFSSL_ASYNC_CRYPT 5066 WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags); 5067 WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state); 5068 WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev); 5069 #endif 5070 5071 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ 5072 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ 5073 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) 5074 WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store, 5075 X509_NAME* issuer, int Type); 5076 #endif 5077 #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) 5078 WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void); 5079 WOLFSSL_LOCAL void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash); 5080 WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void); 5081 WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_find( 5082 WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind); 5083 WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); 5084 WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( 5085 const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i); 5086 WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( 5087 WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk); 5088 WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, 5089 void (*f) (WOLFSSL_BY_DIR_HASH*)); 5090 WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); 5091 WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, 5092 WOLFSSL_BY_DIR_HASH* in); 5093 /* WOLFSSL_BY_DIR_entry stuff */ 5094 WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void); 5095 WOLFSSL_LOCAL void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry); 5096 WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void); 5097 WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk); 5098 WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( 5099 const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i); 5100 WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( 5101 WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk); 5102 WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, 5103 void (*f) (WOLFSSL_BY_DIR_entry*)); 5104 WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk); 5105 WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, 5106 WOLFSSL_BY_DIR_entry* in); 5107 #endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ 5108 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5109 WOLFSSL_LOCAL int oid2nid(word32 oid, int grp); 5110 WOLFSSL_LOCAL word32 nid2oid(int nid, int grp); 5111 #endif 5112 5113 #ifdef WOLFSSL_STATIC_EPHEMERAL 5114 WOLFSSL_LOCAL int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr); 5115 #endif 5116 5117 #ifdef __cplusplus 5118 } /* extern "C" */ 5119 #endif 5120 5121 #endif /* wolfSSL_INT_H */ 5122