/src/wolfssl-sp-math/wolfssl/internal.h
Line | Count | Source |
1 | | /* internal.h |
2 | | * |
3 | | * Copyright (C) 2006-2025 wolfSSL Inc. |
4 | | * |
5 | | * This file is part of wolfSSL. |
6 | | * |
7 | | * wolfSSL is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation; either version 3 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * wolfSSL is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, write to the Free Software |
19 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
20 | | */ |
21 | | |
22 | | |
23 | | |
24 | | #ifndef WOLFSSL_INT_H |
25 | | #define WOLFSSL_INT_H |
26 | | |
27 | | #include <wolfssl/wolfcrypt/types.h> |
28 | | #include <wolfssl/ssl.h> |
29 | | #include <wolfssl/wolfio.h> |
30 | | #ifdef HAVE_CRL |
31 | | #include <wolfssl/crl.h> |
32 | | #endif |
33 | | #include <wolfssl/wolfcrypt/random.h> |
34 | | #ifndef NO_DES3 |
35 | | #include <wolfssl/wolfcrypt/des3.h> |
36 | | #endif |
37 | | #ifdef HAVE_CHACHA |
38 | | #include <wolfssl/wolfcrypt/chacha.h> |
39 | | #endif |
40 | | #ifndef NO_ASN |
41 | | #include <wolfssl/wolfcrypt/asn.h> |
42 | | #include <wolfssl/wolfcrypt/pkcs12.h> |
43 | | #endif |
44 | | #ifndef NO_MD5 |
45 | | #include <wolfssl/wolfcrypt/md5.h> |
46 | | #endif |
47 | | #ifndef NO_SHA |
48 | | #include <wolfssl/wolfcrypt/sha.h> |
49 | | #endif |
50 | | #ifndef NO_AES |
51 | | #include <wolfssl/wolfcrypt/aes.h> |
52 | | #endif |
53 | | #ifdef HAVE_POLY1305 |
54 | | #include <wolfssl/wolfcrypt/poly1305.h> |
55 | | #endif |
56 | | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && defined(OPENSSL_EXTRA) |
57 | | #include <wolfssl/wolfcrypt/chacha20_poly1305.h> |
58 | | #endif |
59 | | #ifdef HAVE_ARIA |
60 | | #include <wolfssl/wolfcrypt/port/aria/aria-crypt.h> |
61 | | #endif |
62 | | #ifdef HAVE_CAMELLIA |
63 | | #include <wolfssl/wolfcrypt/camellia.h> |
64 | | #endif |
65 | | #ifdef WOLFSSL_SM4 |
66 | | #include <wolfssl/wolfcrypt/sm4.h> |
67 | | #endif |
68 | | #include <wolfssl/wolfcrypt/logging.h> |
69 | | #ifndef NO_HMAC |
70 | | #include <wolfssl/wolfcrypt/hmac.h> |
71 | | #endif |
72 | | #ifndef NO_RC4 |
73 | | #include <wolfssl/wolfcrypt/arc4.h> |
74 | | #endif |
75 | | #ifndef NO_SHA256 |
76 | | #include <wolfssl/wolfcrypt/sha256.h> |
77 | | #endif |
78 | | #if defined(WOLFSSL_SHA384) |
79 | | #include <wolfssl/wolfcrypt/sha512.h> |
80 | | #endif |
81 | | #ifdef HAVE_OCSP |
82 | | #include <wolfssl/ocsp.h> |
83 | | #endif |
84 | | #ifdef WOLFSSL_QUIC |
85 | | #include <wolfssl/quic.h> |
86 | | #endif |
87 | | #ifdef WOLFSSL_SHA384 |
88 | | #include <wolfssl/wolfcrypt/sha512.h> |
89 | | #endif |
90 | | #ifdef WOLFSSL_SHA512 |
91 | | #include <wolfssl/wolfcrypt/sha512.h> |
92 | | #endif |
93 | | #ifdef WOLFSSL_SM3 |
94 | | #include <wolfssl/wolfcrypt/sm3.h> |
95 | | #endif |
96 | | #ifdef HAVE_AESGCM |
97 | | #include <wolfssl/wolfcrypt/sha512.h> |
98 | | #endif |
99 | | #ifdef WOLFSSL_RIPEMD |
100 | | #include <wolfssl/wolfcrypt/ripemd.h> |
101 | | #endif |
102 | | #ifndef NO_RSA |
103 | | #include <wolfssl/wolfcrypt/rsa.h> |
104 | | #endif |
105 | | #ifdef HAVE_ECC |
106 | | #include <wolfssl/wolfcrypt/ecc.h> |
107 | | #endif |
108 | | #ifdef WOLFSSL_SM2 |
109 | | #include <wolfssl/wolfcrypt/sm2.h> |
110 | | #endif |
111 | | #ifndef NO_DH |
112 | | #include <wolfssl/wolfcrypt/dh.h> |
113 | | #endif |
114 | | #ifdef HAVE_ED25519 |
115 | | #include <wolfssl/wolfcrypt/ed25519.h> |
116 | | #endif |
117 | | #ifdef HAVE_CURVE25519 |
118 | | #include <wolfssl/wolfcrypt/curve25519.h> |
119 | | #endif |
120 | | #ifdef HAVE_ED448 |
121 | | #include <wolfssl/wolfcrypt/ed448.h> |
122 | | #endif |
123 | | #ifdef HAVE_CURVE448 |
124 | | #include <wolfssl/wolfcrypt/curve448.h> |
125 | | #endif |
126 | | #ifdef HAVE_FALCON |
127 | | #include <wolfssl/wolfcrypt/falcon.h> |
128 | | #endif |
129 | | #ifdef HAVE_DILITHIUM |
130 | | #include <wolfssl/wolfcrypt/dilithium.h> |
131 | | #endif |
132 | | #ifdef HAVE_HKDF |
133 | | #include <wolfssl/wolfcrypt/kdf.h> |
134 | | #endif |
135 | | #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB |
136 | | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ |
137 | | !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ |
138 | | !defined(WOLFSSL_TICKET_ENC_AES256_GCM) |
139 | | #include <wolfssl/wolfcrypt/chacha20_poly1305.h> |
140 | | #else |
141 | | #include <wolfssl/wolfcrypt/aes.h> |
142 | | #endif |
143 | | #endif |
144 | | |
145 | | #include <wolfssl/wolfcrypt/wc_encrypt.h> |
146 | | #include <wolfssl/wolfcrypt/hash.h> |
147 | | |
148 | | #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) |
149 | | #include <wolfssl/callbacks.h> |
150 | | #endif |
151 | | #ifdef WOLFSSL_CALLBACKS |
152 | | #include <signal.h> |
153 | | #endif |
154 | | |
155 | | #ifdef WOLFSSL_APACHE_MYNEWT |
156 | | #if !defined(WOLFSSL_LWIP) |
157 | | void mynewt_ctx_clear(void *ctx); |
158 | | void* mynewt_ctx_new(); |
159 | | #endif |
160 | | #endif |
161 | | |
162 | | #if !defined(WOLFCRYPT_ONLY) && !defined(INT_MAX) |
163 | | /* Needed for TLS/DTLS limit checking (Added in 91aad90c59 Jan 24, 2025) */ |
164 | | #include <limits.h> |
165 | | #endif |
166 | | |
167 | | |
168 | | #ifdef HAVE_LIBZ |
169 | | #include "zlib.h" |
170 | | #endif |
171 | | |
172 | | #ifdef WOLFSSL_ASYNC_CRYPT |
173 | | #include <wolfssl/wolfcrypt/async.h> |
174 | | #endif |
175 | | |
176 | | #ifdef OPENSSL_EXTRA |
177 | | #ifdef WOLFCRYPT_HAVE_SRP |
178 | | #include <wolfssl/wolfcrypt/srp.h> |
179 | | #endif |
180 | | #endif |
181 | | |
182 | | #ifdef _MSC_VER |
183 | | /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ |
184 | | #pragma warning(disable: 4996) |
185 | | #endif |
186 | | |
187 | | #ifdef NO_SHA |
188 | | #define WC_SHA_DIGEST_SIZE 20 |
189 | | #endif |
190 | | |
191 | | #ifdef NO_SHA256 |
192 | | #define WC_SHA256_DIGEST_SIZE 32 |
193 | | #endif |
194 | | |
195 | | #ifdef NO_MD5 |
196 | | #define WC_MD5_DIGEST_SIZE 16 |
197 | | #endif |
198 | | |
199 | | #ifdef WOLFSSL_IOTSAFE |
200 | | #include <wolfssl/wolfcrypt/port/iotsafe/iotsafe.h> |
201 | | #endif |
202 | | |
203 | | #if defined(WOLFSSL_RENESAS_TSIP_TLS) |
204 | | #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h> |
205 | | #endif |
206 | | |
207 | | #include <wolfssl/wolfcrypt/hpke.h> |
208 | | |
209 | | #if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_KEYLOGFILE) |
210 | | #include <wolfssl/sniffer.h> |
211 | | #endif /* WOLFSSL_SNIFFER && WOLFSSL_SNIFFER_KEYLOGFILE */ |
212 | | |
213 | | #ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION |
214 | | #include <CoreFoundation/CoreFoundation.h> |
215 | | #endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ |
216 | | |
217 | | #ifdef __cplusplus |
218 | | extern "C" { |
219 | | #endif |
220 | | |
221 | | /* Define or comment out the cipher suites you'd like to be compiled in |
222 | | make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined |
223 | | |
224 | | When adding cipher suites, add name to cipher_names, idx to cipher_name_idx |
225 | | |
226 | | Now that there is a maximum strength crypto build, the following BUILD_XXX |
227 | | flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. |
228 | | Those that do not use Perfect Forward Security and do not use AEAD ciphers |
229 | | need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or |
230 | | CHACHA-POLY. |
231 | | */ |
232 | | |
233 | | /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are |
234 | | * not turned off. */ |
235 | | #if defined(WOLFSSL_MAX_STRENGTH) && \ |
236 | | ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ |
237 | | (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ |
238 | | (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ |
239 | | (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ |
240 | | !defined(NO_OLD_TLS)) |
241 | | |
242 | | #error "You are trying to build max strength with requirements disabled." |
243 | | #endif |
244 | | |
245 | | #ifndef WOLFSSL_NO_TLS12 |
246 | | |
247 | | #ifndef WOLFSSL_MAX_STRENGTH |
248 | | |
249 | | #ifdef WOLFSSL_AEAD_ONLY |
250 | | /* AES CBC ciphers are not allowed in AEAD only mode */ |
251 | | #undef HAVE_AES_CBC |
252 | | #endif |
253 | | |
254 | | /* When adding new ciphersuites, make sure that they have appropriate |
255 | | * guards for WOLFSSL_HARDEN_TLS. */ |
256 | | #if defined(WOLFSSL_HARDEN_TLS) && \ |
257 | | !defined(WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES) |
258 | | /* Use a separate define (undef'ed later) to simplify macro logic. */ |
259 | | #define WSSL_HARDEN_TLS WOLFSSL_HARDEN_TLS |
260 | | #define NO_TLS_DH |
261 | | #endif |
262 | | |
263 | | #ifndef WOLFSSL_AEAD_ONLY |
264 | | #if !defined(NO_RSA) && !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS) |
265 | | /* MUST NOT negotiate RC4 cipher suites |
266 | | * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
267 | | #if defined(WOLFSSL_STATIC_RSA) |
268 | | #if !defined(NO_SHA) |
269 | | #define BUILD_SSL_RSA_WITH_RC4_128_SHA |
270 | | #endif |
271 | | #if !defined(NO_MD5) |
272 | | #define BUILD_SSL_RSA_WITH_RC4_128_MD5 |
273 | | #endif |
274 | | #endif |
275 | | #endif |
276 | | |
277 | | #if !defined(NO_RSA) && !defined(NO_DES3) && !defined(NO_DES3_TLS_SUITES) |
278 | | #if !defined(NO_SHA) |
279 | | #if defined(WOLFSSL_STATIC_RSA) |
280 | | #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA |
281 | | #endif |
282 | | #endif |
283 | | #endif |
284 | | #endif /* !WOLFSSL_AEAD_ONLY */ |
285 | | |
286 | | #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) |
287 | | #if !defined(NO_SHA) && defined(HAVE_AES_CBC) |
288 | | #if defined(WOLFSSL_STATIC_RSA) |
289 | | #ifdef WOLFSSL_AES_128 |
290 | | #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA |
291 | | #endif |
292 | | #ifdef WOLFSSL_AES_256 |
293 | | #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA |
294 | | #endif |
295 | | #endif |
296 | | #endif |
297 | | #if defined(WOLFSSL_STATIC_RSA) |
298 | | #if !defined (NO_SHA256) && defined(HAVE_AES_CBC) |
299 | | #ifdef WOLFSSL_AES_128 |
300 | | #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 |
301 | | #endif |
302 | | #ifdef WOLFSSL_AES_256 |
303 | | #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 |
304 | | #endif |
305 | | #endif |
306 | | #if defined (HAVE_AESGCM) |
307 | | #ifdef WOLFSSL_AES_128 |
308 | | #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 |
309 | | #endif |
310 | | #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
311 | | #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 |
312 | | #endif |
313 | | #endif |
314 | | #if defined (HAVE_AESCCM) |
315 | | #ifdef WOLFSSL_AES_128 |
316 | | #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 |
317 | | #endif |
318 | | #ifdef WOLFSSL_AES_256 |
319 | | #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 |
320 | | #endif |
321 | | #endif |
322 | | #endif |
323 | | #endif |
324 | | |
325 | | #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC) |
326 | | #ifndef NO_RSA |
327 | | #if defined(WOLFSSL_STATIC_RSA) |
328 | | #if !defined(NO_SHA) |
329 | | #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
330 | | #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
331 | | #endif |
332 | | #ifndef NO_SHA256 |
333 | | #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
334 | | #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
335 | | #endif |
336 | | #endif |
337 | | #if !defined(NO_DH) && !defined(NO_TLS_DH) |
338 | | /* SHOULD NOT negotiate cipher suites based on ephemeral |
339 | | * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" |
340 | | * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
341 | | #if !defined(NO_SHA) |
342 | | #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
343 | | #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
344 | | #endif |
345 | | #ifndef NO_SHA256 |
346 | | #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
347 | | #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
348 | | #endif |
349 | | #endif |
350 | | #endif |
351 | | #endif |
352 | | |
353 | | #if defined(WOLFSSL_STATIC_PSK) |
354 | | #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) |
355 | | #if !defined(NO_SHA) |
356 | | #ifdef WOLFSSL_AES_128 |
357 | | #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA |
358 | | #endif |
359 | | #ifdef WOLFSSL_AES_256 |
360 | | #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA |
361 | | #endif |
362 | | #endif |
363 | | #ifndef NO_SHA256 |
364 | | #ifdef WOLFSSL_AES_128 |
365 | | #ifdef HAVE_AES_CBC |
366 | | #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 |
367 | | #endif |
368 | | #ifdef HAVE_AESGCM |
369 | | #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 |
370 | | #endif |
371 | | #endif /* WOLFSSL_AES_128 */ |
372 | | #ifdef HAVE_AESCCM |
373 | | #ifdef WOLFSSL_AES_128 |
374 | | #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 |
375 | | #define BUILD_TLS_PSK_WITH_AES_128_CCM |
376 | | #endif |
377 | | #ifdef WOLFSSL_AES_256 |
378 | | #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 |
379 | | #define BUILD_TLS_PSK_WITH_AES_256_CCM |
380 | | #endif |
381 | | #endif |
382 | | #endif |
383 | | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
384 | | #ifdef HAVE_AES_CBC |
385 | | #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 |
386 | | #endif |
387 | | #ifdef HAVE_AESGCM |
388 | | #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 |
389 | | #endif |
390 | | #endif |
391 | | #endif |
392 | | #endif |
393 | | |
394 | | #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) |
395 | | #if !defined(NO_RSA) |
396 | | #if defined(WOLFSSL_STATIC_RSA) |
397 | | #ifndef NO_MD5 |
398 | | #define BUILD_TLS_RSA_WITH_NULL_MD5 |
399 | | #endif |
400 | | #if !defined(NO_SHA) |
401 | | #define BUILD_TLS_RSA_WITH_NULL_SHA |
402 | | #endif |
403 | | #ifndef NO_SHA256 |
404 | | #define BUILD_TLS_RSA_WITH_NULL_SHA256 |
405 | | #endif |
406 | | #endif |
407 | | #endif |
408 | | #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) |
409 | | #if !defined(NO_SHA) |
410 | | #define BUILD_TLS_PSK_WITH_NULL_SHA |
411 | | #endif |
412 | | #ifndef NO_SHA256 |
413 | | #define BUILD_TLS_PSK_WITH_NULL_SHA256 |
414 | | #endif |
415 | | #ifdef WOLFSSL_SHA384 |
416 | | #define BUILD_TLS_PSK_WITH_NULL_SHA384 |
417 | | #endif |
418 | | #endif |
419 | | #endif |
420 | | |
421 | | #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ |
422 | | !defined(NO_RSA) && !defined(NO_TLS_DH) |
423 | | /* SHOULD NOT negotiate cipher suites based on ephemeral |
424 | | * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" |
425 | | * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
426 | | |
427 | | #if !defined(NO_SHA) |
428 | | #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) |
429 | | #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
430 | | #endif |
431 | | #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) |
432 | | #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
433 | | #endif |
434 | | #if !defined(NO_DES3) && !defined(NO_DES3_TLS_SUITES) |
435 | | #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
436 | | #endif |
437 | | #endif |
438 | | #if !defined(NO_SHA256) && defined(HAVE_AES_CBC) |
439 | | #ifdef WOLFSSL_AES_128 |
440 | | #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
441 | | #endif |
442 | | #ifdef WOLFSSL_AES_256 |
443 | | #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
444 | | #endif |
445 | | #endif |
446 | | #endif |
447 | | |
448 | | #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ |
449 | | !defined(NO_AES) |
450 | | #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && \ |
451 | | defined(WOLFSSL_AES_128) |
452 | | #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA |
453 | | #endif |
454 | | #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \ |
455 | | defined(WOLFSSL_AES_256) |
456 | | #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 |
457 | | #endif |
458 | | #endif |
459 | | |
460 | | #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \ |
461 | | !defined(NO_TLS_DH) |
462 | | /* SHOULD NOT negotiate cipher suites based on ephemeral |
463 | | * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" |
464 | | * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
465 | | #ifndef NO_SHA256 |
466 | | #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \ |
467 | | defined(HAVE_AES_CBC) |
468 | | #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
469 | | #endif |
470 | | #ifdef HAVE_NULL_CIPHER |
471 | | #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 |
472 | | #endif |
473 | | #endif |
474 | | #ifdef WOLFSSL_SHA384 |
475 | | #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \ |
476 | | defined(HAVE_AES_CBC) |
477 | | #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
478 | | #endif |
479 | | #ifdef HAVE_NULL_CIPHER |
480 | | #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 |
481 | | #endif |
482 | | #endif |
483 | | #endif |
484 | | |
485 | | #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ |
486 | | defined(HAVE_CURVE448)) && !defined(NO_TLS) |
487 | | #if !defined(NO_AES) |
488 | | #if !defined(NO_SHA) && defined(HAVE_AES_CBC) |
489 | | #if !defined(NO_RSA) |
490 | | #ifdef WOLFSSL_AES_128 |
491 | | #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
492 | | #endif |
493 | | #ifdef WOLFSSL_AES_256 |
494 | | #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
495 | | #endif |
496 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
497 | | #ifdef WOLFSSL_AES_128 |
498 | | #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
499 | | #endif |
500 | | #ifdef WOLFSSL_AES_256 |
501 | | #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
502 | | #endif |
503 | | #endif |
504 | | #endif |
505 | | |
506 | | #if defined(HAVE_ECC) || \ |
507 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
508 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
509 | | #ifdef WOLFSSL_AES_128 |
510 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
511 | | #endif |
512 | | #ifdef WOLFSSL_AES_256 |
513 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
514 | | #endif |
515 | | #endif |
516 | | |
517 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
518 | | #ifdef WOLFSSL_AES_128 |
519 | | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
520 | | #endif |
521 | | #ifdef WOLFSSL_AES_256 |
522 | | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
523 | | #endif |
524 | | #endif |
525 | | #endif /* NO_SHA */ |
526 | | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ |
527 | | defined(HAVE_AES_CBC) |
528 | | #if !defined(NO_RSA) |
529 | | #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
530 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
531 | | #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
532 | | #endif |
533 | | #endif |
534 | | #if defined(HAVE_ECC) || \ |
535 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
536 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
537 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
538 | | #endif |
539 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
540 | | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
541 | | #endif |
542 | | #endif |
543 | | |
544 | | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ |
545 | | defined(HAVE_AES_CBC) |
546 | | #if !defined(NO_RSA) |
547 | | #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
548 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
549 | | #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
550 | | #endif |
551 | | #endif |
552 | | #if defined(HAVE_ECC) || \ |
553 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
554 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
555 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
556 | | #endif |
557 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
558 | | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
559 | | #endif |
560 | | #endif |
561 | | |
562 | | #if defined (HAVE_AESGCM) |
563 | | #if !defined(NO_RSA) |
564 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
565 | | #ifdef WOLFSSL_AES_128 |
566 | | #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
567 | | #endif |
568 | | #endif |
569 | | #if defined(WOLFSSL_SHA384) |
570 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
571 | | #ifdef WOLFSSL_AES_256 |
572 | | #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
573 | | #endif |
574 | | #endif |
575 | | #endif |
576 | | #endif |
577 | | |
578 | | #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \ |
579 | | defined(HAVE_ECC) |
580 | | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
581 | | #endif |
582 | | |
583 | | #if defined(WOLFSSL_SHA384) |
584 | | #if defined(WOLFSSL_STATIC_DH) && \ |
585 | | defined(WOLFSSL_AES_256) && defined(HAVE_ECC) |
586 | | #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
587 | | #endif |
588 | | #endif |
589 | | #endif |
590 | | #endif /* NO_AES */ |
591 | | #ifdef HAVE_ARIA |
592 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 |
593 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 |
594 | | #endif /* HAVE_ARIA */ |
595 | | #if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS) |
596 | | /* MUST NOT negotiate RC4 cipher suites |
597 | | * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
598 | | #if !defined(NO_SHA) |
599 | | #if !defined(NO_RSA) |
600 | | #ifndef WOLFSSL_AEAD_ONLY |
601 | | #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
602 | | #endif |
603 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
604 | | #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA |
605 | | #endif |
606 | | #endif |
607 | | |
608 | | #if defined(HAVE_ECC) || \ |
609 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
610 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
611 | | #ifndef WOLFSSL_AEAD_ONLY |
612 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
613 | | #endif |
614 | | #endif |
615 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
616 | | #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
617 | | #endif |
618 | | #endif |
619 | | #endif |
620 | | #if !defined(NO_DES3) && !(defined(WSSL_HARDEN_TLS) && \ |
621 | | WSSL_HARDEN_TLS > 112) && \ |
622 | | !defined(NO_DES3_TLS_SUITES) |
623 | | /* 3DES offers only 112 bits of security. |
624 | | * Using guidance from section 5.6.1 |
625 | | * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ |
626 | | #ifndef NO_SHA |
627 | | #if !defined(NO_RSA) |
628 | | #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
629 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
630 | | #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
631 | | #endif |
632 | | #endif |
633 | | |
634 | | #if defined(HAVE_ECC) || \ |
635 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
636 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
637 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
638 | | #endif |
639 | | #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) |
640 | | #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
641 | | #endif |
642 | | #endif /* NO_SHA */ |
643 | | #endif |
644 | | #if defined(HAVE_NULL_CIPHER) |
645 | | #if !defined(NO_SHA) |
646 | | #if defined(HAVE_ECC) || \ |
647 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
648 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
649 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA |
650 | | #endif |
651 | | #endif |
652 | | #if !defined(NO_PSK) && !defined(NO_SHA256) |
653 | | #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 |
654 | | #endif |
655 | | #endif |
656 | | #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ |
657 | | defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) |
658 | | #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 |
659 | | #endif |
660 | | #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ |
661 | | defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) |
662 | | #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 |
663 | | #endif |
664 | | #endif |
665 | | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) |
666 | | #if !defined(NO_OLD_POLY1305) |
667 | | #if defined(HAVE_ECC) || \ |
668 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
669 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
670 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 |
671 | | #endif |
672 | | #if !defined(NO_RSA) && defined(HAVE_ECC) |
673 | | #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 |
674 | | #endif |
675 | | #if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH) |
676 | | /* SHOULD NOT negotiate cipher suites based on ephemeral |
677 | | * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" |
678 | | * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
679 | | #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 |
680 | | #endif |
681 | | #endif /* NO_OLD_POLY1305 */ |
682 | | #if !defined(NO_PSK) |
683 | | #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 |
684 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ |
685 | | defined(HAVE_ED448) |
686 | | #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |
687 | | #endif |
688 | | #if !defined(NO_DH) && !defined(NO_TLS_DH) |
689 | | /* SHOULD NOT negotiate cipher suites based on ephemeral |
690 | | * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" |
691 | | * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
692 | | #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |
693 | | #endif |
694 | | #endif /* !NO_PSK */ |
695 | | #endif |
696 | | |
697 | | #endif /* !WOLFSSL_MAX_STRENGTH */ |
698 | | |
699 | | #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ |
700 | | !defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(NO_TLS_DH) |
701 | | /* SHOULD NOT negotiate cipher suites based on ephemeral |
702 | | * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" |
703 | | * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
704 | | |
705 | | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
706 | | #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
707 | | #endif |
708 | | |
709 | | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
710 | | #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
711 | | #endif |
712 | | #endif |
713 | | |
714 | | #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \ |
715 | | !defined(NO_TLS_DH) |
716 | | /* SHOULD NOT negotiate cipher suites based on ephemeral |
717 | | * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" |
718 | | * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
719 | | #ifndef NO_SHA256 |
720 | | #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) |
721 | | #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
722 | | #endif |
723 | | #ifdef HAVE_AESCCM |
724 | | #ifdef WOLFSSL_AES_128 |
725 | | #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM |
726 | | #endif |
727 | | #ifdef WOLFSSL_AES_256 |
728 | | #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM |
729 | | #endif |
730 | | #endif |
731 | | #endif |
732 | | #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \ |
733 | | defined(WOLFSSL_AES_256) |
734 | | #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
735 | | #endif |
736 | | #endif |
737 | | |
738 | | #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \ |
739 | | && !defined(NO_TLS) && !defined(NO_AES) |
740 | | #ifdef HAVE_AESGCM |
741 | | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
742 | | #if defined(HAVE_ECC) || \ |
743 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
744 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
745 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
746 | | #endif |
747 | | #ifndef NO_RSA |
748 | | #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
749 | | #endif |
750 | | #endif |
751 | | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
752 | | #if defined(HAVE_ECC) || \ |
753 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
754 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
755 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
756 | | #endif |
757 | | #ifndef NO_RSA |
758 | | #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
759 | | #endif |
760 | | #endif |
761 | | #endif |
762 | | #if defined(HAVE_AESCCM) && !defined(NO_SHA256) |
763 | | #if defined(HAVE_ECC) || \ |
764 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
765 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
766 | | #ifdef WOLFSSL_AES_128 |
767 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM |
768 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 |
769 | | #endif |
770 | | #ifdef WOLFSSL_AES_256 |
771 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
772 | | #endif |
773 | | #endif |
774 | | #endif |
775 | | #endif |
776 | | |
777 | | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) |
778 | | #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) |
779 | | #if defined(HAVE_ECC) || \ |
780 | | (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ |
781 | | (defined(HAVE_CURVE448) && defined(HAVE_ED448)) |
782 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
783 | | #endif |
784 | | #ifndef NO_RSA |
785 | | #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
786 | | #endif |
787 | | #endif |
788 | | #if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH) |
789 | | /* SHOULD NOT negotiate cipher suites based on ephemeral |
790 | | * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" |
791 | | * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
792 | | #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
793 | | #endif |
794 | | #endif |
795 | | |
796 | | #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) |
797 | | #ifdef WOLFSSL_SM4_CBC |
798 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 |
799 | | #endif |
800 | | #ifdef WOLFSSL_SM4_GCM |
801 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 |
802 | | #endif |
803 | | #ifdef WOLFSSL_SM4_CCM |
804 | | #define BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 |
805 | | #endif |
806 | | #endif |
807 | | #endif |
808 | | |
809 | | #if defined(WOLFSSL_TLS13) |
810 | | #ifdef HAVE_AESGCM |
811 | | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
812 | | #define BUILD_TLS_AES_128_GCM_SHA256 |
813 | | #endif |
814 | | #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) |
815 | | #define BUILD_TLS_AES_256_GCM_SHA384 |
816 | | #endif |
817 | | #endif |
818 | | |
819 | | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) |
820 | | #ifndef NO_SHA256 |
821 | | #define BUILD_TLS_CHACHA20_POLY1305_SHA256 |
822 | | #endif |
823 | | #endif |
824 | | |
825 | | #ifdef HAVE_AESCCM |
826 | | #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) |
827 | | #define BUILD_TLS_AES_128_CCM_SHA256 |
828 | | #define BUILD_TLS_AES_128_CCM_8_SHA256 |
829 | | #endif |
830 | | #endif |
831 | | #ifdef HAVE_NULL_CIPHER |
832 | | #ifndef NO_SHA256 |
833 | | #define BUILD_TLS_SHA256_SHA256 |
834 | | #endif |
835 | | #ifdef WOLFSSL_SHA384 |
836 | | #define BUILD_TLS_SHA384_SHA384 |
837 | | #endif |
838 | | #endif |
839 | | |
840 | | #ifdef WOLFSSL_SM3 |
841 | | #ifdef WOLFSSL_SM4_GCM |
842 | | #define BUILD_TLS_SM4_GCM_SM3 |
843 | | #endif |
844 | | |
845 | | #ifdef WOLFSSL_SM4_CCM |
846 | | #define BUILD_TLS_SM4_CCM_SM3 |
847 | | #endif |
848 | | #endif |
849 | | #endif |
850 | | |
851 | | #if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && \ |
852 | | (defined(NO_DH) || !defined(HAVE_ANON)) && \ |
853 | | defined(NO_RSA) && !defined(HAVE_ECC) && \ |
854 | | !defined(HAVE_ED25519) && !defined(HAVE_ED448) |
855 | | #error "No cipher suites available with this build" |
856 | | #endif |
857 | | |
858 | | #ifdef WOLFSSL_MULTICAST |
859 | | #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) |
860 | | #define BUILD_WDM_WITH_NULL_SHA256 |
861 | | #endif |
862 | | #endif |
863 | | |
864 | | #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ |
865 | | defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) |
866 | | #define BUILD_ARC4 |
867 | | #endif |
868 | | |
869 | | #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) |
870 | | #define BUILD_DES3 |
871 | | #endif |
872 | | |
873 | | #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ |
874 | | defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ |
875 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ |
876 | | defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) |
877 | | #undef BUILD_AES |
878 | | #define BUILD_AES |
879 | | #endif |
880 | | |
881 | | #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ |
882 | | defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ |
883 | | defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \ |
884 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ |
885 | | defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ |
886 | | defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ |
887 | | defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ |
888 | | defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ |
889 | | defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \ |
890 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ |
891 | | defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ |
892 | | defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \ |
893 | | defined(BUILD_TLS_AES_128_GCM_SHA256) || \ |
894 | | defined(BUILD_TLS_AES_256_GCM_SHA384) |
895 | | #define BUILD_AESGCM |
896 | | #else |
897 | | /* No AES-GCM cipher suites available with build */ |
898 | | #define NO_AESGCM_AEAD |
899 | | #endif |
900 | | |
901 | | #if defined(BUILD_TLS_RSA_WITH_AES_128_CCM_8) || \ |
902 | | defined(BUILD_TLS_RSA_WITH_AES_256_CCM_8) || \ |
903 | | defined(BUILD_TLS_PSK_WITH_AES_128_CCM_8) || \ |
904 | | defined(BUILD_TLS_PSK_WITH_AES_128_CCM) || \ |
905 | | defined(BUILD_TLS_PSK_WITH_AES_256_CCM_8) || \ |
906 | | defined(BUILD_TLS_PSK_WITH_AES_256_CCM) || \ |
907 | | defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CCM) || \ |
908 | | defined(BUILD_TLS_DHE_PSK_WITH_AES_256_CCM) || \ |
909 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM) || \ |
910 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8) || \ |
911 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8) || \ |
912 | | defined(BUILD_TLS_AES_128_CCM_SHA256) || \ |
913 | | defined(BUILD_TLS_AES_128_CCM_8_SHA256) |
914 | | #define BUILD_AESCCM |
915 | | #else |
916 | | /* No AES-CCM cipher suites available with build */ |
917 | | #define NO_AESCCM_AEAD |
918 | | #endif |
919 | | |
920 | | #if defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256) || \ |
921 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384) |
922 | | #define BUILD_ARIA |
923 | | #endif |
924 | | |
925 | | #if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ |
926 | | defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ |
927 | | defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ |
928 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \ |
929 | | defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ |
930 | | defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ |
931 | | defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ |
932 | | defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ |
933 | | defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ |
934 | | defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) |
935 | | /* Have an available ChaCha Poly cipher suite */ |
936 | | #else |
937 | | /* No ChaCha Poly cipher suites available with build */ |
938 | | #define NO_CHAPOL_AEAD |
939 | | #endif |
940 | | |
941 | | #ifdef NO_DES3 |
942 | | #define DES_BLOCK_SIZE 8 |
943 | | #else |
944 | | #undef BUILD_DES3 |
945 | | #define BUILD_DES3 |
946 | | #endif |
947 | | |
948 | | #if defined(NO_AES) || !defined(HAVE_AES_DECRYPT) |
949 | | #undef WC_AES_BLOCK_SIZE |
950 | | #define WC_AES_BLOCK_SIZE 16 |
951 | | #undef BUILD_AES |
952 | | #else |
953 | | #undef BUILD_AES |
954 | | #define BUILD_AES |
955 | | #endif |
956 | | |
957 | | #if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS) |
958 | | /* MUST NOT negotiate RC4 cipher suites |
959 | | * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ |
960 | | #undef BUILD_ARC4 |
961 | | #define BUILD_ARC4 |
962 | | #endif |
963 | | |
964 | | #ifdef HAVE_CHACHA |
965 | 0 | #define CHACHA20_BLOCK_SIZE 16 |
966 | | #endif |
967 | | |
968 | | #if defined(WOLFSSL_MAX_STRENGTH) || \ |
969 | | (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \ |
970 | | defined(HAVE_AESCCM) || \ |
971 | | defined(HAVE_ARIA) || \ |
972 | | (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ |
973 | | !defined(NO_CHAPOL_AEAD)) || \ |
974 | | defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \ |
975 | | (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)) |
976 | | |
977 | | #define HAVE_AEAD |
978 | | #endif |
979 | | |
980 | | #if defined(WOLFSSL_MAX_STRENGTH) || \ |
981 | | defined(HAVE_ECC) || !defined(NO_DH) |
982 | | |
983 | | #define HAVE_PFS |
984 | | #endif |
985 | | |
986 | | #ifdef WSSL_HARDEN_TLS |
987 | | #ifdef HAVE_NULL_CIPHER |
988 | | #error "NULL ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1" |
989 | | #endif |
990 | | #ifdef WOLFSSL_STATIC_RSA |
991 | | #error "Static RSA ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1" |
992 | | #endif |
993 | | #ifdef WOLFSSL_STATIC_DH |
994 | | #error "Static DH ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1" |
995 | | #endif |
996 | | #ifdef HAVE_ANON |
997 | | #error "At least the server side has to be authenticated" |
998 | | #endif |
999 | | #endif |
1000 | | |
1001 | | #undef WSSL_HARDEN_TLS |
1002 | | |
1003 | | /* CA Names feature */ |
1004 | | #if !defined(WOLFSSL_NO_CA_NAMES) && defined(OPENSSL_EXTRA) |
1005 | | #define SSL_CLIENT_CA_NAMES(ssl) ((ssl)->client_ca_names != NULL ? \ |
1006 | | (ssl)->client_ca_names : \ |
1007 | | (ssl)->ctx->client_ca_names) |
1008 | | #define SSL_CA_NAMES(ssl) ((ssl)->ca_names != NULL ? \ |
1009 | | (ssl)->ca_names : \ |
1010 | | (ssl)->ctx->ca_names) |
1011 | | /* On the server, client_ca_names has priority over ca_names if both are |
1012 | | * set. This mimics OpenSSL's API: |
1013 | | * https://docs.openssl.org/3.6/man3/SSL_CTX_set0_CA_list/ */ |
1014 | | #define SSL_PRIORITY_CA_NAMES(ssl) \ |
1015 | | (((ssl)->options.side == WOLFSSL_SERVER_END && \ |
1016 | | SSL_CLIENT_CA_NAMES(ssl) != NULL) ? \ |
1017 | | SSL_CLIENT_CA_NAMES(ssl) : \ |
1018 | | SSL_CA_NAMES(ssl)) |
1019 | | #else |
1020 | | #undef WOLFSSL_NO_CA_NAMES |
1021 | | #define WOLFSSL_NO_CA_NAMES |
1022 | | #endif |
1023 | | |
1024 | | |
1025 | | /* actual cipher values, 2nd byte */ |
1026 | | enum { |
1027 | | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, |
1028 | | TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, |
1029 | | TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, |
1030 | | TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, |
1031 | | TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, |
1032 | | TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, |
1033 | | TLS_RSA_WITH_NULL_MD5 = 0x01, |
1034 | | TLS_RSA_WITH_NULL_SHA = 0x02, |
1035 | | TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, |
1036 | | TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, |
1037 | | TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, |
1038 | | TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, |
1039 | | TLS_PSK_WITH_NULL_SHA256 = 0xb0, |
1040 | | TLS_PSK_WITH_NULL_SHA384 = 0xb1, |
1041 | | TLS_PSK_WITH_NULL_SHA = 0x2c, |
1042 | | SSL_RSA_WITH_RC4_128_SHA = 0x05, |
1043 | | SSL_RSA_WITH_RC4_128_MD5 = 0x04, |
1044 | | SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, |
1045 | | |
1046 | | /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ |
1047 | | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, |
1048 | | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, |
1049 | | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, |
1050 | | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, |
1051 | | TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, |
1052 | | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, |
1053 | | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, |
1054 | | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, |
1055 | | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, |
1056 | | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, |
1057 | | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, |
1058 | | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, |
1059 | | TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06, |
1060 | | TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a, |
1061 | | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37, |
1062 | | |
1063 | | /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ |
1064 | | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, |
1065 | | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, |
1066 | | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, |
1067 | | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, |
1068 | | TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, |
1069 | | TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, |
1070 | | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, |
1071 | | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, |
1072 | | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, |
1073 | | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, |
1074 | | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, |
1075 | | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, |
1076 | | |
1077 | | WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ |
1078 | | |
1079 | | /* SHA256 */ |
1080 | | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, |
1081 | | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, |
1082 | | TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, |
1083 | | TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, |
1084 | | TLS_RSA_WITH_NULL_SHA256 = 0x3b, |
1085 | | TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, |
1086 | | TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, |
1087 | | |
1088 | | /* SHA384 */ |
1089 | | TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, |
1090 | | TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, |
1091 | | |
1092 | | /* AES-GCM */ |
1093 | | TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, |
1094 | | TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, |
1095 | | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, |
1096 | | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, |
1097 | | TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7, |
1098 | | TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, |
1099 | | TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, |
1100 | | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, |
1101 | | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, |
1102 | | |
1103 | | /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ |
1104 | | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, |
1105 | | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, |
1106 | | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, |
1107 | | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, |
1108 | | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, |
1109 | | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, |
1110 | | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, |
1111 | | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, |
1112 | | |
1113 | | /* AES-CCM, first byte is 0xC0 but isn't ECC, |
1114 | | * also, in some of the other AES-CCM suites |
1115 | | * there will be second byte number conflicts |
1116 | | * with non-ECC AES-GCM */ |
1117 | | TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, |
1118 | | TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, |
1119 | | TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac, |
1120 | | TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, |
1121 | | TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, |
1122 | | TLS_PSK_WITH_AES_128_CCM = 0xa4, |
1123 | | TLS_PSK_WITH_AES_256_CCM = 0xa5, |
1124 | | TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, |
1125 | | TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, |
1126 | | TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, |
1127 | | TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, |
1128 | | |
1129 | | /* Camellia */ |
1130 | | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, |
1131 | | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, |
1132 | | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, |
1133 | | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, |
1134 | | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, |
1135 | | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, |
1136 | | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, |
1137 | | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, |
1138 | | |
1139 | | /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ |
1140 | | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8, |
1141 | | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9, |
1142 | | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa, |
1143 | | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac, |
1144 | | TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab, |
1145 | | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad, |
1146 | | |
1147 | | /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ |
1148 | | TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13, |
1149 | | TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14, |
1150 | | TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15, |
1151 | | |
1152 | | /* ECDHE_PSK RFC8442, first byte is 0xD0 (EDHE_PSK_BYTE) */ |
1153 | | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0x01, |
1154 | | |
1155 | | /* TLS v1.3 cipher suites */ |
1156 | | TLS_AES_128_GCM_SHA256 = 0x01, |
1157 | | TLS_AES_256_GCM_SHA384 = 0x02, |
1158 | | TLS_CHACHA20_POLY1305_SHA256 = 0x03, |
1159 | | TLS_AES_128_CCM_SHA256 = 0x04, |
1160 | | TLS_AES_128_CCM_8_SHA256 = 0x05, |
1161 | | |
1162 | | /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */ |
1163 | | TLS_SHA256_SHA256 = 0xB4, |
1164 | | TLS_SHA384_SHA384 = 0xB5, |
1165 | | |
1166 | | /* ARIA-GCM, first byte is 0xC0 (ECC_BYTE) |
1167 | | * See: https://www.rfc-editor.org/rfc/rfc6209.html#section-5 |
1168 | | */ |
1169 | | TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0x5c, |
1170 | | TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0x5d, |
1171 | | |
1172 | | /* TLS v1.3 SM cipher suites - 0x00 (CIPHER_BYTE) is first byte */ |
1173 | | TLS_SM4_GCM_SM3 = 0xC6, |
1174 | | TLS_SM4_CCM_SM3 = 0xC7, |
1175 | | |
1176 | | /* TLS v1.2 SM cipher suites - 0xE0 (SM_BYTE) is first byte */ |
1177 | | TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 = 0x11, |
1178 | | TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 = 0x51, |
1179 | | TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 = 0x52, |
1180 | | |
1181 | | /* Fallback SCSV (Signaling Cipher Suite Value) */ |
1182 | | TLS_FALLBACK_SCSV = 0x56, |
1183 | | /* Renegotiation Indication Extension Special Suite */ |
1184 | | TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff |
1185 | | }; |
1186 | | |
1187 | | |
1188 | | #ifndef WOLFSSL_SESSION_TIMEOUT |
1189 | 4.85k | #define WOLFSSL_SESSION_TIMEOUT 500 |
1190 | | /* default session resumption cache timeout in seconds */ |
1191 | | #endif |
1192 | | |
1193 | | |
1194 | | #ifndef WOLFSSL_DTLS_WINDOW_WORDS |
1195 | | #define WOLFSSL_DTLS_WINDOW_WORDS 2 |
1196 | | #endif /* WOLFSSL_DTLS_WINDOW_WORDS */ |
1197 | | #define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT) |
1198 | | #define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS) |
1199 | | #define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS) |
1200 | | |
1201 | | #ifndef WOLFSSL_MULTICAST |
1202 | | #define WOLFSSL_DTLS_PEERSEQ_SZ 1 |
1203 | | #else |
1204 | | #ifndef WOLFSSL_MULTICAST_PEERS |
1205 | | /* max allowed multicast group peers */ |
1206 | | #define WOLFSSL_MULTICAST_PEERS 100 |
1207 | | #endif |
1208 | | #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS |
1209 | | #endif /* WOLFSSL_MULTICAST */ |
1210 | | |
1211 | | #ifndef WOLFSSL_MAX_MTU |
1212 | | /* 1500 - 100 bytes to account for UDP and IP headers */ |
1213 | | #define WOLFSSL_MAX_MTU 1400 |
1214 | | #endif /* WOLFSSL_MAX_MTU */ |
1215 | | |
1216 | | #ifndef WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER |
1217 | | #define WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER 500 |
1218 | | #endif /* WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER */ |
1219 | | |
1220 | | #ifndef WOLFSSL_DTLS_FRAG_POOL_SZ |
1221 | | #define WOLFSSL_DTLS_FRAG_POOL_SZ 10 |
1222 | | #endif |
1223 | | |
1224 | | /* set minimum DH key size allowed */ |
1225 | | #ifndef WOLFSSL_MIN_DHKEY_BITS |
1226 | | #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK) |
1227 | | /* Using guidance from section 5.6.1 |
1228 | | * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ |
1229 | | #if WOLFSSL_HARDEN_TLS >= 128 |
1230 | | #define WOLFSSL_MIN_DHKEY_BITS 3072 |
1231 | | #elif WOLFSSL_HARDEN_TLS >= 112 |
1232 | | #define WOLFSSL_MIN_DHKEY_BITS 2048 |
1233 | | #endif |
1234 | | #elif defined(WOLFSSL_MAX_STRENGTH) |
1235 | | #define WOLFSSL_MIN_DHKEY_BITS 2048 |
1236 | | #else |
1237 | 4.85k | #define WOLFSSL_MIN_DHKEY_BITS 1024 |
1238 | | #endif |
1239 | | #endif |
1240 | | #if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_DHKEY_BITS < 2048 && \ |
1241 | | !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK) |
1242 | | /* Implementations MUST NOT negotiate cipher suites offering less than |
1243 | | * 112 bits of security. |
1244 | | * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 |
1245 | | * Using guidance from section 5.6.1 |
1246 | | * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ |
1247 | | #error "For 112 bits of security DH needs at least 2048 bit keys" |
1248 | | #endif |
1249 | | #if (WOLFSSL_MIN_DHKEY_BITS % 8) |
1250 | | #error DH minimum bit size must be multiple of 8 |
1251 | | #endif |
1252 | | #if (WOLFSSL_MIN_DHKEY_BITS > 16000) |
1253 | | #error DH minimum bit size must not be greater than 16000 |
1254 | | #endif |
1255 | 4.85k | #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) |
1256 | | /* set maximum DH key size allowed */ |
1257 | | #ifndef WOLFSSL_MAX_DHKEY_BITS |
1258 | | #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) |
1259 | | #define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2) |
1260 | | #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) && \ |
1261 | | defined(SP_INT_BITS) |
1262 | | /* SP implementation supports numbers of SP_INT_BITS bits. */ |
1263 | 4.85k | #define WOLFSSL_MAX_DHKEY_BITS (((SP_INT_BITS + 7) / 8) * 8) |
1264 | | #else |
1265 | | #define WOLFSSL_MAX_DHKEY_BITS 4096 |
1266 | | #endif |
1267 | | #endif |
1268 | | #if (WOLFSSL_MAX_DHKEY_BITS % 8) |
1269 | | #error DH maximum bit size must be multiple of 8 |
1270 | | #endif |
1271 | | #if (WOLFSSL_MAX_DHKEY_BITS > 16384) |
1272 | | #error DH maximum bit size must not be greater than 16384 |
1273 | | #endif |
1274 | 4.85k | #define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8) |
1275 | | |
1276 | | #ifndef NO_DH |
1277 | | #if WOLFSSL_MAX_DHKEY_BITS < WOLFSSL_MIN_DHKEY_BITS |
1278 | | #error "WOLFSSL_MAX_DHKEY_BITS has to be greater than WOLFSSL_MIN_DHKEY_BITS" |
1279 | | #endif |
1280 | | #endif /* NO_DH */ |
1281 | | |
1282 | | #ifndef MAX_PSK_ID_LEN |
1283 | | /* max psk identity/hint supported */ |
1284 | | #if defined(WOLFSSL_TLS13) |
1285 | | /* OpenSSL has a 1472 byte session ticket */ |
1286 | | #define MAX_PSK_ID_LEN 1536 |
1287 | | #else |
1288 | | #define MAX_PSK_ID_LEN 128 |
1289 | | #endif |
1290 | | #endif |
1291 | | |
1292 | | #ifndef MAX_PSK_KEY_LEN |
1293 | | #define MAX_PSK_KEY_LEN 64 |
1294 | | #endif |
1295 | | |
1296 | | #ifndef MAX_EARLY_DATA_SZ |
1297 | | /* maximum early data size */ |
1298 | | #define MAX_EARLY_DATA_SZ 4096 |
1299 | | #endif |
1300 | | |
1301 | | |
1302 | | #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) |
1303 | | /* MySQL wants to be able to use 8192-bit numbers. */ |
1304 | | #if defined(USE_FAST_MATH) && defined(FP_MAX_BITS) |
1305 | | /* Use the FP size up to 8192-bit and down to a min of 1024-bit. */ |
1306 | | #if FP_MAX_BITS >= 16384 |
1307 | | #define ENCRYPT_BASE_BITS 8192 |
1308 | | #elif defined(HAVE_ECC) |
1309 | | #if FP_MAX_BITS > 2224 |
1310 | | #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2) |
1311 | | #else |
1312 | | /* 521-bit ASN.1 signature - 3 + 2 * (2 + 66) bytes. */ |
1313 | | #define ENCRYPT_BASE_BITS 1112 |
1314 | | #endif |
1315 | | #else |
1316 | | #if FP_MAX_BITS > 2048 |
1317 | | #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2) |
1318 | | #else |
1319 | | #define ENCRYPT_BASE_BITS 1024 |
1320 | | #endif |
1321 | | #endif |
1322 | | |
1323 | | /* Check MySQL size requirements met. */ |
1324 | | #if defined(WOLFSSL_MYSQL_COMPATIBLE) && ENCRYPT_BASE_BITS < 8192 |
1325 | | #error "MySQL needs FP_MAX_BITS at least at 16384" |
1326 | | #endif |
1327 | | |
1328 | | #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \ |
1329 | | WC_MAX_RSA_BITS > ENCRYPT_BASE_BITS |
1330 | | #error "FP_MAX_BITS too small for WC_MAX_RSA_BITS" |
1331 | | #endif |
1332 | | #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) |
1333 | | /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */ |
1334 | | #if SP_INT_BITS >= 8192 |
1335 | | #define ENCRYPT_BASE_BITS 8192 |
1336 | | #elif defined(HAVE_ECC) |
1337 | | #if SP_INT_BITS > 1112 |
1338 | | #define ENCRYPT_BASE_BITS SP_INT_BITS |
1339 | | #else |
1340 | | /* 521-bit ASN.1 signature - 3 + 2 * (2 + 66) bytes. */ |
1341 | | #define ENCRYPT_BASE_BITS 1112 |
1342 | | #endif |
1343 | | #else |
1344 | | #if SP_INT_BITS > 1024 |
1345 | | #define ENCRYPT_BASE_BITS SP_INT_BITS |
1346 | | #else |
1347 | | #define ENCRYPT_BASE_BITS 1024 |
1348 | | #endif |
1349 | | #endif |
1350 | | |
1351 | | /* Check MySQL size requirements met. */ |
1352 | | #if defined(WOLFSSL_MYSQL_COMPATIBLE) && ENCRYPT_BASE_BITS < 8192 |
1353 | | #error "MySQL needs SP_INT_BITS at least at 8192" |
1354 | | #endif |
1355 | | |
1356 | | #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \ |
1357 | | WC_MAX_RSA_BITS > SP_INT_BITS |
1358 | | #error "SP_INT_BITS too small for WC_MAX_RSA_BITS" |
1359 | | #endif |
1360 | | #else |
1361 | | /* Integer/heap maths - support 4096-bit. */ |
1362 | | #define ENCRYPT_BASE_BITS 4096 |
1363 | | #endif |
1364 | | #elif defined(HAVE_CURVE448) |
1365 | | #define ENCRYPT_BASE_BITS (456 * 2) |
1366 | | #elif defined(HAVE_CURVE25519) |
1367 | | #define ENCRYPT_BASE_BITS (256 * 2) |
1368 | | #else |
1369 | | /* No secret from public key operation but PSK key plus length used. */ |
1370 | | #define ENCRYPT_BASE_BITS ((MAX_PSK_KEY_LEN + 2) * 8) |
1371 | | #endif |
1372 | | |
1373 | | #ifdef WOLFSSL_DTLS_CID |
1374 | | #ifndef DTLS_CID_MAX_SIZE |
1375 | | /* DTLS parsing code copies the record header in a static buffer to decrypt |
1376 | | * the record. Increasing the CID max size does increase also this buffer, |
1377 | | * impacting on per-session runtime memory footprint. */ |
1378 | | #define DTLS_CID_MAX_SIZE 10 |
1379 | | #endif |
1380 | | #else |
1381 | | #undef DTLS_CID_MAX_SIZE |
1382 | | #define DTLS_CID_MAX_SIZE 0 |
1383 | | #endif /* WOLFSSL_DTLS_CID */ |
1384 | | |
1385 | | #if DTLS_CID_MAX_SIZE > 255 |
1386 | | #error "Max size for DTLS CID is 255 bytes" |
1387 | | #endif |
1388 | | |
1389 | | /* Record Payload Protection Section 5 |
1390 | | * https://www.rfc-editor.org/rfc/rfc9146.html#section-5 */ |
1391 | | #define WOLFSSL_TLS_HMAC_CID_INNER_SZ \ |
1392 | | (8 + /* seq_num_placeholder */ \ |
1393 | | 1 + /* tls12_cid */ \ |
1394 | | 1 + /* cid_length */ \ |
1395 | | 1 + /* tls12_cid */ \ |
1396 | | 2 + /* DTLSCiphertext.version */ \ |
1397 | | 2 + /* epoch */ \ |
1398 | | 6 + /* sequence_number */ \ |
1399 | | DTLS_CID_MAX_SIZE + /* cid */ \ |
1400 | | 2) /* length_of_DTLSInnerPlaintext */ |
1401 | | |
1402 | | #define WOLFSSL_TLS_AEAD_CID_AAD_SZ \ |
1403 | | (8 + /* seq_num_placeholder */ \ |
1404 | | 1 + /* tls12_cid */ \ |
1405 | | 1 + /* cid_length */ \ |
1406 | | 1 + /* tls12_cid */ \ |
1407 | | 2 + /* DTLSCiphertext.version */ \ |
1408 | | 2 + /* epoch */ \ |
1409 | | 6 + /* sequence_number */ \ |
1410 | | DTLS_CID_MAX_SIZE + /* cid */ \ |
1411 | | 2) /* length_of_DTLSInnerPlaintext */ |
1412 | | |
1413 | | #ifndef MAX_TICKET_AGE_DIFF |
1414 | | /* maximum ticket age difference in seconds, 10 seconds */ |
1415 | | #define MAX_TICKET_AGE_DIFF 10 |
1416 | | #endif |
1417 | | #ifndef TLS13_MAX_TICKET_AGE |
1418 | | /* max ticket age in seconds, 7 days */ |
1419 | | #define TLS13_MAX_TICKET_AGE (7*24*60*60) |
1420 | | #endif |
1421 | | |
1422 | | |
1423 | | /* Limit is 2^24.5 |
1424 | | * https://www.rfc-editor.org/rfc/rfc8446#section-5.5 |
1425 | | * Without the fraction is 23726566 (0x016A09E6) */ |
1426 | 0 | #define AEAD_AES_LIMIT w64From32(0x016A, 0x09E6) |
1427 | | /* Limit is 2^23 |
1428 | | * https://www.rfc-editor.org/rfc/rfc9147.html#name-integrity-limits */ |
1429 | | #define DTLS_AEAD_AES_CCM_LIMIT w64From32(0, 1 << 22) |
1430 | | |
1431 | | /* Limit is 2^36 |
1432 | | * https://www.rfc-editor.org/rfc/rfc9147.html#name-aead-limits */ |
1433 | | #define DTLS_AEAD_AES_GCM_CHACHA_FAIL_LIMIT w64From32(1 << 3, 0) |
1434 | | #define DTLS_AEAD_AES_GCM_CHACHA_FAIL_KU_LIMIT w64From32(1 << 2, 0) |
1435 | | /* Limit is 2^7 |
1436 | | * https://www.rfc-editor.org/rfc/rfc9147.html#name-limits-for-aead_aes_128_ccm */ |
1437 | | #define DTLS_AEAD_AES_CCM_8_FAIL_LIMIT w64From32(0, 1 << 6) |
1438 | | #define DTLS_AEAD_AES_CCM_8_FAIL_KU_LIMIT w64From32(0, 1 << 5) |
1439 | | /* Limit is 2^23.5. |
1440 | | * https://www.rfc-editor.org/rfc/rfc9147.html#name-integrity-limits |
1441 | | * Without the fraction is 11863283 (0x00B504F3) |
1442 | | * Half of this value is 5931641 (0x005A8279) */ |
1443 | | #define DTLS_AEAD_AES_CCM_FAIL_LIMIT w64From32(0x00B5, 0x04F3) |
1444 | | #define DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT w64From32(0x005A, 0x8279) |
1445 | | |
1446 | | /* Limit is (2^22 - 1) full messages [2^36 - 31 octets] |
1447 | | * https://www.rfc-editor.org/rfc/rfc8998.html#name-aead_sm4_gcm |
1448 | | */ |
1449 | 0 | #define AEAD_SM4_GCM_LIMIT w64From32(0, (1 << 22) - 1) |
1450 | | /* Limit is (2^10 - 1) full messages [2^24 - 1 octets] |
1451 | | * https://www.rfc-editor.org/rfc/rfc8998.html#name-aead_sm4_ccm |
1452 | | */ |
1453 | 0 | #define AEAD_SM4_CCM_LIMIT w64From32(0, (1 << 10) - 1) |
1454 | | |
1455 | | #if defined(WOLFSSL_TLS13) || !defined(NO_PSK) |
1456 | | |
1457 | | #define TLS13_TICKET_NONCE_MAX_SZ 255 |
1458 | | |
1459 | | #if (defined(HAVE_FIPS) && \ |
1460 | | !(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) && \ |
1461 | | defined(TLS13_TICKET_NONCE_STATIC_SZ) |
1462 | | #error "TLS13_TICKET_NONCE_STATIC_SZ is not supported in this FIPS version" |
1463 | | #endif |
1464 | | |
1465 | | #ifndef TLS13_TICKET_NONCE_STATIC_SZ |
1466 | | #define TLS13_TICKET_NONCE_STATIC_SZ 8 |
1467 | | #endif |
1468 | | |
1469 | | #if TLS13_TICKET_NONCE_STATIC_SZ > TLS13_TICKET_NONCE_MAX_SZ |
1470 | | #error "Max size for ticket nonce is 255 bytes" |
1471 | | #endif |
1472 | | |
1473 | | #endif /* WOLFSSL_TLS13 || !NO_PSK */ |
1474 | | |
1475 | | #ifdef WOLFSSL_TLS13 |
1476 | | /* The length of the certificate verification label - client and server. */ |
1477 | 487 | #define CERT_VFY_LABEL_SZ 34 |
1478 | | /* The number of prefix bytes for signature data. */ |
1479 | 487 | #define SIGNING_DATA_PREFIX_SZ 64 |
1480 | | /* Maximum length of the signature data. */ |
1481 | | #define MAX_SIG_DATA_SZ (SIGNING_DATA_PREFIX_SZ + \ |
1482 | | CERT_VFY_LABEL_SZ + \ |
1483 | | WC_MAX_DIGEST_SIZE) |
1484 | | #endif /* WOLFSSL_TLS13 */ |
1485 | | |
1486 | | enum Misc { |
1487 | | CIPHER_BYTE = 0x00, /* Default ciphers */ |
1488 | | ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ |
1489 | | CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ |
1490 | | TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */ |
1491 | | ECDHE_PSK_BYTE = 0xD0, /* RFC 8442 */ |
1492 | | SM_BYTE = 0xE0, /* SM first byte - private range */ |
1493 | | |
1494 | | SEND_CERT = 1, |
1495 | | SEND_BLANK_CERT = 2, |
1496 | | |
1497 | | DTLS_MAJOR = 0xfe, /* DTLS major version number */ |
1498 | | DTLS_MINOR = 0xff, /* DTLS minor version number */ |
1499 | | DTLS_BOGUS_MINOR = 0xfe, /* DTLS 0xfe was skipped, see RFC6347 Sec. 1 */ |
1500 | | DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ |
1501 | | DTLSv1_3_MINOR = 0xfc, /* DTLS minor version number */ |
1502 | | SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ |
1503 | | SSLv3_MINOR = 0, /* TLSv1 minor version number */ |
1504 | | TLSv1_MINOR = 1, /* TLSv1 minor version number */ |
1505 | | TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ |
1506 | | TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ |
1507 | | TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ |
1508 | | TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ |
1509 | | OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ |
1510 | | INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ |
1511 | | NO_COMPRESSION = 0, |
1512 | | ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ |
1513 | | HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ |
1514 | | HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ |
1515 | | SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, |
1516 | | /* pre RSA and all master */ |
1517 | | #if !defined(WOLFSSL_TLS13) || defined(WOLFSSL_32BIT_MILLI_TIME) |
1518 | | TIMESTAMP_LEN = 4, /* timestamp size in ticket */ |
1519 | | #else |
1520 | | TIMESTAMP_LEN = 8, /* timestamp size in ticket */ |
1521 | | #endif |
1522 | | #ifdef WOLFSSL_TLS13 |
1523 | | AGEADD_LEN = 4, /* ageAdd size in ticket */ |
1524 | | NAMEDGROUP_LEN = 2, /* namedGroup size in ticket */ |
1525 | | #ifdef WOLFSSL_EARLY_DATA |
1526 | | MAXEARLYDATASZ_LEN = 4, /* maxEarlyDataSz size in ticket */ |
1527 | | #endif |
1528 | | #endif |
1529 | | #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) |
1530 | | ENCRYPT_LEN = 5120, /* Allow 5k byte buffer for dilithium and |
1531 | | * hybridization with other algs. */ |
1532 | | #else |
1533 | | #ifndef NO_PSK |
1534 | | ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_KEY_LEN + 2, |
1535 | | #else |
1536 | | ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8), |
1537 | | #endif |
1538 | | #endif |
1539 | | SIZEOF_SENDER = 4, /* clnt or srvr */ |
1540 | | FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ |
1541 | | MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */ |
1542 | | MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */ |
1543 | | #ifdef WOLFSSL_TLS13 |
1544 | | MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */ |
1545 | | MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */ |
1546 | | #endif |
1547 | | MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE, |
1548 | | /* max added to msg, mac + pad from */ |
1549 | | /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max |
1550 | | digest sz + BLOC_SZ (iv) + pad byte (1) */ |
1551 | | MAX_COMP_EXTRA = 1024, /* max compression extra */ |
1552 | | MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */ |
1553 | | MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ |
1554 | | MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */ |
1555 | | /* 4096 p, pub, g + 2 byte size for each */ |
1556 | | MAX_STR_VERSION = 8, /* string rep of protocol version */ |
1557 | | |
1558 | | PAD_MD5 = 48, /* pad length for finished */ |
1559 | | PAD_SHA = 40, /* pad length for finished */ |
1560 | | MAX_PAD_SIZE = 256, /* maximum length of padding */ |
1561 | | |
1562 | | LENGTH_SZ = 2, /* length field for HMAC, data only */ |
1563 | | VERSION_SZ = 2, /* length of proctocol version */ |
1564 | | SEQ_SZ = 8, /* 64 bit sequence number */ |
1565 | | ALERT_SIZE = 2, /* level + description */ |
1566 | | VERIFY_HEADER = 2, /* always use 2 bytes */ |
1567 | | EXTS_SZ = 2, /* always use 2 bytes */ |
1568 | | EXT_ID_SZ = 2, /* always use 2 bytes */ |
1569 | | MAX_DH_SIZE = MAX_DHKEY_SZ+1, |
1570 | | /* Max size plus possible leading 0 */ |
1571 | | MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */ |
1572 | | MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */ |
1573 | | SESSION_HINT_SZ = 4, /* session timeout hint */ |
1574 | | SESSION_ADD_SZ = 4, /* session age add */ |
1575 | | TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */ |
1576 | | DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */ |
1577 | | #if defined(WOLFSSL_TLS13) || !defined(NO_PSK) |
1578 | | MAX_TICKET_NONCE_STATIC_SZ = TLS13_TICKET_NONCE_STATIC_SZ, |
1579 | | /* maximum ticket nonce static size */ |
1580 | | #endif /* WOLFSSL_TLS13 || !NO_PSK */ |
1581 | | MAX_LIFETIME = 604800, /* maximum ticket lifetime */ |
1582 | | |
1583 | | RAN_LEN = 32, /* random length */ |
1584 | | SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ |
1585 | | ID_LEN = 32, /* session id length */ |
1586 | | COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */ |
1587 | | MAX_COOKIE_LEN = 32, /* max dtls cookie size */ |
1588 | | COOKIE_SZ = 20, /* use a 20 byte cookie */ |
1589 | | SUITE_LEN = 2, /* cipher suite sz length */ |
1590 | | ENUM_LEN = 1, /* always a byte */ |
1591 | | OPAQUE8_LEN = 1, /* 1 byte */ |
1592 | | OPAQUE16_LEN = 2, /* 2 bytes */ |
1593 | | OPAQUE24_LEN = 3, /* 3 bytes */ |
1594 | | OPAQUE32_LEN = 4, /* 4 bytes */ |
1595 | | OPAQUE64_LEN = 8, /* 8 bytes */ |
1596 | | COMP_LEN = 1, /* compression length */ |
1597 | | CURVE_LEN = 2, /* ecc named curve length */ |
1598 | | KE_GROUP_LEN = 2, /* key exchange group length */ |
1599 | | #if defined(NO_SHA) && !defined(NO_SHA256) |
1600 | | SERVER_ID_LEN = WC_SHA256_DIGEST_SIZE, |
1601 | | #else |
1602 | | SERVER_ID_LEN = WC_SHA_DIGEST_SIZE, |
1603 | | #endif |
1604 | | |
1605 | | HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ |
1606 | | DTLS13_HANDSHAKE_HEADER_SZ = 12, /* sizeof(Dtls13HandshakeHeader) */ |
1607 | | RECORD_HEADER_SZ = 5, /* type + version + len(2) */ |
1608 | | CERT_HEADER_SZ = 3, /* always 3 bytes */ |
1609 | | REQ_HEADER_SZ = 2, /* cert request header sz */ |
1610 | | HINT_LEN_SZ = 2, /* length of hint size field */ |
1611 | | TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ |
1612 | | HELLO_EXT_SZ = 4, /* base length of a hello extension */ |
1613 | | HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ |
1614 | | HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */ |
1615 | | HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */ |
1616 | | |
1617 | | DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ |
1618 | | DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ |
1619 | | DTLS12_CID_OFFSET = 11, |
1620 | | DTLS_UNIFIED_HEADER_MIN_SZ = 2, |
1621 | | /* flags + seq_number(2) + length(2) + CID */ |
1622 | | DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE, |
1623 | | DTLS_RECORD_HEADER_MAX_SZ = 13, |
1624 | | DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ |
1625 | | DTLS_RECORD_EXTRA = 8, /* diff from normal */ |
1626 | | DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ |
1627 | | DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ |
1628 | | DTLS_POOL_SZ = 20, /* allowed number of list items in TX and |
1629 | | * RX pool */ |
1630 | | DTLS_FRAG_POOL_SZ = WOLFSSL_DTLS_FRAG_POOL_SZ, |
1631 | | /* allowed number of fragments per msg */ |
1632 | | DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ |
1633 | | DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */ |
1634 | | TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */ |
1635 | | DTLS_EXPORT_OPT_SZ = 62, /* amount of bytes used from Options */ |
1636 | | DTLS_EXPORT_OPT_SZ_4 = 61, /* amount of bytes used from Options */ |
1637 | | TLS_EXPORT_OPT_SZ = 66, /* amount of bytes used from Options */ |
1638 | | TLS_EXPORT_OPT_SZ_4 = 65, /* amount of bytes used from Options */ |
1639 | | DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */ |
1640 | | DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), |
1641 | | /* max amount of bytes used from Keys */ |
1642 | | DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2), |
1643 | | /* min amount of bytes used from Keys */ |
1644 | | WOLFSSL_EXPORT_TLS = 1, |
1645 | | WOLFSSL_EXPORT_DTLS = 0, |
1646 | | #ifndef WOLFSSL_EXPORT_SPC_SZ |
1647 | | WOLFSSL_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ |
1648 | | #endif |
1649 | | WOLFSSL_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ |
1650 | | WOLFSSL_EXPORT_VERSION = 5, /* wolfSSL version for serialized session */ |
1651 | | |
1652 | | WOLFSSL_EXPORT_VERSION_4 = 4, /* 5.6.4 release and before */ |
1653 | | /* older export versions supported */ |
1654 | | WOLFSSL_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ |
1655 | | |
1656 | | MAX_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ |
1657 | | DTLS_MTU_ADDITIONAL_READ_BUFFER = WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER, |
1658 | | /* Additional bytes to read so that |
1659 | | * we can work with a peer that has |
1660 | | * a slightly different MTU than us. */ |
1661 | | MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ |
1662 | | MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * WOLFSSL_EXPORT_LEN), |
1663 | | /* max size of buffer for exporting state */ |
1664 | | FINISHED_LABEL_SZ = 15, /* TLS finished label size */ |
1665 | | TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ |
1666 | | TLS_FINISHED_SZ_MAX = WC_MAX_DIGEST_SIZE, |
1667 | | /* longest message digest size is SHA512, 64 */ |
1668 | | EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */ |
1669 | | MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ |
1670 | | KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ |
1671 | | PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */ |
1672 | | MAX_LABEL_SZ = 34, /* Maximum length of a label */ |
1673 | | MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ |
1674 | | SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ |
1675 | | TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ |
1676 | | |
1677 | | #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13) |
1678 | | #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48 |
1679 | | MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE, |
1680 | | #elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32 |
1681 | | MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE, |
1682 | | #else |
1683 | | MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, |
1684 | | #endif |
1685 | | #else |
1686 | | MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, |
1687 | | #endif |
1688 | | |
1689 | | #if defined(HAVE_SELFTEST) && \ |
1690 | | (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) |
1691 | | #ifndef WOLFSSL_AES_KEY_SIZE_ENUM |
1692 | | #define WOLFSSL_AES_KEY_SIZE_ENUM |
1693 | | AES_IV_SIZE = 16, |
1694 | | AES_128_KEY_SIZE = 16, |
1695 | | AES_192_KEY_SIZE = 24, |
1696 | | AES_256_KEY_SIZE = 32, |
1697 | | #endif |
1698 | | #endif |
1699 | | |
1700 | | MAX_IV_SZ = WC_AES_BLOCK_SIZE, |
1701 | | |
1702 | | AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ |
1703 | | AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ |
1704 | | AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ |
1705 | | AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ |
1706 | | AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ |
1707 | | AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ |
1708 | | AEAD_NONCE_SZ = 12, |
1709 | | AESGCM_IMP_IV_SZ = 4, /* Size of GCM AEAD implicit IV */ |
1710 | | AESCCM_IMP_IV_SZ = 4, /* Size of CCM AEAD implicit IV */ |
1711 | | AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ |
1712 | | AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, |
1713 | | GCM_IMP_IV_SZ = 4, /* Size of GCM AEAD implicit IV */ |
1714 | | CCM_IMP_IV_SZ = 4, /* Size of CCM AEAD implicit IV */ |
1715 | | GCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ |
1716 | | GCM_NONCE_SZ = GCM_EXP_IV_SZ + GCM_IMP_IV_SZ, |
1717 | | |
1718 | | CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ |
1719 | | CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ |
1720 | | CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ |
1721 | | CHACHA20_OFFSET = 4, /* Offset for seq # in poly1305 */ |
1722 | | |
1723 | | /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ |
1724 | | |
1725 | | AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ |
1726 | | AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ |
1727 | | AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ |
1728 | | AESCCM_NONCE_SZ = 12, |
1729 | | |
1730 | | SM4_GCM_AUTH_SZ = 16, /* SM4-GCM Auth Tag length */ |
1731 | | SM4_GCM_NONCE_SZ = 12, /* SM4 GCM Nonce length */ |
1732 | | SM4_CCM_AUTH_SZ = 16, /* SM4-CCM Auth Tag length */ |
1733 | | SM4_CCM_NONCE_SZ = 12, /* SM4 CCM Nonce length */ |
1734 | | |
1735 | | CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ |
1736 | | CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ |
1737 | | CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ |
1738 | | CAMELLIA_IV_SIZE = 16, /* always block size */ |
1739 | | |
1740 | | CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ |
1741 | | CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ |
1742 | | CHACHA20_IV_SIZE = 12, /* 96 bits for iv */ |
1743 | | |
1744 | | POLY1305_AUTH_SZ = 16, /* 128 bits */ |
1745 | | |
1746 | | HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */ |
1747 | | |
1748 | | EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ |
1749 | | |
1750 | | #ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */ |
1751 | | ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */ |
1752 | | #endif |
1753 | | MAX_EXPORT_ECC_SZ = 256, /* Export ANSI X9.62 max future size */ |
1754 | | MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */ |
1755 | | |
1756 | | NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ |
1757 | | RSA_PSS_RSAE_SHA256_MINOR = 0x04, |
1758 | | RSA_PSS_RSAE_SHA384_MINOR = 0x05, |
1759 | | RSA_PSS_RSAE_SHA512_MINOR = 0x06, |
1760 | | RSA_PSS_PSS_SHA256_MINOR = 0x09, |
1761 | | RSA_PSS_PSS_SHA384_MINOR = 0x0A, |
1762 | | RSA_PSS_PSS_SHA512_MINOR = 0x0B, |
1763 | | |
1764 | | ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ |
1765 | | ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ |
1766 | | ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ |
1767 | | ED448_SA_MINOR = 8, /* Least significant byte for ED448 */ |
1768 | | SM2_SA_MAJOR = 7, /* Most significant byte for SM2 with SM3 */ |
1769 | | SM2_SA_MINOR = 8, /* Least significant byte for SM2 with SM3 */ |
1770 | | |
1771 | | FALCON_SA_MAJOR = 0xFE,/* Most significant byte used with falcon sig algs */ |
1772 | | DILITHIUM_SA_MAJOR = 0x09,/* Most significant byte used with dilithium sig algs */ |
1773 | | |
1774 | | /* These values for falcon match what OQS has defined. */ |
1775 | | FALCON_LEVEL1_SA_MAJOR = 0xFE, |
1776 | | FALCON_LEVEL1_SA_MINOR = 0xAE, |
1777 | | FALCON_LEVEL5_SA_MAJOR = 0xFE, |
1778 | | FALCON_LEVEL5_SA_MINOR = 0xB1, |
1779 | | |
1780 | | /* these values for MLDSA (Dilithium) correspond to what is proposed in the |
1781 | | * IETF. */ |
1782 | | DILITHIUM_LEVEL2_SA_MAJOR = 0x09, |
1783 | | DILITHIUM_LEVEL2_SA_MINOR = 0x04, |
1784 | | DILITHIUM_LEVEL3_SA_MAJOR = 0x09, |
1785 | | DILITHIUM_LEVEL3_SA_MINOR = 0x05, |
1786 | | DILITHIUM_LEVEL5_SA_MAJOR = 0x09, |
1787 | | DILITHIUM_LEVEL5_SA_MINOR = 0x06, |
1788 | | |
1789 | | MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ |
1790 | | MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ |
1791 | | |
1792 | | CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ |
1793 | | MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ |
1794 | | |
1795 | | DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ |
1796 | | DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ |
1797 | | DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ |
1798 | | |
1799 | | NULL_TERM_LEN = 1, /* length of null '\0' termination character */ |
1800 | | MIN_PSK_ID_LEN = 6, /* min length of identities */ |
1801 | | MIN_PSK_BINDERS_LEN = 33, /* min length of binders */ |
1802 | | |
1803 | | #ifndef MAX_WOLFSSL_FILE_SIZE |
1804 | | MAX_WOLFSSL_FILE_SIZE = 1024UL * 1024UL * 4, /* 4 mb file size alloc limit */ |
1805 | | #endif |
1806 | | #if defined(WOLFSSL_SYS_CRYPTO_POLICY) |
1807 | | MAX_WOLFSSL_CRYPTO_POLICY_SIZE = 1024UL, /* Crypto-policy file is one line. |
1808 | | * It should not be large. */ |
1809 | | MIN_WOLFSSL_SEC_LEVEL = 0, |
1810 | | MAX_WOLFSSL_SEC_LEVEL = 5, |
1811 | | #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ |
1812 | | |
1813 | | CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ |
1814 | | |
1815 | | NO_SNIFF = 0, /* not sniffing */ |
1816 | | SNIFF = 1, /* currently sniffing */ |
1817 | | |
1818 | | HASH_SIG_SIZE = 2, /* default SHA1 RSA */ |
1819 | | |
1820 | | NO_COPY = 0, /* should we copy static buffer for write */ |
1821 | | COPY = 1, /* should we copy static buffer for write */ |
1822 | | |
1823 | | INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */ |
1824 | | |
1825 | | PREV_ORDER = -1, /* Sequence number is in previous epoch. */ |
1826 | | PEER_ORDER = 1, /* Peer sequence number for verify. */ |
1827 | | CUR_ORDER = 0, /* Current sequence number. */ |
1828 | | WRITE_PROTO = 1, /* writing a protocol message */ |
1829 | | READ_PROTO = 0 /* reading a protocol message */ |
1830 | | }; |
1831 | | |
1832 | | |
1833 | | /* Size of the data to authenticate */ |
1834 | | #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) |
1835 | | #define AEAD_AUTH_DATA_SZ WOLFSSL_TLS_AEAD_CID_AAD_SZ |
1836 | | #else |
1837 | 0 | #define AEAD_AUTH_DATA_SZ 13 |
1838 | | #endif |
1839 | | |
1840 | | #define WOLFSSL_NAMED_GROUP_IS_FFDHE(group) \ |
1841 | 47.9k | (WOLFSSL_FFDHE_START <= (group) && (group) <= WOLFSSL_FFDHE_END) |
1842 | | #ifdef WOLFSSL_HAVE_MLKEM |
1843 | | WOLFSSL_LOCAL int NamedGroupIsPqc(int group); |
1844 | | WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group); |
1845 | | #define WOLFSSL_NAMED_GROUP_IS_PQC(group) NamedGroupIsPqc(group) |
1846 | | #define WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) NamedGroupIsPqcHybrid(group) |
1847 | | #else |
1848 | | #define WOLFSSL_NAMED_GROUP_IS_PQC(group) ((void)(group), 0) |
1849 | | #define WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) ((void)(group), 0) |
1850 | | #endif /* WOLFSSL_HAVE_MLKEM */ |
1851 | | |
1852 | | /* minimum Downgrade Minor version */ |
1853 | | #ifndef WOLFSSL_MIN_DOWNGRADE |
1854 | | #ifndef NO_OLD_TLS |
1855 | | #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR |
1856 | | #else |
1857 | 4.85k | #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR |
1858 | | #endif |
1859 | | #endif |
1860 | | |
1861 | | /* minimum DTLS Downgrade Minor version */ |
1862 | | #ifndef WOLFSSL_MIN_DTLS_DOWNGRADE |
1863 | | #define WOLFSSL_MIN_DTLS_DOWNGRADE DTLS_MINOR; |
1864 | | #endif |
1865 | | |
1866 | | /* Set max implicit IV size for AEAD cipher suites */ |
1867 | | #define AEAD_MAX_IMP_SZ 12 |
1868 | | |
1869 | | /* Set max explicit IV size for AEAD cipher suites */ |
1870 | 192 | #define AEAD_MAX_EXP_SZ 8 |
1871 | | |
1872 | | |
1873 | | #ifndef WOLFSSL_MAX_SUITE_SZ |
1874 | 20.2k | #define WOLFSSL_MAX_SUITE_SZ 300 |
1875 | | /* 150 suites for now! */ |
1876 | | #endif |
1877 | | |
1878 | | /* number of items in the signature algo list */ |
1879 | | #ifndef WOLFSSL_MAX_SIGALGO |
1880 | | #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) |
1881 | | /* If we are building with post-quantum algorithms, we likely want to |
1882 | | * inter-op with OQS's OpenSSL and they send a lot more sigalgs. |
1883 | | */ |
1884 | | #define WOLFSSL_MAX_SIGALGO 128 |
1885 | | #else |
1886 | 3.44k | #define WOLFSSL_MAX_SIGALGO 38 |
1887 | | #endif |
1888 | | #endif |
1889 | | |
1890 | | |
1891 | | /* set minimum ECC key size allowed */ |
1892 | | #ifndef WOLFSSL_MIN_ECC_BITS |
1893 | | #ifdef WOLFSSL_MAX_STRENGTH |
1894 | | #define WOLFSSL_MIN_ECC_BITS 256 |
1895 | | #else |
1896 | 9.76k | #define WOLFSSL_MIN_ECC_BITS 224 |
1897 | | #endif |
1898 | | #endif /* WOLFSSL_MIN_ECC_BITS */ |
1899 | | #if (WOLFSSL_MIN_ECC_BITS % 8) |
1900 | | /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1. |
1901 | | In these cases round down to the nearest value divisible by 8. The |
1902 | | restriction of being divisible by 8 is in place to match wc_ecc_size |
1903 | | function from wolfSSL. |
1904 | | */ |
1905 | | #error ECC minimum bit size must be a multiple of 8 |
1906 | | #endif |
1907 | 9.76k | #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) |
1908 | | |
1909 | | #ifdef HAVE_FALCON |
1910 | | #ifndef MIN_FALCONKEY_SZ |
1911 | | #define MIN_FALCONKEY_SZ 1281 |
1912 | | #endif |
1913 | | #endif |
1914 | | #ifdef HAVE_DILITHIUM |
1915 | | #ifndef MIN_DILITHIUMKEY_SZ |
1916 | | #define MIN_DILITHIUMKEY_SZ 2528 |
1917 | | #endif |
1918 | | #endif |
1919 | | |
1920 | | /* set minimum RSA key size allowed */ |
1921 | | #ifndef WOLFSSL_MIN_RSA_BITS |
1922 | | #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK) |
1923 | | /* Using guidance from section 5.6.1 |
1924 | | * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ |
1925 | | #if WOLFSSL_HARDEN_TLS >= 128 |
1926 | | #define WOLFSSL_MIN_RSA_BITS 3072 |
1927 | | #elif WOLFSSL_HARDEN_TLS >= 112 |
1928 | | #define WOLFSSL_MIN_RSA_BITS 2048 |
1929 | | #endif |
1930 | | #elif defined(WOLFSSL_MAX_STRENGTH) |
1931 | | #define WOLFSSL_MIN_RSA_BITS 2048 |
1932 | | #else |
1933 | 9.76k | #define WOLFSSL_MIN_RSA_BITS 1024 |
1934 | | #endif |
1935 | | #endif /* WOLFSSL_MIN_RSA_BITS */ |
1936 | | #if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_RSA_BITS < 2048 && \ |
1937 | | !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK) |
1938 | | /* Implementations MUST NOT negotiate cipher suites offering less than |
1939 | | * 112 bits of security. |
1940 | | * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 |
1941 | | * Using guidance from section 5.6.1 |
1942 | | * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ |
1943 | | #error "For 112 bits of security RSA needs at least 2048 bit keys" |
1944 | | #endif |
1945 | | #if (WOLFSSL_MIN_RSA_BITS % 8) |
1946 | | /* This is to account for the example case of a min size of 2050 bits but |
1947 | | still allows 2049 bit key. So we need the measurement to be in bytes. */ |
1948 | | #error RSA minimum bit size must be a multiple of 8 |
1949 | | #endif |
1950 | 9.76k | #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8) |
1951 | | |
1952 | | #ifdef SESSION_INDEX |
1953 | | /* Shift values for making a session index */ |
1954 | | #define SESSIDX_ROW_SHIFT 4 |
1955 | | #define SESSIDX_IDX_MASK 0x0F |
1956 | | #endif |
1957 | | |
1958 | | #ifndef MAX_X509_SIZE |
1959 | | #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) |
1960 | | #define MAX_X509_SIZE (8*1024) /* max static x509 buffer size; dilithium is big */ |
1961 | | #elif defined(WOLFSSL_HAPROXY) |
1962 | | #define MAX_X509_SIZE 3072 /* max static x509 buffer size */ |
1963 | | #else |
1964 | 56.7k | #define MAX_X509_SIZE 2048 /* max static x509 buffer size */ |
1965 | | #endif |
1966 | | #endif |
1967 | | |
1968 | | /* max cert chain peer depth */ |
1969 | | #ifndef MAX_CHAIN_DEPTH |
1970 | 61.6k | #define MAX_CHAIN_DEPTH 9 |
1971 | | #endif |
1972 | | |
1973 | | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ |
1974 | | defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
1975 | | #if !defined(HAVE_OCSP) |
1976 | | #error OCSP Stapling and Stapling V2 needs OCSP. Please define HAVE_OCSP. |
1977 | | #endif |
1978 | | #endif |
1979 | | |
1980 | | /* Max certificate extensions in TLS1.3 */ |
1981 | | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) |
1982 | | /* Number of extensions to set each OCSP response */ |
1983 | | #define MAX_CERT_EXTENSIONS (1 + MAX_CHAIN_DEPTH) |
1984 | | #else |
1985 | | /* Only empty extensions */ |
1986 | | #define MAX_CERT_EXTENSIONS 1 |
1987 | | #endif |
1988 | | |
1989 | | /* max size of a certificate message payload */ |
1990 | | /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ |
1991 | | #ifndef MAX_CERTIFICATE_SZ |
1992 | | #define MAX_CERTIFICATE_SZ \ |
1993 | 56.7k | (CERT_HEADER_SZ + \ |
1994 | 56.7k | (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH) |
1995 | | #endif |
1996 | | |
1997 | | /* max size of a handshake message, currently set to the certificate */ |
1998 | | #ifndef MAX_HANDSHAKE_SZ |
1999 | 56.7k | #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ |
2000 | | #endif |
2001 | | |
2002 | | #ifndef PREALLOC_SESSION_TICKET_LEN |
2003 | | #define PREALLOC_SESSION_TICKET_LEN 512 |
2004 | | #endif |
2005 | | |
2006 | | #ifndef PREALLOC_SESSION_TICKET_NONCE_LEN |
2007 | | #define PREALLOC_SESSION_TICKET_NONCE_LEN 32 |
2008 | | #endif |
2009 | | |
2010 | | #ifndef SESSION_TICKET_HINT_DEFAULT |
2011 | | #define SESSION_TICKET_HINT_DEFAULT 300 |
2012 | | #endif |
2013 | | |
2014 | | #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER) |
2015 | | /* Check chosen encryption is available. */ |
2016 | | #if !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) && \ |
2017 | | defined(WOLFSSL_TICKET_ENC_CHACHA20_POLY1305) |
2018 | | #error "ChaCha20-Poly1305 not available for default ticket encryption" |
2019 | | #endif |
2020 | | #if !defined(HAVE_AESGCM) && (defined(WOLFSSL_TICKET_ENC_AES128_GCM) || \ |
2021 | | defined(WOLFSSL_TICKET_ENC_AES256_GCM)) |
2022 | | #error "AES-GCM not available for default ticket encryption" |
2023 | | #endif |
2024 | | |
2025 | | #ifndef WOLFSSL_TICKET_KEY_LIFETIME |
2026 | | /* Default lifetime is 1 hour from issue of first ticket with key. */ |
2027 | | #define WOLFSSL_TICKET_KEY_LIFETIME (60 * 60) |
2028 | | #endif |
2029 | | #if WOLFSSL_TICKET_KEY_LIFETIME <= SESSION_TICKET_HINT_DEFAULT |
2030 | | #error "Ticket Key lifetime must be longer than ticket life hint." |
2031 | | #endif |
2032 | | #endif |
2033 | | |
2034 | | #define MAX_ENCRYPT_SZ ENCRYPT_LEN |
2035 | | |
2036 | | #define WOLFSSL_ASSERT_EQ(x, y) wc_static_assert((x) == (y)) |
2037 | | |
2038 | 0 | #define WOLFSSL_ASSERT_SIZEOF_GE(x, y) wc_static_assert(sizeof(x) >= sizeof(y)) |
2039 | | |
2040 | | /* states. Adding state before HANDSHAKE_DONE will break session importing */ |
2041 | | enum states { |
2042 | | NULL_STATE = 0, |
2043 | | |
2044 | | SERVER_HELLOVERIFYREQUEST_COMPLETE, |
2045 | | SERVER_HELLO_RETRY_REQUEST_COMPLETE, |
2046 | | SERVER_HELLO_COMPLETE, |
2047 | | SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, |
2048 | | SERVER_CERT_COMPLETE, |
2049 | | SERVER_CERT_VERIFY_COMPLETE, |
2050 | | SERVER_KEYEXCHANGE_COMPLETE, |
2051 | | SERVER_HELLODONE_COMPLETE, |
2052 | | SERVER_CHANGECIPHERSPEC_COMPLETE, |
2053 | | SERVER_FINISHED_COMPLETE, |
2054 | | |
2055 | | CLIENT_HELLO_RETRY, |
2056 | | CLIENT_HELLO_COMPLETE, |
2057 | | CLIENT_KEYEXCHANGE_COMPLETE, |
2058 | | CLIENT_CHANGECIPHERSPEC_COMPLETE, |
2059 | | CLIENT_FINISHED_COMPLETE, |
2060 | | |
2061 | | HANDSHAKE_DONE, |
2062 | | |
2063 | | #ifdef WOLFSSL_DTLS13 |
2064 | | SERVER_FINISHED_ACKED, |
2065 | | #endif /* WOLFSSL_DTLS13 */ |
2066 | | |
2067 | | }; |
2068 | | |
2069 | | /* SSL Version */ |
2070 | | typedef struct ProtocolVersion { |
2071 | | byte major; |
2072 | | byte minor; |
2073 | | } WOLFSSL_PACK ProtocolVersion; |
2074 | | |
2075 | | |
2076 | | WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); |
2077 | | WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); |
2078 | | WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); |
2079 | | WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); |
2080 | | WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); |
2081 | | |
2082 | | #ifdef WOLFSSL_DTLS |
2083 | | WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); |
2084 | | WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); |
2085 | | |
2086 | | #ifdef WOLFSSL_DTLS13 |
2087 | | WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_3(void); |
2088 | | #endif /* WOLFSSL_DTLS13 */ |
2089 | | |
2090 | | #endif |
2091 | | #ifdef WOLFSSL_SESSION_EXPORT |
2092 | | WOLFSSL_LOCAL int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, |
2093 | | word32* sz, int type); |
2094 | | WOLFSSL_LOCAL int wolfSSL_session_import_internal(WOLFSSL* ssl, const byte* buf, |
2095 | | word32 sz, int type); |
2096 | | #ifdef WOLFSSL_DTLS |
2097 | | WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, |
2098 | | byte* buf, word32 sz); |
2099 | | WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, |
2100 | | const byte* buf, word32 sz); |
2101 | | WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); |
2102 | | #endif |
2103 | | #endif |
2104 | | |
2105 | | struct WOLFSSL_BY_DIR_HASH { |
2106 | | unsigned long hash_value; |
2107 | | int last_suffix; |
2108 | | }; |
2109 | | |
2110 | | struct WOLFSSL_BY_DIR_entry { |
2111 | | char* dir_name; |
2112 | | int dir_type; |
2113 | | WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes; |
2114 | | }; |
2115 | | |
2116 | | struct WOLFSSL_BY_DIR { |
2117 | | WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry; |
2118 | | wolfSSL_Mutex lock; /* dir list lock */ |
2119 | | }; |
2120 | | |
2121 | | /* wolfSSL method type */ |
2122 | | struct WOLFSSL_METHOD { |
2123 | | ProtocolVersion version; |
2124 | | byte side; /* connection side, server or client */ |
2125 | | byte downgrade; /* whether to downgrade version, default no */ |
2126 | | }; |
2127 | | |
2128 | | /* wolfSSL buffer type - internal uses "buffer" type */ |
2129 | | typedef WOLFSSL_BUFFER_INFO buffer; |
2130 | | |
2131 | | typedef struct Suites Suites; |
2132 | | |
2133 | | /* Declare opaque struct for API to use */ |
2134 | | #ifndef WOLFSSL_CLIENT_SESSION_DEFINED |
2135 | | typedef struct ClientSession ClientSession; |
2136 | | #define WOLFSSL_CLIENT_SESSION_DEFINED |
2137 | | #endif |
2138 | | |
2139 | | /* defaults to client */ |
2140 | | WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv); |
2141 | | |
2142 | | WOLFSSL_LOCAL void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx); |
2143 | | WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl); |
2144 | | WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side); |
2145 | | |
2146 | | |
2147 | | WOLFSSL_LOCAL int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, |
2148 | | word32* inOutIdx, byte type, word32 size, word32 totalSz); |
2149 | | /* for sniffer */ |
2150 | | WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, |
2151 | | word32 size, word32 totalSz, int sniff); |
2152 | | #ifdef WOLFSSL_TLS13 |
2153 | | WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, |
2154 | | word32 size, word32 totalSz, int sniff); |
2155 | | #endif |
2156 | | #ifdef WOLFSSL_API_PREFIX_MAP |
2157 | | #define DoApplicationData wolfSSL_DoApplicationData |
2158 | | #endif |
2159 | | WOLFSSL_TEST_VIS int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, |
2160 | | int sniff); |
2161 | | /* TLS v1.3 needs these */ |
2162 | | WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, Suites* clSuites); |
2163 | | #ifdef WOLFSSL_TLS13 |
2164 | | WOLFSSL_LOCAL byte SuiteMac(const byte* suite); |
2165 | | #endif |
2166 | | WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, |
2167 | | word32 helloSz); |
2168 | | #ifdef WOLFSSL_TLS13 |
2169 | | WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, |
2170 | | word32* inOutIdx, word32 helloSz); |
2171 | | #endif |
2172 | | WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, |
2173 | | word32 helloSz); |
2174 | | WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); |
2175 | | WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); |
2176 | | WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, |
2177 | | word32 hashSigAlgoSz, int matchSuites); |
2178 | | #if defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_CHECK_PRIVATE_KEY) |
2179 | | WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* data, word32 length, |
2180 | | int hsType, int label, int id, |
2181 | | void* heap, int devId); |
2182 | | #endif |
2183 | | #ifdef WOLFSSL_BLIND_PRIVATE_KEY |
2184 | | WOLFSSL_LOCAL int wolfssl_priv_der_blind(WC_RNG* rng, DerBuffer* key, |
2185 | | DerBuffer** mask); |
2186 | | WOLFSSL_LOCAL void wolfssl_priv_der_blind_toggle(DerBuffer* key, |
2187 | | const DerBuffer* mask); |
2188 | | WOLFSSL_LOCAL WARN_UNUSED_RESULT DerBuffer *wolfssl_priv_der_unblind( |
2189 | | const DerBuffer* key, const DerBuffer* mask); |
2190 | | WOLFSSL_LOCAL void wolfssl_priv_der_unblind_free(DerBuffer* key); |
2191 | | #endif |
2192 | | WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word32* length); |
2193 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
2194 | | WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length); |
2195 | | #endif |
2196 | | #if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS) |
2197 | | WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); |
2198 | | #ifndef NO_ASN |
2199 | | WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); |
2200 | | #endif |
2201 | | #endif |
2202 | | WOLFSSL_LOCAL int CreateSigData(WOLFSSL* ssl, byte* sigData, word16* sigDataSz, |
2203 | | int check); |
2204 | | WOLFSSL_LOCAL int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz, |
2205 | | int sigAlgo, int hashAlgo); |
2206 | | #ifdef WOLFSSL_ASYNC_IO |
2207 | | WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync); |
2208 | | #endif |
2209 | | WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); |
2210 | | WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); |
2211 | | WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz); |
2212 | | WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, |
2213 | | const char* str, word32 strLen, |
2214 | | unsigned int flags); |
2215 | | #if !defined(NO_CERTS) && !defined(NO_ASN) |
2216 | | WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, |
2217 | | word32 domainLen, int* checkCN, |
2218 | | unsigned int flags, byte isIP); |
2219 | | WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc); |
2220 | | WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType); |
2221 | | #endif |
2222 | | WOLFSSL_LOCAL int SetupTicket(WOLFSSL* ssl); |
2223 | | WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); |
2224 | | WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* data, int sz); |
2225 | | WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, |
2226 | | int ivSz); |
2227 | | WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); |
2228 | | |
2229 | | #ifdef HAVE_SNI |
2230 | | #ifndef NO_WOLFSSL_SERVER |
2231 | | WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); |
2232 | | #endif |
2233 | | #endif |
2234 | | |
2235 | | #ifdef HAVE_ALPN |
2236 | | WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl); |
2237 | | #endif |
2238 | | |
2239 | | WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, |
2240 | | word16 sz, byte type); /* needed by sniffer */ |
2241 | | WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, |
2242 | | word16 sz); /* needed by sniffer */ |
2243 | | |
2244 | | #ifdef WOLFSSL_TLS13 |
2245 | | WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, |
2246 | | word16 sz, const byte* aad, word16 aadSz); |
2247 | | WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, |
2248 | | word32* inOutIdx, byte type, |
2249 | | word32 size, word32 totalSz); |
2250 | | WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, |
2251 | | word32* inOutIdx, word32 totalSz); |
2252 | | WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, |
2253 | | word32* inOutIdx, word32 helloSz, |
2254 | | byte* extMsgType); |
2255 | | WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl); |
2256 | | |
2257 | | WOLFSSL_LOCAL int Tls13DeriveKey(WOLFSSL *ssl, byte *output, int outputLen, |
2258 | | const byte *secret, const byte *label, word32 labelLen, int hashAlgo, |
2259 | | int includeMsgs, int side); |
2260 | | #endif |
2261 | | int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, |
2262 | | int pLen, int content); |
2263 | | |
2264 | | |
2265 | | enum { |
2266 | | FORCED_FREE = 1, |
2267 | | NO_FORCED_FREE = 0 |
2268 | | }; |
2269 | | |
2270 | | |
2271 | | /* only use compression extra if using compression */ |
2272 | | #ifdef HAVE_LIBZ |
2273 | | #define COMP_EXTRA MAX_COMP_EXTRA |
2274 | | #else |
2275 | 0 | #define COMP_EXTRA 0 |
2276 | | #endif |
2277 | | |
2278 | | /* only the sniffer needs space in the buffer for extra MTU record(s) */ |
2279 | | #ifdef WOLFSSL_SNIFFER |
2280 | | #define MTU_EXTRA MAX_MTU * 3 |
2281 | | #else |
2282 | | #define MTU_EXTRA 0 |
2283 | | #endif |
2284 | | |
2285 | | |
2286 | | /* embedded callbacks require large static buffers, make sure on */ |
2287 | | #ifdef WOLFSSL_CALLBACKS |
2288 | | #undef LARGE_STATIC_BUFFERS |
2289 | | #define LARGE_STATIC_BUFFERS |
2290 | | #endif |
2291 | | |
2292 | | |
2293 | | /* determine maximum record size */ |
2294 | 0 | #define MAX_RECORD_SIZE 16384 /* 2^14, max size by standard */ |
2295 | | |
2296 | | #ifdef RECORD_SIZE |
2297 | | /* user supplied value */ |
2298 | | #if RECORD_SIZE < 128 || RECORD_SIZE > MAX_RECORD_SIZE |
2299 | | #error Invalid record size |
2300 | | #endif |
2301 | | #else |
2302 | | /* give user option to use 16K static buffers */ |
2303 | | #if defined(LARGE_STATIC_BUFFERS) |
2304 | | #define RECORD_SIZE MAX_RECORD_SIZE |
2305 | | #else |
2306 | | #ifdef WOLFSSL_DTLS |
2307 | | #define RECORD_SIZE MAX_MTU |
2308 | | #else |
2309 | | #define RECORD_SIZE 128 |
2310 | | #endif |
2311 | | #endif |
2312 | | #endif |
2313 | | |
2314 | | |
2315 | | /* user option to turn off 16K output option */ |
2316 | | /* if using small static buffers (default) and SSL_write tries to write data |
2317 | | larger than the record we have, dynamically get it, unless user says only |
2318 | | write in static buffer chunks */ |
2319 | | #ifndef STATIC_CHUNKS_ONLY |
2320 | 0 | #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE |
2321 | | #else |
2322 | | #define OUTPUT_RECORD_SIZE RECORD_SIZE |
2323 | | #endif |
2324 | | |
2325 | | /* wolfSSL input buffer |
2326 | | |
2327 | | RFC 2246: |
2328 | | |
2329 | | length |
2330 | | The length (in bytes) of the following TLSPlaintext.fragment. |
2331 | | The length should not exceed 2^14. |
2332 | | */ |
2333 | | #ifdef STATIC_BUFFER_LEN |
2334 | | /* user supplied option */ |
2335 | | #if STATIC_BUFFER_LEN < 5 || STATIC_BUFFER_LEN > (RECORD_HEADER_SZ + \ |
2336 | | RECORD_SIZE + COMP_EXTRA + MTU_EXTRA + MAX_MSG_EXTRA)) |
2337 | | #error Invalid static buffer length |
2338 | | #endif |
2339 | | #elif defined(LARGE_STATIC_BUFFERS) |
2340 | | #define STATIC_BUFFER_LEN (RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ |
2341 | | MTU_EXTRA + MAX_MSG_EXTRA) |
2342 | | #else |
2343 | | /* don't fragment memory from the record header */ |
2344 | 367k | #define STATIC_BUFFER_LEN RECORD_HEADER_SZ |
2345 | | #endif |
2346 | | |
2347 | | typedef struct { |
2348 | | ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; |
2349 | | byte* buffer; /* place holder for static or dynamic buffer */ |
2350 | | word32 length; /* total buffer length used */ |
2351 | | word32 idx; /* idx to part of length already consumed */ |
2352 | | word32 bufferSize; /* current buffer size */ |
2353 | | byte dynamicFlag; /* dynamic memory currently in use */ |
2354 | | byte offset; /* alignment offset attempt */ |
2355 | | } bufferStatic; |
2356 | | |
2357 | | /* Cipher Suites holder */ |
2358 | | struct Suites { |
2359 | | word16 suiteSz; /* suite length in bytes */ |
2360 | | word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ |
2361 | | byte suites[WOLFSSL_MAX_SUITE_SZ]; |
2362 | | byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */ |
2363 | | byte setSuites:1; /* user set suites from default */ |
2364 | | }; |
2365 | | |
2366 | | typedef struct CipherSuite { |
2367 | | byte cipherSuite0; |
2368 | | byte cipherSuite; |
2369 | | word32 ecdhCurveOID; |
2370 | | struct KeyShareEntry* clientKSE; |
2371 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) |
2372 | | int doHelloRetry; |
2373 | | #endif |
2374 | | } CipherSuite; |
2375 | | |
2376 | | #ifdef WOLFSSL_API_PREFIX_MAP |
2377 | | #define InitSuitesHashSigAlgo wolfSSL_InitSuitesHashSigAlgo |
2378 | | #endif |
2379 | | WOLFSSL_TEST_VIS void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have, |
2380 | | int tls1_2, int keySz, word16* len); |
2381 | | WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx); |
2382 | | WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl); |
2383 | | WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, |
2384 | | word16 haveRSA, word16 havePSK, word16 haveDH, |
2385 | | word16 haveECDSAsig, word16 haveECC, |
2386 | | word16 haveStaticRSA, word16 haveStaticECC, |
2387 | | word16 haveAnon, word16 haveNull, |
2388 | | word16 haveAES128, word16 haveSHA1, |
2389 | | word16 haveRC4, int side); |
2390 | | |
2391 | | void refineSuites(const Suites* sslSuites, const Suites* peerSuites, |
2392 | | Suites* outSuites, byte useClientOrder); |
2393 | | void sslRefineSuites(WOLFSSL* ssl, Suites* peerSuites); |
2394 | | |
2395 | | typedef struct TLSX TLSX; |
2396 | | WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites, |
2397 | | CipherSuite* cs, TLSX* extensions); |
2398 | | WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); |
2399 | | WOLFSSL_LOCAL int SetCipherList_ex(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl, |
2400 | | Suites* suites, const char* list); |
2401 | | WOLFSSL_LOCAL int SetCipherList(const WOLFSSL_CTX* ctx, Suites* suites, |
2402 | | const char* list); |
2403 | | WOLFSSL_LOCAL int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, |
2404 | | const byte* list, const int listSz); |
2405 | | WOLFSSL_LOCAL int SetSuitesHashSigAlgo(Suites* suites, const char* list); |
2406 | | |
2407 | | #ifndef PSK_TYPES_DEFINED |
2408 | | typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, |
2409 | | unsigned int, unsigned char*, unsigned int); |
2410 | | typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, |
2411 | | unsigned char*, unsigned int); |
2412 | | #ifdef WOLFSSL_TLS13 |
2413 | | typedef unsigned int (*wc_psk_client_cs_callback)(WOLFSSL*, const char*, |
2414 | | char*, unsigned int, unsigned char*, unsigned int, |
2415 | | const char* cipherName); |
2416 | | typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*, |
2417 | | char*, unsigned int, unsigned char*, unsigned int, |
2418 | | const char** cipherName); |
2419 | | typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*, |
2420 | | unsigned char*, unsigned int, |
2421 | | const char** cipherName); |
2422 | | #endif |
2423 | | #endif /* PSK_TYPES_DEFINED */ |
2424 | | #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ |
2425 | | !defined(WOLFSSL_DTLS_EXPORT_TYPES) |
2426 | | typedef int (*wc_dtls_export)(WOLFSSL* ssl, |
2427 | | |
2428 | | #define WOLFSSL_DTLS_EXPORT_TYPES |
2429 | | #endif /* WOLFSSL_DTLS_EXPORT_TYPES */ |
2430 | | |
2431 | | |
2432 | | #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) |
2433 | | #define MAX_DESCRIPTION_SZ 255 |
2434 | | #endif |
2435 | | struct WOLFSSL_CIPHER { |
2436 | | byte cipherSuite0; |
2437 | | byte cipherSuite; |
2438 | | const WOLFSSL* ssl; |
2439 | | #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) |
2440 | | char description[MAX_DESCRIPTION_SZ]; |
2441 | | unsigned long offset; |
2442 | | unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */ |
2443 | | int bits; |
2444 | | #endif |
2445 | | }; |
2446 | | |
2447 | | |
2448 | | #ifdef NO_ASN |
2449 | | /* no_asn won't have */ |
2450 | | typedef struct CertStatus CertStatus; |
2451 | | #endif |
2452 | | |
2453 | | #ifndef HAVE_OCSP |
2454 | | typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; |
2455 | | #endif |
2456 | | |
2457 | | /* wolfSSL OCSP controller */ |
2458 | | #ifdef HAVE_OCSP |
2459 | | struct WOLFSSL_OCSP { |
2460 | | WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ |
2461 | | OcspEntry* ocspList; /* OCSP response list */ |
2462 | | wolfSSL_Mutex ocspLock; /* OCSP list lock */ |
2463 | | int error; |
2464 | | int(*statusCb)(WOLFSSL*, void*); |
2465 | | void* statusCbArg; |
2466 | | }; |
2467 | | #endif |
2468 | | |
2469 | | #ifndef MAX_DATE_SIZE |
2470 | 16.5k | #define MAX_DATE_SIZE 32 |
2471 | | #endif |
2472 | | |
2473 | | typedef struct CRL_Entry CRL_Entry; |
2474 | | |
2475 | | #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) |
2476 | | #define CRL_DIGEST_SIZE WC_SM3_DIGEST_SIZE |
2477 | | #elif defined(NO_SHA) |
2478 | | #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE |
2479 | | #else |
2480 | | #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE |
2481 | | #endif |
2482 | | |
2483 | | #ifdef NO_ASN |
2484 | | typedef struct RevokedCert RevokedCert; |
2485 | | #endif |
2486 | | #ifdef CRL_STATIC_REVOKED_LIST |
2487 | | #ifndef CRL_MAX_REVOKED_CERTS |
2488 | | #define CRL_MAX_REVOKED_CERTS 4 |
2489 | | #elif CRL_MAX_REVOKED_CERTS > 22000 |
2490 | | #error CRL_MAX_REVOKED_CERTS too big, max is 22000 |
2491 | | #endif |
2492 | | #endif |
2493 | | |
2494 | | #ifdef HAVE_CRL |
2495 | | /* Complete CRL */ |
2496 | | struct CRL_Entry { |
2497 | | byte* toBeSigned; |
2498 | | byte* signature; |
2499 | | #if defined(OPENSSL_EXTRA) |
2500 | | WOLFSSL_X509_NAME* issuer; /* X509_NAME type issuer */ |
2501 | | #endif |
2502 | | CRL_Entry* next; /* next entry */ |
2503 | | wolfSSL_Mutex verifyMutex; |
2504 | | /* DupCRL_Entry copies data after the `verifyMutex` member. Using the mutex |
2505 | | * as the marker because clang-tidy doesn't like taking the sizeof a |
2506 | | * pointer. */ |
2507 | | byte crlNumber[CRL_MAX_NUM_SZ]; /* CRL number extension */ |
2508 | | byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ |
2509 | | /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ |
2510 | | /* restore the hash here if needed for optimized comparisons */ |
2511 | | byte lastDate[MAX_DATE_SIZE]; /* last date updated */ |
2512 | | byte nextDate[MAX_DATE_SIZE]; /* next update date */ |
2513 | | byte lastDateFormat; /* last date format */ |
2514 | | byte nextDateFormat; /* next date format */ |
2515 | | #if defined(OPENSSL_EXTRA) |
2516 | | WOLFSSL_ASN1_TIME lastDateAsn1; /* last date updated */ |
2517 | | WOLFSSL_ASN1_TIME nextDateAsn1; /* next update date */ |
2518 | | #endif |
2519 | | #ifdef CRL_STATIC_REVOKED_LIST |
2520 | | RevokedCert certs[CRL_MAX_REVOKED_CERTS]; |
2521 | | #else |
2522 | | RevokedCert* certs; /* revoked cert list */ |
2523 | | #endif |
2524 | | int totalCerts; /* number on list */ |
2525 | | int version; /* version of certificate */ |
2526 | | int verified; |
2527 | | word32 tbsSz; |
2528 | | word32 signatureSz; |
2529 | | word32 signatureOID; |
2530 | | #ifdef WC_RSA_PSS |
2531 | | word32 sigParamsSz; /* length of signature parameters */ |
2532 | | byte* sigParams; /* buffer with signature parameters */ |
2533 | | #endif |
2534 | | #if !defined(NO_SKID) && !defined(NO_ASN) |
2535 | | byte extAuthKeyId[KEYID_SIZE]; |
2536 | | byte extAuthKeyIdSet:1; /* Auth key identifier set indicator */ |
2537 | | #endif |
2538 | | byte crlNumberSet:1; /* CRL number set indicator */ |
2539 | | }; |
2540 | | |
2541 | | |
2542 | | #ifdef HAVE_CRL_MONITOR |
2543 | | typedef struct CRL_Monitor CRL_Monitor; |
2544 | | |
2545 | | /* CRL directory monitor */ |
2546 | | struct CRL_Monitor { |
2547 | | char* path; /* full dir path, if valid pointer we're using */ |
2548 | | int type; /* PEM or ASN1 type */ |
2549 | | }; |
2550 | | |
2551 | | |
2552 | | #if defined(HAVE_CRL) && defined(NO_FILESYSTEM) |
2553 | | #undef HAVE_CRL_MONITOR |
2554 | | #endif |
2555 | | |
2556 | | /* PEM and DER possible */ |
2557 | | #define WOLFSSL_CRL_MONITORS_LEN (2) |
2558 | | |
2559 | | #if defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__) |
2560 | | typedef int wolfSSL_CRL_mfd_t; /* monitor fd, -1 if no init yet */ |
2561 | | /* mfd for bsd is kqueue fd, eventfd for linux */ |
2562 | | #define WOLFSSL_CRL_MFD_INIT_VAL (-1) |
2563 | | #elif defined(_MSC_VER) |
2564 | | typedef HANDLE wolfSSL_CRL_mfd_t; /* monitor fd, INVALID_HANDLE_VALUE if |
2565 | | * no init yet */ |
2566 | | #define WOLFSSL_CRL_MFD_INIT_VAL (INVALID_HANDLE_VALUE) |
2567 | | #endif |
2568 | | #endif |
2569 | | |
2570 | | /* wolfSSL CRL controller */ |
2571 | | struct WOLFSSL_CRL { |
2572 | | WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ |
2573 | | CRL_Entry* currentEntry; /* Current CRL entry being processed */ |
2574 | | CRL_Entry* crlList; /* our CRL list */ |
2575 | | #ifdef HAVE_CRL_IO |
2576 | | CbCrlIO crlIOCb; |
2577 | | #endif |
2578 | | wolfSSL_RwLock crlLock; /* CRL list lock */ |
2579 | | #ifdef HAVE_CRL_MONITOR |
2580 | | CRL_Monitor monitors[WOLFSSL_CRL_MONITORS_LEN]; |
2581 | | COND_TYPE cond; /* condition to signal setup */ |
2582 | | THREAD_TYPE tid; /* monitoring thread */ |
2583 | | wolfSSL_CRL_mfd_t mfd; |
2584 | | int setup; /* thread is setup predicate */ |
2585 | | #endif |
2586 | | #ifdef OPENSSL_ALL |
2587 | | wolfSSL_Ref ref; |
2588 | | #endif |
2589 | | void* heap; /* heap hint for dynamic memory */ |
2590 | | }; |
2591 | | #endif |
2592 | | |
2593 | | |
2594 | | #ifdef NO_ASN |
2595 | | typedef struct Signer Signer; |
2596 | | #ifdef WOLFSSL_TRUST_PEER_CERT |
2597 | | typedef struct TrustedPeerCert TrustedPeerCert; |
2598 | | #endif |
2599 | | #endif |
2600 | | |
2601 | | |
2602 | | #ifndef CA_TABLE_SIZE |
2603 | 94.4k | #define CA_TABLE_SIZE 11 |
2604 | | #endif |
2605 | | #ifdef WOLFSSL_TRUST_PEER_CERT |
2606 | | #define TP_TABLE_SIZE 11 |
2607 | | #endif |
2608 | | |
2609 | | /* wolfSSL Certificate Manager */ |
2610 | | struct WOLFSSL_CERT_MANAGER { |
2611 | | Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ |
2612 | | void* heap; /* heap helper */ |
2613 | | #ifdef WOLFSSL_TRUST_PEER_CERT |
2614 | | TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */ |
2615 | | wolfSSL_Mutex tpLock; /* trusted peer list lock */ |
2616 | | #endif |
2617 | | WOLFSSL_CRL* crl; /* CRL checker */ |
2618 | | WOLFSSL_OCSP* ocsp; /* OCSP checker */ |
2619 | | #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
2620 | | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) |
2621 | | WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ |
2622 | | #endif |
2623 | | char* ocspOverrideURL; /* use this responder */ |
2624 | | void* ocspIOCtx; /* I/O callback CTX */ |
2625 | | #ifndef NO_WOLFSSL_CM_VERIFY |
2626 | | VerifyCallback verifyCallback; /* Verify callback */ |
2627 | | #endif |
2628 | | CallbackCACache caCacheCallback; /* CA cache addition callback */ |
2629 | | CbMissingCRL cbMissingCRL; /* notify thru cb of missing crl */ |
2630 | | crlErrorCb crlCb; /* Allow user to override error */ |
2631 | | void* crlCbCtx; |
2632 | | CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ |
2633 | | CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ |
2634 | | wolfSSL_Mutex caLock; /* CA list lock */ |
2635 | | byte crlEnabled:1; /* is CRL on ? */ |
2636 | | byte crlCheckAll:1; /* always leaf, but all ? */ |
2637 | | byte ocspEnabled:1; /* is OCSP on ? */ |
2638 | | byte ocspCheckAll:1; /* always leaf, but all ? */ |
2639 | | byte ocspSendNonce:1; /* send the OCSP nonce ? */ |
2640 | | byte ocspUseOverrideURL:1; /* ignore cert responder, override */ |
2641 | | byte ocspStaplingEnabled:1; /* is OCSP Stapling on ? */ |
2642 | | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
2643 | | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
2644 | | byte ocspMustStaple:1; /* server must respond with staple */ |
2645 | | #endif |
2646 | | |
2647 | | #ifndef NO_RSA |
2648 | | short minRsaKeySz; /* minimum allowed RSA key size */ |
2649 | | #endif |
2650 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) |
2651 | | short minEccKeySz; /* minimum allowed ECC key size */ |
2652 | | #endif |
2653 | | #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) |
2654 | | WOLFSSL_X509_STORE *x509_store_p; /* a pointer back to CTX x509 store */ |
2655 | | /* CTX has ownership and free this */ |
2656 | | /* with CTX free. */ |
2657 | | #endif |
2658 | | wolfSSL_Ref ref; |
2659 | | #ifdef HAVE_FALCON |
2660 | | short minFalconKeySz; /* minimum allowed Falcon key size */ |
2661 | | #endif |
2662 | | #ifdef HAVE_DILITHIUM |
2663 | | short minDilithiumKeySz; /* minimum allowed Dilithium key size */ |
2664 | | #endif |
2665 | | #ifdef WC_ASN_UNKNOWN_EXT_CB |
2666 | | wc_UnknownExtCallback unknownExtCallback; |
2667 | | #endif |
2668 | | #ifdef HAVE_CRL_UPDATE_CB |
2669 | | CbUpdateCRL cbUpdateCRL; /* notify thru cb that crl has updated */ |
2670 | | #endif |
2671 | | }; |
2672 | | |
2673 | | WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, |
2674 | | const char* fname); |
2675 | | WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, |
2676 | | const char* fname); |
2677 | | WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, |
2678 | | int sz, int* used); |
2679 | | WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, |
2680 | | const void* mem, int sz); |
2681 | | WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm); |
2682 | | WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff, |
2683 | | long sz, int format, int prev_err); |
2684 | | |
2685 | | |
2686 | | #ifndef NO_CERTS |
2687 | | #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) |
2688 | | typedef struct ProcPeerCertArgs { |
2689 | | buffer* certs; |
2690 | | #ifdef WOLFSSL_TLS13 |
2691 | | buffer* exts; /* extensions */ |
2692 | | #endif |
2693 | | #ifndef NO_ASN |
2694 | | DecodedCert* dCert; |
2695 | | #endif |
2696 | | word32 idx; |
2697 | | word32 begin; |
2698 | | int totalCerts; /* number of certs in certs buffer */ |
2699 | | int count; |
2700 | | int certIdx; |
2701 | | int lastErr; |
2702 | | int leafVerifyErr; |
2703 | | #ifdef WOLFSSL_TLS13 |
2704 | | byte ctxSz; |
2705 | | #endif |
2706 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
2707 | | char untrustedDepth; |
2708 | | #endif |
2709 | | word16 fatal:1; |
2710 | | word16 verifyErr:1; |
2711 | | word16 dCertInit:1; |
2712 | | #ifdef WOLFSSL_TRUST_PEER_CERT |
2713 | | word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */ |
2714 | | #endif |
2715 | | } ProcPeerCertArgs; |
2716 | | WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, |
2717 | | int cert_err, ProcPeerCertArgs* args); |
2718 | | WOLFSSL_LOCAL void DoCrlCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, |
2719 | | ProcPeerCertArgs* args, int* outRet); |
2720 | | |
2721 | | WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, |
2722 | | WOLFSSL* ssl, WOLFSSL_CERT_MANAGER* cm, ProcPeerCertArgs* args, |
2723 | | int cert_err, void* heap, int* x509Free); |
2724 | | WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store, |
2725 | | WOLFSSL* ssl, void* heap, int x509Free); |
2726 | | #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ |
2727 | | WOLFSSL_LOCAL int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, |
2728 | | byte *buf, word32 bufLen, int type); |
2729 | | #endif /* !defined NO_CERTS */ |
2730 | | |
2731 | | /* wolfSSL Sock Addr */ |
2732 | | struct WOLFSSL_SOCKADDR { |
2733 | | unsigned int sz; /* sockaddr size */ |
2734 | | unsigned int bufSz; /* size of allocated buffer */ |
2735 | | void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ |
2736 | | }; |
2737 | | |
2738 | | #ifdef WOLFSSL_DTLS |
2739 | | typedef struct WOLFSSL_DTLS_CTX { |
2740 | | #ifdef WOLFSSL_RW_THREADED |
2741 | | /* Protect peer access after the handshake */ |
2742 | | wolfSSL_RwLock peerLock; |
2743 | | #endif |
2744 | | WOLFSSL_SOCKADDR peer; |
2745 | | #ifdef WOLFSSL_DTLS_CID |
2746 | | WOLFSSL_SOCKADDR pendingPeer; /* When using CID's, we don't want to update |
2747 | | * the peer's address until we successfully |
2748 | | * de-protect the record. */ |
2749 | | #endif |
2750 | | int rfd; |
2751 | | int wfd; |
2752 | | WolfSSLRecvFrom recvfrom; |
2753 | | WolfSSLSento sendto; |
2754 | | byte userSet:1; |
2755 | | byte connected:1; /* When set indicates rfd and wfd sockets are |
2756 | | * connected (connect() and bind() both called). |
2757 | | * This means that sendto and recvfrom do not need to |
2758 | | * specify and store the peer address. */ |
2759 | | #ifdef WOLFSSL_DTLS_CID |
2760 | | byte processingPendingRecord:1; |
2761 | | #endif |
2762 | | } WOLFSSL_DTLS_CTX; |
2763 | | #endif |
2764 | | |
2765 | | |
2766 | | typedef struct WOLFSSL_DTLS_PEERSEQ { |
2767 | | word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; |
2768 | | /* Sliding window for current epoch */ |
2769 | | word16 nextEpoch; /* Expected epoch in next record */ |
2770 | | word16 nextSeq_hi; /* Expected sequence in next record */ |
2771 | | word32 nextSeq_lo; |
2772 | | |
2773 | | word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS]; |
2774 | | /* Sliding window for old epoch */ |
2775 | | word32 prevSeq_lo; |
2776 | | word16 prevSeq_hi; /* Next sequence in allowed old epoch */ |
2777 | | |
2778 | | #ifdef WOLFSSL_MULTICAST |
2779 | | word16 peerId; |
2780 | | word32 highwaterMark; |
2781 | | #endif |
2782 | | } WOLFSSL_DTLS_PEERSEQ; |
2783 | | |
2784 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
2785 | | struct WOLFSSL_BIO { |
2786 | | WOLFSSL_BUF_MEM* mem_buf; |
2787 | | WOLFSSL_BIO_METHOD* method; |
2788 | | WOLFSSL_BIO* prev; /* previous in chain */ |
2789 | | WOLFSSL_BIO* next; /* next in chain */ |
2790 | | WOLFSSL_BIO* pair; /* BIO paired with */ |
2791 | | void* heap; /* user heap hint */ |
2792 | | union { |
2793 | | byte* mem_buf_data; |
2794 | | #ifndef WOLFCRYPT_ONLY |
2795 | | WOLFSSL* ssl; |
2796 | | WOLFSSL_EVP_MD_CTX* md_ctx; |
2797 | | #endif |
2798 | | #ifndef NO_FILESYSTEM |
2799 | | XFILE fh; |
2800 | | #endif |
2801 | | } ptr; |
2802 | | void* usrCtx; /* user set pointer */ |
2803 | | char* ip; /* IP address for wolfIO_TcpConnect */ |
2804 | | word16 port; /* Port for wolfIO_TcpConnect */ |
2805 | | char* infoArg; /* BIO callback argument */ |
2806 | | wolf_bio_info_cb infoCb; /* BIO callback */ |
2807 | | int wrSz; /* write buffer size (mem) */ |
2808 | | int wrSzReset; /* First buffer size (mem) - read ONLY data */ |
2809 | | int wrIdx; /* current index for write buffer */ |
2810 | | int rdIdx; /* current read index */ |
2811 | | int readRq; /* read request */ |
2812 | | union { |
2813 | | SOCKET_T fd; |
2814 | | size_t length; |
2815 | | } num; |
2816 | | int eof; /* eof flag */ |
2817 | | int flags; |
2818 | | byte type; /* method type */ |
2819 | | byte init:1; /* bio has been initialized */ |
2820 | | byte shutdown:1; /* close flag */ |
2821 | | byte connected:1; /* connected state, for datagram BIOs -- as for |
2822 | | * struct WOLFSSL_DTLS_CTX, when set, sendto and |
2823 | | * recvfrom leave the peer_addr unchanged. */ |
2824 | | #ifdef WOLFSSL_HAVE_BIO_ADDR |
2825 | | union WOLFSSL_BIO_ADDR peer_addr; /* for datagram BIOs, the socket address stored |
2826 | | * with BIO_CTRL_DGRAM_CONNECT, |
2827 | | * BIO_CTRL_DGRAM_SET_CONNECTED, or |
2828 | | * BIO_CTRL_DGRAM_SET_PEER, or stored when a |
2829 | | * packet was received on an unconnected BIO. */ |
2830 | | #endif |
2831 | | |
2832 | | #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) |
2833 | | #define WOLFSSL_BIO_HAVE_FLOW_STATS |
2834 | | word64 bytes_read; |
2835 | | word64 bytes_written; |
2836 | | #endif |
2837 | | |
2838 | | #ifdef HAVE_EX_DATA |
2839 | | WOLFSSL_CRYPTO_EX_DATA ex_data; |
2840 | | #endif |
2841 | | #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) |
2842 | | wolfSSL_Ref ref; |
2843 | | #endif |
2844 | | }; |
2845 | | #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ |
2846 | | |
2847 | | #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) |
2848 | | WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr); |
2849 | | #endif |
2850 | | |
2851 | | #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ |
2852 | | |
2853 | | /* keys and secrets |
2854 | | * keep as a constant size (no additional ifdefs) for session export */ |
2855 | | typedef struct Keys { |
2856 | | #if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13) |
2857 | | byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */ |
2858 | | byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE]; |
2859 | | #endif |
2860 | | byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */ |
2861 | | byte server_write_key[MAX_SYM_KEY_SIZE]; |
2862 | | byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ |
2863 | | byte server_write_IV[MAX_WRITE_IV_SZ]; |
2864 | | #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT) |
2865 | | byte aead_exp_IV[AEAD_MAX_EXP_SZ]; |
2866 | | byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; |
2867 | | byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; |
2868 | | #endif |
2869 | | |
2870 | | #ifdef WOLFSSL_DTLS13 |
2871 | | byte client_sn_key[MAX_SYM_KEY_SIZE]; |
2872 | | byte server_sn_key[MAX_SYM_KEY_SIZE]; |
2873 | | #endif /* WOLFSSL_DTLS13 */ |
2874 | | |
2875 | | word32 peer_sequence_number_hi; |
2876 | | word32 peer_sequence_number_lo; |
2877 | | word32 sequence_number_hi; |
2878 | | word32 sequence_number_lo; |
2879 | | |
2880 | | #ifdef WOLFSSL_DTLS |
2881 | | word16 curEpoch; /* Received epoch in current record */ |
2882 | | word16 curSeq_hi; /* Received sequence in current record */ |
2883 | | word32 curSeq_lo; |
2884 | | |
2885 | | #ifdef WOLFSSL_DTLS13 |
2886 | | w64wrapper curEpoch64; /* Received epoch in current record */ |
2887 | | w64wrapper curSeq; |
2888 | | #endif /* WOLFSSL_DTLS13 */ |
2889 | | |
2890 | | #ifdef WOLFSSL_MULTICAST |
2891 | | byte curPeerId; /* Received peer group ID in current record */ |
2892 | | #endif |
2893 | | WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ]; |
2894 | | |
2895 | | word16 dtls_peer_handshake_number; |
2896 | | word16 dtls_expected_peer_handshake_number; |
2897 | | |
2898 | | word16 dtls_epoch; /* Current epoch */ |
2899 | | word16 dtls_sequence_number_hi; /* Current epoch */ |
2900 | | word32 dtls_sequence_number_lo; |
2901 | | word16 dtls_prev_sequence_number_hi; /* Previous epoch */ |
2902 | | word32 dtls_prev_sequence_number_lo; |
2903 | | word16 dtls_handshake_number; /* Current tx handshake seq */ |
2904 | | #endif |
2905 | | |
2906 | | word32 encryptSz; /* last size of encrypted data */ |
2907 | | word32 padSz; /* how much to advance after decrypt part */ |
2908 | | byte encryptionOn; /* true after change cipher spec */ |
2909 | | byte decryptedCur; /* only decrypt current record once */ |
2910 | | #ifdef WOLFSSL_TLS13 |
2911 | | byte updateResponseReq; /* KeyUpdate response from peer required. */ |
2912 | | byte keyUpdateRespond; /* KeyUpdate is to be responded to. */ |
2913 | | #endif |
2914 | | #ifdef WOLFSSL_RENESAS_TSIP_TLS |
2915 | | |
2916 | | tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret; |
2917 | | tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret; |
2918 | | |
2919 | | #endif |
2920 | | #ifdef WOLFSSL_RENESAS_FSPSM_TLS |
2921 | | FSPSM_HMAC_WKEY fspsm_client_write_MAC_secret; |
2922 | | FSPSM_HMAC_WKEY fspsm_server_write_MAC_secret; |
2923 | | #endif |
2924 | | } Keys; |
2925 | | |
2926 | | /* Forward declare opaque pointer to make available for func def */ |
2927 | | typedef struct Options Options; |
2928 | | |
2929 | | |
2930 | | /** TLS Extensions - RFC 6066 */ |
2931 | | #ifdef HAVE_TLS_EXTENSIONS |
2932 | | |
2933 | 779 | #define TLSXT_SERVER_NAME 0x0000 /* a.k.a. SNI */ |
2934 | 220 | #define TLSXT_MAX_FRAGMENT_LENGTH 0x0001 |
2935 | 77 | #define TLSXT_TRUSTED_CA_KEYS 0x0003 |
2936 | 315 | #define TLSXT_TRUNCATED_HMAC 0x0004 |
2937 | 2.89k | #define TLSXT_STATUS_REQUEST 0x0005 /* a.k.a. OCSP stapling */ |
2938 | 8.62k | #define TLSXT_SUPPORTED_GROUPS 0x000a /* a.k.a. Supported Curves */ |
2939 | 1.94k | #define TLSXT_EC_POINT_FORMATS 0x000b |
2940 | 5.53k | #define TLSXT_SIGNATURE_ALGORITHMS 0x000d /* HELLO_EXT_SIG_ALGO */ |
2941 | 149 | #define TLSXT_USE_SRTP 0x000e /* 14 */ |
2942 | 285 | #define TLSXT_APPLICATION_LAYER_PROTOCOL 0x0010 /* a.k.a. ALPN */ |
2943 | 172 | #define TLSXT_STATUS_REQUEST_V2 0x0011 /* a.k.a. OCSP stapling v2 */ |
2944 | 128 | #define TLSXT_CLIENT_CERTIFICATE 0x0013 /* RFC8446 */ |
2945 | 87 | #define TLSXT_SERVER_CERTIFICATE 0x0014 /* RFC8446 */ |
2946 | 2.45k | #define TLSXT_ENCRYPT_THEN_MAC 0x0016 /* RFC 7366 */ |
2947 | | #define TLSXT_EXTENDED_MASTER_SECRET 0x0017 /* HELLO_EXT_EXTMS */ |
2948 | 966 | #define TLSXT_SESSION_TICKET 0x0023 |
2949 | 1.57k | #define TLSXT_PRE_SHARED_KEY 0x0029 |
2950 | 3.38k | #define TLSXT_EARLY_DATA 0x002a |
2951 | | #define TLSXT_SUPPORTED_VERSIONS 0x002b |
2952 | 126 | #define TLSXT_COOKIE 0x002c |
2953 | 1.48k | #define TLSXT_PSK_KEY_EXCHANGE_MODES 0x002d |
2954 | 246 | #define TLSXT_CERTIFICATE_AUTHORITIES 0x002f |
2955 | 141 | #define TLSXT_POST_HANDSHAKE_AUTH 0x0031 |
2956 | 216 | #define TLSXT_SIGNATURE_ALGORITHMS_CERT 0x0032 |
2957 | 4.63k | #define TLSXT_KEY_SHARE 0x0033 |
2958 | 88 | #define TLSXT_CONNECTION_ID 0x0036 |
2959 | | #define TLSXT_KEY_QUIC_TP_PARAMS 0x0039 /* RFC 9001, ch. 8.2 */ |
2960 | 29 | #define TLSXT_ECH 0xfe0d /* from */ |
2961 | | /* draft-ietf-tls-esni-13 */ |
2962 | | /* The 0xFF section is experimental/custom/personal use */ |
2963 | | #define TLSXT_CKS 0xff92 /* X9.146 */ |
2964 | 362 | #define TLSXT_RENEGOTIATION_INFO 0xff01 |
2965 | 14 | #define TLSXT_KEY_QUIC_TP_PARAMS_DRAFT 0xffa5 /* from */ |
2966 | | /* draft-ietf-quic-tls-27 */ |
2967 | | |
2968 | | typedef enum { |
2969 | | #ifdef HAVE_SNI |
2970 | | TLSX_SERVER_NAME = TLSXT_SERVER_NAME, |
2971 | | #endif |
2972 | | TLSX_MAX_FRAGMENT_LENGTH = TLSXT_MAX_FRAGMENT_LENGTH, |
2973 | | TLSX_TRUSTED_CA_KEYS = TLSXT_TRUSTED_CA_KEYS, |
2974 | | TLSX_TRUNCATED_HMAC = TLSXT_TRUNCATED_HMAC, |
2975 | | TLSX_STATUS_REQUEST = TLSXT_STATUS_REQUEST, |
2976 | | TLSX_SUPPORTED_GROUPS = TLSXT_SUPPORTED_GROUPS, |
2977 | | TLSX_EC_POINT_FORMATS = TLSXT_EC_POINT_FORMATS, |
2978 | | #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) |
2979 | | TLSX_SIGNATURE_ALGORITHMS = TLSXT_SIGNATURE_ALGORITHMS, |
2980 | | #endif |
2981 | | #ifdef WOLFSSL_SRTP |
2982 | | TLSX_USE_SRTP = TLSXT_USE_SRTP, |
2983 | | #endif |
2984 | | TLSX_APPLICATION_LAYER_PROTOCOL = TLSXT_APPLICATION_LAYER_PROTOCOL, |
2985 | | TLSX_STATUS_REQUEST_V2 = TLSXT_STATUS_REQUEST_V2, |
2986 | | #ifdef HAVE_RPK |
2987 | | TLSX_CLIENT_CERTIFICATE_TYPE = TLSXT_CLIENT_CERTIFICATE, |
2988 | | TLSX_SERVER_CERTIFICATE_TYPE = TLSXT_SERVER_CERTIFICATE, |
2989 | | #endif |
2990 | | #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) |
2991 | | TLSX_ENCRYPT_THEN_MAC = TLSXT_ENCRYPT_THEN_MAC, |
2992 | | #endif |
2993 | | TLSX_EXTENDED_MASTER_SECRET = TLSXT_EXTENDED_MASTER_SECRET, |
2994 | | TLSX_SESSION_TICKET = TLSXT_SESSION_TICKET, |
2995 | | #ifdef WOLFSSL_TLS13 |
2996 | | #ifdef WOLFSSL_EARLY_DATA |
2997 | | TLSX_EARLY_DATA = TLSXT_EARLY_DATA, |
2998 | | #endif |
2999 | | TLSX_SUPPORTED_VERSIONS = TLSXT_SUPPORTED_VERSIONS, |
3000 | | #ifdef WOLFSSL_SEND_HRR_COOKIE |
3001 | | TLSX_COOKIE = TLSXT_COOKIE, |
3002 | | #endif |
3003 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
3004 | | TLSX_PSK_KEY_EXCHANGE_MODES = TLSXT_PSK_KEY_EXCHANGE_MODES, |
3005 | | #endif |
3006 | | #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) |
3007 | | TLSX_CERTIFICATE_AUTHORITIES = TLSXT_CERTIFICATE_AUTHORITIES, |
3008 | | #endif |
3009 | | #ifdef WOLFSSL_POST_HANDSHAKE_AUTH |
3010 | | TLSX_POST_HANDSHAKE_AUTH = TLSXT_POST_HANDSHAKE_AUTH, |
3011 | | #endif |
3012 | | #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) |
3013 | | TLSX_SIGNATURE_ALGORITHMS_CERT = TLSXT_SIGNATURE_ALGORITHMS_CERT, |
3014 | | #endif |
3015 | | #if defined(WOLFSSL_DTLS_CID) |
3016 | | TLSX_CONNECTION_ID = TLSXT_CONNECTION_ID, |
3017 | | #endif /* defined(WOLFSSL_DTLS_CID) */ |
3018 | | #ifdef WOLFSSL_QUIC |
3019 | | TLSX_KEY_QUIC_TP_PARAMS = TLSXT_KEY_QUIC_TP_PARAMS, |
3020 | | #endif |
3021 | | #ifdef HAVE_ECH |
3022 | | TLSX_ECH = TLSXT_ECH, |
3023 | | #endif |
3024 | | #endif |
3025 | | #if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) |
3026 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
3027 | | TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY, |
3028 | | #endif |
3029 | | TLSX_KEY_SHARE = TLSXT_KEY_SHARE, |
3030 | | #endif |
3031 | | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) |
3032 | | TLSX_CKS = TLSXT_CKS, |
3033 | | #endif |
3034 | | TLSX_RENEGOTIATION_INFO = TLSXT_RENEGOTIATION_INFO, |
3035 | | #ifdef WOLFSSL_QUIC |
3036 | | TLSX_KEY_QUIC_TP_PARAMS_DRAFT = TLSXT_KEY_QUIC_TP_PARAMS_DRAFT, |
3037 | | #endif |
3038 | | } TLSX_Type; |
3039 | | |
3040 | | /* TLS Certificate type defined RFC7250 |
3041 | | * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3 |
3042 | | */ |
3043 | | #if defined(HAVE_RPK) |
3044 | | typedef struct RpkConfig { |
3045 | | /* user's preference */ |
3046 | | byte preferred_ClientCertTypeCnt; |
3047 | | byte preferred_ClientCertTypes[MAX_CLIENT_CERT_TYPE_CNT]; |
3048 | | byte preferred_ServerCertTypeCnt; |
3049 | | byte preferred_ServerCertTypes[MAX_CLIENT_CERT_TYPE_CNT]; |
3050 | | /* reflect to client_certificate_type extension in xxxHello */ |
3051 | | } RpkConfig; |
3052 | | |
3053 | | typedef struct RpkState { |
3054 | | byte sending_ClientCertTypeCnt; |
3055 | | byte sending_ClientCertTypes[MAX_CLIENT_CERT_TYPE_CNT]; |
3056 | | /* reflect to server_certificate_type extension in xxxHello */ |
3057 | | byte sending_ServerCertTypeCnt; |
3058 | | byte sending_ServerCertTypes[MAX_SERVER_CERT_TYPE_CNT]; |
3059 | | /* client_certificate_type extension in received yyyHello */ |
3060 | | byte received_ClientCertTypeCnt; |
3061 | | byte received_ClientCertTypes[MAX_CLIENT_CERT_TYPE_CNT]; |
3062 | | /* server_certificate_type extension in received yyyHello */ |
3063 | | byte received_ServerCertTypeCnt; |
3064 | | byte received_ServerCertTypes[MAX_SERVER_CERT_TYPE_CNT]; |
3065 | | /* set if Raw-public-key cert is loaded as own certificate */ |
3066 | | int isRPKLoaded; |
3067 | | } RpkState; |
3068 | | #endif /* HAVE_RPK */ |
3069 | | |
3070 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) |
3071 | | #define ECH_ACCEPT_CONFIRMATION_SZ 8 |
3072 | | |
3073 | | typedef enum { |
3074 | | ECH_TYPE_OUTER = 0, |
3075 | | ECH_TYPE_INNER = 1 |
3076 | | } EchType; |
3077 | | |
3078 | | typedef enum { |
3079 | | ECH_WRITE_GREASE, |
3080 | | ECH_WRITE_REAL, |
3081 | | ECH_WRITE_RETRY_CONFIGS, |
3082 | | ECH_WRITE_NONE, |
3083 | | ECH_PARSED_INTERNAL, |
3084 | | } EchState; |
3085 | | |
3086 | | typedef struct EchCipherSuite { |
3087 | | word16 kdfId; |
3088 | | word16 aeadId; |
3089 | | } EchCipherSuite; |
3090 | | |
3091 | | typedef struct WOLFSSL_EchConfig { |
3092 | | byte* raw; |
3093 | | char* publicName; |
3094 | | void* receiverPrivkey; |
3095 | | struct WOLFSSL_EchConfig* next; |
3096 | | EchCipherSuite* cipherSuites; |
3097 | | word32 rawLen; |
3098 | | word16 kemId; |
3099 | | byte configId; |
3100 | | byte numCipherSuites; |
3101 | | byte receiverPubkey[HPKE_Npk_MAX]; |
3102 | | } WOLFSSL_EchConfig; |
3103 | | |
3104 | | typedef struct WOLFSSL_ECH { |
3105 | | Hpke* hpke; |
3106 | | HpkeBaseContext* hpkeContext; |
3107 | | const byte* aad; |
3108 | | void* ephemeralKey; |
3109 | | WOLFSSL_EchConfig* echConfig; |
3110 | | byte* innerClientHello; |
3111 | | byte* outerClientPayload; |
3112 | | byte* confBuf; |
3113 | | EchCipherSuite cipherSuite; |
3114 | | word16 aadLen; |
3115 | | word16 paddingLen; |
3116 | | word16 innerClientHelloLen; |
3117 | | word16 kemId; |
3118 | | word16 encLen; |
3119 | | EchState state; |
3120 | | byte type; |
3121 | | byte configId; |
3122 | | byte enc[HPKE_Npk_MAX]; |
3123 | | byte innerCount; |
3124 | | } WOLFSSL_ECH; |
3125 | | |
3126 | | WOLFSSL_LOCAL int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config); |
3127 | | |
3128 | | WOLFSSL_LOCAL int TLSX_FinalizeEch(WOLFSSL_ECH* ech, byte* aad, word32 aadLen); |
3129 | | |
3130 | | |
3131 | | WOLFSSL_LOCAL int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap, |
3132 | | const byte* echConfigs, word32 echConfigsLen); |
3133 | | |
3134 | | WOLFSSL_LOCAL int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, |
3135 | | word32* outputLen); |
3136 | | |
3137 | | WOLFSSL_LOCAL int GetEchConfigsEx(WOLFSSL_EchConfig* configs, |
3138 | | byte* output, word32* outputLen); |
3139 | | |
3140 | | WOLFSSL_LOCAL void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap); |
3141 | | #endif |
3142 | | |
3143 | | struct TLSX { |
3144 | | TLSX_Type type; /* Extension Type */ |
3145 | | void* data; /* Extension Data */ |
3146 | | word32 val; /* Extension Value */ |
3147 | | byte resp; /* IsResponse Flag */ |
3148 | | struct TLSX* next; /* List Behavior */ |
3149 | | }; |
3150 | | |
3151 | | WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); |
3152 | | WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap); |
3153 | | WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); |
3154 | | WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); |
3155 | | WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); |
3156 | | |
3157 | | #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) |
3158 | | WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, |
3159 | | word32* pLength); |
3160 | | WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, |
3161 | | byte msgType, word32* pOffset); |
3162 | | #endif |
3163 | | |
3164 | | #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) |
3165 | | /* TLS 1.3 Certificate messages have extensions. */ |
3166 | | WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, |
3167 | | word16* pLength); |
3168 | | WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, |
3169 | | word16* pOffset); |
3170 | | #endif |
3171 | | |
3172 | | WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, const byte* input, |
3173 | | word16 length, byte msgType, int* found); |
3174 | | WOLFSSL_LOCAL int TLSX_SupportedVersions_Parse(const WOLFSSL* ssl, |
3175 | | const byte* input, word16 length, byte msgType, ProtocolVersion* pv, |
3176 | | Options* opts, TLSX** exts); |
3177 | | WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, |
3178 | | byte msgType, Suites *suites); |
3179 | | WOLFSSL_LOCAL int TLSX_Push(TLSX** list, TLSX_Type type, |
3180 | | const void* data, void* heap); |
3181 | | WOLFSSL_LOCAL int TLSX_Append(TLSX** list, TLSX_Type type, |
3182 | | const void* data, void* heap); |
3183 | | |
3184 | | #elif defined(HAVE_SNI) \ |
3185 | | || defined(HAVE_MAX_FRAGMENT) \ |
3186 | | || defined(HAVE_TRUSTED_CA) \ |
3187 | | || defined(HAVE_TRUNCATED_HMAC) \ |
3188 | | || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
3189 | | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ |
3190 | | || defined(HAVE_SUPPORTED_CURVES) \ |
3191 | | || defined(HAVE_ALPN) \ |
3192 | | || defined(HAVE_SESSION_TICKET) \ |
3193 | | || defined(HAVE_SECURE_RENEGOTIATION) \ |
3194 | | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
3195 | | |
3196 | | #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. |
3197 | | |
3198 | | #endif /* HAVE_TLS_EXTENSIONS */ |
3199 | | |
3200 | | /** Server Name Indication - RFC 6066 (session 3) */ |
3201 | | #ifdef HAVE_SNI |
3202 | | |
3203 | | typedef struct SNI { |
3204 | | byte type; /* SNI Type */ |
3205 | | union { char* host_name; } data; /* SNI Data */ |
3206 | | struct SNI* next; /* List Behavior */ |
3207 | | byte status; /* Matching result */ |
3208 | | #ifndef NO_WOLFSSL_SERVER |
3209 | | byte options; /* Behavior options */ |
3210 | | #endif |
3211 | | } SNI; |
3212 | | |
3213 | | WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, |
3214 | | word16 size, void* heap); |
3215 | | WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); |
3216 | | WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, |
3217 | | void** data, byte ignoreStatus); |
3218 | | |
3219 | | #ifndef NO_WOLFSSL_SERVER |
3220 | | WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, |
3221 | | byte options); |
3222 | | WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* clientHello, |
3223 | | word32 helloSz, byte type, byte* sni, word32* inOutSz); |
3224 | | #endif |
3225 | | |
3226 | | #endif /* HAVE_SNI */ |
3227 | | |
3228 | | /* Trusted CA Key Indication - RFC 6066 (section 6) */ |
3229 | | #ifdef HAVE_TRUSTED_CA |
3230 | | |
3231 | | typedef struct TCA { |
3232 | | byte type; /* TCA Type */ |
3233 | | byte* id; /* TCA identifier */ |
3234 | | word16 idSz; /* TCA identifier size */ |
3235 | | struct TCA* next; /* List Behavior */ |
3236 | | } TCA; |
3237 | | |
3238 | | WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type, |
3239 | | const byte* id, word16 idSz, void* heap); |
3240 | | |
3241 | | #endif /* HAVE_TRUSTED_CA */ |
3242 | | |
3243 | | /* Application-Layer Protocol Negotiation - RFC 7301 */ |
3244 | | #ifdef HAVE_ALPN |
3245 | | typedef struct ALPN { |
3246 | | char* protocol_name; /* ALPN protocol name */ |
3247 | | struct ALPN* next; /* List Behavior */ |
3248 | | byte options; /* Behavior options */ |
3249 | | byte negotiated; /* ALPN protocol negotiated or not */ |
3250 | | } ALPN; |
3251 | | |
3252 | | WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, |
3253 | | void** data, word16 *dataSz); |
3254 | | |
3255 | | WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, |
3256 | | word16 size, byte options, void* heap); |
3257 | | |
3258 | | WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, byte option); |
3259 | | |
3260 | | #endif /* HAVE_ALPN */ |
3261 | | |
3262 | | /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */ |
3263 | | #ifdef HAVE_MAX_FRAGMENT |
3264 | | |
3265 | | WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap); |
3266 | | |
3267 | | #endif /* HAVE_MAX_FRAGMENT */ |
3268 | | |
3269 | | /** Truncated HMAC - RFC 6066 (session 7) */ |
3270 | | #ifdef HAVE_TRUNCATED_HMAC |
3271 | | |
3272 | | WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap); |
3273 | | |
3274 | | #endif /* HAVE_TRUNCATED_HMAC */ |
3275 | | |
3276 | | /** Certificate Status Request - RFC 6066 (session 8) */ |
3277 | | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
3278 | | |
3279 | | typedef struct { |
3280 | | byte status_type; |
3281 | | byte options; |
3282 | | WOLFSSL* ssl; |
3283 | | union { |
3284 | | OcspRequest ocsp[MAX_CERT_EXTENSIONS]; |
3285 | | } request; |
3286 | | word16 requests; |
3287 | | #ifdef WOLFSSL_TLS13 |
3288 | | buffer responses[MAX_CERT_EXTENSIONS]; |
3289 | | #endif |
3290 | | } CertificateStatusRequest; |
3291 | | |
3292 | | WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, |
3293 | | byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId); |
3294 | | #ifndef NO_CERTS |
3295 | | WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, |
3296 | | void* heap); |
3297 | | WOLFSSL_LOCAL int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, |
3298 | | void* heap, int idx); |
3299 | | #endif |
3300 | | WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); |
3301 | | WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); |
3302 | | WOLFSSL_LOCAL word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, |
3303 | | byte isRequest, |
3304 | | int idx); |
3305 | | WOLFSSL_LOCAL int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output, |
3306 | | byte isRequest, int idx); |
3307 | | WOLFSSL_LOCAL void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx); |
3308 | | |
3309 | | WOLFSSL_LOCAL int TLSX_CSR_SetResponseWithStatusCB(WOLFSSL *ssl); |
3310 | | WOLFSSL_LOCAL int ProcessChainOCSPRequest(WOLFSSL* ssl); |
3311 | | |
3312 | | #endif |
3313 | | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ |
3314 | | defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
3315 | | WOLFSSL_LOCAL int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, |
3316 | | DecodedCert* cert, byte* certData, word32 length, |
3317 | | byte *ctxOwnsRequest); |
3318 | | #endif |
3319 | | /** Certificate Status Request v2 - RFC 6961 */ |
3320 | | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
3321 | | |
3322 | | typedef struct CSRIv2 { |
3323 | | byte status_type; |
3324 | | byte options; |
3325 | | word16 requests; |
3326 | | union { |
3327 | | OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; |
3328 | | } request; |
3329 | | struct CSRIv2* next; |
3330 | | Signer *pendingSigners; |
3331 | | } CertificateStatusRequestItemV2; |
3332 | | |
3333 | | WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, |
3334 | | byte status_type, byte options, void* heap, int devId); |
3335 | | #ifndef NO_CERTS |
3336 | | WOLFSSL_LOCAL int TLSX_CSR2_IsMulti(TLSX *extensions); |
3337 | | WOLFSSL_LOCAL int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s); |
3338 | | WOLFSSL_LOCAL Signer* TLSX_CSR2_GetPendingSigners(TLSX *extensions); |
3339 | | WOLFSSL_LOCAL int TLSX_CSR2_ClearPendingCA(WOLFSSL *ssl); |
3340 | | WOLFSSL_LOCAL int TLSX_CSR2_MergePendingCA(WOLFSSL* ssl); |
3341 | | WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, |
3342 | | byte isPeer, void* heap); |
3343 | | #endif |
3344 | | WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, |
3345 | | byte idx); |
3346 | | WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); |
3347 | | |
3348 | | #endif |
3349 | | |
3350 | | #if defined(WOLFSSL_PUBLIC_ASN) && defined(HAVE_PK_CALLBACKS) |
3351 | | /* Internal callback guarded by WOLFSSL_TEST_VIS because of DecodedCert. */ |
3352 | | typedef int (*CallbackProcessPeerCert)(WOLFSSL* ssl, DecodedCert* p_cert); |
3353 | | WOLFSSL_TEST_VIS void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx, |
3354 | | CallbackProcessPeerCert cb); |
3355 | | #endif /* DecodedCert && HAVE_PK_CALLBACKS */ |
3356 | | |
3357 | | #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) |
3358 | | typedef struct SignatureAlgorithms { |
3359 | | /* Not const since it is modified in TLSX_SignatureAlgorithms_MapPss */ |
3360 | | WOLFSSL* ssl; |
3361 | | word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ |
3362 | | /* Ignore "nonstandard extension used : zero-sized array in struct/union" |
3363 | | * MSVC warning */ |
3364 | | #ifdef _MSC_VER |
3365 | | #pragma warning(disable: 4200) |
3366 | | #endif |
3367 | | byte hashSigAlgo[]; /* sig/algo to offer */ |
3368 | | } SignatureAlgorithms; |
3369 | | |
3370 | | WOLFSSL_LOCAL SignatureAlgorithms* TLSX_SignatureAlgorithms_New( |
3371 | | WOLFSSL* ssl, word16 hashSigAlgoSz, void* heap); |
3372 | | WOLFSSL_LOCAL void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa, |
3373 | | void* heap); |
3374 | | #endif |
3375 | | |
3376 | | /** Supported Elliptic Curves - RFC 4492 (session 4) */ |
3377 | | #ifdef HAVE_SUPPORTED_CURVES |
3378 | | |
3379 | | typedef struct SupportedCurve { |
3380 | | word16 name; /* Curve Names */ |
3381 | | struct SupportedCurve* next; /* List Behavior */ |
3382 | | } SupportedCurve; |
3383 | | |
3384 | | typedef struct PointFormat { |
3385 | | byte format; /* PointFormat */ |
3386 | | struct PointFormat* next; /* List Behavior */ |
3387 | | } PointFormat; |
3388 | | |
3389 | | WOLFSSL_LOCAL int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap); |
3390 | | WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, |
3391 | | void* heap); |
3392 | | |
3393 | | WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, |
3394 | | void* heap); |
3395 | | |
3396 | | #ifndef NO_WOLFSSL_SERVER |
3397 | | WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, |
3398 | | byte second, word32* ecdhCurveOID); |
3399 | | WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); |
3400 | | WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl); |
3401 | | #endif |
3402 | | WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, |
3403 | | int checkSupported); |
3404 | | WOLFSSL_LOCAL int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, |
3405 | | const byte* input, word16 length, byte isRequest, TLSX** extensions); |
3406 | | |
3407 | | #endif /* HAVE_SUPPORTED_CURVES */ |
3408 | | |
3409 | | /** Renegotiation Indication - RFC 5746 */ |
3410 | | #if defined(HAVE_SECURE_RENEGOTIATION) \ |
3411 | | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
3412 | | |
3413 | | enum key_cache_state { |
3414 | | SCR_CACHE_NULL = 0, /* empty / begin state */ |
3415 | | SCR_CACHE_NEEDED, /* need to cache keys */ |
3416 | | SCR_CACHE_COPY, /* we have a cached copy */ |
3417 | | SCR_CACHE_PARTIAL, /* partial restore to real keys */ |
3418 | | SCR_CACHE_COMPLETE /* complete restore to real keys */ |
3419 | | }; |
3420 | | |
3421 | | /* Additional Connection State according to rfc5746 section 3.1 */ |
3422 | | typedef struct SecureRenegotiation { |
3423 | | byte enabled; /* secure_renegotiation flag in rfc */ |
3424 | | byte verifySet; |
3425 | | byte startScr; /* server requested client to start scr */ |
3426 | | enum key_cache_state cache_status; /* track key cache state */ |
3427 | | byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ |
3428 | | byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ |
3429 | | byte subject_hash_set; /* if peer cert hash is set */ |
3430 | | byte subject_hash[KEYID_SIZE]; /* peer cert hash */ |
3431 | | Keys tmp_keys; /* can't overwrite real keys yet */ |
3432 | | } SecureRenegotiation; |
3433 | | |
3434 | | WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap); |
3435 | | |
3436 | | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
3437 | | WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap); |
3438 | | #endif |
3439 | | |
3440 | | #endif /* HAVE_SECURE_RENEGOTIATION */ |
3441 | | |
3442 | | #ifdef HAVE_SESSION_TICKET |
3443 | | /* Our ticket format. All members need to be a byte or array of byte to |
3444 | | * avoid alignment issues */ |
3445 | | typedef struct InternalTicket { |
3446 | | ProtocolVersion pv; /* version when ticket created */ |
3447 | | byte suite[SUITE_LEN]; /* cipher suite when created */ |
3448 | | byte msecret[SECRET_LEN]; /* master secret */ |
3449 | | byte timestamp[TIMESTAMP_LEN]; /* born on */ |
3450 | | byte haveEMS; /* have extended master secret */ |
3451 | | #ifdef WOLFSSL_TLS13 |
3452 | | byte ageAdd[AGEADD_LEN]; /* Obfuscation of age */ |
3453 | | byte namedGroup[NAMEDGROUP_LEN]; /* Named group used */ |
3454 | | byte ticketNonceLen; |
3455 | | byte ticketNonce[MAX_TICKET_NONCE_STATIC_SZ]; |
3456 | | #ifdef WOLFSSL_EARLY_DATA |
3457 | | byte maxEarlyDataSz[MAXEARLYDATASZ_LEN]; /* Max size of |
3458 | | * early data */ |
3459 | | #endif |
3460 | | #endif |
3461 | | #ifdef WOLFSSL_TICKET_HAVE_ID |
3462 | | byte id[ID_LEN]; |
3463 | | #endif |
3464 | | #ifdef OPENSSL_EXTRA |
3465 | | byte sessionCtxSz; /* sessionCtx length */ |
3466 | | byte sessionCtx[ID_LEN]; /* app specific context id */ |
3467 | | #endif /* OPENSSL_EXTRA */ |
3468 | | } InternalTicket; |
3469 | | |
3470 | | #ifndef WOLFSSL_TICKET_ENC_CBC_HMAC |
3471 | | #define WOLFSSL_INTERNAL_TICKET_LEN sizeof(InternalTicket) |
3472 | | #else |
3473 | | #define WOLFSSL_INTERNAL_TICKET_LEN \ |
3474 | | (((sizeof(InternalTicket) + 15) / 16) * 16) |
3475 | | #endif |
3476 | | |
3477 | | #ifndef WOLFSSL_TICKET_EXTRA_PADDING_SZ |
3478 | | #define WOLFSSL_TICKET_EXTRA_PADDING_SZ 32 |
3479 | | #endif |
3480 | | |
3481 | | #define WOLFSSL_TICKET_ENC_SZ \ |
3482 | | (sizeof(InternalTicket) + WOLFSSL_TICKET_EXTRA_PADDING_SZ) |
3483 | | |
3484 | | /* RFC 5077 defines this for session tickets. All members need to be a byte or |
3485 | | * array of byte to avoid alignment issues */ |
3486 | | typedef struct ExternalTicket { |
3487 | | byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */ |
3488 | | byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */ |
3489 | | byte enc_len[OPAQUE16_LEN]; /* encrypted length - 2 */ |
3490 | | byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; |
3491 | | /* encrypted internal ticket */ |
3492 | | byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac - 32 */ |
3493 | | } ExternalTicket; |
3494 | | |
3495 | | /* Cast to int to reduce amount of casts in code */ |
3496 | | #define SESSION_TICKET_LEN ((int)sizeof(ExternalTicket)) |
3497 | | #define WOLFSSL_TICKET_FIXED_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_ENC_SZ) |
3498 | | |
3499 | | typedef struct SessionTicket { |
3500 | | word32 lifetime; |
3501 | | #ifdef WOLFSSL_TLS13 |
3502 | | word64 seen; |
3503 | | word32 ageAdd; |
3504 | | #endif |
3505 | | byte* data; |
3506 | | word16 size; |
3507 | | } SessionTicket; |
3508 | | |
3509 | | #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER) |
3510 | | |
3511 | | /* Data passed to default SessionTicket enc/dec callback. */ |
3512 | | typedef struct TicketEncCbCtx { |
3513 | | /* Name for this context. */ |
3514 | | byte name[WOLFSSL_TICKET_NAME_SZ]; |
3515 | | /* Current keys - current and next. */ |
3516 | | byte key[2][WOLFSSL_TICKET_KEY_SZ]; |
3517 | | /* Expirary date of keys. */ |
3518 | | word32 expirary[2]; |
3519 | | /* Random number generator to use for generating name, keys and IV. */ |
3520 | | WC_RNG rng; |
3521 | | #ifndef SINGLE_THREADED |
3522 | | /* Mutex for access to changing keys. */ |
3523 | | wolfSSL_Mutex mutex; |
3524 | | #endif |
3525 | | /* Pointer back to SSL_CTX. */ |
3526 | | WOLFSSL_CTX* ctx; |
3527 | | } TicketEncCbCtx; |
3528 | | |
3529 | | #endif /* !WOLFSSL_NO_DEF_TICKET_ENC_CB && !NO_WOLFSSL_SERVER */ |
3530 | | |
3531 | | WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, |
3532 | | SessionTicket* ticket, void* heap); |
3533 | | WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, |
3534 | | byte* data, word16 size, void* heap); |
3535 | | WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap); |
3536 | | |
3537 | | #endif /* HAVE_SESSION_TICKET */ |
3538 | | |
3539 | | #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) |
3540 | | int TLSX_EncryptThenMac_Respond(WOLFSSL* ssl); |
3541 | | #endif |
3542 | | |
3543 | | #ifdef WOLFSSL_TLS13 |
3544 | | /* Cookie extension information - cookie data. */ |
3545 | | typedef struct Cookie { |
3546 | | word16 len; |
3547 | | /* Ignore "nonstandard extension used : zero-sized array in struct/union" |
3548 | | * MSVC warning */ |
3549 | | #ifdef _MSC_VER |
3550 | | #pragma warning(disable: 4200) |
3551 | | #endif |
3552 | | byte data[]; |
3553 | | } Cookie; |
3554 | | |
3555 | | WOLFSSL_LOCAL int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, |
3556 | | word16 len, byte* mac, byte macSz, int resp, TLSX** exts); |
3557 | | WOLFSSL_LOCAL int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, |
3558 | | word16 cookieSz); |
3559 | | |
3560 | | |
3561 | | /* Key Share - TLS v1.3 Specification */ |
3562 | | |
3563 | | /* The KeyShare extension information - entry in a linked list. */ |
3564 | | typedef struct KeyShareEntry { |
3565 | | word16 group; /* NamedGroup */ |
3566 | | byte* ke; /* Key exchange data */ |
3567 | | word32 keLen; /* Key exchange data length */ |
3568 | | void* key; /* Key struct */ |
3569 | | word32 keyLen; /* Key size (bytes) */ |
3570 | | byte* pubKey; /* Public key */ |
3571 | | word32 pubKeyLen; /* Public key length */ |
3572 | | #if !defined(NO_DH) || defined(WOLFSSL_HAVE_MLKEM) |
3573 | | byte* privKey; /* Private key */ |
3574 | | word32 privKeyLen;/* Private key length - PQC only */ |
3575 | | #endif |
3576 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
3577 | | word16 session; /* NamedGroup that was in session */ |
3578 | | word16 derived; /* preMaster has been derived */ |
3579 | | #endif |
3580 | | #ifdef WOLFSSL_ASYNC_CRYPT |
3581 | | int lastRet; |
3582 | | #endif |
3583 | | struct KeyShareEntry* next; /* List pointer */ |
3584 | | } KeyShareEntry; |
3585 | | |
3586 | | WOLFSSL_LOCAL int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, |
3587 | | word16 len, byte* data, KeyShareEntry **kse, TLSX** extensions); |
3588 | | WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl); |
3589 | | WOLFSSL_LOCAL int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, |
3590 | | TLSX** extensions); |
3591 | | WOLFSSL_LOCAL int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse); |
3592 | | WOLFSSL_LOCAL int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, |
3593 | | byte cipherSuite0, byte cipherSuite, KeyShareEntry** kse, |
3594 | | byte* searched); |
3595 | | WOLFSSL_LOCAL int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE); |
3596 | | WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl, int* doHelloRetry); |
3597 | | WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* sclientKSEclientKSEsl); |
3598 | | WOLFSSL_LOCAL int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, |
3599 | | word16 length, byte msgType); |
3600 | | WOLFSSL_LOCAL int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl, |
3601 | | const byte* input, word16 length, TLSX** extensions); |
3602 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
3603 | | WOLFSSL_LOCAL int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, |
3604 | | word16 length, TLSX** extensions); |
3605 | | WOLFSSL_LOCAL int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions); |
3606 | | #endif |
3607 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
3608 | | |
3609 | | enum PskDecryptReturn { |
3610 | | PSK_DECRYPT_NONE = 0, |
3611 | | PSK_DECRYPT_OK, |
3612 | | PSK_DECRYPT_CREATE, |
3613 | | PSK_DECRYPT_FAIL, |
3614 | | }; |
3615 | | |
3616 | | #ifdef HAVE_SESSION_TICKET |
3617 | | typedef struct psk_sess_free_cb_ctx { |
3618 | | word32 row; |
3619 | | #ifdef HAVE_EXT_CACHE |
3620 | | int extCache; |
3621 | | int freeSess; |
3622 | | #endif |
3623 | | } psk_sess_free_cb_ctx; |
3624 | | typedef void (psk_sess_free_cb)(const WOLFSSL* ssl, const WOLFSSL_SESSION* sess, |
3625 | | psk_sess_free_cb_ctx* freeCtx); |
3626 | | #endif |
3627 | | |
3628 | | /* The PreSharedKey extension information - entry in a linked list. */ |
3629 | | typedef struct PreSharedKey { |
3630 | | word16 identityLen; /* Length of identity */ |
3631 | | byte* identity; /* PSK identity */ |
3632 | | word32 ticketAge; /* Age of the ticket */ |
3633 | | byte cipherSuite0; /* Cipher Suite */ |
3634 | | byte cipherSuite; /* Cipher Suite */ |
3635 | | word32 binderLen; /* Length of HMAC */ |
3636 | | byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */ |
3637 | | byte hmac; /* HMAC algorithm */ |
3638 | | #ifdef HAVE_SESSION_TICKET |
3639 | | InternalTicket* it; /* ptr to ticket */ |
3640 | | const WOLFSSL_SESSION* sess; /* ptr to session either from external cache or |
3641 | | * into SessionCache. Work around so that we |
3642 | | * don't call into the cache more than once */ |
3643 | | psk_sess_free_cb* sess_free_cb; /* callback to free sess */ |
3644 | | psk_sess_free_cb_ctx sess_free_cb_ctx; /* info for sess_free_cb */ |
3645 | | #endif |
3646 | | byte resumption:1; /* Resumption PSK */ |
3647 | | byte chosen:1; /* Server's choice */ |
3648 | | byte decryptRet:3; /* Ticket decrypt return */ |
3649 | | struct PreSharedKey* next; /* List pointer */ |
3650 | | } PreSharedKey; |
3651 | | |
3652 | | WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, |
3653 | | byte* output, byte msgType, |
3654 | | word16* pSz); |
3655 | | WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, |
3656 | | byte msgType, word16* pSz); |
3657 | | WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(TLSX** extensions, const byte* identity, |
3658 | | word16 len, word32 age, byte hmac, |
3659 | | byte cipherSuite0, byte cipherSuite, |
3660 | | byte resumption, |
3661 | | PreSharedKey **preSharedKey, |
3662 | | void* heap); |
3663 | | WOLFSSL_LOCAL int TLSX_PreSharedKey_Parse_ClientHello(TLSX** extensions, |
3664 | | const byte* input, word16 length, void* heap); |
3665 | | |
3666 | | /* The possible Pre-Shared Key key exchange modes. */ |
3667 | | enum PskKeyExchangeMode { |
3668 | | PSK_KE, |
3669 | | PSK_DHE_KE |
3670 | | }; |
3671 | | |
3672 | | /* User can define this. */ |
3673 | | #ifndef WOLFSSL_DEF_PSK_CIPHER |
3674 | | #define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256 |
3675 | | #endif |
3676 | | |
3677 | | WOLFSSL_LOCAL int TLSX_PskKeyModes_Use(WOLFSSL* ssl, byte modes); |
3678 | | WOLFSSL_LOCAL int TLSX_PskKeyModes_Parse_Modes(const byte* input, word16 length, |
3679 | | byte msgType, byte* modes); |
3680 | | |
3681 | | #ifdef WOLFSSL_EARLY_DATA |
3682 | | WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max, int is_response); |
3683 | | #endif |
3684 | | #endif /* HAVE_SESSION_TICKET || !NO_PSK */ |
3685 | | |
3686 | | |
3687 | | /* The types of keys to derive for. */ |
3688 | | enum DeriveKeyType { |
3689 | | no_key, |
3690 | | early_data_key, |
3691 | | handshake_key, |
3692 | | traffic_key, |
3693 | | update_traffic_key |
3694 | | }; |
3695 | | |
3696 | | WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl); |
3697 | | WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl); |
3698 | | WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store); |
3699 | | WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl); |
3700 | | WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret); |
3701 | | WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key); |
3702 | | |
3703 | | WOLFSSL_LOCAL int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen, |
3704 | | const char *label, size_t labelLen, |
3705 | | const unsigned char *context, size_t contextLen); |
3706 | | |
3707 | | /* The key update request values for KeyUpdate message. */ |
3708 | | enum KeyUpdateRequest { |
3709 | | update_not_requested, |
3710 | | update_requested |
3711 | | }; |
3712 | | #endif /* WOLFSSL_TLS13 */ |
3713 | | |
3714 | | #ifdef WOLFSSL_DTLS_CID |
3715 | | WOLFSSL_LOCAL void TLSX_ConnectionID_Free(byte* ext, void* heap); |
3716 | | WOLFSSL_LOCAL word16 TLSX_ConnectionID_Write(byte* ext, byte* output); |
3717 | | WOLFSSL_LOCAL word16 TLSX_ConnectionID_GetSize(byte* ext); |
3718 | | WOLFSSL_LOCAL int TLSX_ConnectionID_Use(WOLFSSL* ssl); |
3719 | | WOLFSSL_LOCAL int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, |
3720 | | word16 length, byte isRequest); |
3721 | | WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl); |
3722 | | WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input, |
3723 | | word16 inputSize); |
3724 | | WOLFSSL_LOCAL int Dtls13UnifiedHeaderCIDPresent(byte flags); |
3725 | | #endif /* WOLFSSL_DTLS_CID */ |
3726 | | WOLFSSL_LOCAL byte DtlsGetCidTxSize(WOLFSSL* ssl); |
3727 | | WOLFSSL_LOCAL byte DtlsGetCidRxSize(WOLFSSL* ssl); |
3728 | | |
3729 | | #ifdef OPENSSL_EXTRA |
3730 | | enum SetCBIO { |
3731 | | WOLFSSL_CBIO_NONE = 0, |
3732 | | WOLFSSL_CBIO_RECV = 0x1, |
3733 | | WOLFSSL_CBIO_SEND = 0x2, |
3734 | | }; |
3735 | | #endif |
3736 | | |
3737 | | #ifdef WOLFSSL_STATIC_EPHEMERAL |
3738 | | /* contains static ephemeral keys */ |
3739 | | typedef struct { |
3740 | | #ifndef NO_DH |
3741 | | DerBuffer* dhKey; |
3742 | | #endif |
3743 | | #ifdef HAVE_ECC |
3744 | | DerBuffer* ecKey; |
3745 | | #endif |
3746 | | #ifdef HAVE_CURVE25519 |
3747 | | DerBuffer* x25519Key; |
3748 | | #endif |
3749 | | #ifdef HAVE_CURVE448 |
3750 | | DerBuffer* x448Key; |
3751 | | #endif |
3752 | | } StaticKeyExchangeInfo_t; |
3753 | | #endif /* WOLFSSL_STATIC_EPHEMERAL */ |
3754 | | |
3755 | | |
3756 | | /* wolfSSL context type */ |
3757 | | struct WOLFSSL_CTX { |
3758 | | WOLFSSL_METHOD* method; |
3759 | | #ifdef SINGLE_THREADED |
3760 | | WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */ |
3761 | | #endif |
3762 | | wolfSSL_RefWithMutex ref; |
3763 | | int err; /* error code in case of mutex not created */ |
3764 | | #ifndef NO_DH |
3765 | | buffer serverDH_P; |
3766 | | buffer serverDH_G; |
3767 | | #endif |
3768 | | #ifndef NO_CERTS |
3769 | | DerBuffer* certificate; |
3770 | | DerBuffer* certChain; |
3771 | | int certChainCnt; |
3772 | | /* chain after self, in DER, with leading size for each cert */ |
3773 | | #ifndef WOLFSSL_NO_CA_NAMES |
3774 | | WOLF_STACK_OF(WOLFSSL_X509_NAME)* client_ca_names; |
3775 | | WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; |
3776 | | #endif |
3777 | | #ifdef OPENSSL_EXTRA |
3778 | | WOLF_STACK_OF(WOLFSSL_X509)* x509Chain; |
3779 | | #endif |
3780 | | #ifdef WOLFSSL_CERT_SETUP_CB |
3781 | | #ifdef OPENSSL_EXTRA |
3782 | | client_cert_cb CBClientCert; /* client certificate callback */ |
3783 | | #endif |
3784 | | CertSetupCallback certSetupCb; |
3785 | | void* certSetupCbArg; |
3786 | | #endif |
3787 | | DerBuffer* privateKey; |
3788 | | #ifdef WOLFSSL_BLIND_PRIVATE_KEY |
3789 | | DerBuffer* privateKeyMask; /* Mask of private key DER. */ |
3790 | | #endif |
3791 | | byte privateKeyType; |
3792 | | byte privateKeyId:1; |
3793 | | byte privateKeyLabel:1; |
3794 | | int privateKeySz; |
3795 | | int privateKeyDevId; |
3796 | | |
3797 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
3798 | | DerBuffer* altPrivateKey; |
3799 | | #ifdef WOLFSSL_BLIND_PRIVATE_KEY |
3800 | | DerBuffer* altPrivateKeyMask; /* Mask of alt private key DER. */ |
3801 | | #endif |
3802 | | byte altPrivateKeyType; |
3803 | | byte altPrivateKeyId:1; |
3804 | | byte altPrivateKeyLabel:1; |
3805 | | int altPrivateKeySz; |
3806 | | int altPrivateKeyDevId; |
3807 | | #endif /* WOLFSSL_DUAL_ALG_CERTS */ |
3808 | | #ifdef OPENSSL_ALL |
3809 | | /* note it is the privateKeyPKey pointer that is volatile, not the object it |
3810 | | * points to: |
3811 | | */ |
3812 | | WOLFSSL_EVP_PKEY* volatile privateKeyPKey; |
3813 | | #endif |
3814 | | WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ |
3815 | | #endif |
3816 | | #ifdef KEEP_OUR_CERT |
3817 | | WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */ |
3818 | | int ownOurCert; /* Dispose of certificate if we own */ |
3819 | | #endif |
3820 | | Suites* suites; /* make dynamic, user may not need/set */ |
3821 | | void* heap; /* for user memory overrides */ |
3822 | | byte verifyDepth; |
3823 | | byte verifyPeer:1; |
3824 | | byte verifyNone:1; |
3825 | | byte failNoCert:1; |
3826 | | byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/ |
3827 | | byte sessionCacheOff:1; |
3828 | | byte sessionCacheFlushOff:1; |
3829 | | #ifdef HAVE_EXT_CACHE |
3830 | | byte internalCacheOff:1; |
3831 | | byte internalCacheLookupOff:1; |
3832 | | #endif |
3833 | | byte sendVerify:2; /* for client side (can not be single bit) */ |
3834 | | byte haveRSA:1; /* RSA available */ |
3835 | | byte haveECC:1; /* ECC available */ |
3836 | | byte haveDH:1; /* server DH params set by user */ |
3837 | | byte haveECDSAsig:1; /* server cert signed w/ ECDSA */ |
3838 | | byte haveFalconSig:1; /* server cert signed w/ Falcon */ |
3839 | | byte haveDilithiumSig:1;/* server cert signed w/ Dilithium */ |
3840 | | byte haveStaticECC:1; /* static server ECC private key */ |
3841 | | byte partialWrite:1; /* only one msg per write call */ |
3842 | | byte autoRetry:1; /* retry read/write on a WANT_{READ|WRITE} */ |
3843 | | byte quietShutdown:1; /* don't send close notify */ |
3844 | | byte groupMessages:1; /* group handshake messages before sending */ |
3845 | | byte minDowngrade; /* minimum downgrade version */ |
3846 | | byte haveEMS:1; /* have extended master secret extension */ |
3847 | | byte useClientOrder:1; /* Use client's cipher preference order */ |
3848 | | #if defined(HAVE_SESSION_TICKET) |
3849 | | byte noTicketTls12:1; /* TLS 1.2 server won't send ticket */ |
3850 | | #endif |
3851 | | #ifdef WOLFSSL_TLS13 |
3852 | | #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) |
3853 | | unsigned int maxTicketTls13; /* maximum number of tickets to send */ |
3854 | | #endif |
3855 | | byte noTicketTls13:1; /* TLS 1.3 Server won't create new Ticket */ |
3856 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
3857 | | byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ |
3858 | | #ifdef HAVE_SUPPORTED_CURVES |
3859 | | byte onlyPskDheKe:1; /* Only use (EC)DHE with PSK */ |
3860 | | #endif |
3861 | | #endif |
3862 | | #endif /* WOLFSSL_TLS13 */ |
3863 | | byte mutualAuth:1; /* Mutual authentication required */ |
3864 | | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
3865 | | byte postHandshakeAuth:1; /* Post-handshake auth supported. */ |
3866 | | byte verifyPostHandshake:1; /* Only send client cert req post |
3867 | | * handshake, not also during */ |
3868 | | #endif |
3869 | | #ifndef NO_DH |
3870 | | #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ |
3871 | | !defined(HAVE_SELFTEST) |
3872 | | byte dhKeyTested:1; /* Set when key has been tested. */ |
3873 | | #endif |
3874 | | #endif |
3875 | | #if defined(HAVE_SECURE_RENEGOTIATION) || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
3876 | | byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */ |
3877 | | #endif |
3878 | | #ifdef HAVE_ENCRYPT_THEN_MAC |
3879 | | byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ |
3880 | | #endif |
3881 | | #ifdef WOLFSSL_STATIC_MEMORY |
3882 | | byte onHeapHint:1; /* whether the ctx/method is put on heap hint */ |
3883 | | #endif |
3884 | | #if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED) |
3885 | | byte staticKELockInit:1; |
3886 | | #endif |
3887 | | #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) |
3888 | | byte dtlsSctp:1; /* DTLS-over-SCTP mode */ |
3889 | | #endif |
3890 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) |
3891 | | byte disableECH:1; |
3892 | | #endif |
3893 | | word16 minProto:1; /* sets min to min available */ |
3894 | | word16 maxProto:1; /* sets max to max available */ |
3895 | | #if defined(HAVE_RPK) |
3896 | | RpkConfig rpkConfig; |
3897 | | RpkState rpkState; |
3898 | | #endif /* HAVE_RPK */ |
3899 | | #ifdef WOLFSSL_SRTP |
3900 | | word16 dtlsSrtpProfiles; /* DTLS-with-SRTP mode |
3901 | | * (list of selected profiles - up to 16) */ |
3902 | | #endif |
3903 | | #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) |
3904 | | byte haveMcast; /* multicast requested */ |
3905 | | byte mcastID; /* multicast group ID */ |
3906 | | #endif |
3907 | | #if defined(WOLFSSL_DTLS) && \ |
3908 | | (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) |
3909 | | word16 dtlsMtuSz; /* DTLS MTU size */ |
3910 | | #endif |
3911 | | #ifndef NO_DH |
3912 | | word16 minDhKeySz; /* minimum DH key size */ |
3913 | | word16 maxDhKeySz; /* maximum DH key size */ |
3914 | | #endif |
3915 | | #ifndef NO_RSA |
3916 | | short minRsaKeySz; /* minimum RSA key size */ |
3917 | | #ifdef WC_RSA_PSS |
3918 | | word8 useRsaPss; /* cert supports RSA-PSS */ |
3919 | | #endif |
3920 | | #endif |
3921 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) |
3922 | | short minEccKeySz; /* minimum ECC key size */ |
3923 | | #endif |
3924 | | #ifdef HAVE_FALCON |
3925 | | short minFalconKeySz; /* minimum Falcon key size */ |
3926 | | #endif |
3927 | | #ifdef HAVE_DILITHIUM |
3928 | | short minDilithiumKeySz;/* minimum Dilithium key size */ |
3929 | | #endif |
3930 | | unsigned long mask; /* store SSL_OP_ flags */ |
3931 | | #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) |
3932 | | word32 disabledCurves; /* curves disabled by user */ |
3933 | | #endif |
3934 | | #ifdef WOLFSSL_SESSION_ID_CTX |
3935 | | byte sessionCtx[ID_LEN]; /* app session context ID */ |
3936 | | byte sessionCtxSz; |
3937 | | #endif |
3938 | | #ifdef OPENSSL_EXTRA |
3939 | | const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ |
3940 | | unsigned int alpn_cli_protos_len; |
3941 | | byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ |
3942 | | CallbackInfoState* CBIS; /* used to get info about SSL state */ |
3943 | | WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ |
3944 | | #endif |
3945 | | #ifdef WOLFSSL_WOLFSENTRY_HOOKS |
3946 | | NetworkFilterCallback_t AcceptFilter; |
3947 | | void *AcceptFilter_arg; |
3948 | | NetworkFilterCallback_t ConnectFilter; |
3949 | | void *ConnectFilter_arg; |
3950 | | #endif /* WOLFSSL_WOLFSENTRY_HOOKS */ |
3951 | | CallbackIORecv CBIORecv; |
3952 | | CallbackIOSend CBIOSend; |
3953 | | #ifdef WOLFSSL_DTLS |
3954 | | CallbackGenCookie CBIOCookie; /* gen cookie callback */ |
3955 | | #endif /* WOLFSSL_DTLS */ |
3956 | | #ifdef WOLFSSL_SESSION_EXPORT |
3957 | | #ifdef WOLFSSL_DTLS |
3958 | | wc_dtls_export dtls_export; /* export function for DTLS session */ |
3959 | | #endif |
3960 | | CallbackGetPeer CBGetPeer; |
3961 | | CallbackSetPeer CBSetPeer; |
3962 | | #endif |
3963 | | VerifyCallback verifyCallback; /* cert verification callback */ |
3964 | | void* verifyCbCtx; /* cert verify callback user ctx*/ |
3965 | | #ifdef OPENSSL_ALL |
3966 | | CertVerifyCallback verifyCertCb; |
3967 | | void* verifyCertCbArg; |
3968 | | #endif /* OPENSSL_ALL */ |
3969 | | #ifdef OPENSSL_EXTRA |
3970 | | SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ |
3971 | | void* protoMsgCtx; /* user set context with msg callback */ |
3972 | | #endif |
3973 | | word32 timeout; /* session timeout */ |
3974 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \ |
3975 | | defined(HAVE_ED448) |
3976 | | word32 ecdhCurveOID; /* curve Ecc_Sum */ |
3977 | | #endif |
3978 | | #ifdef HAVE_ECC |
3979 | | word16 eccTempKeySz; /* in octets 20 - 66 */ |
3980 | | #endif |
3981 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) |
3982 | | word32 pkCurveOID; /* curve Ecc_Sum */ |
3983 | | #endif |
3984 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
3985 | | byte havePSK; /* psk key set by user */ |
3986 | | wc_psk_client_callback client_psk_cb; /* client callback */ |
3987 | | wc_psk_server_callback server_psk_cb; /* server callback */ |
3988 | | #ifdef WOLFSSL_TLS13 |
3989 | | wc_psk_client_cs_callback client_psk_cs_cb; /* client callback */ |
3990 | | wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ |
3991 | | wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ |
3992 | | #endif |
3993 | | void* psk_ctx; |
3994 | | char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; |
3995 | | #endif /* HAVE_SESSION_TICKET || !NO_PSK */ |
3996 | | #ifdef WOLFSSL_TLS13 |
3997 | | word16 group[WOLFSSL_MAX_GROUP_COUNT]; |
3998 | | byte numGroups; |
3999 | | #endif |
4000 | | #ifdef WOLFSSL_EARLY_DATA |
4001 | | word32 maxEarlyDataSz; |
4002 | | #endif |
4003 | | #ifdef HAVE_ANON |
4004 | | byte useAnon; /* User wants to allow Anon suites */ |
4005 | | #endif /* HAVE_ANON */ |
4006 | | #ifdef WOLFSSL_ENCRYPTED_KEYS |
4007 | | wc_pem_password_cb* passwd_cb; |
4008 | | void* passwd_userdata; |
4009 | | #endif |
4010 | | #ifdef WOLFSSL_LOCAL_X509_STORE |
4011 | | WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ |
4012 | | WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ |
4013 | | #endif |
4014 | | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) |
4015 | | byte readAhead; |
4016 | | void* userPRFArg; /* passed to prf callback */ |
4017 | | #endif |
4018 | | #ifdef HAVE_EX_DATA |
4019 | | WOLFSSL_CRYPTO_EX_DATA ex_data; |
4020 | | #endif |
4021 | | #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ |
4022 | | defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || defined(WOLFSSL_QUIC)) |
4023 | | CallbackALPNSelect alpnSelect; |
4024 | | void* alpnSelectArg; |
4025 | | #endif |
4026 | | #ifdef HAVE_SNI |
4027 | | CallbackSniRecv sniRecvCb; |
4028 | | void* sniRecvCbArg; |
4029 | | #endif |
4030 | | #if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS) |
4031 | | CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */ |
4032 | | word32 mcastFirstSeq; /* first trigger level */ |
4033 | | word32 mcastSecondSeq; /* second trigger level */ |
4034 | | word32 mcastMaxSeq; /* max level */ |
4035 | | #endif |
4036 | | #ifdef HAVE_OCSP |
4037 | | WOLFSSL_OCSP ocsp; |
4038 | | #endif |
4039 | | int devId; /* async device id to use */ |
4040 | | #ifdef HAVE_TLS_EXTENSIONS |
4041 | | TLSX* extensions; /* RFC 6066 TLS Extensions data */ |
4042 | | #ifndef NO_WOLFSSL_SERVER |
4043 | | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
4044 | | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
4045 | | OcspRequest* certOcspRequest; |
4046 | | ocspVerifyStatusCb ocspStatusVerifyCb; |
4047 | | void* ocspStatusVerifyCbArg; |
4048 | | #endif |
4049 | | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
4050 | | OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; |
4051 | | #endif |
4052 | | #endif |
4053 | | #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) |
4054 | | SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ |
4055 | | void* ticketEncCtx; /* session encrypt context */ |
4056 | | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ |
4057 | | || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) |
4058 | | ticketCompatCb ticketEncWrapCb; /* callback for OpenSSL ticket key callback */ |
4059 | | #endif |
4060 | | int ticketHint; /* ticket hint in seconds */ |
4061 | | #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB |
4062 | | TicketEncCbCtx ticketKeyCtx; |
4063 | | #endif |
4064 | | #endif |
4065 | | #endif |
4066 | | #ifdef HAVE_SUPPORTED_CURVES |
4067 | | byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */ |
4068 | | #endif |
4069 | | #ifdef ATOMIC_USER |
4070 | | CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ |
4071 | | CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ |
4072 | | #ifdef HAVE_ENCRYPT_THEN_MAC |
4073 | | CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */ |
4074 | | CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */ |
4075 | | #endif |
4076 | | #endif |
4077 | | #ifdef HAVE_PK_CALLBACKS |
4078 | | #ifdef HAVE_ECC |
4079 | | CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */ |
4080 | | CallbackEccSign EccSignCb; /* User EccSign Callback handler */ |
4081 | | void* EccSignCtx; /* Ecc Sign Callback Context */ |
4082 | | CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ |
4083 | | CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */ |
4084 | | #endif /* HAVE_ECC */ |
4085 | | #ifdef HAVE_HKDF |
4086 | | CallbackHKDFExtract HkdfExtractCb; /* User hkdf Extract Callback handler */ |
4087 | | #endif |
4088 | | #ifdef HAVE_ED25519 |
4089 | | /* User Ed25519Sign Callback handler */ |
4090 | | CallbackEd25519Sign Ed25519SignCb; |
4091 | | /* User Ed25519Verify Callback handler */ |
4092 | | CallbackEd25519Verify Ed25519VerifyCb; |
4093 | | #endif |
4094 | | #ifdef HAVE_CURVE25519 |
4095 | | /* User X25519 KeyGen Callback Handler */ |
4096 | | CallbackX25519KeyGen X25519KeyGenCb; |
4097 | | /* User X25519 SharedSecret Callback handler */ |
4098 | | CallbackX25519SharedSecret X25519SharedSecretCb; |
4099 | | #endif |
4100 | | #ifdef HAVE_ED448 |
4101 | | /* User Ed448Sign Callback handler */ |
4102 | | CallbackEd448Sign Ed448SignCb; |
4103 | | /* User Ed448Verify Callback handler */ |
4104 | | CallbackEd448Verify Ed448VerifyCb; |
4105 | | #endif |
4106 | | #ifdef HAVE_CURVE448 |
4107 | | /* User X448 KeyGen Callback Handler */ |
4108 | | CallbackX448KeyGen X448KeyGenCb; |
4109 | | /* User X448 SharedSecret Callback handler */ |
4110 | | CallbackX448SharedSecret X448SharedSecretCb; |
4111 | | #endif |
4112 | | #ifndef NO_DH |
4113 | | /* User DH KeyGen Callback handler*/ |
4114 | | CallbackDhGenerateKeyPair DhGenerateKeyPairCb; |
4115 | | /* User DH Agree Callback handler */ |
4116 | | CallbackDhAgree DhAgreeCb; |
4117 | | #endif |
4118 | | #ifndef NO_RSA |
4119 | | /* User RsaSign Callback handler (priv key) */ |
4120 | | CallbackRsaSign RsaSignCb; |
4121 | | /* User RsaVerify Callback handler (pub key) */ |
4122 | | CallbackRsaVerify RsaVerifyCb; |
4123 | | /* User VerifyRsaSign Callback handler (priv key) */ |
4124 | | CallbackRsaVerify RsaSignCheckCb; |
4125 | | #ifdef WC_RSA_PSS |
4126 | | /* User RsaSign (priv key) */ |
4127 | | CallbackRsaPssSign RsaPssSignCb; |
4128 | | /* User RsaVerify (pub key) */ |
4129 | | CallbackRsaPssVerify RsaPssVerifyCb; |
4130 | | /* User VerifyRsaSign (priv key) */ |
4131 | | CallbackRsaPssVerify RsaPssSignCheckCb; |
4132 | | #endif |
4133 | | CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ |
4134 | | CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ |
4135 | | #endif /* NO_RSA */ |
4136 | | |
4137 | | /* User generate pre-master handler */ |
4138 | | CallbackGenPreMaster GenPreMasterCb; |
4139 | | /* User generate master secret handler */ |
4140 | | CallbackGenMasterSecret GenMasterCb; |
4141 | | /* User generate Extended master secret handler */ |
4142 | | CallbackGenExtMasterSecret GenExtMasterCb; |
4143 | | /* User generate session key handler */ |
4144 | | CallbackGenSessionKey GenSessionKeyCb; |
4145 | | /* User setting encrypt keys handler */ |
4146 | | CallbackEncryptKeys EncryptKeysCb; |
4147 | | /* User Tls finished handler */ |
4148 | | CallbackTlsFinished TlsFinishedCb; |
4149 | | #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) |
4150 | | /* User Verify mac handler */ |
4151 | | CallbackVerifyMac VerifyMacCb; |
4152 | | #endif |
4153 | | #if defined(WOLFSSL_PUBLIC_ASN) |
4154 | | /* User handler to process a certificate */ |
4155 | | CallbackProcessPeerCert ProcessPeerCertCb; |
4156 | | #endif |
4157 | | /* User handler to process the server's key exchange public key */ |
4158 | | CallbackProcessServerSigKex ProcessServerSigKexCb; |
4159 | | /* User handler to process the TLS record */ |
4160 | | CallbackPerformTlsRecordProcessing PerformTlsRecordProcessingCb; |
4161 | | /* User handler to do HKDF expansions */ |
4162 | | CallbackHKDFExpandLabel HKDFExpandLabelCb; |
4163 | | |
4164 | | #endif /* HAVE_PK_CALLBACKS */ |
4165 | | #ifdef HAVE_WOLF_EVENT |
4166 | | WOLF_EVENT_QUEUE event_queue; |
4167 | | #endif /* HAVE_WOLF_EVENT */ |
4168 | | #ifdef HAVE_EXT_CACHE |
4169 | | WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, const unsigned char*, int, int*); |
4170 | | int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); |
4171 | | #endif |
4172 | | #if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) |
4173 | | Rem_Sess_Cb rem_sess_cb; |
4174 | | #endif |
4175 | | #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) |
4176 | | Srp* srp; /* TLS Secure Remote Password Protocol*/ |
4177 | | byte* srp_password; |
4178 | | #endif |
4179 | | #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) |
4180 | | wolfSSL_CTX_keylog_cb_func keyLogCb; |
4181 | | #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ |
4182 | | #ifdef WOLFSSL_STATIC_EPHEMERAL |
4183 | | StaticKeyExchangeInfo_t staticKE; |
4184 | | #ifndef SINGLE_THREADED |
4185 | | wolfSSL_Mutex staticKELock; |
4186 | | #endif |
4187 | | #endif |
4188 | | #ifdef WOLFSSL_QUIC |
4189 | | struct { |
4190 | | const WOLFSSL_QUIC_METHOD *method; |
4191 | | } quic; |
4192 | | #endif |
4193 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) |
4194 | | WOLFSSL_EchConfig* echConfigs; |
4195 | | #endif |
4196 | | #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) |
4197 | | byte doAppleNativeCertValidationFlag:1; |
4198 | | #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */ |
4199 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
4200 | | byte *sigSpec; |
4201 | | word16 sigSpecSz; |
4202 | | #endif |
4203 | | #if defined(WOLFSSL_SYS_CRYPTO_POLICY) |
4204 | | int secLevel; /* The security level of system-wide crypto policy. */ |
4205 | | #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ |
4206 | | |
4207 | | #ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION |
4208 | | CFMutableArrayRef testTrustedCAs; |
4209 | | #endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ |
4210 | | }; |
4211 | | |
4212 | | WOLFSSL_LOCAL |
4213 | | int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap); |
4214 | | WOLFSSL_LOCAL |
4215 | | void FreeSSL_Ctx(WOLFSSL_CTX* ctx); |
4216 | | WOLFSSL_LOCAL |
4217 | | void SSL_CtxResourceFree(WOLFSSL_CTX* ctx); |
4218 | | |
4219 | | #ifdef HAVE_EX_DATA_CLEANUP_HOOKS |
4220 | | #ifndef HAVE_EX_DATA |
4221 | | #error "HAVE_EX_DATA_CLEANUP_HOOKS requires HAVE_EX_DATA to be defined" |
4222 | | #endif |
4223 | | void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data); |
4224 | | #endif |
4225 | | |
4226 | | WOLFSSL_LOCAL |
4227 | | int DeriveTlsKeys(WOLFSSL* ssl); |
4228 | | WOLFSSL_LOCAL |
4229 | | int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, |
4230 | | word32 inSz, word16 sz); |
4231 | | |
4232 | | #ifndef NO_CERTS |
4233 | | WOLFSSL_LOCAL int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s); |
4234 | | WOLFSSL_LOCAL |
4235 | | int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); |
4236 | | WOLFSSL_LOCAL int RemoveCA(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type); |
4237 | | WOLFSSL_LOCAL int SetCAType(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type); |
4238 | | WOLFSSL_LOCAL |
4239 | | int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); |
4240 | | #ifdef WOLFSSL_TRUST_PEER_CERT |
4241 | | WOLFSSL_LOCAL |
4242 | | int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); |
4243 | | WOLFSSL_LOCAL |
4244 | | int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert); |
4245 | | #endif |
4246 | | #endif |
4247 | | |
4248 | | #ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION |
4249 | | WOLFSSL_API |
4250 | | int wolfSSL_TestAppleNativeCertValidation_AppendCA(WOLFSSL_CTX* ctx, |
4251 | | const byte* derCert, |
4252 | | int derLen); |
4253 | | #endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ |
4254 | | |
4255 | | /* All cipher suite related info |
4256 | | * Keep as a constant size (no ifdefs) for session export */ |
4257 | | typedef struct CipherSpecs { |
4258 | | word16 key_size; |
4259 | | word16 iv_size; |
4260 | | word16 block_size; |
4261 | | word16 aead_mac_size; |
4262 | | byte bulk_cipher_algorithm; |
4263 | | byte cipher_type; /* block, stream, or aead */ |
4264 | | byte mac_algorithm; |
4265 | | byte kea; /* key exchange algo */ |
4266 | | byte sig_algo; |
4267 | | byte hash_size; |
4268 | | byte pad_size; |
4269 | | byte static_ecdh; |
4270 | | } CipherSpecs; |
4271 | | |
4272 | | |
4273 | | void InitCipherSpecs(CipherSpecs* cs); |
4274 | | |
4275 | | |
4276 | | /* Supported Key Exchange Protocols */ |
4277 | | enum KeyExchangeAlgorithm { |
4278 | | no_kea, |
4279 | | rsa_kea, |
4280 | | diffie_hellman_kea, |
4281 | | fortezza_kea, |
4282 | | psk_kea, |
4283 | | dhe_psk_kea, |
4284 | | ecdhe_psk_kea, |
4285 | | ecc_diffie_hellman_kea, |
4286 | | ecc_static_diffie_hellman_kea, /* for verify suite only */ |
4287 | | any_kea |
4288 | | }; |
4289 | | |
4290 | | /* Used with InitSuitesHashSigAlgo */ |
4291 | 0 | #define SIG_ECDSA 0x01 |
4292 | 0 | #define SIG_RSA 0x02 |
4293 | 0 | #define SIG_SM2 0x04 |
4294 | 0 | #define SIG_FALCON 0x08 |
4295 | 0 | #define SIG_DILITHIUM 0x10 |
4296 | | #define SIG_ANON 0x20 |
4297 | | /* SIG_ANON is omitted by default */ |
4298 | 0 | #define SIG_ALL (SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | \ |
4299 | 0 | SIG_DILITHIUM) |
4300 | | |
4301 | | /* Supported Authentication Schemes */ |
4302 | | enum SignatureAlgorithm { |
4303 | | anonymous_sa_algo = 0, |
4304 | | rsa_sa_algo = 1, |
4305 | | dsa_sa_algo = 2, |
4306 | | ecc_dsa_sa_algo = 3, |
4307 | | rsa_pss_sa_algo = 8, |
4308 | | ed25519_sa_algo = 9, |
4309 | | rsa_pss_pss_algo = 10, |
4310 | | ed448_sa_algo = 11, |
4311 | | falcon_level1_sa_algo = 12, |
4312 | | falcon_level5_sa_algo = 13, |
4313 | | dilithium_level2_sa_algo = 14, |
4314 | | dilithium_level3_sa_algo = 15, |
4315 | | dilithium_level5_sa_algo = 16, |
4316 | | sm2_sa_algo = 17, |
4317 | | any_sa_algo = 18, |
4318 | | invalid_sa_algo = 255 |
4319 | | }; |
4320 | | |
4321 | | #define PSS_RSAE_TO_PSS_PSS(macAlgo) \ |
4322 | | ((macAlgo) + (pss_sha256 - sha256_mac)) |
4323 | | |
4324 | | #define PSS_PSS_HASH_TO_MAC(macAlgo) \ |
4325 | | ((macAlgo) - (pss_sha256 - sha256_mac)) |
4326 | | |
4327 | | enum SigAlgRsaPss { |
4328 | | pss_sha256 = 0x09, |
4329 | | pss_sha384 = 0x0a, |
4330 | | pss_sha512 = 0x0b, |
4331 | | }; |
4332 | | |
4333 | | #ifdef WOLFSSL_SM2 |
4334 | | /* Default SM2 signature ID. */ |
4335 | 0 | #define TLS12_SM2_SIG_ID ((byte*)"1234567812345678") |
4336 | | /* Length of default SM2 signature ID. */ |
4337 | 0 | #define TLS12_SM2_SIG_ID_SZ 16 |
4338 | | |
4339 | | /* https://www.rfc-editor.org/rfc/rfc8998.html#name-sm2-signature-scheme */ |
4340 | | /* ID to use when signing/verifying TLS v1.3 data. */ |
4341 | 0 | #define TLS13_SM2_SIG_ID ((byte*)"TLSv1.3+GM+Cipher+Suite") |
4342 | | /* Length of ID to use when signing/verifying TLS v1.3 data. */ |
4343 | 0 | #define TLS13_SM2_SIG_ID_SZ 23 |
4344 | | #endif |
4345 | | |
4346 | | /* Supported ECC Curve Types */ |
4347 | | enum EccCurves { |
4348 | | named_curve = 3 |
4349 | | }; |
4350 | | |
4351 | | |
4352 | | /* Valid client certificate request types from page 27 */ |
4353 | | enum ClientCertificateType { |
4354 | | rsa_sign = 1, |
4355 | | dss_sign = 2, |
4356 | | rsa_fixed_dh = 3, |
4357 | | dss_fixed_dh = 4, |
4358 | | rsa_ephemeral_dh = 5, |
4359 | | dss_ephemeral_dh = 6, |
4360 | | fortezza_kea_cert = 20, |
4361 | | ecdsa_sign = 64, |
4362 | | rsa_fixed_ecdh = 65, |
4363 | | ecdsa_fixed_ecdh = 66, |
4364 | | falcon_sign = 67, |
4365 | | dilithium_sign = 68, |
4366 | | }; |
4367 | | |
4368 | | |
4369 | | #ifndef WOLFSSL_AEAD_ONLY |
4370 | | enum CipherType { stream, block, aead }; |
4371 | | #else |
4372 | | enum CipherType { aead }; |
4373 | | #endif |
4374 | | |
4375 | | |
4376 | | #if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA) || \ |
4377 | | (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13) |
4378 | | #define CIPHER_NONCE |
4379 | | #endif |
4380 | | |
4381 | | #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) |
4382 | | enum CipherSrc { |
4383 | | KEYS_NOT_SET = 0, |
4384 | | KEYS, /* keys from ssl->keys are loaded */ |
4385 | | SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */ |
4386 | | }; |
4387 | | #endif |
4388 | | |
4389 | | #ifdef WOLFSSL_CIPHER_TEXT_CHECK |
4390 | | #ifndef WOLFSSL_CIPHER_CHECK_SZ |
4391 | | /* 64-bits to confirm encrypt operation worked */ |
4392 | | #define WOLFSSL_CIPHER_CHECK_SZ 8 |
4393 | | #endif |
4394 | | #endif |
4395 | | |
4396 | | /* cipher for now */ |
4397 | | typedef struct Ciphers { |
4398 | | #ifdef BUILD_ARC4 |
4399 | | Arc4* arc4; |
4400 | | #endif |
4401 | | #ifdef BUILD_DES3 |
4402 | | Des3* des3; |
4403 | | #endif |
4404 | | #if defined(BUILD_AES) || defined(BUILD_AESGCM) |
4405 | | Aes* aes; |
4406 | | #endif |
4407 | | #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && !defined(WOLFSSL_NO_TLS12) |
4408 | | byte* additional; |
4409 | | #endif |
4410 | | #ifdef HAVE_ARIA |
4411 | | wc_Aria* aria; |
4412 | | #endif |
4413 | | #ifdef CIPHER_NONCE |
4414 | | byte* nonce; |
4415 | | #endif |
4416 | | #ifdef HAVE_CAMELLIA |
4417 | | wc_Camellia* cam; |
4418 | | #endif |
4419 | | #ifdef HAVE_CHACHA |
4420 | | ChaCha* chacha; |
4421 | | #endif |
4422 | | #ifdef WOLFSSL_SM4 |
4423 | | wc_Sm4* sm4; |
4424 | | #endif |
4425 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) && !defined(NO_HMAC) |
4426 | | Hmac* hmac; |
4427 | | #endif |
4428 | | #ifdef WOLFSSL_CIPHER_TEXT_CHECK |
4429 | | word32 sanityCheck[WOLFSSL_CIPHER_CHECK_SZ/sizeof(word32)]; |
4430 | | #endif |
4431 | | byte state; |
4432 | | byte setup; /* have we set it up flag for detection */ |
4433 | | #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) |
4434 | | enum CipherSrc src; /* DTLS uses this to determine which keys |
4435 | | * are currently loaded */ |
4436 | | #endif |
4437 | | } Ciphers; |
4438 | | |
4439 | | #ifdef WOLFSSL_DTLS13 |
4440 | | typedef struct RecordNumberCiphers { |
4441 | | #if defined(BUILD_AES) || defined(BUILD_AESGCM) |
4442 | | Aes *aes; |
4443 | | #endif /* BUILD_AES || BUILD_AESGCM */ |
4444 | | #ifdef HAVE_CHACHA |
4445 | | ChaCha *chacha; |
4446 | | #endif |
4447 | | } RecordNumberCiphers; |
4448 | | #endif /* WOLFSSL_DTLS13 */ |
4449 | | |
4450 | | #ifdef HAVE_ONE_TIME_AUTH |
4451 | | /* Ciphers for one time authentication such as poly1305 */ |
4452 | | typedef struct OneTimeAuth { |
4453 | | #ifdef HAVE_POLY1305 |
4454 | | Poly1305* poly1305; |
4455 | | #endif |
4456 | | byte setup; /* flag for if a cipher has been set */ |
4457 | | |
4458 | | } OneTimeAuth; |
4459 | | #endif |
4460 | | |
4461 | | |
4462 | | WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); |
4463 | | WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); |
4464 | | |
4465 | | |
4466 | | /* hashes type */ |
4467 | | typedef struct Hashes { |
4468 | | #if !defined(NO_MD5) && !defined(NO_OLD_TLS) |
4469 | | byte md5[WC_MD5_DIGEST_SIZE]; |
4470 | | #endif |
4471 | | #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ |
4472 | | defined(WOLFSSL_ALLOW_TLS_SHA1)) |
4473 | | byte sha[WC_SHA_DIGEST_SIZE]; |
4474 | | #endif |
4475 | | #ifndef NO_SHA256 |
4476 | | byte sha256[WC_SHA256_DIGEST_SIZE]; |
4477 | | #endif |
4478 | | #ifdef WOLFSSL_SHA384 |
4479 | | byte sha384[WC_SHA384_DIGEST_SIZE]; |
4480 | | #endif |
4481 | | #ifdef WOLFSSL_SHA512 |
4482 | | byte sha512[WC_SHA512_DIGEST_SIZE]; |
4483 | | #endif |
4484 | | #ifdef WOLFSSL_SM3 |
4485 | | byte sm3[WC_SM3_DIGEST_SIZE]; |
4486 | | #endif |
4487 | | } Hashes; |
4488 | | |
4489 | | WOLFSSL_LOCAL int BuildCertHashes(const WOLFSSL* ssl, Hashes* hashes); |
4490 | | |
4491 | | #ifdef WOLFSSL_TLS13 |
4492 | | typedef union Digest { |
4493 | | #ifndef NO_SHA256 |
4494 | | wc_Sha256 sha256; |
4495 | | #endif |
4496 | | #ifdef WOLFSSL_SHA384 |
4497 | | wc_Sha384 sha384; |
4498 | | #endif |
4499 | | #ifdef WOLFSSL_SHA512 |
4500 | | wc_Sha512 sha512; |
4501 | | #endif |
4502 | | #ifdef WOLFSSL_SM3 |
4503 | | wc_Sm3 sm3; |
4504 | | #endif |
4505 | | } Digest; |
4506 | | #endif |
4507 | | |
4508 | | /* Static x509 buffer */ |
4509 | | typedef struct x509_buffer { |
4510 | | int length; /* actual size */ |
4511 | | byte buffer[MAX_X509_SIZE]; /* max static cert size */ |
4512 | | } x509_buffer; |
4513 | | |
4514 | | |
4515 | | /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ |
4516 | | struct WOLFSSL_X509_CHAIN { |
4517 | | int count; /* total number in chain */ |
4518 | | x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ |
4519 | | }; |
4520 | | |
4521 | | typedef enum WOLFSSL_SESSION_TYPE { |
4522 | | WOLFSSL_SESSION_TYPE_UNKNOWN, |
4523 | | WOLFSSL_SESSION_TYPE_SSL, /* in ssl->session */ |
4524 | | WOLFSSL_SESSION_TYPE_CACHE, /* pointer to internal cache */ |
4525 | | WOLFSSL_SESSION_TYPE_HEAP /* allocated from heap SESSION_new */ |
4526 | | } WOLFSSL_SESSION_TYPE; |
4527 | | |
4528 | | #ifdef WOLFSSL_QUIC |
4529 | | typedef struct QuicRecord QuicRecord; |
4530 | | typedef struct QuicRecord { |
4531 | | struct QuicRecord *next; |
4532 | | uint8_t *data; |
4533 | | word32 capacity; |
4534 | | word32 len; |
4535 | | word32 start; |
4536 | | word32 end; |
4537 | | WOLFSSL_ENCRYPTION_LEVEL level; |
4538 | | word32 rec_hdr_remain; |
4539 | | } QuicEncData; |
4540 | | |
4541 | | typedef struct QuicTransportParam QuicTransportParam; |
4542 | | struct QuicTransportParam { |
4543 | | const uint8_t *data; |
4544 | | word16 len; |
4545 | | }; |
4546 | | |
4547 | | WOLFSSL_LOCAL const QuicTransportParam *QuicTransportParam_new(const uint8_t *data, size_t len, void *heap); |
4548 | | WOLFSSL_LOCAL const QuicTransportParam *QuicTransportParam_dup(const QuicTransportParam *tp, void *heap); |
4549 | | WOLFSSL_LOCAL void QuicTransportParam_free(const QuicTransportParam *tp, void *heap); |
4550 | | WOLFSSL_LOCAL int TLSX_QuicTP_Use(WOLFSSL* ssl, TLSX_Type ext_type, int is_response); |
4551 | | WOLFSSL_LOCAL int wolfSSL_quic_add_transport_extensions(WOLFSSL *ssl, int msg_type); |
4552 | | |
4553 | | #define QTP_FREE QuicTransportParam_free |
4554 | | |
4555 | | #endif /* WOLFSSL_QUIC */ |
4556 | | |
4557 | | /** Session Ticket - RFC 5077 (session 3.2) */ |
4558 | | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
4559 | | /* Ticket nonce - for deriving PSK. |
4560 | | Length allowed to be: 1..255. Only support |
4561 | | * TLS13_TICKET_NONCE_STATIC_SZ length bytes. |
4562 | | */ |
4563 | | typedef struct TicketNonce { |
4564 | | byte len; |
4565 | | #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ |
4566 | | (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) |
4567 | | byte *data; |
4568 | | byte dataStatic[MAX_TICKET_NONCE_STATIC_SZ]; |
4569 | | #else |
4570 | | byte data[MAX_TICKET_NONCE_STATIC_SZ]; |
4571 | | #endif /* WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */ |
4572 | | } TicketNonce; |
4573 | | #endif |
4574 | | |
4575 | | /* wolfSSL session type */ |
4576 | | struct WOLFSSL_SESSION { |
4577 | | /* WARNING Do not add fields here. They will be ignored in |
4578 | | * wolfSSL_DupSession. */ |
4579 | | WOLFSSL_SESSION_TYPE type; |
4580 | | #ifndef NO_SESSION_CACHE |
4581 | | int cacheRow; /* row in session cache */ |
4582 | | #endif |
4583 | | wolfSSL_Ref ref; |
4584 | | byte altSessionID[ID_LEN]; |
4585 | | byte haveAltSessionID:1; |
4586 | | #ifdef HAVE_EX_DATA |
4587 | | byte ownExData:1; |
4588 | | #endif |
4589 | | #if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA) |
4590 | | Rem_Sess_Cb rem_sess_cb; |
4591 | | #endif |
4592 | | void* heap; |
4593 | | /* WARNING The above fields (up to and including the heap) are not copied |
4594 | | * in wolfSSL_DupSession. Place new fields after the heap |
4595 | | * member */ |
4596 | | |
4597 | | byte side; /* Either WOLFSSL_CLIENT_END or |
4598 | | WOLFSSL_SERVER_END */ |
4599 | | |
4600 | | word32 bornOn; /* create time in seconds */ |
4601 | | word32 timeout; /* timeout in seconds */ |
4602 | | |
4603 | | byte sessionID[ID_LEN]; /* id for protocol or bogus |
4604 | | * ID for TLS 1.3 */ |
4605 | | byte sessionIDSz; |
4606 | | |
4607 | | byte masterSecret[SECRET_LEN]; /* stored secret */ |
4608 | | word16 haveEMS; /* ext master secret flag */ |
4609 | | #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) |
4610 | | WOLFSSL_X509* peer; /* peer cert */ |
4611 | | #endif |
4612 | | #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ |
4613 | | defined(HAVE_SESSION_TICKET)) |
4614 | | ProtocolVersion version; /* which version was used */ |
4615 | | #endif |
4616 | | #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ |
4617 | | (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) |
4618 | | byte cipherSuite0; /* first byte, normally 0 */ |
4619 | | byte cipherSuite; /* 2nd byte, actual suite */ |
4620 | | #endif |
4621 | | #ifndef NO_CLIENT_CACHE |
4622 | | word16 idLen; /* serverID length */ |
4623 | | byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ |
4624 | | #endif |
4625 | | #ifdef WOLFSSL_SESSION_ID_CTX |
4626 | | byte sessionCtxSz; /* sessionCtx length */ |
4627 | | byte sessionCtx[ID_LEN]; /* app specific context id */ |
4628 | | #endif /* WOLFSSL_SESSION_ID_CTX */ |
4629 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
4630 | | byte peerVerifyRet; /* cert verify error */ |
4631 | | #endif |
4632 | | #ifdef WOLFSSL_TLS13 |
4633 | | word16 namedGroup; |
4634 | | #endif |
4635 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
4636 | | #ifdef WOLFSSL_TLS13 |
4637 | | #ifdef WOLFSSL_32BIT_MILLI_TIME |
4638 | | word32 ticketSeen; /* Time ticket seen (ms) */ |
4639 | | #else |
4640 | | sword64 ticketSeen; /* Time ticket seen (ms) */ |
4641 | | #endif |
4642 | | word32 ticketAdd; /* Added by client */ |
4643 | | TicketNonce ticketNonce; /* Nonce used to derive PSK */ |
4644 | | #endif |
4645 | | #ifdef WOLFSSL_EARLY_DATA |
4646 | | word32 maxEarlyDataSz; |
4647 | | #endif |
4648 | | #endif |
4649 | | #ifdef HAVE_SESSION_TICKET |
4650 | | byte staticTicket[SESSION_TICKET_LEN]; |
4651 | | byte* ticket; |
4652 | | word16 ticketLen; |
4653 | | word16 ticketLenAlloc; /* is dynamic */ |
4654 | | #endif |
4655 | | |
4656 | | #ifdef SESSION_CERTS |
4657 | | WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ |
4658 | | #ifdef WOLFSSL_ALT_CERT_CHAINS |
4659 | | WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ |
4660 | | #endif |
4661 | | #endif |
4662 | | #ifdef HAVE_EX_DATA |
4663 | | WOLFSSL_CRYPTO_EX_DATA ex_data; |
4664 | | #endif |
4665 | | #ifdef HAVE_MAX_FRAGMENT |
4666 | | byte mfl; /* max fragment length negotiated i.e. |
4667 | | * WOLFSSL_MFL_2_8 (6) */ |
4668 | | #endif |
4669 | | byte isSetup:1; |
4670 | | }; |
4671 | | |
4672 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ |
4673 | | defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ |
4674 | | (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) |
4675 | | WOLFSSL_LOCAL int SessionTicketNoncePopulate(WOLFSSL_SESSION *session, |
4676 | | const byte* nonce, byte len); |
4677 | | #endif /* WOLFSSL_TLS13 && */ |
4678 | | |
4679 | | WOLFSSL_LOCAL int wolfSSL_RAND_Init(void); |
4680 | | |
4681 | | WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_NewSession(void* heap); |
4682 | | WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSession( |
4683 | | WOLFSSL* ssl, byte* masterSecret, byte restoreSessionCerts); |
4684 | | WOLFSSL_LOCAL void SetupSession(WOLFSSL* ssl); |
4685 | | WOLFSSL_LOCAL void AddSession(WOLFSSL* ssl); |
4686 | | #ifdef WOLFSSL_API_PREFIX_MAP |
4687 | | #define AddSessionToCache wolfSSL_AddSessionToCache |
4688 | | #endif |
4689 | | WOLFSSL_TEST_VIS int AddSessionToCache(WOLFSSL_CTX* ctx, |
4690 | | WOLFSSL_SESSION* addSession, const byte* id, byte idSz, int* sessionIndex, |
4691 | | int side, word16 useTicket, ClientSession** clientCacheEntry); |
4692 | | #ifndef NO_CLIENT_CACHE |
4693 | | WOLFSSL_LOCAL ClientSession* AddSessionToClientCache(int side, int row, int idx, |
4694 | | byte* serverID, word16 idLen, const byte* sessionID, |
4695 | | word16 useTicket); |
4696 | | #endif |
4697 | | WOLFSSL_LOCAL |
4698 | | WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session); |
4699 | | WOLFSSL_LOCAL void TlsSessionCacheUnlockRow(word32 row); |
4700 | | WOLFSSL_LOCAL int TlsSessionCacheGetAndRdLock(const byte *id, |
4701 | | const WOLFSSL_SESSION **sess, word32 *lockedRow, byte side); |
4702 | | WOLFSSL_LOCAL int TlsSessionCacheGetAndWrLock(const byte *id, |
4703 | | WOLFSSL_SESSION **sess, word32 *lockedRow, byte side); |
4704 | | WOLFSSL_LOCAL void EvictSessionFromCache(WOLFSSL_SESSION* session); |
4705 | | WOLFSSL_TEST_VIS int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output); |
4706 | | WOLFSSL_LOCAL int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session); |
4707 | | WOLFSSL_LOCAL void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, |
4708 | | WOLFSSL_SESSION* session); |
4709 | | WOLFSSL_LOCAL int wolfSSL_DupSession(const WOLFSSL_SESSION* input, |
4710 | | WOLFSSL_SESSION* output, int avoidSysCalls); |
4711 | | |
4712 | | |
4713 | | typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int); |
4714 | | |
4715 | | #ifndef NO_CLIENT_CACHE |
4716 | | WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSessionClient( |
4717 | | WOLFSSL* ssl, const byte* id, int len); |
4718 | | #endif |
4719 | | |
4720 | | /* client connect state for nonblocking restart */ |
4721 | | enum ConnectState { |
4722 | | CONNECT_BEGIN = 0, |
4723 | | CLIENT_HELLO_SENT, |
4724 | | HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ |
4725 | | HELLO_AGAIN_REPLY, |
4726 | | FIRST_REPLY_DONE, |
4727 | | FIRST_REPLY_FIRST, |
4728 | | FIRST_REPLY_SECOND, |
4729 | | FIRST_REPLY_THIRD, |
4730 | | FIRST_REPLY_FOURTH, |
4731 | | FINISHED_DONE, |
4732 | | SECOND_REPLY_DONE, |
4733 | | |
4734 | | #ifdef WOLFSSL_DTLS13 |
4735 | | WAIT_FINISHED_ACK |
4736 | | #endif /* WOLFSSL_DTLS13 */ |
4737 | | |
4738 | | }; |
4739 | | |
4740 | | |
4741 | | /* server accept state for nonblocking restart */ |
4742 | | enum AcceptState { |
4743 | | ACCEPT_BEGIN = 0, |
4744 | | ACCEPT_BEGIN_RENEG, |
4745 | | ACCEPT_CLIENT_HELLO_DONE, |
4746 | | ACCEPT_HELLO_RETRY_REQUEST_DONE, |
4747 | | ACCEPT_FIRST_REPLY_DONE, |
4748 | | SERVER_HELLO_SENT, |
4749 | | CERT_SENT, |
4750 | | CERT_VERIFY_SENT, |
4751 | | CERT_STATUS_SENT, |
4752 | | KEY_EXCHANGE_SENT, |
4753 | | CERT_REQ_SENT, |
4754 | | SERVER_HELLO_DONE, |
4755 | | ACCEPT_SECOND_REPLY_DONE, |
4756 | | TICKET_SENT, |
4757 | | CHANGE_CIPHER_SENT, |
4758 | | ACCEPT_FINISHED_DONE, |
4759 | | ACCEPT_THIRD_REPLY_DONE |
4760 | | }; |
4761 | | |
4762 | | /* TLS 1.3 server accept state for nonblocking restart */ |
4763 | | enum AcceptStateTls13 { |
4764 | | TLS13_ACCEPT_BEGIN = 0, |
4765 | | TLS13_ACCEPT_BEGIN_RENEG, |
4766 | | TLS13_ACCEPT_CLIENT_HELLO_DONE, |
4767 | | TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE, |
4768 | | TLS13_ACCEPT_FIRST_REPLY_DONE, |
4769 | | TLS13_ACCEPT_SECOND_REPLY_DONE, |
4770 | | TLS13_SERVER_HELLO_SENT, |
4771 | | TLS13_ACCEPT_THIRD_REPLY_DONE, |
4772 | | TLS13_SERVER_EXTENSIONS_SENT, |
4773 | | TLS13_CERT_REQ_SENT, |
4774 | | TLS13_CERT_SENT, |
4775 | | TLS13_CERT_VERIFY_SENT, |
4776 | | TLS13_ACCEPT_FINISHED_SENT, |
4777 | | TLS13_PRE_TICKET_SENT, |
4778 | | TLS13_ACCEPT_FINISHED_DONE, |
4779 | | TLS13_TICKET_SENT |
4780 | | }; |
4781 | | |
4782 | | #ifdef WOLFSSL_THREADED_CRYPT |
4783 | | |
4784 | | #include <pthread.h> |
4785 | | |
4786 | | typedef struct ThreadCrypt { |
4787 | | Ciphers encrypt; |
4788 | | bufferStatic buffer; |
4789 | | unsigned char nonce[AESGCM_NONCE_SZ]; |
4790 | | unsigned char additional[AEAD_AUTH_DATA_SZ]; |
4791 | | int init; |
4792 | | int offset; |
4793 | | int cryptLen; |
4794 | | int done; |
4795 | | int avail; |
4796 | | int stop; |
4797 | | WOLFSSL_THREAD_SIGNAL signal; |
4798 | | void* signalCtx; |
4799 | | } ThreadCrypt; |
4800 | | |
4801 | | #endif |
4802 | | |
4803 | | /* buffers for struct WOLFSSL */ |
4804 | | typedef struct Buffers { |
4805 | | bufferStatic inputBuffer; |
4806 | | bufferStatic outputBuffer; |
4807 | | #ifdef WOLFSSL_THREADED_CRYPT |
4808 | | ThreadCrypt encrypt[WOLFSSL_THREADED_CRYPT_CNT]; |
4809 | | #endif |
4810 | | buffer domainName; /* for client check */ |
4811 | | buffer clearOutputBuffer; |
4812 | | buffer sig; /* signature data */ |
4813 | | buffer digest; /* digest data */ |
4814 | | word32 prevSent; /* previous plain text bytes sent |
4815 | | when got WANT_WRITE */ |
4816 | | word32 plainSz; /* plain text bytes in buffer to send |
4817 | | when got WANT_WRITE */ |
4818 | | byte weOwnCert; /* SSL own cert flag */ |
4819 | | byte weOwnCertChain; /* SSL own cert chain flag */ |
4820 | | byte weOwnKey; /* SSL own key flag */ |
4821 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
4822 | | byte weOwnAltKey; /* SSL own alt key flag */ |
4823 | | #endif |
4824 | | byte weOwnDH; /* SSL own dh (p,g) flag */ |
4825 | | #ifndef NO_DH |
4826 | | buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ |
4827 | | buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ |
4828 | | buffer serverDH_Pub; |
4829 | | buffer serverDH_Priv; |
4830 | | DhKey* serverDH_Key; |
4831 | | #endif |
4832 | | #ifndef NO_CERTS |
4833 | | DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ |
4834 | | DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ |
4835 | | #ifdef WOLFSSL_BLIND_PRIVATE_KEY |
4836 | | DerBuffer* keyMask; /* Mask of private key DER. */ |
4837 | | #endif |
4838 | | byte keyType; /* Type of key */ |
4839 | | byte keyId:1; /* Key data is an id not data */ |
4840 | | byte keyLabel:1; /* Key data is a label not data */ |
4841 | | int keySz; /* Size of RSA key */ |
4842 | | int keyDevId; /* Device Id for key */ |
4843 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
4844 | | DerBuffer* altKey; /* WOLFSSL_CTX owns, unless we own */ |
4845 | | #ifdef WOLFSSL_BLIND_PRIVATE_KEY |
4846 | | DerBuffer* altKeyMask; /* Mask of alt private key DER. */ |
4847 | | #endif |
4848 | | byte altKeyType; /* Type of alt key */ |
4849 | | byte altKeyId:1; /* Key data is an id not data */ |
4850 | | byte altKeyLabel:1; /* Key data is a label not data */ |
4851 | | int altKeySz; /* Size of alt key */ |
4852 | | int altKeyDevId; /* Device Id for alt key */ |
4853 | | #endif |
4854 | | DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ |
4855 | | /* chain after self, in DER, with leading size for each cert */ |
4856 | | int certChainCnt; |
4857 | | #ifdef WOLFSSL_TLS13 |
4858 | | DerBuffer* certExts[MAX_CERT_EXTENSIONS]; |
4859 | | #endif |
4860 | | #endif |
4861 | | #ifdef WOLFSSL_SEND_HRR_COOKIE |
4862 | | buffer tls13CookieSecret; /* HRR cookie secret */ |
4863 | | #endif |
4864 | | #ifdef WOLFSSL_DTLS |
4865 | | WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ |
4866 | | #ifndef NO_WOLFSSL_SERVER |
4867 | | buffer dtlsCookieSecret; /* DTLS cookie secret */ |
4868 | | #endif /* NO_WOLFSSL_SERVER */ |
4869 | | #endif |
4870 | | #ifdef HAVE_PK_CALLBACKS |
4871 | | #ifdef HAVE_ECC |
4872 | | buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ |
4873 | | #endif /* HAVE_ECC */ |
4874 | | #ifdef HAVE_ED25519 |
4875 | | buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */ |
4876 | | #endif /* HAVE_ED25519 */ |
4877 | | #ifdef HAVE_ED448 |
4878 | | buffer peerEd448Key; /* for Ed448 Verify Callbacks */ |
4879 | | #endif /* HAVE_ED448 */ |
4880 | | #ifndef NO_RSA |
4881 | | buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ |
4882 | | #endif /* NO_RSA */ |
4883 | | #endif /* HAVE_PK_CALLBACKS */ |
4884 | | } Buffers; |
4885 | | |
4886 | | /* sub-states for send/do key share (key exchange) */ |
4887 | | enum asyncState { |
4888 | | TLS_ASYNC_BEGIN = 0, |
4889 | | TLS_ASYNC_BUILD, |
4890 | | TLS_ASYNC_DO, |
4891 | | TLS_ASYNC_VERIFY, |
4892 | | TLS_ASYNC_FINALIZE, |
4893 | | TLS_ASYNC_END |
4894 | | }; |
4895 | | |
4896 | | /* sub-states for build message */ |
4897 | | enum buildMsgState { |
4898 | | BUILD_MSG_BEGIN = 0, |
4899 | | BUILD_MSG_SIZE, |
4900 | | BUILD_MSG_HASH, |
4901 | | BUILD_MSG_VERIFY_MAC, |
4902 | | BUILD_MSG_ENCRYPT, |
4903 | | BUILD_MSG_ENCRYPTED_VERIFY_MAC, |
4904 | | }; |
4905 | | |
4906 | | /* sub-states for cipher operations */ |
4907 | | enum cipherState { |
4908 | | CIPHER_STATE_BEGIN = 0, |
4909 | | CIPHER_STATE_DO, |
4910 | | CIPHER_STATE_END, |
4911 | | }; |
4912 | | |
4913 | | struct Options { |
4914 | | #ifndef NO_PSK |
4915 | | wc_psk_client_callback client_psk_cb; |
4916 | | wc_psk_server_callback server_psk_cb; |
4917 | | #ifdef OPENSSL_EXTRA |
4918 | | wc_psk_use_session_cb_func session_psk_cb; |
4919 | | #endif |
4920 | | #ifdef WOLFSSL_TLS13 |
4921 | | wc_psk_client_cs_callback client_psk_cs_cb; /* client callback */ |
4922 | | wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ |
4923 | | wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ |
4924 | | #endif |
4925 | | void* psk_ctx; |
4926 | | #endif /* NO_PSK */ |
4927 | | unsigned long mask; /* store SSL_OP_ flags */ |
4928 | | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) |
4929 | | word16 minProto:1; /* sets min to min available */ |
4930 | | word16 maxProto:1; /* sets max to max available */ |
4931 | | #endif |
4932 | | #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) |
4933 | | unsigned int maxTicketTls13; /* maximum number of tickets to send */ |
4934 | | unsigned int ticketsSent; /* keep track of the total sent */ |
4935 | | #endif |
4936 | | |
4937 | | /* on/off or small bit flags, optimize layout */ |
4938 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
4939 | | word16 havePSK:1; /* psk key set by user */ |
4940 | | #endif /* HAVE_SESSION_TICKET || !NO_PSK */ |
4941 | | word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ |
4942 | | word16 sessionCacheOff:1; |
4943 | | word16 sessionCacheFlushOff:1; |
4944 | | #ifdef HAVE_EXT_CACHE |
4945 | | word16 internalCacheOff:1; |
4946 | | word16 internalCacheLookupOff:1; |
4947 | | #endif |
4948 | | word16 side:2; /* client, server or neither end */ |
4949 | | word16 verifyPeer:1; |
4950 | | word16 verifyNone:1; |
4951 | | word16 failNoCert:1; |
4952 | | word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ |
4953 | | word16 downgrade:1; /* allow downgrade of versions */ |
4954 | | word16 resuming:1; |
4955 | | #ifdef HAVE_SECURE_RENEGOTIATION |
4956 | | word16 resumed:1; /* resuming may be reset on SCR */ |
4957 | | #endif |
4958 | | word16 isPSK:1; |
4959 | | word16 haveSessionId:1; /* server may not send */ |
4960 | | word16 tls:1; /* using TLS ? */ |
4961 | | word16 tls1_1:1; /* using TLSv1.1+ ? */ |
4962 | | word16 tls1_3:1; /* using TLSv1.3+ ? */ |
4963 | | word16 dtls:1; /* using datagrams ? */ |
4964 | | #ifdef WOLFSSL_DTLS |
4965 | | word16 dtlsStateful:1; /* allow stateful processing ? */ |
4966 | | #endif |
4967 | | word16 connReset:1; /* has the peer reset */ |
4968 | | word16 isClosed:1; /* if we consider conn closed */ |
4969 | | word16 closeNotify:1; /* we've received a close notify */ |
4970 | | word16 sentNotify:1; /* we've sent a close notify */ |
4971 | | word16 usingCompression:1; /* are we using compression */ |
4972 | | word16 haveRSA:1; /* RSA available */ |
4973 | | word16 haveECC:1; /* ECC available */ |
4974 | | word16 haveDH:1; /* server DH params set by user */ |
4975 | | word16 haveECDSAsig:1; /* server ECDSA signed cert */ |
4976 | | word16 haveStaticECC:1; /* static server ECC private key */ |
4977 | | word16 haveFalconSig:1; /* server Falcon signed cert */ |
4978 | | word16 haveDilithiumSig:1; /* server Dilithium signed cert */ |
4979 | | word16 havePeerCert:1; /* do we have peer's cert */ |
4980 | | word16 havePeerVerify:1; /* and peer's cert verify */ |
4981 | | word16 usingPSK_cipher:1; /* are using psk as cipher */ |
4982 | | word16 usingAnon_cipher:1; /* are we using an anon cipher */ |
4983 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
4984 | | word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */ |
4985 | | #ifdef HAVE_SUPPORTED_CURVES |
4986 | | word16 onlyPskDheKe:1; /* Only use (EC)DHE with PSK */ |
4987 | | #endif |
4988 | | #endif |
4989 | | word16 partialWrite:1; /* only one msg per write call */ |
4990 | | word16 quietShutdown:1; /* don't send close notify */ |
4991 | | word16 certOnly:1; /* stop once we get cert */ |
4992 | | word16 groupMessages:1; /* group handshake messages */ |
4993 | | word16 saveArrays:1; /* save array Memory for user get keys |
4994 | | or psk */ |
4995 | | word16 weOwnRng:1; /* will be true unless CTX owns */ |
4996 | | word16 dontFreeDigest:1; /* when true, we used SetDigest */ |
4997 | | word16 haveEMS:1; /* using extended master secret */ |
4998 | | #ifdef HAVE_POLY1305 |
4999 | | word16 oldPoly:1; /* set when to use old rfc way of poly*/ |
5000 | | #endif |
5001 | | word16 useAnon:1; /* User wants to allow Anon suites */ |
5002 | | #ifdef HAVE_SESSION_TICKET |
5003 | | word16 createTicket:1; /* Server to create new Ticket */ |
5004 | | word16 useTicket:1; /* Use Ticket not session cache */ |
5005 | | word16 rejectTicket:1; /* Callback rejected ticket */ |
5006 | | word16 noTicketTls12:1; /* TLS 1.2 server won't send ticket */ |
5007 | | #ifdef WOLFSSL_TLS13 |
5008 | | word16 noTicketTls13:1; /* Server won't create new Ticket */ |
5009 | | #endif |
5010 | | #endif |
5011 | | #ifdef WOLFSSL_DTLS |
5012 | | #ifdef HAVE_SECURE_RENEGOTIATION |
5013 | | word16 dtlsDoSCR:1; /* Enough packets were dropped. We |
5014 | | * need to re-key. */ |
5015 | | #endif |
5016 | | word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ |
5017 | | word16 dtlsHsRetain:1; /* DTLS retaining HS data */ |
5018 | | #ifdef WOLFSSL_SCTP |
5019 | | word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ |
5020 | | #endif |
5021 | | #endif /* WOLFSSL_DTLS */ |
5022 | | #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES) |
5023 | | word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */ |
5024 | | #endif |
5025 | | word16 keepResources:1; /* Keep resources after handshake */ |
5026 | | word16 useClientOrder:1; /* Use client's cipher order */ |
5027 | | word16 mutualAuth:1; /* Mutual authentication is required */ |
5028 | | word16 peerAuthGood:1; /* Any required peer auth done */ |
5029 | | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
5030 | | word16 pskNegotiated:1; /* Session Ticket/PSK negotiated. */ |
5031 | | #endif |
5032 | | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
5033 | | word16 postHandshakeAuth:1;/* Client send post_handshake_auth |
5034 | | * extension */ |
5035 | | word16 verifyPostHandshake:1; /* Only send client cert req post |
5036 | | * handshake, not also during */ |
5037 | | #endif |
5038 | | #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) |
5039 | | word16 sendCookie:1; /* Server creates a Cookie in HRR */ |
5040 | | #endif |
5041 | | #ifdef WOLFSSL_ALT_CERT_CHAINS |
5042 | | word16 usingAltCertChain:1;/* Alternate cert chain was used */ |
5043 | | #endif |
5044 | | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) |
5045 | | word16 sentChangeCipher:1; /* Change Cipher Spec sent */ |
5046 | | #endif |
5047 | | #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ |
5048 | | ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \ |
5049 | | (defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ |
5050 | | (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH))) |
5051 | | word16 cacheMessages:1; /* Cache messages for sign/verify */ |
5052 | | #endif |
5053 | | #ifndef NO_DH |
5054 | | #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ |
5055 | | !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) |
5056 | | word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */ |
5057 | | word16 dhKeyTested:1; /* Set when key has been tested. */ |
5058 | | #endif |
5059 | | #endif |
5060 | | #ifdef HAVE_ENCRYPT_THEN_MAC |
5061 | | word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ |
5062 | | word16 encThenMac:1; /* Doing Encrypt-Then-MAC */ |
5063 | | word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */ |
5064 | | word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */ |
5065 | | #endif |
5066 | | #ifdef WOLFSSL_ASYNC_CRYPT |
5067 | | word16 buildArgsSet:1; /* buildArgs are set and need to |
5068 | | * be free'd */ |
5069 | | #endif |
5070 | | #ifdef WOLFSSL_DTLS13 |
5071 | | word16 dtls13SendMoreAcks:1; /* Send more acks during the |
5072 | | * handshake process */ |
5073 | | #ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME |
5074 | | word16 dtls13NoHrrOnResume:1; |
5075 | | #endif |
5076 | | #ifdef WOLFSSL_DTLS_CH_FRAG |
5077 | | word16 dtls13ChFrag:1; |
5078 | | #endif |
5079 | | #endif |
5080 | | #ifdef WOLFSSL_TLS13 |
5081 | | word16 tls13MiddleBoxCompat:1; /* TLSv1.3 middlebox compatibility */ |
5082 | | #endif |
5083 | | #ifdef WOLFSSL_DTLS_CID |
5084 | | word16 useDtlsCID:1; |
5085 | | #endif /* WOLFSSL_DTLS_CID */ |
5086 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) |
5087 | | word16 useEch:1; |
5088 | | word16 echAccepted:1; |
5089 | | byte disableECH:1; /* Did the user disable ech */ |
5090 | | #endif |
5091 | | #ifdef WOLFSSL_SEND_HRR_COOKIE |
5092 | | word16 cookieGood:1; |
5093 | | #endif |
5094 | | #if defined(HAVE_DANE) |
5095 | | word16 useDANE:1; |
5096 | | #endif /* HAVE_DANE */ |
5097 | | #ifdef WOLFSSL_TLS13 |
5098 | | #ifdef WOLFSSL_SEND_HRR_COOKIE |
5099 | | word16 hrrSentCookie:1; /* HRR sent with cookie */ |
5100 | | #endif |
5101 | | word16 hrrSentKeyShare:1; /* HRR sent with key share */ |
5102 | | #endif |
5103 | | word16 returnOnGoodCh:1; |
5104 | | word16 disableRead:1; |
5105 | | |
5106 | | #ifdef WOLFSSL_EARLY_DATA |
5107 | | word16 clientInEarlyData:1; /* Client is in wolfSSL_read_early_data */ |
5108 | | #endif |
5109 | | #ifdef WOLFSSL_DTLS |
5110 | | byte haveMcast; /* using multicast ? */ |
5111 | | #endif |
5112 | | byte buildingMsg; /* If set then we need to re-enter the |
5113 | | * handshake logic. */ |
5114 | | byte seenUnifiedHdr; /* received msg with unified header */ |
5115 | | byte shutdownDone; /* we've completed a shutdown */ |
5116 | | byte sendKeyUpdate; /* Key Update to write */ |
5117 | | #if defined(HAVE_RPK) |
5118 | | RpkConfig rpkConfig; |
5119 | | RpkState rpkState; |
5120 | | #endif /* HAVE_RPK */ |
5121 | | |
5122 | | /* need full byte values for this section */ |
5123 | | byte processReply; /* nonblocking resume */ |
5124 | | byte cipherSuite0; /* first byte, normally 0 */ |
5125 | | byte cipherSuite; /* second byte, actual suite */ |
5126 | | #ifdef WOLFSSL_TLS13 |
5127 | | byte hrrCipherSuite0; /* first byte, normally 0 */ |
5128 | | byte hrrCipherSuite; /* second byte, actual suite */ |
5129 | | #endif |
5130 | | byte hashAlgo; /* selected hash algorithm */ |
5131 | | byte sigAlgo; /* selected sig algorithm */ |
5132 | | byte peerHashAlgo; /* peer's chosen hash algo */ |
5133 | | byte peerSigAlgo; /* peer's chosen sig algo */ |
5134 | | byte serverState; |
5135 | | byte clientState; |
5136 | | byte handShakeState; |
5137 | | byte handShakeDone; /* at least one handshake complete */ |
5138 | | byte minDowngrade; /* minimum downgrade version */ |
5139 | | byte connectState; /* nonblocking resume */ |
5140 | | byte acceptState; /* nonblocking resume */ |
5141 | | byte asyncState; /* sub-state for enum asyncState */ |
5142 | | byte buildMsgState; /* sub-state for enum buildMsgState */ |
5143 | | byte alertCount; /* detect warning dos attempt */ |
5144 | | #ifdef WOLFSSL_MULTICAST |
5145 | | word16 mcastID; /* Multicast group ID */ |
5146 | | #endif |
5147 | | #ifndef NO_DH |
5148 | | word16 minDhKeySz; /* minimum DH key size */ |
5149 | | word16 maxDhKeySz; /* minimum DH key size */ |
5150 | | word16 dhKeySz; /* actual DH key size */ |
5151 | | #endif |
5152 | | #ifndef NO_RSA |
5153 | | short minRsaKeySz; /* minimum RSA key size */ |
5154 | | #endif |
5155 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) |
5156 | | short minEccKeySz; /* minimum ECC key size */ |
5157 | | #endif |
5158 | | #if defined(HAVE_FALCON) |
5159 | | short minFalconKeySz; /* minimum Falcon key size */ |
5160 | | #endif |
5161 | | #if defined(HAVE_DILITHIUM) |
5162 | | short minDilithiumKeySz;/* minimum Dilithium key size */ |
5163 | | #endif |
5164 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
5165 | | byte verifyDepth; /* maximum verification depth */ |
5166 | | #endif |
5167 | | #ifdef WOLFSSL_EARLY_DATA |
5168 | | word16 pskIdIndex; |
5169 | | word32 maxEarlyDataSz; |
5170 | | #endif |
5171 | | #ifdef WOLFSSL_TLS13 |
5172 | | byte oldMinor; /* client preferred version < TLS 1.3 */ |
5173 | | #endif |
5174 | | }; |
5175 | | |
5176 | | typedef struct Arrays { |
5177 | | byte* pendingMsg; /* defrag buffer */ |
5178 | | byte* preMasterSecret; |
5179 | | word32 preMasterSz; /* differs for DH, actual size */ |
5180 | | word32 pendingMsgSz; /* defrag buffer size */ |
5181 | | word32 pendingMsgOffset; /* current offset into defrag buffer */ |
5182 | | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
5183 | | word32 psk_keySz; /* actual size */ |
5184 | | char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN]; |
5185 | | char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; |
5186 | | byte psk_key[MAX_PSK_KEY_LEN]; |
5187 | | #endif |
5188 | | byte clientRandom[RAN_LEN]; |
5189 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) |
5190 | | byte clientRandomInner[RAN_LEN]; |
5191 | | #endif |
5192 | | byte serverRandom[RAN_LEN]; |
5193 | | byte sessionID[ID_LEN]; |
5194 | | byte sessionIDSz; |
5195 | | #ifdef WOLFSSL_TLS13 |
5196 | | byte secret[SECRET_LEN]; |
5197 | | #endif |
5198 | | #ifdef HAVE_KEYING_MATERIAL |
5199 | | byte exporterSecret[WC_MAX_DIGEST_SIZE]; |
5200 | | #endif |
5201 | | byte masterSecret[SECRET_LEN]; |
5202 | | #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ |
5203 | | !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) |
5204 | | byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE]; |
5205 | | #endif |
5206 | | #if defined(WOLFSSL_RENESAS_FSPSM_TLS) |
5207 | | byte fspsm_masterSecret[FSPSM_TLS_MASTERSECRET_SIZE]; |
5208 | | #endif |
5209 | | #ifdef WOLFSSL_DTLS |
5210 | | byte cookie[MAX_COOKIE_LEN]; |
5211 | | byte cookieSz; |
5212 | | #endif |
5213 | | byte pendingMsgType; /* defrag buffer message type */ |
5214 | | } Arrays; |
5215 | | |
5216 | | #ifndef ASN_NAME_MAX |
5217 | | #ifndef NO_ASN |
5218 | | /* use value from asn.h */ |
5219 | 0 | #define ASN_NAME_MAX WC_ASN_NAME_MAX |
5220 | | #else |
5221 | | /* calculate for WOLFSSL_X509 */ |
5222 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ |
5223 | | defined(WOLFSSL_CERT_EXT) |
5224 | | #define ASN_NAME_MAX 330 |
5225 | | #else |
5226 | | #define ASN_NAME_MAX 256 |
5227 | | #endif |
5228 | | #endif |
5229 | | #endif |
5230 | | |
5231 | | #ifndef MAX_DATE_SZ |
5232 | | #define MAX_DATE_SZ 32 |
5233 | | #endif |
5234 | | |
5235 | | typedef enum { |
5236 | | STACK_TYPE_X509 = 0, |
5237 | | STACK_TYPE_GEN_NAME = 1, |
5238 | | STACK_TYPE_BIO = 2, |
5239 | | STACK_TYPE_OBJ = 3, |
5240 | | STACK_TYPE_STRING = 4, |
5241 | | STACK_TYPE_CIPHER = 5, |
5242 | | STACK_TYPE_ACCESS_DESCRIPTION = 6, |
5243 | | STACK_TYPE_X509_EXT = 7, |
5244 | | STACK_TYPE_NULL = 8, |
5245 | | STACK_TYPE_X509_NAME = 9, |
5246 | | STACK_TYPE_CONF_VALUE = 10, |
5247 | | STACK_TYPE_X509_INFO = 11, |
5248 | | STACK_TYPE_BY_DIR_entry = 12, |
5249 | | STACK_TYPE_BY_DIR_hash = 13, |
5250 | | STACK_TYPE_X509_OBJ = 14, |
5251 | | STACK_TYPE_DIST_POINT = 15, |
5252 | | STACK_TYPE_X509_CRL = 16, |
5253 | | STACK_TYPE_X509_NAME_ENTRY = 17, |
5254 | | STACK_TYPE_X509_REQ_ATTR = 18, |
5255 | | } WOLF_STACK_TYPE; |
5256 | | |
5257 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
5258 | | |
5259 | | struct WOLFSSL_STACK { |
5260 | | unsigned long num; /* number of nodes in stack |
5261 | | * (safety measure for freeing and shortcut for count) */ |
5262 | | #if defined(OPENSSL_ALL) |
5263 | | wolf_sk_hash_cb hash_fn; |
5264 | | unsigned long hash; |
5265 | | #endif |
5266 | | |
5267 | | union { |
5268 | | WOLFSSL_X509* x509; |
5269 | | WOLFSSL_X509_NAME* name; |
5270 | | WOLFSSL_X509_NAME_ENTRY* name_entry; |
5271 | | WOLFSSL_X509_INFO* info; |
5272 | | WOLFSSL_BIO* bio; |
5273 | | WOLFSSL_ASN1_OBJECT* obj; |
5274 | | WOLFSSL_CIPHER cipher; |
5275 | | WOLFSSL_ACCESS_DESCRIPTION* access; |
5276 | | WOLFSSL_X509_EXTENSION* ext; |
5277 | | #ifdef OPENSSL_EXTRA |
5278 | | WOLFSSL_CONF_VALUE* conf; |
5279 | | #endif |
5280 | | void* generic; |
5281 | | char* string; |
5282 | | WOLFSSL_GENERAL_NAME* gn; |
5283 | | WOLFSSL_BY_DIR_entry* dir_entry; |
5284 | | WOLFSSL_BY_DIR_HASH* dir_hash; |
5285 | | WOLFSSL_X509_OBJECT* x509_obj; |
5286 | | WOLFSSL_DIST_POINT* dp; |
5287 | | WOLFSSL_X509_CRL* crl; |
5288 | | } data; |
5289 | | void* heap; /* memory heap hint */ |
5290 | | WOLFSSL_STACK* next; |
5291 | | WOLF_STACK_TYPE type; /* Identifies type of stack. */ |
5292 | | }; |
5293 | | |
5294 | | #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ |
5295 | | |
5296 | | struct WOLFSSL_X509_NAME { |
5297 | | char *name; |
5298 | | int dynamicName; |
5299 | | int sz; |
5300 | | char staticName[ASN_NAME_MAX]; |
5301 | | #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ |
5302 | | !defined(NO_ASN) |
5303 | | DecodedName fullName; |
5304 | | int entrySz; /* number of entries */ |
5305 | | WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ |
5306 | | WOLFSSL_X509* x509; /* x509 that struct belongs to */ |
5307 | | #endif /* OPENSSL_EXTRA */ |
5308 | | #ifndef WOLFSSL_NO_CA_NAMES |
5309 | | byte raw[ASN_NAME_MAX]; |
5310 | | int rawLen; |
5311 | | |
5312 | | WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries; |
5313 | | #endif |
5314 | | void* heap; |
5315 | | }; |
5316 | | |
5317 | | #ifndef EXTERNAL_SERIAL_SIZE |
5318 | | #define EXTERNAL_SERIAL_SIZE 32 |
5319 | | #endif |
5320 | | |
5321 | | #ifdef NO_ASN |
5322 | | typedef struct DNS_entry DNS_entry; |
5323 | | #endif |
5324 | | |
5325 | | struct WOLFSSL_X509 { |
5326 | | int version; |
5327 | | int serialSz; |
5328 | | #ifdef WOLFSSL_SEP |
5329 | | int deviceTypeSz; |
5330 | | int hwTypeSz; |
5331 | | byte deviceType[EXTERNAL_SERIAL_SIZE]; |
5332 | | byte hwType[EXTERNAL_SERIAL_SIZE]; |
5333 | | int hwSerialNumSz; |
5334 | | byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; |
5335 | | byte certPolicySet; |
5336 | | byte certPolicyCrit; |
5337 | | #endif /* WOLFSSL_SEP */ |
5338 | | #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) |
5339 | | WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ |
5340 | | WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */ |
5341 | | WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ |
5342 | | #endif /* WOLFSSL_QT || OPENSSL_ALL */ |
5343 | | #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) |
5344 | | WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ |
5345 | | #endif |
5346 | | WOLFSSL_ASN1_TIME notBefore; |
5347 | | WOLFSSL_ASN1_TIME notAfter; |
5348 | | buffer sig; |
5349 | | int sigOID; |
5350 | | DNS_entry* altNames; /* alt names list */ |
5351 | | buffer pubKey; |
5352 | | int pubKeyOID; |
5353 | | DNS_entry* altNamesNext; /* hint for retrieval */ |
5354 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ |
5355 | | defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) |
5356 | | word32 pkCurveOID; |
5357 | | #endif |
5358 | | #ifndef NO_CERTS |
5359 | | DerBuffer* derCert; /* may need */ |
5360 | | #endif |
5361 | | void* heap; /* heap hint */ |
5362 | | byte dynamicMemory; /* dynamic memory flag */ |
5363 | | byte isCa:1; |
5364 | | #ifdef WOLFSSL_CERT_EXT |
5365 | | char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; |
5366 | | int certPoliciesNb; |
5367 | | #endif /* WOLFSSL_CERT_EXT */ |
5368 | | #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) |
5369 | | wolfSSL_Ref ref; |
5370 | | #endif |
5371 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
5372 | | #ifdef HAVE_EX_DATA |
5373 | | WOLFSSL_CRYPTO_EX_DATA ex_data; |
5374 | | #endif |
5375 | | byte* authKeyId; /* Points into authKeyIdSrc */ |
5376 | | byte* authKeyIdSrc; |
5377 | | byte* subjKeyId; |
5378 | | WOLFSSL_ASN1_STRING* subjKeyIdStr; |
5379 | | byte* extKeyUsageSrc; |
5380 | | #ifdef OPENSSL_ALL |
5381 | | byte* subjAltNameSrc; |
5382 | | #endif |
5383 | | byte* rawCRLInfo; |
5384 | | byte* CRLInfo; |
5385 | | byte* authInfo; |
5386 | | #ifdef WOLFSSL_ASN_CA_ISSUER |
5387 | | byte* authInfoCaIssuer; |
5388 | | int authInfoCaIssuerSz; |
5389 | | #endif |
5390 | | word32 pathLength; |
5391 | | word16 keyUsage; |
5392 | | int rawCRLInfoSz; |
5393 | | int CRLInfoSz; |
5394 | | int authInfoSz; |
5395 | | word32 authKeyIdSz; |
5396 | | word32 authKeyIdSrcSz; |
5397 | | word32 subjKeyIdSz; |
5398 | | byte extKeyUsage; |
5399 | | word32 extKeyUsageSz; |
5400 | | word32 extKeyUsageCount; |
5401 | | #ifndef IGNORE_NETSCAPE_CERT_TYPE |
5402 | | byte nsCertType; |
5403 | | #endif |
5404 | | #ifdef OPENSSL_ALL |
5405 | | word32 subjAltNameSz; |
5406 | | #endif |
5407 | | |
5408 | | byte CRLdistSet:1; |
5409 | | byte CRLdistCrit:1; |
5410 | | byte authInfoSet:1; |
5411 | | byte authInfoCrit:1; |
5412 | | byte keyUsageSet:1; |
5413 | | byte keyUsageCrit:1; |
5414 | | byte extKeyUsageCrit:1; |
5415 | | byte subjKeyIdSet:1; |
5416 | | byte pathLengthSet:1; |
5417 | | |
5418 | | byte subjKeyIdCrit:1; |
5419 | | byte basicConstSet:1; |
5420 | | byte basicConstCrit:1; |
5421 | | byte basicConstPlSet:1; |
5422 | | byte subjAltNameSet:1; |
5423 | | byte subjAltNameCrit:1; |
5424 | | byte authKeyIdSet:1; |
5425 | | byte authKeyIdCrit:1; |
5426 | | byte issuerSet:1; |
5427 | | #ifdef WOLFSSL_CUSTOM_OID |
5428 | | CertExtension custom_exts[NUM_CUSTOM_EXT]; |
5429 | | int customExtCount; |
5430 | | #endif /* WOLFSSL_CUSTOM_OID */ |
5431 | | #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ |
5432 | | #ifdef WOLFSSL_CERT_REQ |
5433 | | byte isCSR:1; |
5434 | | #endif |
5435 | | byte serial[EXTERNAL_SERIAL_SIZE]; |
5436 | | char subjectCN[ASN_NAME_MAX]; /* common name short cut */ |
5437 | | #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) |
5438 | | #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) |
5439 | | /* stack of CSR attributes */ |
5440 | | WOLF_STACK_OF(WOLFSSL_X509_ATRIBUTE)* reqAttributes; |
5441 | | #endif |
5442 | | #if defined(WOLFSSL_CERT_REQ) |
5443 | | char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ |
5444 | | char contentType[CTC_NAME_SIZE]; |
5445 | | #endif |
5446 | | #endif /* WOLFSSL_CERT_REQ || WOLFSSL_CERT_GEN */ |
5447 | | WOLFSSL_X509_NAME issuer; |
5448 | | WOLFSSL_X509_NAME subject; |
5449 | | #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) |
5450 | | WOLFSSL_X509_ALGOR algor; |
5451 | | WOLFSSL_X509_PUBKEY key; |
5452 | | #endif |
5453 | | #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \ |
5454 | | defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \ |
5455 | | defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) |
5456 | | byte notBeforeData[CTC_DATE_SIZE]; |
5457 | | byte notAfterData[CTC_DATE_SIZE]; |
5458 | | #endif |
5459 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
5460 | | /* Subject Alternative Public Key Info */ |
5461 | | byte *sapkiDer; |
5462 | | int sapkiLen; |
5463 | | /* Alternative Signature Algorithm */ |
5464 | | byte *altSigAlgDer; |
5465 | | int altSigAlgLen; |
5466 | | /* Alternative Signature Value */ |
5467 | | byte *altSigValDer; |
5468 | | int altSigValLen; |
5469 | | |
5470 | | byte sapkiCrit:1; |
5471 | | byte altSigAlgCrit:1; |
5472 | | byte altSigValCrit:1; |
5473 | | #endif /* WOLFSSL_DUAL_ALG_CERTS */ |
5474 | | }; |
5475 | | |
5476 | | #if defined(WOLFSSL_ACERT) |
5477 | | struct WOLFSSL_X509_ACERT { |
5478 | | int version; |
5479 | | int serialSz; |
5480 | | byte serial[EXTERNAL_SERIAL_SIZE]; |
5481 | | WOLFSSL_ASN1_TIME notBefore; |
5482 | | WOLFSSL_ASN1_TIME notAfter; |
5483 | | buffer sig; |
5484 | | int sigOID; |
5485 | | #ifndef NO_CERTS |
5486 | | DerBuffer * derCert; |
5487 | | #endif |
5488 | | void * heap; |
5489 | | int dynamic; /* whether struct was dynamically allocated */ |
5490 | | /* copy of raw Attributes field from */ |
5491 | | byte holderSerial[EXTERNAL_SERIAL_SIZE]; |
5492 | | int holderSerialSz; |
5493 | | DNS_entry * holderEntityName; /* Holder entityName from ACERT */ |
5494 | | DNS_entry * holderIssuerName; /* issuerName from ACERT */ |
5495 | | DNS_entry * AttCertIssuerName; /* AttCertIssuer name from ACERT */ |
5496 | | byte * rawAttr; |
5497 | | word32 rawAttrLen; |
5498 | | }; |
5499 | | #endif /* WOLFSSL_ACERT */ |
5500 | | |
5501 | | /* record layer header for PlainText, Compressed, and CipherText */ |
5502 | | typedef struct RecordLayerHeader { |
5503 | | byte type; |
5504 | | byte pvMajor; |
5505 | | byte pvMinor; |
5506 | | byte length[2]; |
5507 | | } RecordLayerHeader; |
5508 | | |
5509 | | |
5510 | | /* record layer header for DTLS PlainText, Compressed, and CipherText */ |
5511 | | typedef struct DtlsRecordLayerHeader { |
5512 | | byte type; |
5513 | | byte pvMajor; |
5514 | | byte pvMinor; |
5515 | | byte sequence_number[8]; /* per record */ |
5516 | | byte length[2]; |
5517 | | } DtlsRecordLayerHeader; |
5518 | | |
5519 | | typedef struct DtlsFragBucket { |
5520 | | /* m stands for meta */ |
5521 | | union { |
5522 | | struct { |
5523 | | struct DtlsFragBucket* next; |
5524 | | word32 offset; |
5525 | | word32 sz; |
5526 | | } m; |
5527 | | /* Make sure we have at least DTLS_HANDSHAKE_HEADER_SZ bytes before the |
5528 | | * buf so that we can reconstruct the header in the allocated |
5529 | | * DtlsFragBucket buffer. */ |
5530 | | byte padding[DTLS_HANDSHAKE_HEADER_SZ]; |
5531 | | } m; |
5532 | | /* Ignore "nonstandard extension used : zero-sized array in struct/union" |
5533 | | * MSVC warning */ |
5534 | | #ifdef _MSC_VER |
5535 | | #pragma warning(disable: 4200) |
5536 | | #endif |
5537 | | byte buf[]; |
5538 | | } DtlsFragBucket; |
5539 | | |
5540 | | typedef struct DtlsMsg { |
5541 | | struct DtlsMsg* next; |
5542 | | byte* raw; |
5543 | | byte* fullMsg; /* for TX fullMsg == raw. For RX this points to |
5544 | | * the start of the message after headers. */ |
5545 | | DtlsFragBucket* fragBucketList; |
5546 | | word32 bytesReceived; |
5547 | | word16 epoch; /* Epoch that this message belongs to */ |
5548 | | word32 seq; /* Handshake sequence number */ |
5549 | | word32 sz; /* Length of whole message */ |
5550 | | byte type; |
5551 | | byte fragBucketListCount; |
5552 | | byte ready:1; |
5553 | | byte encrypted:1; |
5554 | | } DtlsMsg; |
5555 | | |
5556 | | |
5557 | | #ifdef HAVE_NETX |
5558 | | |
5559 | | /* NETX I/O Callback default */ |
5560 | | typedef struct NetX_Ctx { |
5561 | | NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ |
5562 | | NX_PACKET* nxPacket; /* incoming packet handle for short reads */ |
5563 | | ULONG nxOffset; /* offset already read from nxPacket */ |
5564 | | ULONG nxWait; /* wait option flag */ |
5565 | | } NetX_Ctx; |
5566 | | |
5567 | | #endif |
5568 | | |
5569 | | /* Handshake messages received from peer (plus change cipher */ |
5570 | | typedef struct MsgsReceived { |
5571 | | word16 got_hello_request:1; |
5572 | | word16 got_client_hello:2; |
5573 | | word16 got_server_hello:1; |
5574 | | word16 got_hello_verify_request:1; |
5575 | | word16 got_session_ticket:1; |
5576 | | word16 got_end_of_early_data:1; |
5577 | | word16 got_hello_retry_request:1; |
5578 | | word16 got_encrypted_extensions:1; |
5579 | | word16 got_certificate:1; |
5580 | | word16 got_certificate_status:1; |
5581 | | word16 got_server_key_exchange:1; |
5582 | | word16 got_certificate_request:1; |
5583 | | word16 got_server_hello_done:1; |
5584 | | word16 got_certificate_verify:1; |
5585 | | word16 got_client_key_exchange:1; |
5586 | | word16 got_finished:1; |
5587 | | word16 got_key_update:1; |
5588 | | word16 got_change_cipher:1; |
5589 | | } MsgsReceived; |
5590 | | |
5591 | | |
5592 | | /* Handshake hashes */ |
5593 | | typedef struct HS_Hashes { |
5594 | | Hashes verifyHashes; |
5595 | | Hashes certHashes; /* for cert verify */ |
5596 | | #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ |
5597 | | defined(WOLFSSL_ALLOW_TLS_SHA1)) |
5598 | | wc_Sha hashSha; /* sha hash of handshake msgs */ |
5599 | | #endif |
5600 | | #if !defined(NO_MD5) && !defined(NO_OLD_TLS) |
5601 | | wc_Md5 hashMd5; /* md5 hash of handshake msgs */ |
5602 | | #endif |
5603 | | #ifndef NO_SHA256 |
5604 | | wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */ |
5605 | | #endif |
5606 | | #ifdef WOLFSSL_SHA384 |
5607 | | wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */ |
5608 | | #endif |
5609 | | #ifdef WOLFSSL_SHA512 |
5610 | | wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ |
5611 | | #endif |
5612 | | #ifdef WOLFSSL_SM3 |
5613 | | wc_Sm3 hashSm3; /* sm3 hash of handshake msgs */ |
5614 | | #endif |
5615 | | #if (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ |
5616 | | (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \ |
5617 | | !defined(WOLFSSL_NO_CLIENT_AUTH) |
5618 | | byte* messages; /* handshake messages */ |
5619 | | int length; /* length of handshake messages' data */ |
5620 | | int prevLen; /* length of messages but last */ |
5621 | | #endif |
5622 | | } HS_Hashes; |
5623 | | |
5624 | | |
5625 | | #ifndef WOLFSSL_NO_TLS12 |
5626 | | /* Persistable BuildMessage arguments */ |
5627 | | typedef struct BuildMsgArgs { |
5628 | | word32 digestSz; |
5629 | | word32 sz; |
5630 | | word32 pad; |
5631 | | word32 idx; |
5632 | | word32 headerSz; |
5633 | | word16 size; |
5634 | | word32 ivSz; /* TLSv1.1 IV */ |
5635 | | byte type; |
5636 | | byte* iv; |
5637 | | ALIGN16 byte staticIvBuffer[MAX_IV_SZ]; |
5638 | | } BuildMsgArgs; |
5639 | | #endif |
5640 | | |
5641 | | #ifdef WOLFSSL_ASYNC_IO |
5642 | | #define MAX_ASYNC_ARGS 18 |
5643 | | typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); |
5644 | | |
5645 | | struct WOLFSSL_ASYNC { |
5646 | | #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WOLFSSL_NO_TLS12) |
5647 | | BuildMsgArgs buildArgs; /* holder for current BuildMessage args */ |
5648 | | #endif |
5649 | | FreeArgsCb freeArgs; /* function pointer to cleanup args */ |
5650 | | word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ |
5651 | | }; |
5652 | | #endif |
5653 | | |
5654 | | #ifdef HAVE_WRITE_DUP |
5655 | | |
5656 | | #define WRITE_DUP_SIDE 1 |
5657 | | #define READ_DUP_SIDE 2 |
5658 | | |
5659 | | typedef struct WriteDup { |
5660 | | wolfSSL_Mutex dupMutex; /* reference count mutex */ |
5661 | | int dupCount; /* reference count */ |
5662 | | int dupErr; /* under dupMutex, pass to other side */ |
5663 | | } WriteDup; |
5664 | | |
5665 | | WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl); |
5666 | | WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err); |
5667 | | #endif /* HAVE_WRITE_DUP */ |
5668 | | |
5669 | | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
5670 | | typedef struct CertReqCtx CertReqCtx; |
5671 | | |
5672 | | struct CertReqCtx { |
5673 | | CertReqCtx* next; |
5674 | | byte len; |
5675 | | byte ctx; |
5676 | | }; |
5677 | | #endif |
5678 | | |
5679 | | #ifdef WOLFSSL_EARLY_DATA |
5680 | | typedef enum EarlyDataState { |
5681 | | no_early_data, |
5682 | | early_data_ext, |
5683 | | expecting_early_data, |
5684 | | process_early_data, |
5685 | | done_early_data |
5686 | | } EarlyDataState; |
5687 | | #endif |
5688 | | |
5689 | | #ifdef WOLFSSL_DTLS13 |
5690 | | |
5691 | | /* size of the mask used to encrypt/decrypt Record Number */ |
5692 | | #define DTLS13_RN_MASK_SIZE 16 |
5693 | | |
5694 | | typedef struct Dtls13UnifiedHdrInfo { |
5695 | | word16 recordLength; |
5696 | | byte seqLo; |
5697 | | byte seqHi; |
5698 | | byte seqHiPresent:1; |
5699 | | byte epochBits; |
5700 | | } Dtls13UnifiedHdrInfo; |
5701 | | |
5702 | | enum { |
5703 | | DTLS13_EPOCH_EARLYDATA = 1, |
5704 | | DTLS13_EPOCH_HANDSHAKE = 2, |
5705 | | DTLS13_EPOCH_TRAFFIC0 = 3 |
5706 | | }; |
5707 | | |
5708 | | typedef struct Dtls13Epoch { |
5709 | | w64wrapper epochNumber; |
5710 | | |
5711 | | w64wrapper nextSeqNumber; |
5712 | | w64wrapper nextPeerSeqNumber; |
5713 | | |
5714 | | #ifndef WOLFSSL_TLS13_IGNORE_AEAD_LIMITS |
5715 | | w64wrapper dropCount; /* Amount of records that failed decryption */ |
5716 | | #endif |
5717 | | |
5718 | | word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; |
5719 | | |
5720 | | /* key material for the epoch */ |
5721 | | byte client_write_key[MAX_SYM_KEY_SIZE]; |
5722 | | byte server_write_key[MAX_SYM_KEY_SIZE]; |
5723 | | byte client_write_IV[MAX_WRITE_IV_SZ]; |
5724 | | byte server_write_IV[MAX_WRITE_IV_SZ]; |
5725 | | |
5726 | | byte aead_exp_IV[AEAD_MAX_EXP_SZ]; |
5727 | | byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; |
5728 | | byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; |
5729 | | |
5730 | | byte client_sn_key[MAX_SYM_KEY_SIZE]; |
5731 | | byte server_sn_key[MAX_SYM_KEY_SIZE]; |
5732 | | |
5733 | | byte isValid; |
5734 | | byte side; |
5735 | | } Dtls13Epoch; |
5736 | | |
5737 | | #ifndef DTLS13_EPOCH_SIZE |
5738 | | #define DTLS13_EPOCH_SIZE 4 |
5739 | | #endif |
5740 | | |
5741 | | #ifndef DTLS13_RETRANS_RN_SIZE |
5742 | | #define DTLS13_RETRANS_RN_SIZE 3 |
5743 | | #endif |
5744 | | |
5745 | | enum Dtls13RtxFsmState { |
5746 | | DTLS13_RTX_FSM_PREPARING = 0, |
5747 | | DTLS13_RTX_FSM_SENDING, |
5748 | | DTLS13_RTX_FSM_WAITING, |
5749 | | DTLS13_RTX_FSM_FINISHED |
5750 | | }; |
5751 | | |
5752 | | typedef struct Dtls13RtxRecord { |
5753 | | struct Dtls13RtxRecord *next; |
5754 | | word16 length; |
5755 | | byte *data; |
5756 | | w64wrapper epoch; |
5757 | | w64wrapper seq[DTLS13_RETRANS_RN_SIZE]; |
5758 | | byte rnIdx; |
5759 | | byte handshakeType; |
5760 | | } Dtls13RtxRecord; |
5761 | | |
5762 | | typedef struct Dtls13RecordNumber { |
5763 | | struct Dtls13RecordNumber *next; |
5764 | | w64wrapper epoch; |
5765 | | w64wrapper seq; |
5766 | | } Dtls13RecordNumber; |
5767 | | |
5768 | | typedef struct Dtls13Rtx { |
5769 | | #ifdef WOLFSSL_RW_THREADED |
5770 | | wolfSSL_Mutex mutex; |
5771 | | #endif |
5772 | | enum Dtls13RtxFsmState state; /* Unused? */ |
5773 | | Dtls13RtxRecord *rtxRecords; |
5774 | | Dtls13RtxRecord **rtxRecordTailPtr; |
5775 | | Dtls13RecordNumber *seenRecords; |
5776 | | word32 lastRtx; |
5777 | | byte triggeredRtxs; /* Unused? */ |
5778 | | byte sendAcks; |
5779 | | byte retransmit; |
5780 | | } Dtls13Rtx; |
5781 | | |
5782 | | #endif /* WOLFSSL_DTLS13 */ |
5783 | | |
5784 | | #ifdef WOLFSSL_DTLS_CID |
5785 | | typedef struct ConnectionID { |
5786 | | byte length; |
5787 | | /* Ignore "nonstandard extension used : zero-sized array in struct/union" |
5788 | | * MSVC warning */ |
5789 | | #ifdef _MSC_VER |
5790 | | #pragma warning(disable: 4200) |
5791 | | #endif |
5792 | | byte id[]; |
5793 | | } ConnectionID; |
5794 | | |
5795 | | typedef struct CIDInfo { |
5796 | | ConnectionID* tx; |
5797 | | ConnectionID* rx; |
5798 | | byte negotiated : 1; |
5799 | | } CIDInfo; |
5800 | | #endif /* WOLFSSL_DTLS_CID */ |
5801 | | |
5802 | | /* The idea is to reuse the context suites object whenever possible to save |
5803 | | * space. */ |
5804 | | #define WOLFSSL_SUITES(ssl) \ |
5805 | 52.3k | ((const Suites*) ((ssl)->suites != NULL ? \ |
5806 | 52.3k | (ssl)->suites : \ |
5807 | 52.3k | (ssl)->ctx->suites)) |
5808 | | |
5809 | | /* wolfSSL ssl type */ |
5810 | | struct WOLFSSL { |
5811 | | WOLFSSL_CTX* ctx; |
5812 | | #if defined(WOLFSSL_HAPROXY) |
5813 | | WOLFSSL_CTX* initial_ctx; /* preserve session key materials */ |
5814 | | #endif |
5815 | | Suites* suites; /* Only need during handshake. Can be NULL when |
5816 | | * reusing the context's object. When WOLFSSL |
5817 | | * object needs separate instance of suites use |
5818 | | * AllocateSuites(). */ |
5819 | | Suites* clSuites; |
5820 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ |
5821 | | defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
5822 | | WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher |
5823 | | * suites */ |
5824 | | WOLF_STACK_OF(WOLFSSL_CIPHER)* clSuitesStack; /* stack of client cipher |
5825 | | * suites */ |
5826 | | #endif |
5827 | | Arrays* arrays; |
5828 | | #ifdef WOLFSSL_TLS13 |
5829 | | byte clientSecret[SECRET_LEN]; |
5830 | | byte serverSecret[SECRET_LEN]; |
5831 | | #endif |
5832 | | HS_Hashes* hsHashes; |
5833 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) |
5834 | | HS_Hashes* hsHashesEch; |
5835 | | HS_Hashes* hsHashesEchInner; |
5836 | | #endif |
5837 | | void* IOCB_ReadCtx; |
5838 | | void* IOCB_WriteCtx; |
5839 | | WC_RNG* rng; |
5840 | | void* verifyCbCtx; /* cert verify callback user ctx*/ |
5841 | | VerifyCallback verifyCallback; /* cert verification callback */ |
5842 | | void* heap; /* for user overrides */ |
5843 | | #ifdef HAVE_WRITE_DUP |
5844 | | WriteDup* dupWrite; /* valid pointer indicates ON */ |
5845 | | /* side that decrements dupCount to zero frees overall structure */ |
5846 | | byte dupSide; /* write side or read side */ |
5847 | | #endif |
5848 | | #ifdef OPENSSL_EXTRA |
5849 | | byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: |
5850 | | * CBIORecv/Send is set */ |
5851 | | #endif |
5852 | | #ifdef WOLFSSL_WOLFSENTRY_HOOKS |
5853 | | NetworkFilterCallback_t AcceptFilter; |
5854 | | void *AcceptFilter_arg; |
5855 | | NetworkFilterCallback_t ConnectFilter; |
5856 | | void *ConnectFilter_arg; |
5857 | | #endif /* WOLFSSL_WOLFSENTRY_HOOKS */ |
5858 | | CallbackIORecv CBIORecv; |
5859 | | CallbackIOSend CBIOSend; |
5860 | | #ifdef WOLFSSL_STATIC_MEMORY |
5861 | | WOLFSSL_HEAP_HINT heap_hint; |
5862 | | #endif |
5863 | | #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) |
5864 | | ClientHelloGoodCb chGoodCb; /* notify user we parsed a verified |
5865 | | * ClientHello that passed basic tests */ |
5866 | | void* chGoodCtx; /* user ClientHello cb context */ |
5867 | | #endif |
5868 | | #ifndef NO_HANDSHAKE_DONE_CB |
5869 | | HandShakeDoneCb hsDoneCb; /* notify user handshake done */ |
5870 | | void* hsDoneCtx; /* user handshake cb context */ |
5871 | | #endif |
5872 | | #ifdef WOLFSSL_ASYNC_IO |
5873 | | #ifdef WOLFSSL_ASYNC_CRYPT |
5874 | | WC_ASYNC_DEV* asyncDev; |
5875 | | #endif |
5876 | | /* Message building context should be stored here for functions that expect |
5877 | | * to encounter encryption blocking or fragment the message. */ |
5878 | | struct WOLFSSL_ASYNC* async; |
5879 | | #endif |
5880 | | void* hsKey; /* Handshake key (RsaKey or ecc_key) |
5881 | | * allocated from heap */ |
5882 | | word32 hsType; /* Type of Handshake key (hsKey) */ |
5883 | | WOLFSSL_CIPHER cipher; |
5884 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
5885 | | void* hsAltKey; /* Handshake key (dilithium, falcon) |
5886 | | * allocated from heap */ |
5887 | | word32 hsAltType; /* Type of Handshake key (hsAltKey) */ |
5888 | | #endif |
5889 | | #ifndef WOLFSSL_AEAD_ONLY |
5890 | | hmacfp hmac; |
5891 | | #endif |
5892 | | Ciphers encrypt; |
5893 | | Ciphers decrypt; |
5894 | | Buffers buffers; |
5895 | | WOLFSSL_SESSION* session; |
5896 | | #ifndef NO_CLIENT_CACHE |
5897 | | ClientSession* clientSession; |
5898 | | #endif |
5899 | | WOLFSSL_ALERT_HISTORY alert_history; |
5900 | | WOLFSSL_ALERT pendingAlert; |
5901 | | int error; |
5902 | | int rfd; /* read file descriptor */ |
5903 | | int wfd; /* write file descriptor */ |
5904 | | int rflags; /* user read flags */ |
5905 | | int wflags; /* user write flags */ |
5906 | | word32 timeout; /* session timeout */ |
5907 | | word32 fragOffset; /* fragment offset */ |
5908 | | word16 curSize; |
5909 | | word32 curStartIdx; |
5910 | | byte verifyDepth; |
5911 | | RecordLayerHeader curRL; |
5912 | | MsgsReceived msgsReceived; /* peer messages received */ |
5913 | | ProtocolVersion version; /* negotiated version */ |
5914 | | ProtocolVersion chVersion; /* client hello version */ |
5915 | | CipherSpecs specs; |
5916 | | Keys keys; |
5917 | | Options options; |
5918 | | #ifdef WOLFSSL_SESSION_ID_CTX |
5919 | | byte sessionCtx[ID_LEN]; /* app session context ID */ |
5920 | | byte sessionCtxSz; /* size of sessionCtx stored */ |
5921 | | #endif |
5922 | | #ifdef OPENSSL_EXTRA |
5923 | | CallbackInfoState* CBIS; /* used to get info about SSL state */ |
5924 | | int cbmode; /* read or write on info callback */ |
5925 | | int cbtype; /* event type in info callback */ |
5926 | | WOLFSSL_BIO* biord; /* socket bio read to free/close */ |
5927 | | WOLFSSL_BIO* biowr; /* socket bio write to free/close */ |
5928 | | WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ |
5929 | | #endif |
5930 | | #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) |
5931 | | word32 disabledCurves; /* curves disabled by user */ |
5932 | | #endif |
5933 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ |
5934 | | defined(OPENSSL_ALL) |
5935 | | unsigned long peerVerifyRet; |
5936 | | #endif |
5937 | | #ifdef OPENSSL_EXTRA |
5938 | | byte readAhead; |
5939 | | #ifdef HAVE_PK_CALLBACKS |
5940 | | void* loggingCtx; /* logging callback argument */ |
5941 | | #endif |
5942 | | #endif /* OPENSSL_EXTRA */ |
5943 | | #ifndef NO_RSA |
5944 | | RsaKey* peerRsaKey; |
5945 | | #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) |
5946 | | void* RenesasUserCtx; |
5947 | | byte* peerSceTsipEncRsaKeyIndex; |
5948 | | #endif |
5949 | | byte peerRsaKeyPresent; |
5950 | | #ifdef WC_RSA_PSS |
5951 | | word8 useRsaPss; /* cert supports RSA-PSS */ |
5952 | | #endif |
5953 | | #endif |
5954 | | #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) |
5955 | | word16 namedGroup; |
5956 | | #endif |
5957 | | #ifdef WOLFSSL_TLS13 |
5958 | | word16 group[WOLFSSL_MAX_GROUP_COUNT]; |
5959 | | byte numGroups; |
5960 | | #endif |
5961 | | word16 pssAlgo; |
5962 | | #ifdef WOLFSSL_TLS13 |
5963 | | word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ |
5964 | | byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to |
5965 | | * offer */ |
5966 | | #endif |
5967 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) |
5968 | | int eccVerifyRes; |
5969 | | #endif |
5970 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \ |
5971 | | defined(HAVE_ED448) || defined(HAVE_CURVE448) |
5972 | | word32 ecdhCurveOID; /* curve Ecc_Sum */ |
5973 | | ecc_key* eccTempKey; /* private ECDHE key */ |
5974 | | byte eccTempKeyPresent; /* also holds type */ |
5975 | | byte peerEccKeyPresent; |
5976 | | #endif |
5977 | | #ifdef HAVE_ECC |
5978 | | ecc_key* peerEccKey; /* peer's ECDHE key */ |
5979 | | ecc_key* peerEccDsaKey; /* peer's ECDSA key */ |
5980 | | word16 eccTempKeySz; /* in octets 20 - 66 */ |
5981 | | byte peerEccDsaKeyPresent; |
5982 | | #endif |
5983 | | #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ |
5984 | | defined(HAVE_CURVE448) || defined(HAVE_ED448) |
5985 | | word32 pkCurveOID; /* curve Ecc_Sum */ |
5986 | | #endif |
5987 | | #ifdef HAVE_ED25519 |
5988 | | ed25519_key* peerEd25519Key; |
5989 | | byte peerEd25519KeyPresent; |
5990 | | #endif |
5991 | | #ifdef HAVE_CURVE25519 |
5992 | | curve25519_key* peerX25519Key; |
5993 | | byte peerX25519KeyPresent; |
5994 | | #endif |
5995 | | #ifdef HAVE_ED448 |
5996 | | ed448_key* peerEd448Key; |
5997 | | byte peerEd448KeyPresent; |
5998 | | #endif |
5999 | | #ifdef HAVE_CURVE448 |
6000 | | curve448_key* peerX448Key; |
6001 | | byte peerX448KeyPresent; |
6002 | | #endif |
6003 | | #ifdef HAVE_FALCON |
6004 | | falcon_key* peerFalconKey; |
6005 | | byte peerFalconKeyPresent; |
6006 | | #endif |
6007 | | #ifdef HAVE_DILITHIUM |
6008 | | dilithium_key* peerDilithiumKey; |
6009 | | byte peerDilithiumKeyPresent; |
6010 | | #endif |
6011 | | #ifdef HAVE_LIBZ |
6012 | | z_stream c_stream; /* compression stream */ |
6013 | | z_stream d_stream; /* decompression stream */ |
6014 | | byte didStreamInit; /* for stream init and end */ |
6015 | | #endif |
6016 | | #ifdef WOLFSSL_DTLS |
6017 | | int dtls_timeout_init; /* starting timeout value */ |
6018 | | int dtls_timeout_max; /* maximum timeout value */ |
6019 | | int dtls_timeout; /* current timeout value, changes */ |
6020 | | #ifndef NO_ASN_TIME |
6021 | | word32 dtls_start_timeout; |
6022 | | #endif /* !NO_ASN_TIME */ |
6023 | | word32 dtls_tx_msg_list_sz; |
6024 | | word32 dtls_rx_msg_list_sz; |
6025 | | DtlsMsg* dtls_tx_msg_list; |
6026 | | DtlsMsg* dtls_tx_msg; |
6027 | | DtlsMsg* dtls_rx_msg_list; |
6028 | | void* IOCB_CookieCtx; /* gen cookie ctx */ |
6029 | | #ifdef WOLFSSL_SESSION_EXPORT |
6030 | | wc_dtls_export dtls_export; /* export function for session */ |
6031 | | #endif |
6032 | | #if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) |
6033 | | word16 dtlsMtuSz; |
6034 | | #endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */ |
6035 | | #ifdef WOLFSSL_MULTICAST |
6036 | | void* mcastHwCbCtx; /* Multicast highwater callback ctx */ |
6037 | | #endif /* WOLFSSL_MULTICAST */ |
6038 | | #ifdef WOLFSSL_DTLS_DROP_STATS |
6039 | | word32 macDropCount; |
6040 | | word32 replayDropCount; |
6041 | | #endif /* WOLFSSL_DTLS_DROP_STATS */ |
6042 | | #ifdef WOLFSSL_SRTP |
6043 | | word16 dtlsSrtpProfiles; /* DTLS-with-SRTP profiles list |
6044 | | * (selected profiles - up to 16) */ |
6045 | | word16 dtlsSrtpId; /* DTLS-with-SRTP profile ID selected */ |
6046 | | #endif |
6047 | | #ifdef WOLFSSL_DTLS13 |
6048 | | RecordNumberCiphers dtlsRecordNumberEncrypt; |
6049 | | RecordNumberCiphers dtlsRecordNumberDecrypt; |
6050 | | Dtls13Epoch dtls13Epochs[DTLS13_EPOCH_SIZE]; |
6051 | | Dtls13Epoch *dtls13EncryptEpoch; |
6052 | | Dtls13Epoch *dtls13DecryptEpoch; |
6053 | | w64wrapper dtls13Epoch; |
6054 | | w64wrapper dtls13PeerEpoch; |
6055 | | w64wrapper dtls13InvalidateBefore; |
6056 | | byte dtls13CurRL[DTLS_RECVD_RL_HEADER_MAX_SZ]; |
6057 | | word16 dtls13CurRlLength; |
6058 | | |
6059 | | /* used to store the message if it needs to be fragmented */ |
6060 | | buffer dtls13FragmentsBuffer; |
6061 | | byte dtls13SendingFragments:1; |
6062 | | byte dtls13SendingAckOrRtx; |
6063 | | byte dtls13FastTimeout:1; |
6064 | | byte dtls13WaitKeyUpdateAck; |
6065 | | byte dtls13DoKeyUpdate; |
6066 | | word32 dtls13MessageLength; |
6067 | | word32 dtls13FragOffset; |
6068 | | byte dtls13FragHandshakeType; |
6069 | | Dtls13Rtx dtls13Rtx; |
6070 | | byte *dtls13ClientHello; |
6071 | | word16 dtls13ClientHelloSz; |
6072 | | |
6073 | | #endif /* WOLFSSL_DTLS13 */ |
6074 | | #ifdef WOLFSSL_DTLS_CID |
6075 | | CIDInfo *dtlsCidInfo; |
6076 | | #endif /* WOLFSSL_DTLS_CID */ |
6077 | | |
6078 | | #endif /* WOLFSSL_DTLS */ |
6079 | | #ifdef WOLFSSL_CALLBACKS |
6080 | | TimeoutInfo timeoutInfo; /* info saved during handshake */ |
6081 | | HandShakeInfo handShakeInfo; /* info saved during handshake */ |
6082 | | #endif |
6083 | | #ifdef OPENSSL_EXTRA |
6084 | | SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ |
6085 | | void* protoMsgCtx; /* user set context with msg callback */ |
6086 | | #endif |
6087 | | #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) |
6088 | | byte hsInfoOn; /* track handshake info */ |
6089 | | byte toInfoOn; /* track timeout info */ |
6090 | | #endif |
6091 | | #ifdef HAVE_FUZZER |
6092 | | CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ |
6093 | | void* fuzzerCtx; /* user defined pointer */ |
6094 | | #endif |
6095 | | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
6096 | | CertReqCtx* certReqCtx; |
6097 | | #endif |
6098 | | #ifdef WOLFSSL_LOCAL_X509_STORE |
6099 | | WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ |
6100 | | #endif |
6101 | | #ifdef KEEP_PEER_CERT |
6102 | | /* TODO put this on the heap so we can properly use the |
6103 | | * reference counter and not have to duplicate it. */ |
6104 | | WOLFSSL_X509 peerCert; /* X509 peer cert */ |
6105 | | #endif |
6106 | | #ifdef KEEP_OUR_CERT |
6107 | | WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert. |
6108 | | points to ctx if not owned (owned |
6109 | | flag found in buffers.weOwnCert) */ |
6110 | | #endif |
6111 | | byte keepCert; /* keep certificate after handshake */ |
6112 | | #ifdef HAVE_EX_DATA |
6113 | | WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */ |
6114 | | #endif |
6115 | | int devId; /* async device id to use */ |
6116 | | #ifdef HAVE_ONE_TIME_AUTH |
6117 | | OneTimeAuth auth; |
6118 | | #endif |
6119 | | #ifdef HAVE_TLS_EXTENSIONS |
6120 | | TLSX* extensions; /* RFC 6066 TLS Extensions data */ |
6121 | | #ifdef HAVE_MAX_FRAGMENT |
6122 | | word16 max_fragment; |
6123 | | #endif |
6124 | | #ifdef HAVE_TRUNCATED_HMAC |
6125 | | byte truncated_hmac; |
6126 | | #endif |
6127 | | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
6128 | | byte status_request; |
6129 | | #endif |
6130 | | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
6131 | | byte status_request_v2; |
6132 | | #endif |
6133 | | #if defined(HAVE_SECURE_RENEGOTIATION) \ |
6134 | | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
6135 | | int secure_rene_count; /* how many times */ |
6136 | | SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ |
6137 | | #endif /* user turned on */ |
6138 | | #ifdef HAVE_ALPN |
6139 | | byte *alpn_peer_requested; /* the ALPN bytes requested by peer, sequence |
6140 | | * of length byte + chars */ |
6141 | | word16 alpn_peer_requested_length; /* number of bytes total */ |
6142 | | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ |
6143 | | defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_QUIC) |
6144 | | CallbackALPNSelect alpnSelect; |
6145 | | void* alpnSelectArg; |
6146 | | #endif |
6147 | | #endif /* of accepted protocols */ |
6148 | | #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) |
6149 | | CallbackSessionTicket session_ticket_cb; |
6150 | | void* session_ticket_ctx; |
6151 | | byte expect_session_ticket; |
6152 | | #endif |
6153 | | word16 hrr_keyshare_group; |
6154 | | #endif /* HAVE_TLS_EXTENSIONS */ |
6155 | | #ifdef HAVE_OCSP |
6156 | | void* ocspIOCtx; |
6157 | | byte ocspProducedDate[MAX_DATE_SZ]; |
6158 | | int ocspProducedDateFormat; |
6159 | | buffer ocspCsrResp[1 + MAX_CHAIN_DEPTH]; |
6160 | | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
6161 | | char* url; |
6162 | | #endif |
6163 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) |
6164 | | word32 response_idx; |
6165 | | #endif |
6166 | | #endif |
6167 | | #ifdef HAVE_NETX |
6168 | | NetX_Ctx nxCtx; /* NetX IO Context */ |
6169 | | #endif |
6170 | | #if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) |
6171 | | void* mnCtx; /* mynewt mn_socket IO Context */ |
6172 | | #endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */ |
6173 | | #ifdef WOLFSSL_GNRC |
6174 | | struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */ |
6175 | | #endif |
6176 | | #ifdef SESSION_INDEX |
6177 | | int sessionIndex; /* Session's location in the cache. */ |
6178 | | #endif |
6179 | | #ifdef ATOMIC_USER |
6180 | | void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ |
6181 | | void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ |
6182 | | #ifdef HAVE_ENCRYPT_THEN_MAC |
6183 | | void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */ |
6184 | | void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */ |
6185 | | #endif |
6186 | | #endif |
6187 | | #ifdef HAVE_PK_CALLBACKS |
6188 | | #ifdef HAVE_ECC |
6189 | | void* EccKeyGenCtx; /* EccKeyGen Callback Context */ |
6190 | | void* EccSignCtx; /* Ecc Sign Callback Context */ |
6191 | | void* EccVerifyCtx; /* Ecc Verify Callback Context */ |
6192 | | void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ |
6193 | | #endif /* HAVE_ECC */ |
6194 | | #ifdef HAVE_HKDF |
6195 | | void* HkdfExtractCtx; /* Hkdf extract callback context */ |
6196 | | #endif |
6197 | | #ifdef HAVE_ED25519 |
6198 | | void* Ed25519SignCtx; /* ED25519 Sign Callback Context */ |
6199 | | void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */ |
6200 | | #endif |
6201 | | #ifdef HAVE_CURVE25519 |
6202 | | void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ |
6203 | | void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ |
6204 | | #endif |
6205 | | #ifdef HAVE_ED448 |
6206 | | void* Ed448SignCtx; /* ED448 Sign Callback Context */ |
6207 | | void* Ed448VerifyCtx; /* ED448 Verify Callback Context */ |
6208 | | #endif |
6209 | | #ifdef HAVE_CURVE448 |
6210 | | void* X448KeyGenCtx; /* X448 KeyGen Callback Context */ |
6211 | | void* X448SharedSecretCtx; /* X448 Pms Callback Context */ |
6212 | | #endif |
6213 | | #ifndef NO_DH |
6214 | | void* DhAgreeCtx; /* DH Pms Callback Context */ |
6215 | | #endif /* !NO_DH */ |
6216 | | #ifndef NO_RSA |
6217 | | void* RsaSignCtx; /* Rsa Sign Callback Context */ |
6218 | | void* RsaVerifyCtx; /* Rsa Verify Callback Context */ |
6219 | | #ifdef WC_RSA_PSS |
6220 | | void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */ |
6221 | | void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */ |
6222 | | #endif |
6223 | | void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ |
6224 | | void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ |
6225 | | #endif /* NO_RSA */ |
6226 | | void* GenPreMasterCtx; /* Generate Premaster Callback Context */ |
6227 | | void* GenMasterCtx; /* Generate Master Callback Context */ |
6228 | | void* GenExtMasterCtx; /* Generate Extended Master Callback Context */ |
6229 | | void* GenSessionKeyCtx; /* Generate Session Key Callback Context */ |
6230 | | void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */ |
6231 | | void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */ |
6232 | | void* VerifyMacCtx; /* Verify mac Callback Context */ |
6233 | | #endif /* HAVE_PK_CALLBACKS */ |
6234 | | #ifdef HAVE_SECRET_CALLBACK |
6235 | | SessionSecretCb sessionSecretCb; |
6236 | | void* sessionSecretCtx; |
6237 | | TicketParseCb ticketParseCb; |
6238 | | void* ticketParseCtx; |
6239 | | TlsSecretCb tlsSecretCb; |
6240 | | void* tlsSecretCtx; |
6241 | | #ifdef WOLFSSL_TLS13 |
6242 | | Tls13SecretCb tls13SecretCb; |
6243 | | void* tls13SecretCtx; |
6244 | | #endif |
6245 | | #ifdef OPENSSL_EXTRA |
6246 | | SessionSecretCb keyLogCb; |
6247 | | #ifdef WOLFSSL_TLS13 |
6248 | | Tls13SecretCb tls13KeyLogCb; |
6249 | | #endif |
6250 | | #endif |
6251 | | #endif /* HAVE_SECRET_CALLBACK */ |
6252 | | #ifdef WOLFSSL_JNI |
6253 | | void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ |
6254 | | #endif /* WOLFSSL_JNI */ |
6255 | | #ifdef WOLFSSL_EARLY_DATA |
6256 | | EarlyDataState earlyData; |
6257 | | word32 earlyDataSz; |
6258 | | byte earlyDataStatus; |
6259 | | #endif |
6260 | | #if defined(OPENSSL_EXTRA) |
6261 | | WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ |
6262 | | WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ |
6263 | | WOLFSSL_STACK* verifiedChain; /* peer cert chain to CA */ |
6264 | | #ifdef KEEP_OUR_CERT |
6265 | | WOLFSSL_STACK* ourCertChain; /* Used in wolfSSL_add1_chain_cert */ |
6266 | | #endif |
6267 | | #endif |
6268 | | #ifdef WOLFSSL_STATIC_EPHEMERAL |
6269 | | StaticKeyExchangeInfo_t staticKE; |
6270 | | #endif |
6271 | | #ifdef WOLFSSL_MAXQ10XX_TLS |
6272 | | maxq_ssl_t maxq_ctx; |
6273 | | #endif |
6274 | | #ifdef WOLFSSL_HAVE_TLS_UNIQUE |
6275 | | /* Added in libest port: allow applications to get the 'tls-unique' Channel |
6276 | | * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is |
6277 | | * used in the EST protocol to bind an enrollment to a TLS session through |
6278 | | * 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4 |
6279 | | * and https://tools.ietf.org/html/rfc7030#section-3.5). */ |
6280 | | byte clientFinished[TLS_FINISHED_SZ_MAX]; |
6281 | | byte serverFinished[TLS_FINISHED_SZ_MAX]; |
6282 | | byte clientFinished_len; |
6283 | | byte serverFinished_len; |
6284 | | #endif |
6285 | | #ifndef WOLFSSL_NO_CA_NAMES |
6286 | | WOLF_STACK_OF(WOLFSSL_X509_NAME)* client_ca_names; /* Used in *_set/get_client_CA_list |
6287 | | (server only) */ |
6288 | | WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; /* Used in *_set0/get0_CA_list */ |
6289 | | WOLF_STACK_OF(WOLFSSL_X509_NAME)* peer_ca_names; /* Used in *_get0_peer_CA_list |
6290 | | and (client only) |
6291 | | wolfSSL_get_client_CA_list */ |
6292 | | #endif |
6293 | | #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS) |
6294 | | IOTSAFE iotsafe; |
6295 | | #endif |
6296 | | #ifdef WOLFSSL_LWIP_NATIVE |
6297 | | WOLFSSL_LWIP_NATIVE_STATE lwipCtx; /* LwIP native socket IO Context */ |
6298 | | #endif |
6299 | | #ifdef WOLFSSL_QUIC |
6300 | | struct { |
6301 | | const WOLFSSL_QUIC_METHOD* method; |
6302 | | WOLFSSL_ENCRYPTION_LEVEL enc_level_read; |
6303 | | WOLFSSL_ENCRYPTION_LEVEL enc_level_read_next; |
6304 | | WOLFSSL_ENCRYPTION_LEVEL enc_level_latest_recvd; |
6305 | | WOLFSSL_ENCRYPTION_LEVEL enc_level_write; |
6306 | | WOLFSSL_ENCRYPTION_LEVEL enc_level_write_next; |
6307 | | int transport_version; |
6308 | | const QuicTransportParam* transport_local; |
6309 | | const QuicTransportParam* transport_peer; |
6310 | | const QuicTransportParam* transport_peer_draft; |
6311 | | QuicRecord* input_head; /* we own, data for handshake */ |
6312 | | QuicRecord* input_tail; /* points to last element for append */ |
6313 | | QuicRecord* scratch; /* we own, record construction */ |
6314 | | enum wolfssl_encryption_level_t output_rec_level; |
6315 | | /* encryption level of current output record */ |
6316 | | word32 output_rec_remain; /* how many bytes of output TLS record |
6317 | | * content have not been handled yet by quic */ |
6318 | | } quic; |
6319 | | #endif /* WOLFSSL_QUIC */ |
6320 | | #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) |
6321 | | WOLFSSL_EchConfig* echConfigs; |
6322 | | #endif |
6323 | | |
6324 | | #if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_KEYLOGFILE) |
6325 | | SSLSnifferSecretCb snifferSecretCb; |
6326 | | #endif /* WOLFSSL_SNIFFER && WOLFSSL_SNIFFER_KEYLOGFILE */ |
6327 | | #ifdef WOLFSSL_DUAL_ALG_CERTS |
6328 | | byte *sigSpec; /* This pointer never owns the memory. */ |
6329 | | word16 sigSpecSz; |
6330 | | byte *peerSigSpec; /* This pointer always owns the memory. */ |
6331 | | word16 peerSigSpecSz; |
6332 | | #endif |
6333 | | #if defined(WOLFSSL_SYS_CRYPTO_POLICY) |
6334 | | int secLevel; /* The security level of system-wide crypto policy. */ |
6335 | | #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ |
6336 | | }; |
6337 | | |
6338 | | #if defined(WOLFSSL_SYS_CRYPTO_POLICY) |
6339 | | #define WOLFSSL_SECLEVEL_STR "@SECLEVEL=" |
6340 | | struct SystemCryptoPolicy { |
6341 | | int enabled; |
6342 | | int secLevel; |
6343 | | char str[MAX_WOLFSSL_CRYPTO_POLICY_SIZE + 1]; /* + 1 for null term */ |
6344 | | }; |
6345 | | #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ |
6346 | | |
6347 | | /* |
6348 | | * wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error |
6349 | | * to the error queue on file end. This should not be left |
6350 | | * for the caller to find so we clear the last error. |
6351 | | */ |
6352 | | #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_ERROR_QUEUE) |
6353 | | #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \ |
6354 | | (err) = wolfSSL_ERR_peek_last_error(); \ |
6355 | | if (wolfSSL_ERR_GET_LIB(err) == WOLFSSL_ERR_LIB_PEM && \ |
6356 | | wolfSSL_ERR_GET_REASON(err) == -WOLFSSL_PEM_R_NO_START_LINE_E) { \ |
6357 | | wc_RemoveErrorNode(-1); \ |
6358 | | } |
6359 | | #else |
6360 | 0 | #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) (void)(err); |
6361 | | #endif |
6362 | | |
6363 | | /* |
6364 | | * The SSL object may have its own certificate store. The below macros simplify |
6365 | | * logic for choosing which WOLFSSL_CERT_MANAGER and WOLFSSL_X509_STORE to use. |
6366 | | * Always use SSL specific objects when available and revert to CTX otherwise. |
6367 | | */ |
6368 | | #ifdef WOLFSSL_LOCAL_X509_STORE |
6369 | | #define SSL_CM(ssl) ((ssl)->x509_store_pt ? (ssl)->x509_store_pt->cm : \ |
6370 | | ((ssl)->ctx->x509_store_pt ? (ssl)->ctx->x509_store_pt->cm : \ |
6371 | | (ssl)->ctx->cm)) |
6372 | | #define SSL_STORE(ssl) ((ssl)->x509_store_pt ? (ssl)->x509_store_pt : \ |
6373 | | ((ssl)->ctx->x509_store_pt ? (ssl)->ctx->x509_store_pt : \ |
6374 | | &(ssl)->ctx->x509_store)) |
6375 | | #define CTX_STORE(ctx) ((ctx)->x509_store_pt ? (ctx)->x509_store_pt : \ |
6376 | | &(ctx)->x509_store) |
6377 | | #else |
6378 | 0 | #define SSL_CM(ssl) (ssl)->ctx->cm |
6379 | | #endif |
6380 | | /* Issue warning when we are modifying the overall context CM */ |
6381 | | #define SSL_CM_WARNING(ssl) \ |
6382 | 0 | do { \ |
6383 | 0 | if (SSL_CM( (ssl) ) == (ssl)->ctx->cm) { \ |
6384 | 0 | WOLFSSL_MSG("Modifying SSL_CTX CM not SSL specific CM"); \ |
6385 | 0 | } \ |
6386 | 0 | } while (0) |
6387 | | |
6388 | | WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); |
6389 | | WOLFSSL_LOCAL int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); |
6390 | | WOLFSSL_LOCAL int ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); |
6391 | | WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap); |
6392 | | WOLFSSL_TEST_VIS void wolfSSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ |
6393 | | #ifndef OPENSSL_COEXIST |
6394 | | #define SSL_ResourceFree wolfSSL_ResourceFree |
6395 | | #endif |
6396 | | |
6397 | | |
6398 | | #ifndef NO_CERTS |
6399 | | |
6400 | | WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, |
6401 | | long sz, int format, int type, WOLFSSL* ssl, |
6402 | | long* used, int userChain, int verify, |
6403 | | const char *source_name); |
6404 | | WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, |
6405 | | int type, WOLFSSL* ssl, int userChain, |
6406 | | WOLFSSL_CRL* crl, int verify); |
6407 | | |
6408 | | #ifndef NO_ASN |
6409 | | WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName, |
6410 | | size_t domainNameLen, unsigned int flags, |
6411 | | byte isIP); |
6412 | | #endif |
6413 | | #endif |
6414 | | |
6415 | | |
6416 | | #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) |
6417 | | WOLFSSL_LOCAL void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl); |
6418 | | WOLFSSL_LOCAL void FinishHandShakeInfo(HandShakeInfo* info); |
6419 | | WOLFSSL_LOCAL void AddPacketName(WOLFSSL* ssl, const char* name); |
6420 | | |
6421 | | WOLFSSL_LOCAL void InitTimeoutInfo(TimeoutInfo* info); |
6422 | | WOLFSSL_LOCAL void FreeTimeoutInfo(TimeoutInfo* info, void* heap); |
6423 | | WOLFSSL_LOCAL int AddPacketInfo(WOLFSSL* ssl, const char* name, int type, |
6424 | | const byte* data, int sz, int written, int lateRL, |
6425 | | void* heap); |
6426 | | WOLFSSL_LOCAL void AddLateName(const char* name, TimeoutInfo* info); |
6427 | | WOLFSSL_LOCAL void AddLateRecordHeader(const RecordLayerHeader* rl, |
6428 | | TimeoutInfo* info); |
6429 | | #endif |
6430 | | |
6431 | | |
6432 | | /* Record Layer Header identifier from page 12 */ |
6433 | | enum ContentType { |
6434 | | no_type = 0, |
6435 | | change_cipher_spec = 20, |
6436 | | alert = 21, |
6437 | | handshake = 22, |
6438 | | application_data = 23, |
6439 | | dtls12_cid = 25, |
6440 | | #ifdef WOLFSSL_DTLS13 |
6441 | | ack = 26, |
6442 | | #endif /* WOLFSSL_DTLS13 */ |
6443 | | }; |
6444 | | |
6445 | | |
6446 | | /* handshake header, same for each message type, pgs 20/21 */ |
6447 | | typedef struct HandShakeHeader { |
6448 | | byte type; |
6449 | | word24 length; |
6450 | | } HandShakeHeader; |
6451 | | |
6452 | | |
6453 | | /* DTLS handshake header, same for each message type */ |
6454 | | typedef struct DtlsHandShakeHeader { |
6455 | | byte type; |
6456 | | word24 length; |
6457 | | byte message_seq[2]; /* start at 0, retransmit gets same # */ |
6458 | | word24 fragment_offset; /* bytes in previous fragments */ |
6459 | | word24 fragment_length; /* length of this fragment */ |
6460 | | } DtlsHandShakeHeader; |
6461 | | |
6462 | | |
6463 | | enum HandShakeType { |
6464 | | hello_request = 0, |
6465 | | client_hello = 1, |
6466 | | server_hello = 2, |
6467 | | hello_verify_request = 3, /* DTLS addition */ |
6468 | | session_ticket = 4, |
6469 | | end_of_early_data = 5, |
6470 | | hello_retry_request = 6, |
6471 | | encrypted_extensions = 8, |
6472 | | certificate = 11, |
6473 | | server_key_exchange = 12, |
6474 | | certificate_request = 13, |
6475 | | server_hello_done = 14, |
6476 | | certificate_verify = 15, |
6477 | | client_key_exchange = 16, |
6478 | | finished = 20, |
6479 | | certificate_status = 22, |
6480 | | key_update = 24, |
6481 | | change_cipher_hs = 55, /* simulate unique handshake type for sanity |
6482 | | checks. record layer change_cipher |
6483 | | conflicts with handshake finished */ |
6484 | | message_hash = 254, /* synthetic message type for TLS v1.3 */ |
6485 | | no_shake = 255 /* used to initialize the DtlsMsg record */ |
6486 | | }; |
6487 | | |
6488 | | enum ProvisionSide { |
6489 | | PROVISION_CLIENT = 1, |
6490 | | PROVISION_SERVER = 2, |
6491 | | PROVISION_CLIENT_SERVER = 3 |
6492 | | }; |
6493 | | |
6494 | | /* cipher requirements */ |
6495 | | enum { |
6496 | | REQUIRES_RSA, |
6497 | | REQUIRES_DHE, |
6498 | | REQUIRES_ECC, |
6499 | | REQUIRES_ECC_STATIC, |
6500 | | REQUIRES_PSK, |
6501 | | REQUIRES_RSA_SIG, |
6502 | | REQUIRES_AEAD |
6503 | | }; |
6504 | | |
6505 | | static const byte kTlsClientStr[SIZEOF_SENDER+1] = { 0x43, 0x4C, 0x4E, 0x54, 0x00 }; /* CLNT */ |
6506 | | static const byte kTlsServerStr[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* SRVR */ |
6507 | | |
6508 | | static const byte kTlsClientFinStr[FINISHED_LABEL_SZ + 1] = "client finished"; |
6509 | | static const byte kTlsServerFinStr[FINISHED_LABEL_SZ + 1] = "server finished"; |
6510 | | |
6511 | | #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_CURL) |
6512 | | typedef struct { |
6513 | | int name_len; |
6514 | | const char *name; |
6515 | | int nid; |
6516 | | word16 curve; |
6517 | | } WOLF_EC_NIST_NAME; |
6518 | | extern const WOLF_EC_NIST_NAME kNistCurves[]; |
6519 | | WOLFSSL_LOCAL int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, |
6520 | | const char* names, byte curves_only); |
6521 | | #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_CURL */ |
6522 | | |
6523 | | /* internal functions */ |
6524 | | WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL* ssl); |
6525 | | WOLFSSL_LOCAL int SendTicket(WOLFSSL* ssl); |
6526 | | #ifdef HAVE_SESSION_TICKET |
6527 | | WOLFSSL_LOCAL int DoDecryptTicket(const WOLFSSL* ssl, const byte* input, |
6528 | | word32 len, InternalTicket **it); |
6529 | | /* Return 0 when check successful. <0 on failure. */ |
6530 | | WOLFSSL_LOCAL void DoClientTicketFinalize(WOLFSSL* ssl, InternalTicket* it, |
6531 | | const WOLFSSL_SESSION* sess); |
6532 | | |
6533 | | #ifdef WOLFSSL_TLS13 |
6534 | | WOLFSSL_LOCAL int DoClientTicketCheck(const WOLFSSL* ssl, |
6535 | | const PreSharedKey* psk, sword64 timeout, const byte* suite); |
6536 | | WOLFSSL_LOCAL void CleanupClientTickets(PreSharedKey* psk); |
6537 | | WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk, |
6538 | | int retainSess); |
6539 | | #endif |
6540 | | |
6541 | | WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len); |
6542 | | #endif /* HAVE_SESSION_TICKET */ |
6543 | | WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, size_t sz); |
6544 | | #ifdef WOLFSSL_THREADED_CRYPT |
6545 | | WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl); |
6546 | | #endif |
6547 | | #ifdef WOLFSSL_TLS13 |
6548 | | WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType); |
6549 | | #endif |
6550 | | WOLFSSL_LOCAL int SendCertificate(WOLFSSL* ssl); |
6551 | | WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL* ssl); |
6552 | | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
6553 | | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
6554 | | WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, |
6555 | | buffer* response); |
6556 | | #endif |
6557 | | #if defined(HAVE_SECURE_RENEGOTIATION) && \ |
6558 | | !defined(NO_WOLFSSL_SERVER) |
6559 | | WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL* ssl); |
6560 | | #endif |
6561 | | WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL* ssl); |
6562 | | WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL* ssl); |
6563 | | WOLFSSL_LOCAL int SendBuffered(WOLFSSL* ssl); |
6564 | | WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, size_t sz, int peek); |
6565 | | WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl); |
6566 | | WOLFSSL_LOCAL int RetrySendAlert(WOLFSSL* ssl); |
6567 | | WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type); |
6568 | | WOLFSSL_LOCAL int SendFatalAlertOnly(WOLFSSL *ssl, int error); |
6569 | | WOLFSSL_LOCAL int ProcessReply(WOLFSSL* ssl); |
6570 | | WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr); |
6571 | | |
6572 | | WOLFSSL_LOCAL const char* AlertTypeToString(int type); |
6573 | | |
6574 | | WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL* ssl); |
6575 | | WOLFSSL_LOCAL int GetCipherSpec(word16 side, byte cipherSuite0, |
6576 | | byte cipherSuite, CipherSpecs* specs, Options* opts); |
6577 | | WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL* ssl); |
6578 | | |
6579 | | WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); |
6580 | | WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); |
6581 | | |
6582 | | WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); |
6583 | | WOLFSSL_LOCAL int IsTLS_ex(const ProtocolVersion pv); |
6584 | | WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); |
6585 | | WOLFSSL_LOCAL int IsAtLeastTLSv1_3(ProtocolVersion pv); |
6586 | | WOLFSSL_LOCAL int IsEncryptionOn(const WOLFSSL* ssl, int isSend); |
6587 | | WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl); |
6588 | | |
6589 | | WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); |
6590 | | WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); |
6591 | | WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); |
6592 | | WOLFSSL_LOCAL byte* GetOutputBuffer(WOLFSSL* ssl); |
6593 | | |
6594 | | WOLFSSL_LOCAL int CipherRequires(byte first, byte second, int requirement); |
6595 | | WOLFSSL_LOCAL int VerifyClientSuite(word16 havePSK, byte cipherSuite0, |
6596 | | byte cipherSuite); |
6597 | | |
6598 | | WOLFSSL_LOCAL int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length); |
6599 | | WOLFSSL_LOCAL int wolfssl_local_GetRecordSize(WOLFSSL *ssl, int payloadSz, |
6600 | | int isEncrypted); |
6601 | | WOLFSSL_LOCAL int wolfssl_local_GetMaxPlaintextSize(WOLFSSL *ssl); |
6602 | | WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl); |
6603 | | |
6604 | | #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS) |
6605 | | WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl); |
6606 | | WOLFSSL_LOCAL int wolfSSL_set_iotsafe_ctx(WOLFSSL *ssl, IOTSAFE *iotsafe); |
6607 | | #endif |
6608 | | |
6609 | | #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_ECC) |
6610 | | WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey); |
6611 | | WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); |
6612 | | #endif |
6613 | | |
6614 | | #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) |
6615 | | WOLFSSL_LOCAL int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, |
6616 | | word16 curve_id); |
6617 | | #else |
6618 | | static WC_INLINE int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, |
6619 | | word16 curve_id) |
6620 | 0 | { |
6621 | 0 | (void)ssl; |
6622 | 0 | (void)curve_id; |
6623 | 0 | return 0; |
6624 | 0 | } Unexecuted instantiation: asn.c:wolfSSL_curve_is_disabled Unexecuted instantiation: ssl.c:wolfSSL_curve_is_disabled Unexecuted instantiation: tls.c:wolfSSL_curve_is_disabled Unexecuted instantiation: tls13.c:wolfSSL_curve_is_disabled Unexecuted instantiation: internal.c:wolfSSL_curve_is_disabled Unexecuted instantiation: keys.c:wolfSSL_curve_is_disabled Unexecuted instantiation: wolfio.c:wolfSSL_curve_is_disabled |
6625 | | #endif |
6626 | | |
6627 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
6628 | | WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, |
6629 | | int *initTmpRng); |
6630 | | #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ |
6631 | | |
6632 | | #ifndef NO_CERTS |
6633 | | #ifndef NO_RSA |
6634 | | #ifdef WC_RSA_PSS |
6635 | | WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz, |
6636 | | byte* out, word32 sigSz, enum wc_HashType hashType); |
6637 | | WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, |
6638 | | enum wc_HashType* hashType, int* mgf); |
6639 | | #endif |
6640 | | WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, |
6641 | | word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo, |
6642 | | int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo); |
6643 | | WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, |
6644 | | byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key, |
6645 | | DerBuffer* keyBufInfo); |
6646 | | WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, |
6647 | | byte** out, int sigAlgo, int hashAlgo, RsaKey* key, |
6648 | | buffer* keyBufInfo); |
6649 | | WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, |
6650 | | word32* outSz, RsaKey* key, DerBuffer* keyBufInfo); |
6651 | | WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, |
6652 | | word32* outSz, RsaKey* key, buffer* keyBufInfo); |
6653 | | #endif /* !NO_RSA */ |
6654 | | |
6655 | | #ifdef HAVE_ECC |
6656 | | WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, |
6657 | | byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo); |
6658 | | WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, |
6659 | | const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo); |
6660 | | WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, |
6661 | | ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out, |
6662 | | word32* outlen, int side); |
6663 | | #endif /* HAVE_ECC */ |
6664 | | #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) |
6665 | | WOLFSSL_LOCAL int Sm2wSm3Sign(WOLFSSL* ssl, const byte* id, word32 idSz, |
6666 | | const byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key, |
6667 | | DerBuffer* keyBufInfo); |
6668 | | WOLFSSL_LOCAL int Sm2wSm3Verify(WOLFSSL* ssl, const byte* id, |
6669 | | word32 idSz, const byte* in, word32 inSz, const byte* out, |
6670 | | word32 outSz, ecc_key* key, buffer* keyBufInfo); |
6671 | | #endif /* WOLFSSL_SM2 && WOLFSSL_SM3 */ |
6672 | | #ifdef HAVE_ED25519 |
6673 | | WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl); |
6674 | | WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, |
6675 | | byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo); |
6676 | | WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in, |
6677 | | word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key, |
6678 | | buffer* keyBufInfo); |
6679 | | #endif /* HAVE_ED25519 */ |
6680 | | #ifdef HAVE_ED448 |
6681 | | WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl); |
6682 | | WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, |
6683 | | byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo); |
6684 | | WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in, |
6685 | | word32 inSz, const byte* msg, word32 msgSz, ed448_key* key, |
6686 | | buffer* keyBufInfo); |
6687 | | #endif /* HAVE_ED448 */ |
6688 | | |
6689 | | |
6690 | | #ifdef WOLFSSL_TRUST_PEER_CERT |
6691 | | |
6692 | | /* options for searching hash table for a matching trusted peer cert */ |
6693 | | #define WC_MATCH_SKID 0 |
6694 | | #define WC_MATCH_NAME 1 |
6695 | | |
6696 | | WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert); |
6697 | | WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, |
6698 | | DecodedCert* cert); |
6699 | | #endif |
6700 | | |
6701 | | |
6702 | | #ifndef GetCA |
6703 | | WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash); |
6704 | | #endif |
6705 | | #if defined(WOLFSSL_AKID_NAME) && !defined(WC_SYM_RELOC_TABLES) |
6706 | | /* note WOLFSSL_API_PREFIX_MAPping is in asn.h, and if |
6707 | | * WC_SYM_RELOC_TABLES, the prototype is in the port layer |
6708 | | * (e.g. linuxkm_wc_port.h), to allow shimming. |
6709 | | */ |
6710 | | WOLFSSL_TEST_VIS Signer* GetCAByAKID(void* vp, const byte* issuer, |
6711 | | word32 issuerSz, const byte* serial, word32 serialSz); |
6712 | | #endif |
6713 | | #if defined(HAVE_OCSP) && !defined(GetCAByKeyHash) |
6714 | | WOLFSSL_LOCAL Signer* GetCAByKeyHash(void* vp, const byte* keyHash); |
6715 | | #endif |
6716 | | #if !defined(NO_SKID) && !defined(GetCAByName) |
6717 | | WOLFSSL_LOCAL Signer* GetCAByName(void* vp, byte* hash); |
6718 | | #endif |
6719 | | #endif /* !NO_CERTS */ |
6720 | | WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, |
6721 | | word32* hashLen); |
6722 | | WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, |
6723 | | const byte* sender); |
6724 | | WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); |
6725 | | WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); |
6726 | | WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); |
6727 | | WOLFSSL_LOCAL int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted); |
6728 | | WOLFSSL_LOCAL int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, |
6729 | | word32 msgSz); |
6730 | | WOLFSSL_LOCAL int GetHandshakeHeader(WOLFSSL* ssl, const byte* input, |
6731 | | word32* inOutIdx, byte* type, word32* size, word32 totalSz); |
6732 | | #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) |
6733 | | WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret); |
6734 | | #endif |
6735 | | #ifndef NO_TLS |
6736 | | WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL* ssl); |
6737 | | #ifndef WOLFSSL_AEAD_ONLY |
6738 | | WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, |
6739 | | word32 sz, int padSz, int content, int verify, int epochOrder); |
6740 | | #endif |
6741 | | #endif |
6742 | | |
6743 | | WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); |
6744 | | WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); |
6745 | | |
6746 | | #ifndef NO_WOLFSSL_CLIENT |
6747 | | WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl); |
6748 | | WOLFSSL_LOCAL int SendClientHello(WOLFSSL* ssl); |
6749 | | WOLFSSL_LOCAL int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, |
6750 | | word32 size); |
6751 | | #ifdef WOLFSSL_TLS13 |
6752 | | WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL* ssl); |
6753 | | #endif |
6754 | | WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL* ssl); |
6755 | | WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL* ssl); |
6756 | | #endif /* NO_WOLFSSL_CLIENT */ |
6757 | | |
6758 | | #ifndef NO_WOLFSSL_SERVER |
6759 | | WOLFSSL_LOCAL int SendServerHello(WOLFSSL* ssl); |
6760 | | WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl); |
6761 | | #endif /* NO_WOLFSSL_SERVER */ |
6762 | | |
6763 | | #ifdef WOLFSSL_TLS13 |
6764 | | WOLFSSL_LOCAL int SendTls13KeyUpdate(WOLFSSL* ssl); |
6765 | | #endif |
6766 | | |
6767 | | #ifdef WOLFSSL_DTLS |
6768 | | #ifdef WOLFSSL_API_PREFIX_MAP |
6769 | | #define DtlsMsgListDelete wolfSSL_DtlsMsgListDelete |
6770 | | #define DtlsMsgFind wolfSSL_DtlsMsgFind |
6771 | | #define DtlsMsgStore wolfSSL_DtlsMsgStore |
6772 | | #endif /* WOLFSSL_API_PREFIX_MAP */ |
6773 | | WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap); |
6774 | | WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap); |
6775 | | WOLFSSL_TEST_VIS void DtlsMsgListDelete(DtlsMsg* head, void* heap); |
6776 | | WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl); |
6777 | | WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, |
6778 | | const byte* data, byte type, |
6779 | | word32 fragOffset, word32 fragSz, void* heap, |
6780 | | word32 totalLen, byte encrypted); |
6781 | | WOLFSSL_TEST_VIS DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq); |
6782 | | |
6783 | | WOLFSSL_TEST_VIS void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq, |
6784 | | const byte* data, word32 dataSz, byte type, |
6785 | | word32 fragOffset, word32 fragSz, |
6786 | | void* heap); |
6787 | | WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item); |
6788 | | |
6789 | | WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data, |
6790 | | word32 dataSz, enum HandShakeType type); |
6791 | | WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL* ssl); |
6792 | | WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, |
6793 | | word32 fragOffset); |
6794 | | WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* item); |
6795 | | WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL* ssl); |
6796 | | WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket); |
6797 | | WOLFSSL_LOCAL void DtlsMsgDestroyFragBucket(DtlsFragBucket* fragBucket, void* heap); |
6798 | | WOLFSSL_LOCAL int GetDtlsHandShakeHeader(WOLFSSL *ssl, const byte *input, |
6799 | | word32 *inOutIdx, byte *type, word32 *size, word32 *fragOffset, |
6800 | | word32 *fragSz, word32 totalSz); |
6801 | | WOLFSSL_LOCAL int DtlsMsgDrain(WOLFSSL *ssl); |
6802 | | WOLFSSL_LOCAL int SendHelloVerifyRequest(WOLFSSL* ssl, |
6803 | | const byte* cookie, byte cookieSz); |
6804 | | |
6805 | | #if !defined(NO_WOLFSSL_SERVER) |
6806 | | WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, |
6807 | | const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13); |
6808 | | #endif /* !defined(NO_WOLFSSL_SERVER) */ |
6809 | | #if !defined(WOLFCRYPT_ONLY) && !defined(WOLFSSL_NO_SOCK) && \ |
6810 | | (defined(USE_WOLFSSL_IO) || defined(WOLFSSL_USER_IO)) |
6811 | | WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen, |
6812 | | SOCKADDR_S *b, XSOCKLENT bLen); |
6813 | | #endif |
6814 | | #endif /* WOLFSSL_DTLS */ |
6815 | | |
6816 | | #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) |
6817 | | WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl); |
6818 | | WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl); |
6819 | | WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl); |
6820 | | WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order); |
6821 | | #endif |
6822 | | WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl); |
6823 | | WOLFSSL_LOCAL int IsDtlsNotSctpMode(WOLFSSL* ssl); |
6824 | | WOLFSSL_LOCAL int IsDtlsNotSrtpMode(WOLFSSL* ssl); |
6825 | | |
6826 | | WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); |
6827 | | |
6828 | | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
6829 | | #ifdef WOLFSSL_32BIT_MILLI_TIME |
6830 | | WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); |
6831 | | #else |
6832 | | WOLFSSL_LOCAL sword64 TimeNowInMilliseconds(void); |
6833 | | #endif |
6834 | | |
6835 | | #endif |
6836 | | WOLFSSL_LOCAL word32 LowResTimer(void); |
6837 | | |
6838 | | WOLFSSL_LOCAL int FindSuiteSSL(const WOLFSSL* ssl, byte* suite); |
6839 | | WOLFSSL_LOCAL int FindSuite(const Suites* suites, byte first, byte second); |
6840 | | |
6841 | | WOLFSSL_LOCAL void DecodeSigAlg(const byte* input, byte* hashAlgo, |
6842 | | byte* hsType); |
6843 | | WOLFSSL_LOCAL enum wc_HashType HashAlgoToType(int hashAlgo); |
6844 | | |
6845 | | #ifndef NO_CERTS |
6846 | | WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, |
6847 | | void* heap); |
6848 | | WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); |
6849 | | WOLFSSL_LOCAL void InitX509(WOLFSSL_X509* x509, int dynamicFlag, |
6850 | | void* heap); |
6851 | | WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509* x509); |
6852 | | #ifndef NO_ASN |
6853 | | WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509* x509, |
6854 | | DecodedCert* dCert); |
6855 | | #endif |
6856 | | #endif |
6857 | | |
6858 | | #if defined(WOLFSSL_ACERT) |
6859 | | WOLFSSL_LOCAL int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, |
6860 | | DecodedAcert* dAcert); |
6861 | | #endif /* WOLFSSL_ACERT */ |
6862 | | |
6863 | | |
6864 | | #ifndef MAX_CIPHER_NAME |
6865 | | #define MAX_CIPHER_NAME 50 |
6866 | | #endif |
6867 | | |
6868 | | #ifdef WOLFSSL_NAMES_STATIC |
6869 | | typedef char cipher_name[MAX_CIPHER_NAME]; |
6870 | | #else |
6871 | | typedef const char* cipher_name; |
6872 | | #endif |
6873 | | |
6874 | | typedef struct CipherSuiteInfo { |
6875 | | cipher_name name; |
6876 | | #ifndef NO_ERROR_STRINGS |
6877 | | cipher_name name_iana; |
6878 | | #endif |
6879 | | byte cipherSuite0; |
6880 | | byte cipherSuite; |
6881 | | #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ |
6882 | | defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) |
6883 | | byte minor; |
6884 | | byte major; |
6885 | | #endif |
6886 | | byte flags; |
6887 | | } CipherSuiteInfo; |
6888 | | |
6889 | | WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); |
6890 | | WOLFSSL_LOCAL int GetCipherNamesSize(void); |
6891 | | WOLFSSL_LOCAL const char* GetCipherNameInternal(byte cipherSuite0, byte cipherSuite); |
6892 | | #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) |
6893 | | /* used in wolfSSL_sk_CIPHER_description */ |
6894 | | #define MAX_SEGMENTS 5 |
6895 | | #define MAX_SEGMENT_SZ 20 |
6896 | | WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher); |
6897 | | WOLFSSL_LOCAL const char* GetCipherSegment(const WOLFSSL_CIPHER* cipher, |
6898 | | char n[][MAX_SEGMENT_SZ]); |
6899 | | WOLFSSL_LOCAL const char* GetCipherProtocol(byte minor); |
6900 | | WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]); |
6901 | | WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]); |
6902 | | WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]); |
6903 | | WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); |
6904 | | WOLFSSL_LOCAL int SetCipherBits(const char* enc); |
6905 | | WOLFSSL_LOCAL int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]); |
6906 | | #endif |
6907 | | WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite); |
6908 | | WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); |
6909 | | WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); |
6910 | | WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, |
6911 | | byte* cipherSuite, byte* major, byte* minor, int* flags); |
6912 | | |
6913 | | |
6914 | | enum encrypt_side { |
6915 | | ENCRYPT_SIDE_ONLY = 1, |
6916 | | DECRYPT_SIDE_ONLY, |
6917 | | ENCRYPT_AND_DECRYPT_SIDE |
6918 | | }; |
6919 | | |
6920 | | WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, |
6921 | | CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng, |
6922 | | int tls13); |
6923 | | WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side); |
6924 | | |
6925 | | /* Set*Internal and Set*External functions */ |
6926 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
6927 | | WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa); |
6928 | | WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa); |
6929 | | WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa); |
6930 | | WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa); |
6931 | | |
6932 | | typedef enum elem_set { |
6933 | | ELEMENT_P = 0x01, |
6934 | | ELEMENT_Q = 0x02, |
6935 | | ELEMENT_G = 0x04, |
6936 | | ELEMENT_PUB = 0x08, |
6937 | | ELEMENT_PRV = 0x10, |
6938 | | } Element_Set; |
6939 | | WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, int elm ); |
6940 | | WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); |
6941 | | WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); |
6942 | | #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ |
6943 | | |
6944 | | #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK)) |
6945 | | WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, |
6946 | | byte* priv, word32* privSz, |
6947 | | byte* pub, word32* pubSz); |
6948 | | WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey, |
6949 | | const byte* priv, word32 privSz, |
6950 | | const byte* otherPub, word32 otherPubSz, |
6951 | | byte* agree, word32* agreeSz, |
6952 | | const byte* prime, word32 primeSz); |
6953 | | #endif /* !NO_DH */ |
6954 | | |
6955 | | #ifdef HAVE_ECC |
6956 | | WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer); |
6957 | | WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum); |
6958 | | #endif |
6959 | | |
6960 | | WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); |
6961 | | WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); |
6962 | | WOLFSSL_LOCAL int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, |
6963 | | HS_Hashes** destination); |
6964 | | |
6965 | | |
6966 | | #ifndef WOLFSSL_NO_TLS12 |
6967 | | WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args); |
6968 | | #endif |
6969 | | WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, |
6970 | | const byte* input, int inSz, int type, int hashOutput, |
6971 | | int sizeOnly, int asyncOkay, int epochOrder); |
6972 | | |
6973 | | #ifdef WOLFSSL_TLS13 |
6974 | | #ifdef WOLFSSL_API_PREFIX_MAP |
6975 | | #define BuildTls13Message wolfSSL_BuildTls13Message |
6976 | | #endif |
6977 | | WOLFSSL_TEST_VIS int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, |
6978 | | int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay); |
6979 | | WOLFSSL_LOCAL int Tls13UpdateKeys(WOLFSSL* ssl); |
6980 | | #endif |
6981 | | |
6982 | | WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey); |
6983 | | WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); |
6984 | | |
6985 | | #ifdef WOLFSSL_ASYNC_CRYPT |
6986 | | WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags); |
6987 | | WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state); |
6988 | | WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev); |
6989 | | #endif |
6990 | | |
6991 | | #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ |
6992 | | (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ |
6993 | | !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) |
6994 | | WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store, |
6995 | | X509_NAME* issuer, int Type); |
6996 | | #endif |
6997 | | #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) |
6998 | | WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void); |
6999 | | WOLFSSL_LOCAL void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash); |
7000 | | WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void); |
7001 | | WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_find( |
7002 | | WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind); |
7003 | | WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); |
7004 | | WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( |
7005 | | const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i); |
7006 | | WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( |
7007 | | WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk); |
7008 | | WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, |
7009 | | void (*f) (WOLFSSL_BY_DIR_HASH*)); |
7010 | | WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); |
7011 | | WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, |
7012 | | WOLFSSL_BY_DIR_HASH* in); |
7013 | | /* WOLFSSL_BY_DIR_entry stuff */ |
7014 | | WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void); |
7015 | | WOLFSSL_LOCAL void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry); |
7016 | | WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void); |
7017 | | WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk); |
7018 | | WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( |
7019 | | const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i); |
7020 | | WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( |
7021 | | WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk); |
7022 | | WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, |
7023 | | void (*f) (WOLFSSL_BY_DIR_entry*)); |
7024 | | WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk); |
7025 | | WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, |
7026 | | WOLFSSL_BY_DIR_entry* in); |
7027 | | #endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ |
7028 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
7029 | | WOLFSSL_LOCAL int oid2nid(word32 oid, int grp); |
7030 | | WOLFSSL_LOCAL word32 nid2oid(int nid, int grp); |
7031 | | #endif |
7032 | | |
7033 | | #ifdef WOLFSSL_DTLS |
7034 | | WOLFSSL_TEST_VIS int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo, |
7035 | | word16* next_hi, word32* next_lo, word32 *window); |
7036 | | WOLFSSL_LOCAL int DtlsUpdateWindow(WOLFSSL* ssl); |
7037 | | WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl); |
7038 | | WOLFSSL_LOCAL int DtlsIgnoreError(int err); |
7039 | | WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl); |
7040 | | #endif |
7041 | | |
7042 | | #ifdef WOLFSSL_DTLS13 |
7043 | | #ifdef WOLFSSL_API_PREFIX_MAP |
7044 | | #define Dtls13GetEpoch wolfSSL_Dtls13GetEpoch |
7045 | | #define Dtls13CheckEpoch wolfSSL_Dtls13CheckEpoch |
7046 | | #define Dtls13WriteAckMessage wolfSSL_Dtls13WriteAckMessage |
7047 | | #define Dtls13RtxAddAck wolfSSL_Dtls13RtxAddAck |
7048 | | #endif |
7049 | | |
7050 | | WOLFSSL_TEST_VIS struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl, |
7051 | | w64wrapper epochNumber); |
7052 | | WOLFSSL_LOCAL void Dtls13SetOlderEpochSide(WOLFSSL* ssl, w64wrapper epochNumber, |
7053 | | int side); |
7054 | | WOLFSSL_LOCAL int Dtls13NewEpoch(WOLFSSL* ssl, w64wrapper epochNumber, |
7055 | | int side); |
7056 | | WOLFSSL_LOCAL int Dtls13SetEpochKeys(WOLFSSL* ssl, w64wrapper epochNumber, |
7057 | | enum encrypt_side side); |
7058 | | WOLFSSL_LOCAL int Dtls13GetSeq(WOLFSSL* ssl, int order, word32* seq, |
7059 | | byte increment); |
7060 | | WOLFSSL_LOCAL int Dtls13DoScheduledWork(WOLFSSL* ssl); |
7061 | | WOLFSSL_LOCAL int Dtls13DeriveSnKeys(WOLFSSL* ssl, int provision); |
7062 | | WOLFSSL_LOCAL int Dtls13SetRecordNumberKeys(WOLFSSL* ssl, |
7063 | | enum encrypt_side side); |
7064 | | |
7065 | | WOLFSSL_LOCAL int Dtls13AddHeaders(byte* output, word32 length, |
7066 | | enum HandShakeType hs_type, WOLFSSL* ssl); |
7067 | | WOLFSSL_LOCAL word16 Dtls13GetHeadersLength(WOLFSSL *ssl, |
7068 | | enum HandShakeType type); |
7069 | | WOLFSSL_LOCAL word16 Dtls13GetRlHeaderLength(WOLFSSL *ssl, byte is_encrypted); |
7070 | | WOLFSSL_LOCAL int Dtls13RlAddCiphertextHeader(WOLFSSL* ssl, byte* out, |
7071 | | word16 length); |
7072 | | WOLFSSL_LOCAL int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out, |
7073 | | enum ContentType content_type, word16 length); |
7074 | | WOLFSSL_LOCAL int Dtls13MinimumRecordLength(WOLFSSL* ssl); |
7075 | | WOLFSSL_LOCAL int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, |
7076 | | word16 recordLength); |
7077 | | WOLFSSL_LOCAL int Dtls13IsUnifiedHeader(byte header_flags); |
7078 | | WOLFSSL_LOCAL int Dtls13GetUnifiedHeaderSize(WOLFSSL* ssl, const byte input, |
7079 | | word16* size); |
7080 | | WOLFSSL_LOCAL int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input, |
7081 | | word16 input_size, Dtls13UnifiedHdrInfo* hdrInfo); |
7082 | | WOLFSSL_LOCAL int Dtls13HandshakeSend(WOLFSSL* ssl, byte* output, |
7083 | | word16 output_size, word16 length, enum HandShakeType handshake_type, |
7084 | | int hash_output); |
7085 | | WOLFSSL_LOCAL int Dtls13RecordRecvd(WOLFSSL* ssl); |
7086 | | WOLFSSL_TEST_VIS int Dtls13CheckEpoch(WOLFSSL* ssl, enum HandShakeType type); |
7087 | | WOLFSSL_LOCAL int Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, |
7088 | | word32* inOutIdx, word32 totalSz); |
7089 | | WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output, |
7090 | | enum HandShakeType msg_type, word32 length); |
7091 | | #define EE_MASK (0x3) |
7092 | | WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl); |
7093 | | WOLFSSL_LOCAL int DoDtls13KeyUpdateAck(WOLFSSL* ssl); |
7094 | | WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, |
7095 | | word32* processedSize); |
7096 | | WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits, |
7097 | | w64wrapper* epoch); |
7098 | | WOLFSSL_LOCAL int Dtls13ReconstructSeqNumber(WOLFSSL* ssl, |
7099 | | Dtls13UnifiedHdrInfo* hdrInfo, w64wrapper* out); |
7100 | | WOLFSSL_TEST_VIS int Dtls13WriteAckMessage(WOLFSSL* ssl, |
7101 | | Dtls13RecordNumber* recordNumberList, word32* length); |
7102 | | WOLFSSL_LOCAL int SendDtls13Ack(WOLFSSL* ssl); |
7103 | | WOLFSSL_TEST_VIS int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq); |
7104 | | WOLFSSL_LOCAL int Dtls13RtxProcessingCertificate(WOLFSSL* ssl, byte* input, |
7105 | | word32 inputSize); |
7106 | | WOLFSSL_LOCAL int Dtls13HashHandshake(WOLFSSL* ssl, const byte* input, |
7107 | | word16 length); |
7108 | | WOLFSSL_LOCAL int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, |
7109 | | int* hashSz, const byte* body, word32 length, CipherSpecs* specs); |
7110 | | WOLFSSL_LOCAL void Dtls13FreeFsmResources(WOLFSSL* ssl); |
7111 | | WOLFSSL_LOCAL void Dtls13RtxFlushBuffered(WOLFSSL* ssl, |
7112 | | byte keepNewSessionTicket); |
7113 | | WOLFSSL_LOCAL int Dtls13RtxTimeout(WOLFSSL* ssl); |
7114 | | WOLFSSL_LOCAL int Dtls13ProcessBufferedMessages(WOLFSSL* ssl); |
7115 | | WOLFSSL_LOCAL int Dtls13CheckAEADFailLimit(WOLFSSL* ssl); |
7116 | | WOLFSSL_LOCAL int Dtls13UpdateWindowRecordRecvd(WOLFSSL* ssl); |
7117 | | #endif /* WOLFSSL_DTLS13 */ |
7118 | | |
7119 | | #ifdef WOLFSSL_STATIC_EPHEMERAL |
7120 | | WOLFSSL_LOCAL int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr); |
7121 | | #endif |
7122 | | |
7123 | | #ifndef NO_CERTS |
7124 | | #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ |
7125 | | defined(OPENSSL_EXTRA_X509_SMALL) |
7126 | | WOLFSSL_LOCAL int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, |
7127 | | const WOLFSSL_ASN1_STRING* asn_in); |
7128 | | #endif |
7129 | | #ifdef OPENSSL_EXTRA |
7130 | | WOLFSSL_LOCAL int GetX509Error(int e); |
7131 | | #endif |
7132 | | #endif |
7133 | | |
7134 | | #ifdef HAVE_EX_DATA_CRYPTO |
7135 | | typedef struct CRYPTO_EX_cb_ctx { |
7136 | | long ctx_l; |
7137 | | void *ctx_ptr; |
7138 | | WOLFSSL_CRYPTO_EX_new* new_func; |
7139 | | WOLFSSL_CRYPTO_EX_free* free_func; |
7140 | | WOLFSSL_CRYPTO_EX_dup* dup_func; |
7141 | | struct CRYPTO_EX_cb_ctx* next; |
7142 | | } CRYPTO_EX_cb_ctx; |
7143 | | |
7144 | | WOLFSSL_TEST_VIS extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session; |
7145 | | #ifdef WOLFSSL_API_PREFIX_MAP |
7146 | | #define crypto_ex_cb_free wolfSSL_crypto_ex_cb_free |
7147 | | #endif |
7148 | | WOLFSSL_TEST_VIS void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx); |
7149 | | WOLFSSL_LOCAL void crypto_ex_cb_setup_new_data(void *new_obj, |
7150 | | CRYPTO_EX_cb_ctx* cb_ctx, WOLFSSL_CRYPTO_EX_DATA* ex_data); |
7151 | | WOLFSSL_LOCAL void crypto_ex_cb_free_data(void *obj, CRYPTO_EX_cb_ctx* cb_ctx, |
7152 | | WOLFSSL_CRYPTO_EX_DATA* ex_data); |
7153 | | WOLFSSL_LOCAL int crypto_ex_cb_dup_data(const WOLFSSL_CRYPTO_EX_DATA *in, |
7154 | | WOLFSSL_CRYPTO_EX_DATA *out, CRYPTO_EX_cb_ctx* cb_ctx); |
7155 | | WOLFSSL_LOCAL int wolfssl_get_ex_new_index(int class_index, long ctx_l, |
7156 | | void* ctx_ptr, WOLFSSL_CRYPTO_EX_new* new_func, |
7157 | | WOLFSSL_CRYPTO_EX_dup* dup_func, WOLFSSL_CRYPTO_EX_free* free_func); |
7158 | | #endif /* HAVE_EX_DATA_CRYPTO */ |
7159 | | |
7160 | | WOLFSSL_LOCAL WC_RNG* wolfssl_get_global_rng(void); |
7161 | | WOLFSSL_LOCAL WC_RNG* wolfssl_make_global_rng(void); |
7162 | | |
7163 | | #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) |
7164 | | #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER) |
7165 | | WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, |
7166 | | const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, |
7167 | | byte **cipherInfo, int maxDerSz, int hashType); |
7168 | | #endif |
7169 | | #endif |
7170 | | |
7171 | | #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) |
7172 | | WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, |
7173 | | int publicKey, void* heap); |
7174 | | #endif |
7175 | | |
7176 | | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ |
7177 | | || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) |
7178 | | WOLFSSL_LOCAL int wolfSSL_SSL_do_handshake_internal(WOLFSSL *s); |
7179 | | #endif |
7180 | | |
7181 | | #ifdef WOLFSSL_QUIC |
7182 | | #define WOLFSSL_IS_QUIC(s) (((s) != NULL) && ((s)->quic.method != NULL)) |
7183 | | WOLFSSL_LOCAL int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz); |
7184 | | WOLFSSL_LOCAL int wolfSSL_quic_send(WOLFSSL* ssl); |
7185 | | WOLFSSL_LOCAL void wolfSSL_quic_clear(WOLFSSL* ssl); |
7186 | | WOLFSSL_LOCAL void wolfSSL_quic_free(WOLFSSL* ssl); |
7187 | | WOLFSSL_LOCAL int wolfSSL_quic_forward_secrets(WOLFSSL *ssl, |
7188 | | int ktype, int side); |
7189 | | WOLFSSL_LOCAL int wolfSSL_quic_keys_active(WOLFSSL* ssl, enum encrypt_side side); |
7190 | | |
7191 | | #else |
7192 | 0 | #define WOLFSSL_IS_QUIC(s) 0 |
7193 | | #endif /* WOLFSSL_QUIC (else) */ |
7194 | | |
7195 | | #if defined(SHOW_SECRETS) && defined(WOLFSSL_SSLKEYLOGFILE) |
7196 | | WOLFSSL_LOCAL int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret, |
7197 | | int secretSz, void* ctx); |
7198 | | #endif |
7199 | | |
7200 | | #if defined(SHOW_SECRETS) |
7201 | | WOLFSSL_LOCAL int tlsShowSecrets(WOLFSSL* ssl, void* secret, |
7202 | | int secretSz, void* ctx); |
7203 | | #endif |
7204 | | |
7205 | | /* Optional Pre-Master-Secret logging for Wireshark */ |
7206 | | #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) |
7207 | | #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT |
7208 | | #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" |
7209 | | #endif |
7210 | | #endif |
7211 | | |
7212 | | #if defined(WOLFSSL_TLS13) && !defined(NO_PSK) |
7213 | | WOLFSSL_LOCAL int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, |
7214 | | byte* psk_key, word32* psk_keySz, const byte* suite, int* found, |
7215 | | byte* foundSuite); |
7216 | | #endif |
7217 | | |
7218 | | WOLFSSL_LOCAL int wolfSSL_GetHmacType_ex(CipherSpecs* specs); |
7219 | | |
7220 | | #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) |
7221 | | WOLFSSL_LOCAL int CreateCookieExt(const WOLFSSL* ssl, byte* hash, |
7222 | | word16 hashSz, TLSX** exts, |
7223 | | byte cipherSuite0, byte cipherSuite); |
7224 | | #endif |
7225 | | |
7226 | | WOLFSSL_LOCAL int TranslateErrorToAlert(int err); |
7227 | | |
7228 | | #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) |
7229 | | WOLFSSL_LOCAL void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, |
7230 | | WOLF_STACK_TYPE type); |
7231 | | WOLFSSL_LOCAL void* wolfSSL_sk_pop_node(WOLFSSL_STACK* sk, int idx); |
7232 | | WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type); |
7233 | | |
7234 | | WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, |
7235 | | const byte* der, word32 len, int addHdr); |
7236 | | #endif |
7237 | | |
7238 | | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
7239 | | WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, |
7240 | | word32* keySz); |
7241 | | WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, |
7242 | | const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, |
7243 | | word32* keySz); |
7244 | | #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ |
7245 | | |
7246 | | WOLFSSL_LOCAL void wolfssl_local_MaybeCheckAlertOnErr(WOLFSSL* ssl, int err); |
7247 | | |
7248 | | #ifdef __cplusplus |
7249 | | } /* extern "C" */ |
7250 | | #endif |
7251 | | |
7252 | | #endif /* wolfSSL_INT_H */ |