internal.h 255 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161616261636164616561666167616861696170617161726173617461756176617761786179618061816182618361846185618661876188618961906191619261936194619561966197619861996200620162026203620462056206620762086209621062116212621362146215621662176218621962206221622262236224622562266227622862296230623162326233623462356236623762386239624062416242624362446245624662476248624962506251625262536254625562566257625862596260626162626263626462656266626762686269627062716272627362746275627662776278627962806281628262836284628562866287628862896290629162926293629462956296629762986299630063016302630363046305630663076308630963106311631263136314631563166317631863196320632163226323632463256326632763286329633063316332633363346335633663376338633963406341634263436344634563466347634863496350635163526353635463556356635763586359636063616362636363646365636663676368636963706371637263736374637563766377637863796380638163826383638463856386638763886389639063916392639363946395639663976398639964006401640264036404640564066407640864096410641164126413641464156416641764186419642064216422642364246425642664276428642964306431643264336434643564366437643864396440644164426443644464456446644764486449645064516452645364546455645664576458645964606461646264636464646564666467646864696470647164726473647464756476647764786479648064816482648364846485648664876488648964906491649264936494649564966497649864996500650165026503650465056506650765086509651065116512651365146515651665176518651965206521652265236524652565266527652865296530653165326533653465356536653765386539654065416542654365446545654665476548654965506551655265536554655565566557655865596560656165626563656465656566656765686569657065716572657365746575657665776578657965806581658265836584658565866587658865896590659165926593659465956596659765986599660066016602660366046605660666076608660966106611661266136614661566166617661866196620662166226623662466256626662766286629663066316632663366346635663666376638663966406641664266436644664566466647664866496650665166526653665466556656665766586659666066616662666366646665666666676668666966706671667266736674667566766677667866796680668166826683668466856686668766886689669066916692669366946695669666976698669967006701670267036704670567066707670867096710671167126713671467156716671767186719672067216722672367246725672667276728672967306731673267336734673567366737673867396740674167426743674467456746674767486749675067516752675367546755675667576758675967606761676267636764676567666767676867696770677167726773677467756776
  1. /* internal.h
  2. *
  3. * Copyright (C) 2006-2023 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifndef WOLFSSL_INT_H
  22. #define WOLFSSL_INT_H
  23. #include <wolfssl/wolfcrypt/types.h>
  24. #include <wolfssl/ssl.h>
  25. #ifdef HAVE_CRL
  26. #include <wolfssl/crl.h>
  27. #endif
  28. #include <wolfssl/wolfcrypt/random.h>
  29. #ifndef NO_DES3
  30. #include <wolfssl/wolfcrypt/des3.h>
  31. #endif
  32. #ifdef HAVE_CHACHA
  33. #include <wolfssl/wolfcrypt/chacha.h>
  34. #endif
  35. #ifndef NO_ASN
  36. #include <wolfssl/wolfcrypt/asn.h>
  37. #include <wolfssl/wolfcrypt/pkcs12.h>
  38. #endif
  39. #ifndef NO_MD5
  40. #include <wolfssl/wolfcrypt/md5.h>
  41. #endif
  42. #ifndef NO_SHA
  43. #include <wolfssl/wolfcrypt/sha.h>
  44. #endif
  45. #ifndef NO_AES
  46. #include <wolfssl/wolfcrypt/aes.h>
  47. #endif
  48. #ifdef HAVE_POLY1305
  49. #include <wolfssl/wolfcrypt/poly1305.h>
  50. #endif
  51. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && defined(OPENSSL_EXTRA)
  52. #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
  53. #endif
  54. #ifdef HAVE_ARIA
  55. #include <wolfssl/wolfcrypt/port/aria/aria-crypt.h>
  56. #endif
  57. #ifdef HAVE_CAMELLIA
  58. #include <wolfssl/wolfcrypt/camellia.h>
  59. #endif
  60. #ifdef WOLFSSL_SM4
  61. #include <wolfssl/wolfcrypt/sm4.h>
  62. #endif
  63. #include <wolfssl/wolfcrypt/logging.h>
  64. #ifndef NO_HMAC
  65. #include <wolfssl/wolfcrypt/hmac.h>
  66. #endif
  67. #ifndef NO_RC4
  68. #include <wolfssl/wolfcrypt/arc4.h>
  69. #endif
  70. #ifndef NO_SHA256
  71. #include <wolfssl/wolfcrypt/sha256.h>
  72. #endif
  73. #if defined(WOLFSSL_SHA384)
  74. #include <wolfssl/wolfcrypt/sha512.h>
  75. #endif
  76. #ifdef HAVE_OCSP
  77. #include <wolfssl/ocsp.h>
  78. #endif
  79. #ifdef WOLFSSL_QUIC
  80. #include <wolfssl/quic.h>
  81. #endif
  82. #ifdef WOLFSSL_SHA384
  83. #include <wolfssl/wolfcrypt/sha512.h>
  84. #endif
  85. #ifdef WOLFSSL_SHA512
  86. #include <wolfssl/wolfcrypt/sha512.h>
  87. #endif
  88. #ifdef WOLFSSL_SM3
  89. #include <wolfssl/wolfcrypt/sm3.h>
  90. #endif
  91. #ifdef HAVE_AESGCM
  92. #include <wolfssl/wolfcrypt/sha512.h>
  93. #endif
  94. #ifdef WOLFSSL_RIPEMD
  95. #include <wolfssl/wolfcrypt/ripemd.h>
  96. #endif
  97. #ifndef NO_RSA
  98. #include <wolfssl/wolfcrypt/rsa.h>
  99. #endif
  100. #ifdef HAVE_ECC
  101. #include <wolfssl/wolfcrypt/ecc.h>
  102. #endif
  103. #ifdef WOLFSSL_SM2
  104. #include <wolfssl/wolfcrypt/sm2.h>
  105. #endif
  106. #ifndef NO_DH
  107. #include <wolfssl/wolfcrypt/dh.h>
  108. #endif
  109. #ifdef HAVE_ED25519
  110. #include <wolfssl/wolfcrypt/ed25519.h>
  111. #endif
  112. #ifdef HAVE_CURVE25519
  113. #include <wolfssl/wolfcrypt/curve25519.h>
  114. #endif
  115. #ifdef HAVE_ED448
  116. #include <wolfssl/wolfcrypt/ed448.h>
  117. #endif
  118. #ifdef HAVE_CURVE448
  119. #include <wolfssl/wolfcrypt/curve448.h>
  120. #endif
  121. #ifdef HAVE_PQC
  122. #include <wolfssl/wolfcrypt/falcon.h>
  123. #include <wolfssl/wolfcrypt/dilithium.h>
  124. #endif
  125. #ifdef HAVE_HKDF
  126. #include <wolfssl/wolfcrypt/kdf.h>
  127. #endif
  128. #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB
  129. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
  130. !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \
  131. !defined(WOLFSSL_TICKET_ENC_AES256_GCM)
  132. #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
  133. #else
  134. #include <wolfssl/wolfcrypt/aes.h>
  135. #endif
  136. #endif
  137. #include <wolfssl/wolfcrypt/wc_encrypt.h>
  138. #include <wolfssl/wolfcrypt/hash.h>
  139. #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
  140. #include <wolfssl/callbacks.h>
  141. #endif
  142. #ifdef WOLFSSL_CALLBACKS
  143. #include <signal.h>
  144. #endif
  145. #ifdef USE_WINDOWS_API
  146. #ifdef WOLFSSL_GAME_BUILD
  147. #include "system/xtl.h"
  148. #else
  149. #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
  150. /* On WinCE winsock2.h must be included before windows.h */
  151. #include <winsock2.h>
  152. #endif
  153. #include <windows.h>
  154. #endif
  155. #elif defined(THREADX)
  156. #ifndef SINGLE_THREADED
  157. #include "tx_api.h"
  158. #endif
  159. #elif defined(WOLFSSL_DEOS)
  160. /* do nothing, just don't pick Unix */
  161. #elif defined(MICRIUM)
  162. /* do nothing, just don't pick Unix */
  163. #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
  164. /* do nothing */
  165. #elif defined(RTTHREAD)
  166. /* do nothing */
  167. #elif defined(EBSNET)
  168. /* do nothing */
  169. #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
  170. /* do nothing */
  171. #elif defined(FREESCALE_FREE_RTOS)
  172. #include "fsl_os_abstraction.h"
  173. #elif defined(WOLFSSL_uITRON4)
  174. /* do nothing */
  175. #elif defined(WOLFSSL_uTKERNEL2)
  176. /* do nothing */
  177. #elif defined(WOLFSSL_CMSIS_RTOS)
  178. #include "cmsis_os.h"
  179. #elif defined(WOLFSSL_CMSIS_RTOSv2)
  180. #include "cmsis_os2.h"
  181. #elif defined(WOLFSSL_MDK_ARM)
  182. #if defined(WOLFSSL_MDK5)
  183. #include "cmsis_os.h"
  184. #else
  185. #include <rtl.h>
  186. #endif
  187. #elif defined(MBED)
  188. #elif defined(WOLFSSL_TIRTOS)
  189. /* do nothing */
  190. #elif defined(INTIME_RTOS)
  191. #include <rt.h>
  192. #elif defined(WOLFSSL_NUCLEUS_1_2)
  193. /* do nothing */
  194. #elif defined(WOLFSSL_APACHE_MYNEWT)
  195. #if !defined(WOLFSSL_LWIP)
  196. void mynewt_ctx_clear(void *ctx);
  197. void* mynewt_ctx_new();
  198. #endif
  199. #elif defined(WOLFSSL_ZEPHYR)
  200. #ifndef SINGLE_THREADED
  201. #include <zephyr/kernel.h>
  202. #endif
  203. #elif defined(WOLFSSL_TELIT_M2MB)
  204. /* do nothing */
  205. #elif defined(WOLFSSL_EMBOS)
  206. /* do nothing */
  207. #else
  208. #ifndef SINGLE_THREADED
  209. #if defined(WOLFSSL_LINUXKM)
  210. /* setup is in linuxkm/linuxkm_wc_port.h */
  211. #elif defined(WOLFSSL_USER_MUTEX)
  212. /* do nothing */
  213. #else
  214. #define WOLFSSL_PTHREADS
  215. #include <pthread.h>
  216. #endif
  217. #endif
  218. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
  219. #ifdef FUSION_RTOS
  220. #include <fclunistd.h>
  221. #else
  222. #include <unistd.h> /* for close of BIO */
  223. #endif
  224. #endif
  225. #endif
  226. #if !defined(CHAR_BIT) || (defined(OPENSSL_EXTRA) && !defined(INT_MAX))
  227. /* Needed for DTLS without big math and INT_MAX */
  228. #include <limits.h>
  229. #endif
  230. #ifdef HAVE_LIBZ
  231. #include "zlib.h"
  232. #endif
  233. #ifdef WOLFSSL_ASYNC_CRYPT
  234. #include <wolfssl/wolfcrypt/async.h>
  235. #endif
  236. #ifdef OPENSSL_EXTRA
  237. #ifdef WOLFCRYPT_HAVE_SRP
  238. #include <wolfssl/wolfcrypt/srp.h>
  239. #endif
  240. #endif
  241. #ifdef _MSC_VER
  242. /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
  243. #pragma warning(disable: 4996)
  244. #endif
  245. #ifdef NO_SHA
  246. #define WC_SHA_DIGEST_SIZE 20
  247. #endif
  248. #ifdef NO_SHA256
  249. #define WC_SHA256_DIGEST_SIZE 32
  250. #endif
  251. #ifdef NO_MD5
  252. #define WC_MD5_DIGEST_SIZE 16
  253. #endif
  254. #ifdef WOLFSSL_IOTSAFE
  255. #include <wolfssl/wolfcrypt/port/iotsafe/iotsafe.h>
  256. #endif
  257. #if defined(WOLFSSL_RENESAS_TSIP_TLS)
  258. #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
  259. #endif
  260. #include <wolfssl/wolfcrypt/hpke.h>
  261. #if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_KEYLOGFILE)
  262. #include <wolfssl/sniffer.h>
  263. #endif /* WOLFSSL_SNIFFER && WOLFSSL_SNIFFER_KEYLOGFILE */
  264. #ifdef __cplusplus
  265. extern "C" {
  266. #endif
  267. /* Define or comment out the cipher suites you'd like to be compiled in
  268. make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
  269. When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
  270. Now that there is a maximum strength crypto build, the following BUILD_XXX
  271. flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
  272. Those that do not use Perfect Forward Security and do not use AEAD ciphers
  273. need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
  274. CHACHA-POLY.
  275. */
  276. /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
  277. * not turned off. */
  278. #if defined(WOLFSSL_MAX_STRENGTH) && \
  279. ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
  280. (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
  281. (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
  282. (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
  283. !defined(NO_OLD_TLS))
  284. #error "You are trying to build max strength with requirements disabled."
  285. #endif
  286. #ifndef WOLFSSL_NO_TLS12
  287. #ifndef WOLFSSL_MAX_STRENGTH
  288. #ifdef WOLFSSL_AEAD_ONLY
  289. /* AES CBC ciphers are not allowed in AEAD only mode */
  290. #undef HAVE_AES_CBC
  291. #endif
  292. /* When adding new ciphersuites, make sure that they have appropriate
  293. * guards for WOLFSSL_HARDEN_TLS. */
  294. #if defined(WOLFSSL_HARDEN_TLS) && \
  295. !defined(WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES)
  296. /* Use a separate define (undef'ed later) to simplify macro logic. */
  297. #define WSSL_HARDEN_TLS WOLFSSL_HARDEN_TLS
  298. #define NO_TLS_DH
  299. #endif
  300. #ifndef WOLFSSL_AEAD_ONLY
  301. #if !defined(NO_RSA) && !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
  302. /* MUST NOT negotiate RC4 cipher suites
  303. * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  304. #if defined(WOLFSSL_STATIC_RSA)
  305. #if !defined(NO_SHA)
  306. #define BUILD_SSL_RSA_WITH_RC4_128_SHA
  307. #endif
  308. #if !defined(NO_MD5)
  309. #define BUILD_SSL_RSA_WITH_RC4_128_MD5
  310. #endif
  311. #endif
  312. #endif
  313. #if !defined(NO_RSA) && !defined(NO_DES3)
  314. #if !defined(NO_SHA)
  315. #if defined(WOLFSSL_STATIC_RSA)
  316. #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
  317. #endif
  318. #endif
  319. #endif
  320. #endif /* !WOLFSSL_AEAD_ONLY */
  321. #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
  322. #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
  323. #if defined(WOLFSSL_STATIC_RSA)
  324. #ifdef WOLFSSL_AES_128
  325. #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
  326. #endif
  327. #ifdef WOLFSSL_AES_256
  328. #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
  329. #endif
  330. #endif
  331. #endif
  332. #if defined(WOLFSSL_STATIC_RSA)
  333. #if !defined (NO_SHA256) && defined(HAVE_AES_CBC)
  334. #ifdef WOLFSSL_AES_128
  335. #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
  336. #endif
  337. #ifdef WOLFSSL_AES_256
  338. #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
  339. #endif
  340. #endif
  341. #if defined (HAVE_AESGCM)
  342. #ifdef WOLFSSL_AES_128
  343. #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
  344. #endif
  345. #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
  346. #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
  347. #endif
  348. #endif
  349. #if defined (HAVE_AESCCM)
  350. #ifdef WOLFSSL_AES_128
  351. #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
  352. #endif
  353. #ifdef WOLFSSL_AES_256
  354. #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
  355. #endif
  356. #endif
  357. #endif
  358. #endif
  359. #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC)
  360. #ifndef NO_RSA
  361. #if defined(WOLFSSL_STATIC_RSA)
  362. #if !defined(NO_SHA)
  363. #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  364. #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  365. #endif
  366. #ifndef NO_SHA256
  367. #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
  368. #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
  369. #endif
  370. #endif
  371. #if !defined(NO_DH) && !defined(NO_TLS_DH)
  372. /* SHOULD NOT negotiate cipher suites based on ephemeral
  373. * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
  374. * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  375. #if !defined(NO_SHA)
  376. #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
  377. #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
  378. #endif
  379. #ifndef NO_SHA256
  380. #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
  381. #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
  382. #endif
  383. #endif
  384. #endif
  385. #endif
  386. #if defined(WOLFSSL_STATIC_PSK)
  387. #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
  388. #if !defined(NO_SHA)
  389. #ifdef WOLFSSL_AES_128
  390. #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
  391. #endif
  392. #ifdef WOLFSSL_AES_256
  393. #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
  394. #endif
  395. #endif
  396. #ifndef NO_SHA256
  397. #ifdef WOLFSSL_AES_128
  398. #ifdef HAVE_AES_CBC
  399. #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
  400. #endif
  401. #ifdef HAVE_AESGCM
  402. #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
  403. #endif
  404. #endif /* WOLFSSL_AES_128 */
  405. #ifdef HAVE_AESCCM
  406. #ifdef WOLFSSL_AES_128
  407. #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
  408. #define BUILD_TLS_PSK_WITH_AES_128_CCM
  409. #endif
  410. #ifdef WOLFSSL_AES_256
  411. #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
  412. #define BUILD_TLS_PSK_WITH_AES_256_CCM
  413. #endif
  414. #endif
  415. #endif
  416. #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
  417. #ifdef HAVE_AES_CBC
  418. #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
  419. #endif
  420. #ifdef HAVE_AESGCM
  421. #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
  422. #endif
  423. #endif
  424. #endif
  425. #endif
  426. #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
  427. #if !defined(NO_RSA)
  428. #if defined(WOLFSSL_STATIC_RSA)
  429. #ifndef NO_MD5
  430. #define BUILD_TLS_RSA_WITH_NULL_MD5
  431. #endif
  432. #if !defined(NO_SHA)
  433. #define BUILD_TLS_RSA_WITH_NULL_SHA
  434. #endif
  435. #ifndef NO_SHA256
  436. #define BUILD_TLS_RSA_WITH_NULL_SHA256
  437. #endif
  438. #endif
  439. #endif
  440. #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
  441. #if !defined(NO_SHA)
  442. #define BUILD_TLS_PSK_WITH_NULL_SHA
  443. #endif
  444. #ifndef NO_SHA256
  445. #define BUILD_TLS_PSK_WITH_NULL_SHA256
  446. #endif
  447. #ifdef WOLFSSL_SHA384
  448. #define BUILD_TLS_PSK_WITH_NULL_SHA384
  449. #endif
  450. #endif
  451. #endif
  452. #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
  453. !defined(NO_RSA) && !defined(NO_TLS_DH)
  454. /* SHOULD NOT negotiate cipher suites based on ephemeral
  455. * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
  456. * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  457. #if !defined(NO_SHA)
  458. #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
  459. #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  460. #endif
  461. #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
  462. #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  463. #endif
  464. #if !defined(NO_DES3)
  465. #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  466. #endif
  467. #endif
  468. #if !defined(NO_SHA256) && defined(HAVE_AES_CBC)
  469. #ifdef WOLFSSL_AES_128
  470. #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  471. #endif
  472. #ifdef WOLFSSL_AES_256
  473. #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  474. #endif
  475. #endif
  476. #endif
  477. #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
  478. !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  479. #ifdef HAVE_AES_CBC
  480. #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
  481. #endif
  482. #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
  483. #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
  484. #endif
  485. #endif
  486. #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
  487. !defined(NO_TLS_DH)
  488. /* SHOULD NOT negotiate cipher suites based on ephemeral
  489. * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
  490. * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  491. #ifndef NO_SHA256
  492. #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \
  493. defined(HAVE_AES_CBC)
  494. #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
  495. #endif
  496. #ifdef HAVE_NULL_CIPHER
  497. #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
  498. #endif
  499. #endif
  500. #ifdef WOLFSSL_SHA384
  501. #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \
  502. defined(HAVE_AES_CBC)
  503. #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
  504. #endif
  505. #ifdef HAVE_NULL_CIPHER
  506. #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
  507. #endif
  508. #endif
  509. #endif
  510. #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
  511. defined(HAVE_CURVE448)) && !defined(NO_TLS)
  512. #if !defined(NO_AES)
  513. #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
  514. #if !defined(NO_RSA)
  515. #ifdef WOLFSSL_AES_128
  516. #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  517. #endif
  518. #ifdef WOLFSSL_AES_256
  519. #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  520. #endif
  521. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  522. #ifdef WOLFSSL_AES_128
  523. #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  524. #endif
  525. #ifdef WOLFSSL_AES_256
  526. #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  527. #endif
  528. #endif
  529. #endif
  530. #if defined(HAVE_ECC) || \
  531. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  532. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  533. #ifdef WOLFSSL_AES_128
  534. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  535. #endif
  536. #ifdef WOLFSSL_AES_256
  537. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  538. #endif
  539. #endif
  540. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  541. #ifdef WOLFSSL_AES_128
  542. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  543. #endif
  544. #ifdef WOLFSSL_AES_256
  545. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  546. #endif
  547. #endif
  548. #endif /* NO_SHA */
  549. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
  550. defined(HAVE_AES_CBC)
  551. #if !defined(NO_RSA)
  552. #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  553. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  554. #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
  555. #endif
  556. #endif
  557. #if defined(HAVE_ECC) || \
  558. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  559. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  560. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  561. #endif
  562. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  563. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  564. #endif
  565. #endif
  566. #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
  567. defined(HAVE_AES_CBC)
  568. #if !defined(NO_RSA)
  569. #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  570. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  571. #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  572. #endif
  573. #endif
  574. #if defined(HAVE_ECC) || \
  575. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  576. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  577. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  578. #endif
  579. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  580. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  581. #endif
  582. #endif
  583. #if defined (HAVE_AESGCM)
  584. #if !defined(NO_RSA)
  585. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  586. #ifdef WOLFSSL_AES_128
  587. #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  588. #endif
  589. #endif
  590. #if defined(WOLFSSL_SHA384)
  591. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  592. #ifdef WOLFSSL_AES_256
  593. #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
  594. #endif
  595. #endif
  596. #endif
  597. #endif
  598. #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \
  599. defined(HAVE_ECC)
  600. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  601. #endif
  602. #if defined(WOLFSSL_SHA384)
  603. #if defined(WOLFSSL_STATIC_DH) && \
  604. defined(WOLFSSL_AES_256) && defined(HAVE_ECC)
  605. #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
  606. #endif
  607. #endif
  608. #endif
  609. #endif /* NO_AES */
  610. #ifdef HAVE_ARIA
  611. #define BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
  612. #define BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
  613. #endif /* HAVE_ARIA */
  614. #if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
  615. /* MUST NOT negotiate RC4 cipher suites
  616. * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  617. #if !defined(NO_SHA)
  618. #if !defined(NO_RSA)
  619. #ifndef WOLFSSL_AEAD_ONLY
  620. #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
  621. #endif
  622. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  623. #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
  624. #endif
  625. #endif
  626. #if defined(HAVE_ECC) || \
  627. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  628. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  629. #ifndef WOLFSSL_AEAD_ONLY
  630. #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  631. #endif
  632. #endif
  633. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  634. #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  635. #endif
  636. #endif
  637. #endif
  638. #if !defined(NO_DES3) && !(defined(WSSL_HARDEN_TLS) && \
  639. WSSL_HARDEN_TLS > 112)
  640. /* 3DES offers only 112 bits of security.
  641. * Using guidance from section 5.6.1
  642. * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
  643. #ifndef NO_SHA
  644. #if !defined(NO_RSA)
  645. #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  646. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  647. #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  648. #endif
  649. #endif
  650. #if defined(HAVE_ECC) || \
  651. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  652. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  653. #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  654. #endif
  655. #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
  656. #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  657. #endif
  658. #endif /* NO_SHA */
  659. #endif
  660. #if defined(HAVE_NULL_CIPHER)
  661. #if !defined(NO_SHA)
  662. #if defined(HAVE_ECC) || \
  663. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  664. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  665. #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
  666. #endif
  667. #endif
  668. #if !defined(NO_PSK) && !defined(NO_SHA256)
  669. #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
  670. #endif
  671. #endif
  672. #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
  673. defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
  674. #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
  675. #endif
  676. #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
  677. defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM)
  678. #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
  679. #endif
  680. #endif
  681. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
  682. #if !defined(NO_OLD_POLY1305)
  683. #if defined(HAVE_ECC) || \
  684. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  685. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  686. #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
  687. #endif
  688. #if !defined(NO_RSA) && defined(HAVE_ECC)
  689. #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
  690. #endif
  691. #if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH)
  692. /* SHOULD NOT negotiate cipher suites based on ephemeral
  693. * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
  694. * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  695. #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
  696. #endif
  697. #endif /* NO_OLD_POLY1305 */
  698. #if !defined(NO_PSK)
  699. #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
  700. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \
  701. defined(HAVE_ED448)
  702. #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
  703. #endif
  704. #if !defined(NO_DH) && !defined(NO_TLS_DH)
  705. /* SHOULD NOT negotiate cipher suites based on ephemeral
  706. * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
  707. * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  708. #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
  709. #endif
  710. #endif /* !NO_PSK */
  711. #endif
  712. #endif /* !WOLFSSL_MAX_STRENGTH */
  713. #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
  714. !defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(NO_TLS_DH)
  715. /* SHOULD NOT negotiate cipher suites based on ephemeral
  716. * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
  717. * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  718. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
  719. #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  720. #endif
  721. #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
  722. #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  723. #endif
  724. #endif
  725. #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
  726. !defined(NO_TLS_DH)
  727. /* SHOULD NOT negotiate cipher suites based on ephemeral
  728. * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
  729. * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  730. #ifndef NO_SHA256
  731. #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
  732. #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
  733. #endif
  734. #ifdef HAVE_AESCCM
  735. #ifdef WOLFSSL_AES_128
  736. #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
  737. #endif
  738. #ifdef WOLFSSL_AES_256
  739. #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
  740. #endif
  741. #endif
  742. #endif
  743. #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \
  744. defined(WOLFSSL_AES_256)
  745. #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
  746. #endif
  747. #endif
  748. #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \
  749. && !defined(NO_TLS) && !defined(NO_AES)
  750. #ifdef HAVE_AESGCM
  751. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
  752. #if defined(HAVE_ECC) || \
  753. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  754. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  755. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  756. #endif
  757. #ifndef NO_RSA
  758. #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  759. #endif
  760. #endif
  761. #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
  762. #if defined(HAVE_ECC) || \
  763. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  764. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  765. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  766. #endif
  767. #ifndef NO_RSA
  768. #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  769. #endif
  770. #endif
  771. #endif
  772. #if defined(HAVE_AESCCM) && !defined(NO_SHA256)
  773. #if defined(HAVE_ECC) || \
  774. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  775. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  776. #ifdef WOLFSSL_AES_128
  777. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
  778. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
  779. #endif
  780. #ifdef WOLFSSL_AES_256
  781. #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
  782. #endif
  783. #endif
  784. #endif
  785. #endif
  786. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
  787. #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
  788. #if defined(HAVE_ECC) || \
  789. (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
  790. (defined(HAVE_CURVE448) && defined(HAVE_ED448))
  791. #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  792. #endif
  793. #ifndef NO_RSA
  794. #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  795. #endif
  796. #endif
  797. #if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH)
  798. /* SHOULD NOT negotiate cipher suites based on ephemeral
  799. * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
  800. * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  801. #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  802. #endif
  803. #endif
  804. #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
  805. #ifdef WOLFSSL_SM4_CBC
  806. #define BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3
  807. #endif
  808. #ifdef WOLFSSL_SM4_GCM
  809. #define BUILD_TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3
  810. #endif
  811. #ifdef WOLFSSL_SM4_CCM
  812. #define BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3
  813. #endif
  814. #endif
  815. #endif
  816. #if defined(WOLFSSL_TLS13)
  817. #ifdef HAVE_AESGCM
  818. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
  819. #define BUILD_TLS_AES_128_GCM_SHA256
  820. #endif
  821. #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
  822. #define BUILD_TLS_AES_256_GCM_SHA384
  823. #endif
  824. #endif
  825. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  826. #ifndef NO_SHA256
  827. #define BUILD_TLS_CHACHA20_POLY1305_SHA256
  828. #endif
  829. #endif
  830. #ifdef HAVE_AESCCM
  831. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
  832. #define BUILD_TLS_AES_128_CCM_SHA256
  833. #define BUILD_TLS_AES_128_CCM_8_SHA256
  834. #endif
  835. #endif
  836. #ifdef HAVE_NULL_CIPHER
  837. #ifndef NO_SHA256
  838. #define BUILD_TLS_SHA256_SHA256
  839. #endif
  840. #ifdef WOLFSSL_SHA384
  841. #define BUILD_TLS_SHA384_SHA384
  842. #endif
  843. #endif
  844. #ifdef WOLFSSL_SM3
  845. #ifdef WOLFSSL_SM4_GCM
  846. #define BUILD_TLS_SM4_GCM_SM3
  847. #endif
  848. #ifdef WOLFSSL_SM4_CCM
  849. #define BUILD_TLS_SM4_CCM_SM3
  850. #endif
  851. #endif
  852. #endif
  853. #if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && \
  854. (defined(NO_DH) || !defined(HAVE_ANON)) && \
  855. defined(NO_RSA) && !defined(HAVE_ECC) && \
  856. !defined(HAVE_ED25519) && !defined(HAVE_ED448)
  857. #error "No cipher suites available with this build"
  858. #endif
  859. #ifdef WOLFSSL_MULTICAST
  860. #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
  861. #define BUILD_WDM_WITH_NULL_SHA256
  862. #endif
  863. #endif
  864. #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
  865. defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
  866. #define BUILD_ARC4
  867. #endif
  868. #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
  869. #define BUILD_DES3
  870. #endif
  871. #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
  872. defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
  873. defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \
  874. defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
  875. #undef BUILD_AES
  876. #define BUILD_AES
  877. #endif
  878. #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
  879. defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
  880. defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
  881. defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
  882. defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
  883. defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
  884. defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
  885. defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
  886. defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
  887. defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
  888. defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
  889. defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \
  890. defined(BUILD_TLS_AES_128_GCM_SHA256) || \
  891. defined(BUILD_TLS_AES_256_GCM_SHA384)
  892. #define BUILD_AESGCM
  893. #else
  894. /* No AES-GCM cipher suites available with build */
  895. #define NO_AESGCM_AEAD
  896. #endif
  897. #if defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256) || \
  898. defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384)
  899. #define BUILD_ARIA
  900. #endif
  901. #if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
  902. defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
  903. defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
  904. defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \
  905. defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
  906. defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
  907. defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
  908. defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
  909. defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
  910. defined(BUILD_TLS_CHACHA20_POLY1305_SHA256)
  911. /* Have an available ChaCha Poly cipher suite */
  912. #else
  913. /* No ChaCha Poly cipher suites available with build */
  914. #define NO_CHAPOL_AEAD
  915. #endif
  916. #ifdef NO_DES3
  917. #define DES_BLOCK_SIZE 8
  918. #else
  919. #undef BUILD_DES3
  920. #define BUILD_DES3
  921. #endif
  922. #if defined(NO_AES) || !defined(HAVE_AES_DECRYPT)
  923. #define AES_BLOCK_SIZE 16
  924. #undef BUILD_AES
  925. #else
  926. #undef BUILD_AES
  927. #define BUILD_AES
  928. #endif
  929. #if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
  930. /* MUST NOT negotiate RC4 cipher suites
  931. * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
  932. #undef BUILD_ARC4
  933. #define BUILD_ARC4
  934. #endif
  935. #ifdef HAVE_CHACHA
  936. #define CHACHA20_BLOCK_SIZE 16
  937. #endif
  938. #if defined(WOLFSSL_MAX_STRENGTH) || \
  939. (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \
  940. defined(HAVE_AESCCM) || \
  941. defined(HAVE_ARIA) || \
  942. (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
  943. !defined(NO_CHAPOL_AEAD)) || \
  944. defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
  945. (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER))
  946. #define HAVE_AEAD
  947. #endif
  948. #if defined(WOLFSSL_MAX_STRENGTH) || \
  949. defined(HAVE_ECC) || !defined(NO_DH)
  950. #define HAVE_PFS
  951. #endif
  952. #ifdef WSSL_HARDEN_TLS
  953. #ifdef HAVE_NULL_CIPHER
  954. #error "NULL ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1"
  955. #endif
  956. #ifdef WOLFSSL_STATIC_RSA
  957. #error "Static RSA ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1"
  958. #endif
  959. #ifdef WOLFSSL_STATIC_DH
  960. #error "Static DH ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1"
  961. #endif
  962. #ifdef HAVE_ANON
  963. #error "At least the server side has to be authenticated"
  964. #endif
  965. #endif
  966. #undef WSSL_HARDEN_TLS
  967. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
  968. #define SSL_CA_NAMES(ssl) ((ssl)->client_ca_names != NULL ? (ssl)->client_ca_names : \
  969. (ssl)->ctx->client_ca_names)
  970. #else
  971. #define WOLFSSL_NO_CA_NAMES
  972. #endif
  973. /* actual cipher values, 2nd byte */
  974. enum {
  975. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
  976. TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
  977. TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
  978. TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
  979. TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
  980. TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
  981. TLS_RSA_WITH_NULL_MD5 = 0x01,
  982. TLS_RSA_WITH_NULL_SHA = 0x02,
  983. TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
  984. TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
  985. TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
  986. TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
  987. TLS_PSK_WITH_NULL_SHA256 = 0xb0,
  988. TLS_PSK_WITH_NULL_SHA384 = 0xb1,
  989. TLS_PSK_WITH_NULL_SHA = 0x2c,
  990. SSL_RSA_WITH_RC4_128_SHA = 0x05,
  991. SSL_RSA_WITH_RC4_128_MD5 = 0x04,
  992. SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
  993. /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
  994. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
  995. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
  996. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
  997. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
  998. TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
  999. TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
  1000. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
  1001. TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
  1002. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
  1003. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
  1004. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
  1005. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
  1006. TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
  1007. TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
  1008. TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
  1009. /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
  1010. TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
  1011. TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
  1012. TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
  1013. TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
  1014. TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
  1015. TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
  1016. TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
  1017. TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
  1018. TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
  1019. TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
  1020. TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
  1021. TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
  1022. WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
  1023. /* SHA256 */
  1024. TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
  1025. TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
  1026. TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
  1027. TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
  1028. TLS_RSA_WITH_NULL_SHA256 = 0x3b,
  1029. TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
  1030. TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
  1031. /* SHA384 */
  1032. TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
  1033. TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
  1034. /* AES-GCM */
  1035. TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
  1036. TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
  1037. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
  1038. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
  1039. TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
  1040. TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
  1041. TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
  1042. TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
  1043. TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
  1044. /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
  1045. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
  1046. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
  1047. TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
  1048. TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
  1049. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
  1050. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
  1051. TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
  1052. TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
  1053. /* AES-CCM, first byte is 0xC0 but isn't ECC,
  1054. * also, in some of the other AES-CCM suites
  1055. * there will be second byte number conflicts
  1056. * with non-ECC AES-GCM */
  1057. TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
  1058. TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
  1059. TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
  1060. TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
  1061. TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
  1062. TLS_PSK_WITH_AES_128_CCM = 0xa4,
  1063. TLS_PSK_WITH_AES_256_CCM = 0xa5,
  1064. TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
  1065. TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
  1066. TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
  1067. TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
  1068. /* Camellia */
  1069. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
  1070. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
  1071. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
  1072. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
  1073. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
  1074. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
  1075. TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
  1076. TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
  1077. /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
  1078. TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
  1079. TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
  1080. TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
  1081. TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
  1082. TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
  1083. TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
  1084. /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
  1085. TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
  1086. TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
  1087. TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
  1088. /* ECDHE_PSK RFC8442, first byte is 0xD0 (EDHE_PSK_BYTE) */
  1089. TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0x01,
  1090. /* TLS v1.3 cipher suites */
  1091. TLS_AES_128_GCM_SHA256 = 0x01,
  1092. TLS_AES_256_GCM_SHA384 = 0x02,
  1093. TLS_CHACHA20_POLY1305_SHA256 = 0x03,
  1094. TLS_AES_128_CCM_SHA256 = 0x04,
  1095. TLS_AES_128_CCM_8_SHA256 = 0x05,
  1096. /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */
  1097. TLS_SHA256_SHA256 = 0xB4,
  1098. TLS_SHA384_SHA384 = 0xB5,
  1099. /* ARIA-GCM, first byte is 0xC0 (ECC_BYTE)
  1100. * See: https://www.rfc-editor.org/rfc/rfc6209.html#section-5
  1101. */
  1102. TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0x5c,
  1103. TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0x5d,
  1104. /* TLS v1.3 SM cipher suites - 0x00 (CIPHER_BYTE) is first byte */
  1105. TLS_SM4_GCM_SM3 = 0xC6,
  1106. TLS_SM4_CCM_SM3 = 0xC7,
  1107. /* TLS v1.2 SM cipher suites - 0xE0 (SM_BYTE) is first byte */
  1108. TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 = 0x11,
  1109. TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 = 0x51,
  1110. TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 = 0x52,
  1111. /* Fallback SCSV (Signaling Cipher Suite Value) */
  1112. TLS_FALLBACK_SCSV = 0x56,
  1113. /* Renegotiation Indication Extension Special Suite */
  1114. TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
  1115. };
  1116. #ifndef WOLFSSL_SESSION_TIMEOUT
  1117. #define WOLFSSL_SESSION_TIMEOUT 500
  1118. /* default session resumption cache timeout in seconds */
  1119. #endif
  1120. #ifndef WOLFSSL_DTLS_WINDOW_WORDS
  1121. #define WOLFSSL_DTLS_WINDOW_WORDS 2
  1122. #endif /* WOLFSSL_DTLS_WINDOW_WORDS */
  1123. #define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
  1124. #define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
  1125. #define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
  1126. #ifndef WOLFSSL_MULTICAST
  1127. #define WOLFSSL_DTLS_PEERSEQ_SZ 1
  1128. #else
  1129. #ifndef WOLFSSL_MULTICAST_PEERS
  1130. /* max allowed multicast group peers */
  1131. #define WOLFSSL_MULTICAST_PEERS 100
  1132. #endif
  1133. #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS
  1134. #endif /* WOLFSSL_MULTICAST */
  1135. #ifndef WOLFSSL_MAX_MTU
  1136. /* 1500 - 100 bytes to account for UDP and IP headers */
  1137. #define WOLFSSL_MAX_MTU 1400
  1138. #endif /* WOLFSSL_MAX_MTU */
  1139. #ifndef WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER
  1140. #define WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER 500
  1141. #endif /* WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER */
  1142. #ifndef WOLFSSL_DTLS_FRAG_POOL_SZ
  1143. #define WOLFSSL_DTLS_FRAG_POOL_SZ 10
  1144. #endif
  1145. /* set minimum DH key size allowed */
  1146. #ifndef WOLFSSL_MIN_DHKEY_BITS
  1147. #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
  1148. /* Using guidance from section 5.6.1
  1149. * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
  1150. #if WOLFSSL_HARDEN_TLS >= 128
  1151. #define WOLFSSL_MIN_DHKEY_BITS 3072
  1152. #elif WOLFSSL_HARDEN_TLS >= 112
  1153. #define WOLFSSL_MIN_DHKEY_BITS 2048
  1154. #endif
  1155. #elif defined(WOLFSSL_MAX_STRENGTH)
  1156. #define WOLFSSL_MIN_DHKEY_BITS 2048
  1157. #else
  1158. #define WOLFSSL_MIN_DHKEY_BITS 1024
  1159. #endif
  1160. #endif
  1161. #if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_DHKEY_BITS < 2048 && \
  1162. !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
  1163. /* Implementations MUST NOT negotiate cipher suites offering less than
  1164. * 112 bits of security.
  1165. * https://www.rfc-editor.org/rfc/rfc9325#section-4.1
  1166. * Using guidance from section 5.6.1
  1167. * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
  1168. #error "For 112 bits of security DH needs at least 2048 bit keys"
  1169. #endif
  1170. #if (WOLFSSL_MIN_DHKEY_BITS % 8)
  1171. #error DH minimum bit size must be multiple of 8
  1172. #endif
  1173. #if (WOLFSSL_MIN_DHKEY_BITS > 16000)
  1174. #error DH minimum bit size must not be greater than 16000
  1175. #endif
  1176. #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
  1177. /* set maximum DH key size allowed */
  1178. #ifndef WOLFSSL_MAX_DHKEY_BITS
  1179. #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
  1180. #define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2)
  1181. #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) && \
  1182. defined(SP_INT_BITS)
  1183. /* SP implementation supports numbers of SP_INT_BITS bits. */
  1184. #define WOLFSSL_MAX_DHKEY_BITS (((SP_INT_BITS + 7) / 8) * 8)
  1185. #else
  1186. #define WOLFSSL_MAX_DHKEY_BITS 4096
  1187. #endif
  1188. #endif
  1189. #if (WOLFSSL_MAX_DHKEY_BITS % 8)
  1190. #error DH maximum bit size must be multiple of 8
  1191. #endif
  1192. #if (WOLFSSL_MAX_DHKEY_BITS > 16384)
  1193. #error DH maximum bit size must not be greater than 16384
  1194. #endif
  1195. #define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
  1196. #ifndef NO_DH
  1197. #if WOLFSSL_MAX_DHKEY_BITS < WOLFSSL_MIN_DHKEY_BITS
  1198. #error "WOLFSSL_MAX_DHKEY_BITS has to be greater than WOLFSSL_MIN_DHKEY_BITS"
  1199. #endif
  1200. #endif /* NO_DH */
  1201. #ifndef MAX_PSK_ID_LEN
  1202. /* max psk identity/hint supported */
  1203. #if defined(WOLFSSL_TLS13)
  1204. /* OpenSSL has a 1472 byte session ticket */
  1205. #define MAX_PSK_ID_LEN 1536
  1206. #else
  1207. #define MAX_PSK_ID_LEN 128
  1208. #endif
  1209. #endif
  1210. #ifndef MAX_EARLY_DATA_SZ
  1211. /* maximum early data size */
  1212. #define MAX_EARLY_DATA_SZ 4096
  1213. #endif
  1214. #ifndef NO_RSA
  1215. #ifndef WOLFSSL_MAX_RSA_BITS
  1216. #ifdef USE_FAST_MATH
  1217. /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
  1218. #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2)
  1219. #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
  1220. /* SP implementation supports numbers of SP_INT_BITS bits. */
  1221. #define WOLFSSL_MAX_RSA_BITS (((SP_INT_BITS + 7) / 8) * 8)
  1222. #else
  1223. /* Integer maths is dynamic but we only go up to 4096 bits. */
  1224. #define WOLFSSL_MAX_RSA_BITS 4096
  1225. #endif
  1226. #endif
  1227. #if (WOLFSSL_MAX_RSA_BITS % 8)
  1228. #error RSA maximum bit size must be multiple of 8
  1229. #endif
  1230. #endif
  1231. #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)
  1232. /* MySQL wants to be able to use 8192-bit numbers. */
  1233. #if defined(USE_FAST_MATH) && defined(FP_MAX_BITS)
  1234. /* Use the FP size up to 8192-bit and down to a min of 1024-bit. */
  1235. #if FP_MAX_BITS >= 16384
  1236. #define ENCRYPT_BASE_BITS 8192
  1237. #elif defined(HAVE_ECC)
  1238. #if FP_MAX_BITS > 2224
  1239. #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2)
  1240. #else
  1241. /* 521-bit ASN.1 signature - 3 + 2 * (2 + 66) bytes. */
  1242. #define ENCRYPT_BASE_BITS 1112
  1243. #endif
  1244. #else
  1245. #if FP_MAX_BITS > 2048
  1246. #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2)
  1247. #else
  1248. #define ENCRYPT_BASE_BITS 1024
  1249. #endif
  1250. #endif
  1251. /* Check MySQL size requirements met. */
  1252. #if defined(WOLFSSL_MYSQL_COMPATIBLE) && ENCRYPT_BASE_BITS < 8192
  1253. #error "MySQL needs FP_MAX_BITS at least at 16384"
  1254. #endif
  1255. #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \
  1256. WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS
  1257. #error "FP_MAX_BITS too small for WOLFSSL_MAX_RSA_BITS"
  1258. #endif
  1259. #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
  1260. /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */
  1261. #if SP_INT_BITS >= 8192
  1262. #define ENCRYPT_BASE_BITS 8192
  1263. #elif defined(HAVE_ECC)
  1264. #if SP_INT_BITS > 1112
  1265. #define ENCRYPT_BASE_BITS SP_INT_BITS
  1266. #else
  1267. /* 521-bit ASN.1 signature - 3 + 2 * (2 + 66) bytes. */
  1268. #define ENCRYPT_BASE_BITS 1112
  1269. #endif
  1270. #else
  1271. #if SP_INT_BITS > 1024
  1272. #define ENCRYPT_BASE_BITS SP_INT_BITS
  1273. #else
  1274. #define ENCRYPT_BASE_BITS 1024
  1275. #endif
  1276. #endif
  1277. /* Check MySQL size requirements met. */
  1278. #if defined(WOLFSSL_MYSQL_COMPATIBLE) && ENCRYPT_BASE_BITS < 8192
  1279. #error "MySQL needs SP_INT_BITS at least at 8192"
  1280. #endif
  1281. #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \
  1282. WOLFSSL_MAX_RSA_BITS > SP_INT_BITS
  1283. #error "SP_INT_BITS too small for WOLFSSL_MAX_RSA_BITS"
  1284. #endif
  1285. #else
  1286. /* Integer/heap maths - support 4096-bit. */
  1287. #define ENCRYPT_BASE_BITS 4096
  1288. #endif
  1289. #elif defined(HAVE_CURVE448)
  1290. #define ENCRYPT_BASE_BITS (456 * 2)
  1291. #elif defined(HAVE_CURVE25519)
  1292. #define ENCRYPT_BASE_BITS (256 * 2)
  1293. #else
  1294. /* No secret from public key operation but PSK key plus length used. */
  1295. #define ENCRYPT_BASE_BITS ((MAX_PSK_ID_LEN + 2) * 8)
  1296. #endif
  1297. #ifdef WOLFSSL_DTLS_CID
  1298. #ifndef DTLS_CID_MAX_SIZE
  1299. /* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt
  1300. * the record. Increasing the CID max size does increase also this buffer,
  1301. * impacting on per-session runtime memory footprint. */
  1302. #define DTLS_CID_MAX_SIZE 2
  1303. #endif
  1304. #else
  1305. #undef DTLS_CID_MAX_SIZE
  1306. #define DTLS_CID_MAX_SIZE 0
  1307. #endif /* WOLFSSL_DTLS_CID */
  1308. #if DTLS_CID_MAX_SIZE > 255
  1309. #error "Max size for DTLS CID is 255 bytes"
  1310. #endif
  1311. #ifndef MAX_TICKET_AGE_DIFF
  1312. /* maximum ticket age difference in seconds, 10 seconds */
  1313. #define MAX_TICKET_AGE_DIFF 10
  1314. #endif
  1315. #ifndef TLS13_MAX_TICKET_AGE
  1316. /* max ticket age in seconds, 7 days */
  1317. #define TLS13_MAX_TICKET_AGE (7*24*60*60)
  1318. #endif
  1319. /* Limit is 2^24.5
  1320. * https://www.rfc-editor.org/rfc/rfc8446#section-5.5
  1321. * Without the fraction is 23726566 (0x016A09E6) */
  1322. #define AEAD_AES_LIMIT w64From32(0x016A, 0x09E6)
  1323. /* Limit is 2^23
  1324. * https://www.rfc-editor.org/rfc/rfc9147.html#name-integrity-limits */
  1325. #define DTLS_AEAD_AES_CCM_LIMIT w64From32(0, 1 << 22)
  1326. /* Limit is 2^36
  1327. * https://www.rfc-editor.org/rfc/rfc9147.html#name-aead-limits */
  1328. #define DTLS_AEAD_AES_GCM_CHACHA_FAIL_LIMIT w64From32(1 << 3, 0)
  1329. #define DTLS_AEAD_AES_GCM_CHACHA_FAIL_KU_LIMIT w64From32(1 << 2, 0)
  1330. /* Limit is 2^7
  1331. * https://www.rfc-editor.org/rfc/rfc9147.html#name-limits-for-aead_aes_128_ccm */
  1332. #define DTLS_AEAD_AES_CCM_8_FAIL_LIMIT w64From32(0, 1 << 6)
  1333. #define DTLS_AEAD_AES_CCM_8_FAIL_KU_LIMIT w64From32(0, 1 << 5)
  1334. /* Limit is 2^23.5.
  1335. * https://www.rfc-editor.org/rfc/rfc9147.html#name-integrity-limits
  1336. * Without the fraction is 11863283 (0x00B504F3)
  1337. * Half of this value is 5931641 (0x005A8279) */
  1338. #define DTLS_AEAD_AES_CCM_FAIL_LIMIT w64From32(0x00B5, 0x04F3)
  1339. #define DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT w64From32(0x005A, 0x8279)
  1340. /* Limit is (2^22 - 1) full messages [2^36 - 31 octets]
  1341. * https://www.rfc-editor.org/rfc/rfc8998.html#name-aead_sm4_gcm
  1342. */
  1343. #define AEAD_SM4_GCM_LIMIT w64From32(0, (1 << 22) - 1)
  1344. /* Limit is (2^10 - 1) full messages [2^24 - 1 octets]
  1345. * https://www.rfc-editor.org/rfc/rfc8998.html#name-aead_sm4_ccm
  1346. */
  1347. #define AEAD_SM4_CCM_LIMIT w64From32(0, (1 << 10) - 1)
  1348. #if defined(WOLFSSL_TLS13) || !defined(NO_PSK)
  1349. #define TLS13_TICKET_NONCE_MAX_SZ 255
  1350. #if (defined(HAVE_FIPS) && \
  1351. !(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) && \
  1352. defined(TLS13_TICKET_NONCE_STATIC_SZ)
  1353. #error "TLS13_TICKET_NONCE_STATIC_SZ is not supported in this FIPS version"
  1354. #endif
  1355. #ifndef TLS13_TICKET_NONCE_STATIC_SZ
  1356. #define TLS13_TICKET_NONCE_STATIC_SZ 8
  1357. #endif
  1358. #if TLS13_TICKET_NONCE_STATIC_SZ > TLS13_TICKET_NONCE_MAX_SZ
  1359. #error "Max size for ticket nonce is 255 bytes"
  1360. #endif
  1361. #endif /* WOLFSSL_TLS13 || !NO_PSK */
  1362. #ifdef WOLFSSL_TLS13
  1363. /* The length of the certificate verification label - client and server. */
  1364. #define CERT_VFY_LABEL_SZ 34
  1365. /* The number of prefix bytes for signature data. */
  1366. #define SIGNING_DATA_PREFIX_SZ 64
  1367. /* Maximum length of the signature data. */
  1368. #define MAX_SIG_DATA_SZ (SIGNING_DATA_PREFIX_SZ + \
  1369. CERT_VFY_LABEL_SZ + \
  1370. WC_MAX_DIGEST_SIZE)
  1371. #endif /* WOLFSSL_TLS13 */
  1372. enum Misc {
  1373. CIPHER_BYTE = 0x00, /* Default ciphers */
  1374. ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
  1375. CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
  1376. TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
  1377. ECDHE_PSK_BYTE = 0xD0, /* RFC 8442 */
  1378. SM_BYTE = 0xE0, /* SM first byte - private range */
  1379. SEND_CERT = 1,
  1380. SEND_BLANK_CERT = 2,
  1381. DTLS_MAJOR = 0xfe, /* DTLS major version number */
  1382. DTLS_MINOR = 0xff, /* DTLS minor version number */
  1383. DTLS_BOGUS_MINOR = 0xfe, /* DTLS 0xfe was skipped, see RFC6347 Sec. 1 */
  1384. DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
  1385. DTLSv1_3_MINOR = 0xfc, /* DTLS minor version number */
  1386. SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
  1387. SSLv3_MINOR = 0, /* TLSv1 minor version number */
  1388. TLSv1_MINOR = 1, /* TLSv1 minor version number */
  1389. TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
  1390. TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
  1391. TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
  1392. TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
  1393. OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
  1394. INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
  1395. NO_COMPRESSION = 0,
  1396. ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
  1397. HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
  1398. HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
  1399. SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
  1400. /* pre RSA and all master */
  1401. #if !defined(WOLFSSL_TLS13) || defined(WOLFSSL_32BIT_MILLI_TIME)
  1402. TIMESTAMP_LEN = 4, /* timestamp size in ticket */
  1403. #else
  1404. TIMESTAMP_LEN = 8, /* timestamp size in ticket */
  1405. #endif
  1406. #ifdef WOLFSSL_TLS13
  1407. AGEADD_LEN = 4, /* ageAdd size in ticket */
  1408. NAMEDGROUP_LEN = 2, /* namedGroup size in ticket */
  1409. #ifdef WOLFSSL_EARLY_DATA
  1410. MAXEARLYDATASZ_LEN = 4, /* maxEarlyDataSz size in ticket */
  1411. #endif
  1412. #endif
  1413. #ifdef HAVE_PQC
  1414. ENCRYPT_LEN = 5120, /* Allow 5k byte buffer for dilithium and
  1415. * hybridization with other algs. */
  1416. #else
  1417. #ifndef NO_PSK
  1418. ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2,
  1419. #else
  1420. ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8),
  1421. #endif
  1422. #endif
  1423. SIZEOF_SENDER = 4, /* clnt or srvr */
  1424. FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
  1425. MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
  1426. MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */
  1427. MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */
  1428. #ifdef WOLFSSL_TLS13
  1429. MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */
  1430. MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */
  1431. #endif
  1432. MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
  1433. /* max added to msg, mac + pad from */
  1434. /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
  1435. digest sz + BLOC_SZ (iv) + pad byte (1) */
  1436. MAX_COMP_EXTRA = 1024, /* max compression extra */
  1437. MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
  1438. MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
  1439. MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */
  1440. /* 4096 p, pub, g + 2 byte size for each */
  1441. MAX_STR_VERSION = 8, /* string rep of protocol version */
  1442. PAD_MD5 = 48, /* pad length for finished */
  1443. PAD_SHA = 40, /* pad length for finished */
  1444. MAX_PAD_SIZE = 256, /* maximum length of padding */
  1445. LENGTH_SZ = 2, /* length field for HMAC, data only */
  1446. VERSION_SZ = 2, /* length of proctocol version */
  1447. SEQ_SZ = 8, /* 64 bit sequence number */
  1448. ALERT_SIZE = 2, /* level + description */
  1449. VERIFY_HEADER = 2, /* always use 2 bytes */
  1450. EXTS_SZ = 2, /* always use 2 bytes */
  1451. EXT_ID_SZ = 2, /* always use 2 bytes */
  1452. MAX_DH_SIZE = MAX_DHKEY_SZ+1,
  1453. /* Max size plus possible leading 0 */
  1454. MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */
  1455. MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */
  1456. SESSION_HINT_SZ = 4, /* session timeout hint */
  1457. SESSION_ADD_SZ = 4, /* session age add */
  1458. TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
  1459. DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
  1460. #if defined(WOLFSSL_TLS13) || !defined(NO_PSK)
  1461. MAX_TICKET_NONCE_STATIC_SZ = TLS13_TICKET_NONCE_STATIC_SZ,
  1462. /* maximum ticket nonce static size */
  1463. #endif /* WOLFSSL_TLS13 || !NO_PSK */
  1464. MAX_LIFETIME = 604800, /* maximum ticket lifetime */
  1465. RAN_LEN = 32, /* random length */
  1466. SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
  1467. ID_LEN = 32, /* session id length */
  1468. COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
  1469. MAX_COOKIE_LEN = 32, /* max dtls cookie size */
  1470. COOKIE_SZ = 20, /* use a 20 byte cookie */
  1471. SUITE_LEN = 2, /* cipher suite sz length */
  1472. ENUM_LEN = 1, /* always a byte */
  1473. OPAQUE8_LEN = 1, /* 1 byte */
  1474. OPAQUE16_LEN = 2, /* 2 bytes */
  1475. OPAQUE24_LEN = 3, /* 3 bytes */
  1476. OPAQUE32_LEN = 4, /* 4 bytes */
  1477. OPAQUE64_LEN = 8, /* 8 bytes */
  1478. COMP_LEN = 1, /* compression length */
  1479. CURVE_LEN = 2, /* ecc named curve length */
  1480. KE_GROUP_LEN = 2, /* key exchange group length */
  1481. #if defined(NO_SHA) && !defined(NO_SHA256)
  1482. SERVER_ID_LEN = WC_SHA256_DIGEST_SIZE,
  1483. #else
  1484. SERVER_ID_LEN = WC_SHA_DIGEST_SIZE,
  1485. #endif
  1486. HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
  1487. RECORD_HEADER_SZ = 5, /* type + version + len(2) */
  1488. CERT_HEADER_SZ = 3, /* always 3 bytes */
  1489. REQ_HEADER_SZ = 2, /* cert request header sz */
  1490. HINT_LEN_SZ = 2, /* length of hint size field */
  1491. TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
  1492. HELLO_EXT_SZ = 4, /* base length of a hello extension */
  1493. HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
  1494. HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
  1495. HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
  1496. DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
  1497. DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
  1498. DTLS_UNIFIED_HEADER_MIN_SZ = 2,
  1499. /* flags + seq_number(2) + length(2) + CID */
  1500. DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE,
  1501. DTLS_RECORD_HEADER_MAX_SZ = 13,
  1502. DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
  1503. DTLS_RECORD_EXTRA = 8, /* diff from normal */
  1504. DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
  1505. DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
  1506. DTLS_POOL_SZ = 20, /* allowed number of list items in TX and
  1507. * RX pool */
  1508. DTLS_FRAG_POOL_SZ = WOLFSSL_DTLS_FRAG_POOL_SZ,
  1509. /* allowed number of fragments per msg */
  1510. DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
  1511. DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */
  1512. TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */
  1513. DTLS_EXPORT_OPT_SZ = 62, /* amount of bytes used from Options */
  1514. DTLS_EXPORT_OPT_SZ_4 = 61, /* amount of bytes used from Options */
  1515. TLS_EXPORT_OPT_SZ = 65, /* amount of bytes used from Options */
  1516. DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */
  1517. DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
  1518. /* max amount of bytes used from Keys */
  1519. DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2),
  1520. /* min amount of bytes used from Keys */
  1521. WOLFSSL_EXPORT_TLS = 1,
  1522. WOLFSSL_EXPORT_DTLS = 0,
  1523. #ifndef WOLFSSL_EXPORT_SPC_SZ
  1524. WOLFSSL_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
  1525. #endif
  1526. WOLFSSL_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
  1527. WOLFSSL_EXPORT_VERSION = 5, /* wolfSSL version for serialized session */
  1528. WOLFSSL_EXPORT_VERSION_4 = 4, /* 5.6.4 release and before */
  1529. /* older export versions supported */
  1530. WOLFSSL_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
  1531. MAX_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
  1532. DTLS_MTU_ADDITIONAL_READ_BUFFER = WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER,
  1533. /* Additional bytes to read so that
  1534. * we can work with a peer that has
  1535. * a slightly different MTU than us. */
  1536. MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
  1537. MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * WOLFSSL_EXPORT_LEN),
  1538. /* max size of buffer for exporting state */
  1539. FINISHED_LABEL_SZ = 15, /* TLS finished label size */
  1540. TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
  1541. TLS_FINISHED_SZ_MAX = WC_MAX_DIGEST_SIZE,
  1542. /* longest message digest size is SHA512, 64 */
  1543. EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
  1544. MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
  1545. KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
  1546. PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
  1547. MAX_LABEL_SZ = 34, /* Maximum length of a label */
  1548. MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
  1549. SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
  1550. TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */
  1551. #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
  1552. #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48
  1553. MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE,
  1554. #elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32
  1555. MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE,
  1556. #else
  1557. MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
  1558. #endif
  1559. #else
  1560. MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
  1561. #endif
  1562. #if defined(HAVE_SELFTEST) && \
  1563. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  1564. #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
  1565. #define WOLFSSL_AES_KEY_SIZE_ENUM
  1566. AES_IV_SIZE = 16,
  1567. AES_128_KEY_SIZE = 16,
  1568. AES_192_KEY_SIZE = 24,
  1569. AES_256_KEY_SIZE = 32,
  1570. #endif
  1571. #endif
  1572. MAX_IV_SZ = AES_BLOCK_SIZE,
  1573. AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
  1574. AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
  1575. AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
  1576. AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
  1577. AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
  1578. AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
  1579. AEAD_NONCE_SZ = 12,
  1580. AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
  1581. AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
  1582. AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
  1583. GCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
  1584. GCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
  1585. GCM_NONCE_SZ = GCM_EXP_IV_SZ + GCM_IMP_IV_SZ,
  1586. CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
  1587. CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
  1588. CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
  1589. /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
  1590. AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
  1591. AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
  1592. AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
  1593. AESCCM_NONCE_SZ = 12,
  1594. SM4_GCM_AUTH_SZ = 16, /* SM4-GCM Auth Tag length */
  1595. SM4_GCM_NONCE_SZ = 12, /* SM4 GCM Nonce length */
  1596. SM4_CCM_AUTH_SZ = 16, /* SM4-CCM Auth Tag length */
  1597. SM4_CCM_NONCE_SZ = 12, /* SM4 CCM Nonce length */
  1598. CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
  1599. CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
  1600. CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
  1601. CAMELLIA_IV_SIZE = 16, /* always block size */
  1602. CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
  1603. CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
  1604. CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
  1605. POLY1305_AUTH_SZ = 16, /* 128 bits */
  1606. HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */
  1607. EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
  1608. #ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */
  1609. ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */
  1610. #endif
  1611. MAX_EXPORT_ECC_SZ = 256, /* Export ANSI X9.62 max future size */
  1612. MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
  1613. NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */
  1614. ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
  1615. ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
  1616. ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
  1617. ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
  1618. SM2_SA_MAJOR = 7, /* Most significant byte for SM2 with SM3 */
  1619. SM2_SA_MINOR = 8, /* Least significant byte for SM2 with SM3 */
  1620. PQC_SA_MAJOR = 0xFE,/* Most significant byte used with PQC sig algs */
  1621. /* These values for falcon and dilithium match what OQS has defined. */
  1622. FALCON_LEVEL1_SA_MAJOR = 0xFE,
  1623. FALCON_LEVEL1_SA_MINOR = 0xAE,
  1624. FALCON_LEVEL5_SA_MAJOR = 0xFE,
  1625. FALCON_LEVEL5_SA_MINOR = 0xB1,
  1626. DILITHIUM_LEVEL2_SA_MAJOR = 0xFE,
  1627. DILITHIUM_LEVEL2_SA_MINOR = 0xA0,
  1628. DILITHIUM_LEVEL3_SA_MAJOR = 0xFE,
  1629. DILITHIUM_LEVEL3_SA_MINOR = 0xA3,
  1630. DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
  1631. DILITHIUM_LEVEL5_SA_MINOR = 0xA5,
  1632. MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
  1633. MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
  1634. #if defined(HAVE_PQC)
  1635. MAX_CERT_VERIFY_SZ = 6000, /* For Dilithium */
  1636. #elif defined(WOLFSSL_CERT_EXT)
  1637. MAX_CERT_VERIFY_SZ = 2048, /* For larger extensions */
  1638. #elif !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS)
  1639. MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */
  1640. #elif defined(HAVE_ECC)
  1641. MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */
  1642. #elif defined(HAVE_ED448)
  1643. MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */
  1644. #elif defined(HAVE_ED25519)
  1645. MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */
  1646. #else
  1647. MAX_CERT_VERIFY_SZ = 1024, /* max default */
  1648. #endif
  1649. CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
  1650. MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
  1651. DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
  1652. DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
  1653. DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
  1654. NULL_TERM_LEN = 1, /* length of null '\0' termination character */
  1655. MAX_PSK_KEY_LEN = 64, /* max psk key supported */
  1656. MIN_PSK_ID_LEN = 6, /* min length of identities */
  1657. MIN_PSK_BINDERS_LEN = 33, /* min length of binders */
  1658. #ifndef MAX_WOLFSSL_FILE_SIZE
  1659. MAX_WOLFSSL_FILE_SIZE = 1024UL * 1024UL * 4, /* 4 mb file size alloc limit */
  1660. #endif
  1661. CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
  1662. NO_SNIFF = 0, /* not sniffing */
  1663. SNIFF = 1, /* currently sniffing */
  1664. HASH_SIG_SIZE = 2, /* default SHA1 RSA */
  1665. NO_COPY = 0, /* should we copy static buffer for write */
  1666. COPY = 1, /* should we copy static buffer for write */
  1667. INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */
  1668. PREV_ORDER = -1, /* Sequence number is in previous epoch. */
  1669. PEER_ORDER = 1, /* Peer sequence number for verify. */
  1670. CUR_ORDER = 0, /* Current sequence number. */
  1671. WRITE_PROTO = 1, /* writing a protocol message */
  1672. READ_PROTO = 0 /* reading a protocol message */
  1673. };
  1674. #define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \
  1675. (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP)
  1676. #ifdef HAVE_PQC
  1677. #define WOLFSSL_NAMED_GROUP_IS_PQC(group) \
  1678. ((WOLFSSL_PQC_SIMPLE_MIN <= (group) && (group) <= WOLFSSL_PQC_SIMPLE_MAX) || \
  1679. (WOLFSSL_PQC_HYBRID_MIN <= (group) && (group) <= WOLFSSL_PQC_HYBRID_MAX))
  1680. #else
  1681. #define WOLFSSL_NAMED_GROUP_IS_PQC(group) ((void)(group), 0)
  1682. #endif /* HAVE_PQC */
  1683. /* minimum Downgrade Minor version */
  1684. #ifndef WOLFSSL_MIN_DOWNGRADE
  1685. #ifndef NO_OLD_TLS
  1686. #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
  1687. #else
  1688. #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
  1689. #endif
  1690. #endif
  1691. /* minimum DTLS Downgrade Minor version */
  1692. #ifndef WOLFSSL_MIN_DTLS_DOWNGRADE
  1693. #define WOLFSSL_MIN_DTLS_DOWNGRADE DTLS_MINOR;
  1694. #endif
  1695. /* Set max implicit IV size for AEAD cipher suites */
  1696. #define AEAD_MAX_IMP_SZ 12
  1697. /* Set max explicit IV size for AEAD cipher suites */
  1698. #define AEAD_MAX_EXP_SZ 8
  1699. #ifndef WOLFSSL_MAX_SUITE_SZ
  1700. #define WOLFSSL_MAX_SUITE_SZ 300
  1701. /* 150 suites for now! */
  1702. #endif
  1703. /* number of items in the signature algo list */
  1704. #ifndef WOLFSSL_MAX_SIGALGO
  1705. #ifdef HAVE_PQC
  1706. /* If we are building with post-quantum algorithms, we likely want to
  1707. * inter-op with OQS's OpenSSL and they send a lot more sigalgs.
  1708. */
  1709. #define WOLFSSL_MAX_SIGALGO 128
  1710. #else
  1711. #define WOLFSSL_MAX_SIGALGO 38
  1712. #endif
  1713. #endif
  1714. /* set minimum ECC key size allowed */
  1715. #ifndef WOLFSSL_MIN_ECC_BITS
  1716. #ifdef WOLFSSL_MAX_STRENGTH
  1717. #define WOLFSSL_MIN_ECC_BITS 256
  1718. #else
  1719. #define WOLFSSL_MIN_ECC_BITS 224
  1720. #endif
  1721. #endif /* WOLFSSL_MIN_ECC_BITS */
  1722. #if (WOLFSSL_MIN_ECC_BITS % 8)
  1723. /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1.
  1724. In these cases round down to the nearest value divisible by 8. The
  1725. restriction of being divisible by 8 is in place to match wc_ecc_size
  1726. function from wolfSSL.
  1727. */
  1728. #error ECC minimum bit size must be a multiple of 8
  1729. #endif
  1730. #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
  1731. #ifdef HAVE_PQC
  1732. #ifndef MIN_FALCONKEY_SZ
  1733. #define MIN_FALCONKEY_SZ 897
  1734. #endif
  1735. #ifndef MIN_DILITHIUMKEY_SZ
  1736. #define MIN_DILITHIUMKEY_SZ 1312
  1737. #endif
  1738. #endif
  1739. /* set minimum RSA key size allowed */
  1740. #ifndef WOLFSSL_MIN_RSA_BITS
  1741. #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
  1742. /* Using guidance from section 5.6.1
  1743. * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
  1744. #if WOLFSSL_HARDEN_TLS >= 128
  1745. #define WOLFSSL_MIN_RSA_BITS 3072
  1746. #elif WOLFSSL_HARDEN_TLS >= 112
  1747. #define WOLFSSL_MIN_RSA_BITS 2048
  1748. #endif
  1749. #elif defined(WOLFSSL_MAX_STRENGTH)
  1750. #define WOLFSSL_MIN_RSA_BITS 2048
  1751. #else
  1752. #define WOLFSSL_MIN_RSA_BITS 1024
  1753. #endif
  1754. #endif /* WOLFSSL_MIN_RSA_BITS */
  1755. #if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_RSA_BITS < 2048 && \
  1756. !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
  1757. /* Implementations MUST NOT negotiate cipher suites offering less than
  1758. * 112 bits of security.
  1759. * https://www.rfc-editor.org/rfc/rfc9325#section-4.1
  1760. * Using guidance from section 5.6.1
  1761. * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
  1762. #error "For 112 bits of security RSA needs at least 2048 bit keys"
  1763. #endif
  1764. #if (WOLFSSL_MIN_RSA_BITS % 8)
  1765. /* This is to account for the example case of a min size of 2050 bits but
  1766. still allows 2049 bit key. So we need the measurement to be in bytes. */
  1767. #error RSA minimum bit size must be a multiple of 8
  1768. #endif
  1769. #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
  1770. #ifdef SESSION_INDEX
  1771. /* Shift values for making a session index */
  1772. #define SESSIDX_ROW_SHIFT 4
  1773. #define SESSIDX_IDX_MASK 0x0F
  1774. #endif
  1775. #ifndef MAX_X509_SIZE
  1776. #if defined(HAVE_PQC)
  1777. #define MAX_X509_SIZE (8*1024) /* max static x509 buffer size; dilithium is big */
  1778. #elif defined(WOLFSSL_HAPROXY)
  1779. #define MAX_X509_SIZE 3072 /* max static x509 buffer size */
  1780. #else
  1781. #define MAX_X509_SIZE 2048 /* max static x509 buffer size */
  1782. #endif
  1783. #endif
  1784. /* max cert chain peer depth */
  1785. #ifndef MAX_CHAIN_DEPTH
  1786. #define MAX_CHAIN_DEPTH 9
  1787. #endif
  1788. /* max size of a certificate message payload */
  1789. /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
  1790. #ifndef MAX_CERTIFICATE_SZ
  1791. #define MAX_CERTIFICATE_SZ \
  1792. (CERT_HEADER_SZ + \
  1793. (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH)
  1794. #endif
  1795. /* max size of a handshake message, currently set to the certificate */
  1796. #ifndef MAX_HANDSHAKE_SZ
  1797. #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
  1798. #endif
  1799. #ifndef PREALLOC_SESSION_TICKET_LEN
  1800. #define PREALLOC_SESSION_TICKET_LEN 512
  1801. #endif
  1802. #ifndef PREALLOC_SESSION_TICKET_NONCE_LEN
  1803. #define PREALLOC_SESSION_TICKET_NONCE_LEN 32
  1804. #endif
  1805. #ifndef SESSION_TICKET_HINT_DEFAULT
  1806. #define SESSION_TICKET_HINT_DEFAULT 300
  1807. #endif
  1808. #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER)
  1809. /* Check chosen encryption is available. */
  1810. #if !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) && \
  1811. defined(WOLFSSL_TICKET_ENC_CHACHA20_POLY1305)
  1812. #error "ChaCha20-Poly1305 not available for default ticket encryption"
  1813. #endif
  1814. #if !defined(HAVE_AESGCM) && (defined(WOLFSSL_TICKET_ENC_AES128_GCM) || \
  1815. defined(WOLFSSL_TICKET_ENC_AES256_GCM))
  1816. #error "AES-GCM not available for default ticket encryption"
  1817. #endif
  1818. #ifndef WOLFSSL_TICKET_KEY_LIFETIME
  1819. /* Default lifetime is 1 hour from issue of first ticket with key. */
  1820. #define WOLFSSL_TICKET_KEY_LIFETIME (60 * 60)
  1821. #endif
  1822. #if WOLFSSL_TICKET_KEY_LIFETIME <= SESSION_TICKET_HINT_DEFAULT
  1823. #error "Ticket Key lifetime must be longer than ticket life hint."
  1824. #endif
  1825. #endif
  1826. #define MAX_ENCRYPT_SZ ENCRYPT_LEN
  1827. /* A static check to assert a relation between x and y */
  1828. #define WOLFSSL_ASSERT_TEST(x, y, op) do { \
  1829. typedef char _args_test_[(x) op (y) ? 1 : -1]; \
  1830. (void)sizeof(_args_test_); \
  1831. } while(0)
  1832. #define WOLFSSL_ASSERT_EQ(x, y) WOLFSSL_ASSERT_TEST(x, y, ==)
  1833. #define WOLFSSL_ASSERT_SIZEOF_TEST(x, y, op) \
  1834. WOLFSSL_ASSERT_TEST(sizeof((x)), sizeof((y)), op)
  1835. #define WOLFSSL_ASSERT_SIZEOF_GE(x, y) WOLFSSL_ASSERT_SIZEOF_TEST(x, y, >=)
  1836. /* states. Adding state before HANDSHAKE_DONE will break session importing */
  1837. enum states {
  1838. NULL_STATE = 0,
  1839. SERVER_HELLOVERIFYREQUEST_COMPLETE,
  1840. SERVER_HELLO_RETRY_REQUEST_COMPLETE,
  1841. SERVER_HELLO_COMPLETE,
  1842. SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
  1843. SERVER_CERT_COMPLETE,
  1844. SERVER_CERT_VERIFY_COMPLETE,
  1845. SERVER_KEYEXCHANGE_COMPLETE,
  1846. SERVER_HELLODONE_COMPLETE,
  1847. SERVER_CHANGECIPHERSPEC_COMPLETE,
  1848. SERVER_FINISHED_COMPLETE,
  1849. CLIENT_HELLO_RETRY,
  1850. CLIENT_HELLO_COMPLETE,
  1851. CLIENT_KEYEXCHANGE_COMPLETE,
  1852. CLIENT_CHANGECIPHERSPEC_COMPLETE,
  1853. CLIENT_FINISHED_COMPLETE,
  1854. HANDSHAKE_DONE,
  1855. #ifdef WOLFSSL_DTLS13
  1856. SERVER_FINISHED_ACKED,
  1857. #endif /* WOLFSSL_DTLS13 */
  1858. };
  1859. /* SSL Version */
  1860. typedef struct ProtocolVersion {
  1861. byte major;
  1862. byte minor;
  1863. } WOLFSSL_PACK ProtocolVersion;
  1864. WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
  1865. WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
  1866. WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
  1867. WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
  1868. WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
  1869. #ifdef WOLFSSL_DTLS
  1870. WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
  1871. WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
  1872. #ifdef WOLFSSL_DTLS13
  1873. WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_3(void);
  1874. #endif /* WOLFSSL_DTLS13 */
  1875. #endif
  1876. #ifdef WOLFSSL_SESSION_EXPORT
  1877. WOLFSSL_LOCAL int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf,
  1878. word32* sz, int type);
  1879. WOLFSSL_LOCAL int wolfSSL_session_import_internal(WOLFSSL* ssl, const byte* buf,
  1880. word32 sz, int type);
  1881. #ifdef WOLFSSL_DTLS
  1882. WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl,
  1883. byte* buf, word32 sz);
  1884. WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl,
  1885. const byte* buf, word32 sz);
  1886. WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
  1887. #endif
  1888. #endif
  1889. struct WOLFSSL_BY_DIR_HASH {
  1890. unsigned long hash_value;
  1891. int last_suffix;
  1892. };
  1893. struct WOLFSSL_BY_DIR_entry {
  1894. char* dir_name;
  1895. int dir_type;
  1896. WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes;
  1897. };
  1898. struct WOLFSSL_BY_DIR {
  1899. WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry;
  1900. wolfSSL_Mutex lock; /* dir list lock */
  1901. };
  1902. /* wolfSSL method type */
  1903. struct WOLFSSL_METHOD {
  1904. ProtocolVersion version;
  1905. byte side; /* connection side, server or client */
  1906. byte downgrade; /* whether to downgrade version, default no */
  1907. };
  1908. /* wolfSSL buffer type - internal uses "buffer" type */
  1909. typedef WOLFSSL_BUFFER_INFO buffer;
  1910. typedef struct Suites Suites;
  1911. /* Declare opaque struct for API to use */
  1912. #ifndef WOLFSSL_CLIENT_SESSION_DEFINED
  1913. typedef struct ClientSession ClientSession;
  1914. #define WOLFSSL_CLIENT_SESSION_DEFINED
  1915. #endif
  1916. /* defaults to client */
  1917. WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv);
  1918. WOLFSSL_LOCAL void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx);
  1919. WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
  1920. WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
  1921. WOLFSSL_LOCAL int DoHandShakeMsgType(WOLFSSL* ssl, byte* input,
  1922. word32* inOutIdx, byte type, word32 size, word32 totalSz);
  1923. /* for sniffer */
  1924. WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
  1925. word32 size, word32 totalSz, int sniff);
  1926. #ifdef WOLFSSL_TLS13
  1927. WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
  1928. word32 size, word32 totalSz, int sniff);
  1929. #endif
  1930. WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx,
  1931. int sniff);
  1932. /* TLS v1.3 needs these */
  1933. WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, Suites* clSuites);
  1934. #ifdef WOLFSSL_TLS13
  1935. WOLFSSL_LOCAL byte SuiteMac(const byte* suite);
  1936. #endif
  1937. WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
  1938. word32 helloSz);
  1939. #ifdef WOLFSSL_TLS13
  1940. WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
  1941. word32* inOutIdx, word32 helloSz);
  1942. #endif
  1943. WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
  1944. word32 helloSz);
  1945. WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
  1946. WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
  1947. WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
  1948. word32 hashSigAlgoSz);
  1949. #if defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_CHECK_PRIVATE_KEY)
  1950. WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* data, word32 length,
  1951. int hsType, int label, int id,
  1952. void* heap, int devId);
  1953. #endif
  1954. WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
  1955. #ifdef WOLFSSL_DUAL_ALG_CERTS
  1956. WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length);
  1957. #endif
  1958. #ifdef WOLF_PRIVATE_KEY_ID
  1959. WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
  1960. #ifndef NO_ASN
  1961. WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
  1962. #endif
  1963. #endif
  1964. WOLFSSL_LOCAL int CreateSigData(WOLFSSL* ssl, byte* sigData, word16* sigDataSz,
  1965. int check);
  1966. WOLFSSL_LOCAL int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
  1967. int sigAlgo, int hashAlgo);
  1968. #ifdef WOLFSSL_ASYNC_IO
  1969. WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync);
  1970. #endif
  1971. WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
  1972. WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
  1973. WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz);
  1974. WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
  1975. #ifndef NO_CERTS
  1976. WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN);
  1977. WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc);
  1978. WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType);
  1979. #endif
  1980. WOLFSSL_LOCAL int SetupTicket(WOLFSSL* ssl);
  1981. WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
  1982. WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* output, int sz);
  1983. WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
  1984. int ivSz);
  1985. WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
  1986. #ifdef HAVE_SNI
  1987. #ifndef NO_WOLFSSL_SERVER
  1988. WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
  1989. #endif
  1990. #endif
  1991. #ifdef HAVE_ALPN
  1992. WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl);
  1993. #endif
  1994. WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
  1995. word16 sz); /* needed by sniffer */
  1996. WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
  1997. word16 sz); /* needed by sniffer */
  1998. #ifdef WOLFSSL_TLS13
  1999. WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
  2000. word16 sz, const byte* aad, word16 aadSz);
  2001. WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
  2002. word32* inOutIdx, byte type,
  2003. word32 size, word32 totalSz);
  2004. WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
  2005. word32* inOutIdx, word32 totalSz);
  2006. WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
  2007. word32* inOutIdx, word32 helloSz,
  2008. byte* extMsgType);
  2009. WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl);
  2010. WOLFSSL_LOCAL int Tls13DeriveKey(WOLFSSL *ssl, byte *output, int outputLen,
  2011. const byte *secret, const byte *label, word32 labelLen, int hashAlgo,
  2012. int includeMsgs, int side);
  2013. #endif
  2014. int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
  2015. int pLen, int content);
  2016. enum {
  2017. FORCED_FREE = 1,
  2018. NO_FORCED_FREE = 0
  2019. };
  2020. /* only use compression extra if using compression */
  2021. #ifdef HAVE_LIBZ
  2022. #define COMP_EXTRA MAX_COMP_EXTRA
  2023. #else
  2024. #define COMP_EXTRA 0
  2025. #endif
  2026. /* only the sniffer needs space in the buffer for extra MTU record(s) */
  2027. #ifdef WOLFSSL_SNIFFER
  2028. #define MTU_EXTRA MAX_MTU * 3
  2029. #else
  2030. #define MTU_EXTRA 0
  2031. #endif
  2032. /* embedded callbacks require large static buffers, make sure on */
  2033. #ifdef WOLFSSL_CALLBACKS
  2034. #undef LARGE_STATIC_BUFFERS
  2035. #define LARGE_STATIC_BUFFERS
  2036. #endif
  2037. /* determine maximum record size */
  2038. #ifdef RECORD_SIZE
  2039. /* user supplied value */
  2040. #if RECORD_SIZE < 128 || RECORD_SIZE > MAX_RECORD_SIZE
  2041. #error Invalid record size
  2042. #endif
  2043. #else
  2044. /* give user option to use 16K static buffers */
  2045. #if defined(LARGE_STATIC_BUFFERS)
  2046. #define RECORD_SIZE MAX_RECORD_SIZE
  2047. #else
  2048. #ifdef WOLFSSL_DTLS
  2049. #define RECORD_SIZE MAX_MTU
  2050. #else
  2051. #define RECORD_SIZE 128
  2052. #endif
  2053. #endif
  2054. #endif
  2055. /* user option to turn off 16K output option */
  2056. /* if using small static buffers (default) and SSL_write tries to write data
  2057. larger than the record we have, dynamically get it, unless user says only
  2058. write in static buffer chunks */
  2059. #ifndef STATIC_CHUNKS_ONLY
  2060. #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
  2061. #else
  2062. #define OUTPUT_RECORD_SIZE RECORD_SIZE
  2063. #endif
  2064. /* wolfSSL input buffer
  2065. RFC 2246:
  2066. length
  2067. The length (in bytes) of the following TLSPlaintext.fragment.
  2068. The length should not exceed 2^14.
  2069. */
  2070. #ifdef STATIC_BUFFER_LEN
  2071. /* user supplied option */
  2072. #if STATIC_BUFFER_LEN < 5 || STATIC_BUFFER_LEN > (RECORD_HEADER_SZ + \
  2073. RECORD_SIZE + COMP_EXTRA + MTU_EXTRA + MAX_MSG_EXTRA))
  2074. #error Invalid static buffer length
  2075. #endif
  2076. #elif defined(LARGE_STATIC_BUFFERS)
  2077. #define STATIC_BUFFER_LEN (RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
  2078. MTU_EXTRA + MAX_MSG_EXTRA)
  2079. #else
  2080. /* don't fragment memory from the record header */
  2081. #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
  2082. #endif
  2083. typedef struct {
  2084. ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
  2085. byte* buffer; /* place holder for static or dynamic buffer */
  2086. word32 length; /* total buffer length used */
  2087. word32 idx; /* idx to part of length already consumed */
  2088. word32 bufferSize; /* current buffer size */
  2089. byte dynamicFlag; /* dynamic memory currently in use */
  2090. byte offset; /* alignment offset attempt */
  2091. } bufferStatic;
  2092. /* Cipher Suites holder */
  2093. struct Suites {
  2094. word16 suiteSz; /* suite length in bytes */
  2095. word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
  2096. byte suites[WOLFSSL_MAX_SUITE_SZ];
  2097. byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
  2098. byte setSuites:1; /* user set suites from default */
  2099. };
  2100. typedef struct CipherSuite {
  2101. byte cipherSuite0;
  2102. byte cipherSuite;
  2103. word32 ecdhCurveOID;
  2104. struct KeyShareEntry* clientKSE;
  2105. #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
  2106. int doHelloRetry;
  2107. #endif
  2108. } CipherSuite;
  2109. WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
  2110. int haveRSAsig, int haveFalconSig,
  2111. int haveDilithiumSig, int haveAnon,
  2112. int tls1_2, int keySz);
  2113. WOLFSSL_LOCAL void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig,
  2114. int haveRSAsig, int haveFalconSig,
  2115. int haveDilithiumSig, int haveAnon,
  2116. int tls1_2, int keySz, word16* len);
  2117. /* use wolfSSL_API visibility to be able to test in tests/api.c */
  2118. WOLFSSL_API void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int have,
  2119. int tls1_2, int keySz,
  2120. word16* len);
  2121. WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx);
  2122. WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl);
  2123. WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
  2124. word16 haveRSA, word16 havePSK, word16 haveDH,
  2125. word16 haveECDSAsig, word16 haveECC,
  2126. word16 haveStaticRSA, word16 haveStaticECC,
  2127. word16 haveFalconSig, word16 haveDilithiumSig,
  2128. word16 haveAnon, word16 haveNull, int side);
  2129. typedef struct TLSX TLSX;
  2130. WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites,
  2131. CipherSuite* cs, TLSX* extensions);
  2132. WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
  2133. WOLFSSL_LOCAL int SetCipherList_ex(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl,
  2134. Suites* suites, const char* list);
  2135. WOLFSSL_LOCAL int SetCipherList(const WOLFSSL_CTX* ctx, Suites* suites,
  2136. const char* list);
  2137. WOLFSSL_LOCAL int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites,
  2138. const byte* list, const int listSz);
  2139. WOLFSSL_LOCAL int SetSuitesHashSigAlgo(Suites* suites, const char* list);
  2140. #ifndef PSK_TYPES_DEFINED
  2141. typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
  2142. unsigned int, unsigned char*, unsigned int);
  2143. typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
  2144. unsigned char*, unsigned int);
  2145. #ifdef WOLFSSL_TLS13
  2146. typedef unsigned int (*wc_psk_client_cs_callback)(WOLFSSL*, const char*,
  2147. char*, unsigned int, unsigned char*, unsigned int,
  2148. const char* cipherName);
  2149. typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
  2150. char*, unsigned int, unsigned char*, unsigned int,
  2151. const char** cipherName);
  2152. typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
  2153. unsigned char*, unsigned int,
  2154. const char** cipherName);
  2155. #endif
  2156. #endif /* PSK_TYPES_DEFINED */
  2157. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
  2158. !defined(WOLFSSL_DTLS_EXPORT_TYPES)
  2159. typedef int (*wc_dtls_export)(WOLFSSL* ssl,
  2160. #define WOLFSSL_DTLS_EXPORT_TYPES
  2161. #endif /* WOLFSSL_DTLS_EXPORT_TYPES */
  2162. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
  2163. #define MAX_DESCRIPTION_SZ 255
  2164. #endif
  2165. struct WOLFSSL_CIPHER {
  2166. byte cipherSuite0;
  2167. byte cipherSuite;
  2168. const WOLFSSL* ssl;
  2169. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
  2170. char description[MAX_DESCRIPTION_SZ];
  2171. unsigned long offset;
  2172. unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */
  2173. int bits;
  2174. #endif
  2175. };
  2176. #ifdef NO_ASN
  2177. /* no_asn won't have */
  2178. typedef struct CertStatus CertStatus;
  2179. #endif
  2180. #ifndef HAVE_OCSP
  2181. typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
  2182. #endif
  2183. /* wolfSSL OCSP controller */
  2184. #ifdef HAVE_OCSP
  2185. struct WOLFSSL_OCSP {
  2186. WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
  2187. OcspEntry* ocspList; /* OCSP response list */
  2188. wolfSSL_Mutex ocspLock; /* OCSP list lock */
  2189. int error;
  2190. #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
  2191. defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
  2192. int(*statusCb)(WOLFSSL*, void*);
  2193. #endif
  2194. };
  2195. #endif
  2196. #ifndef MAX_DATE_SIZE
  2197. #define MAX_DATE_SIZE 32
  2198. #endif
  2199. typedef struct CRL_Entry CRL_Entry;
  2200. #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
  2201. #define CRL_DIGEST_SIZE WC_SM3_DIGEST_SIZE
  2202. #elif defined(NO_SHA)
  2203. #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
  2204. #else
  2205. #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE
  2206. #endif
  2207. #ifdef NO_ASN
  2208. typedef struct RevokedCert RevokedCert;
  2209. #endif
  2210. #ifdef CRL_STATIC_REVOKED_LIST
  2211. #ifndef CRL_MAX_REVOKED_CERTS
  2212. #define CRL_MAX_REVOKED_CERTS 4
  2213. #elif CRL_MAX_REVOKED_CERTS > 22000
  2214. #error CRL_MAX_REVOKED_CERTS too big, max is 22000
  2215. #endif
  2216. #endif
  2217. /* Complete CRL */
  2218. struct CRL_Entry {
  2219. byte* toBeSigned;
  2220. byte* signature;
  2221. #if defined(OPENSSL_EXTRA)
  2222. WOLFSSL_X509_NAME* issuer; /* X509_NAME type issuer */
  2223. #endif
  2224. CRL_Entry* next; /* next entry */
  2225. wolfSSL_Mutex verifyMutex;
  2226. /* DupCRL_Entry copies data after the `verifyMutex` member. Using the mutex
  2227. * as the marker because clang-tidy doesn't like taking the sizeof a
  2228. * pointer. */
  2229. byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
  2230. /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
  2231. /* restore the hash here if needed for optimized comparisons */
  2232. byte lastDate[MAX_DATE_SIZE]; /* last date updated */
  2233. byte nextDate[MAX_DATE_SIZE]; /* next update date */
  2234. byte lastDateFormat; /* last date format */
  2235. byte nextDateFormat; /* next date format */
  2236. #if defined(OPENSSL_EXTRA)
  2237. WOLFSSL_ASN1_TIME lastDateAsn1; /* last date updated */
  2238. WOLFSSL_ASN1_TIME nextDateAsn1; /* next update date */
  2239. #endif
  2240. #ifdef CRL_STATIC_REVOKED_LIST
  2241. RevokedCert certs[CRL_MAX_REVOKED_CERTS];
  2242. #else
  2243. RevokedCert* certs; /* revoked cert list */
  2244. #endif
  2245. int totalCerts; /* number on list */
  2246. int version; /* version of certificate */
  2247. int verified;
  2248. word32 tbsSz;
  2249. word32 signatureSz;
  2250. word32 signatureOID;
  2251. #ifdef WC_RSA_PSS
  2252. word32 sigParamsSz; /* length of signature parameters */
  2253. byte* sigParams; /* buffer with signature parameters */
  2254. #endif
  2255. #if !defined(NO_SKID) && !defined(NO_ASN)
  2256. byte extAuthKeyIdSet;
  2257. byte extAuthKeyId[KEYID_SIZE];
  2258. #endif
  2259. int crlNumber; /* CRL number extension */
  2260. };
  2261. #ifdef HAVE_CRL_MONITOR
  2262. typedef struct CRL_Monitor CRL_Monitor;
  2263. /* CRL directory monitor */
  2264. struct CRL_Monitor {
  2265. char* path; /* full dir path, if valid pointer we're using */
  2266. int type; /* PEM or ASN1 type */
  2267. };
  2268. #if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
  2269. #undef HAVE_CRL_MONITOR
  2270. #endif
  2271. /* PEM and DER possible */
  2272. #define WOLFSSL_CRL_MONITORS_LEN (2)
  2273. #if defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__)
  2274. typedef int wolfSSL_CRL_mfd_t; /* monitor fd, -1 if no init yet */
  2275. /* mfd for bsd is kqueue fd, eventfd for linux */
  2276. #define WOLFSSL_CRL_MFD_INIT_VAL (-1)
  2277. #elif defined(_MSC_VER)
  2278. typedef HANDLE wolfSSL_CRL_mfd_t; /* monitor fd, INVALID_HANDLE_VALUE if
  2279. * no init yet */
  2280. #define WOLFSSL_CRL_MFD_INIT_VAL (INVALID_HANDLE_VALUE)
  2281. #endif
  2282. #endif
  2283. /* wolfSSL CRL controller */
  2284. struct WOLFSSL_CRL {
  2285. WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
  2286. CRL_Entry* currentEntry; /* Current CRL entry being processed */
  2287. CRL_Entry* crlList; /* our CRL list */
  2288. #ifdef HAVE_CRL_IO
  2289. CbCrlIO crlIOCb;
  2290. #endif
  2291. wolfSSL_RwLock crlLock; /* CRL list lock */
  2292. #ifdef HAVE_CRL_MONITOR
  2293. CRL_Monitor monitors[WOLFSSL_CRL_MONITORS_LEN];
  2294. COND_TYPE cond; /* condition to signal setup */
  2295. THREAD_TYPE tid; /* monitoring thread */
  2296. wolfSSL_CRL_mfd_t mfd;
  2297. int setup; /* thread is setup predicate */
  2298. #endif
  2299. void* heap; /* heap hint for dynamic memory */
  2300. };
  2301. #ifdef NO_ASN
  2302. typedef struct Signer Signer;
  2303. #ifdef WOLFSSL_TRUST_PEER_CERT
  2304. typedef struct TrustedPeerCert TrustedPeerCert;
  2305. #endif
  2306. #endif
  2307. #ifndef CA_TABLE_SIZE
  2308. #define CA_TABLE_SIZE 11
  2309. #endif
  2310. #ifdef WOLFSSL_TRUST_PEER_CERT
  2311. #define TP_TABLE_SIZE 11
  2312. #endif
  2313. /* wolfSSL Certificate Manager */
  2314. struct WOLFSSL_CERT_MANAGER {
  2315. Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
  2316. void* heap; /* heap helper */
  2317. #ifdef WOLFSSL_TRUST_PEER_CERT
  2318. TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
  2319. wolfSSL_Mutex tpLock; /* trusted peer list lock */
  2320. #endif
  2321. WOLFSSL_CRL* crl; /* CRL checker */
  2322. WOLFSSL_OCSP* ocsp; /* OCSP checker */
  2323. #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  2324. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
  2325. WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
  2326. #endif
  2327. char* ocspOverrideURL; /* use this responder */
  2328. void* ocspIOCtx; /* I/O callback CTX */
  2329. #ifndef NO_WOLFSSL_CM_VERIFY
  2330. VerifyCallback verifyCallback; /* Verify callback */
  2331. #endif
  2332. CallbackCACache caCacheCallback; /* CA cache addition callback */
  2333. CbMissingCRL cbMissingCRL; /* notify thru cb of missing crl */
  2334. CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
  2335. CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
  2336. wolfSSL_Mutex caLock; /* CA list lock */
  2337. byte crlEnabled:1; /* is CRL on ? */
  2338. byte crlCheckAll:1; /* always leaf, but all ? */
  2339. byte ocspEnabled:1; /* is OCSP on ? */
  2340. byte ocspCheckAll:1; /* always leaf, but all ? */
  2341. byte ocspSendNonce:1; /* send the OCSP nonce ? */
  2342. byte ocspUseOverrideURL:1; /* ignore cert responder, override */
  2343. byte ocspStaplingEnabled:1; /* is OCSP Stapling on ? */
  2344. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  2345. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  2346. byte ocspMustStaple:1; /* server must respond with staple */
  2347. #endif
  2348. #ifndef NO_RSA
  2349. short minRsaKeySz; /* minimum allowed RSA key size */
  2350. #endif
  2351. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
  2352. short minEccKeySz; /* minimum allowed ECC key size */
  2353. #endif
  2354. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  2355. WOLFSSL_X509_STORE *x509_store_p; /* a pointer back to CTX x509 store */
  2356. /* CTX has ownership and free this */
  2357. /* with CTX free. */
  2358. #endif
  2359. wolfSSL_Ref ref;
  2360. #ifdef HAVE_PQC
  2361. short minFalconKeySz; /* minimum allowed Falcon key size */
  2362. short minDilithiumKeySz; /* minimum allowed Dilithium key size */
  2363. #endif
  2364. #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
  2365. && defined(HAVE_OID_DECODING)
  2366. wc_UnknownExtCallback unknownExtCallback;
  2367. #endif
  2368. };
  2369. WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm,
  2370. const char* fname);
  2371. WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm,
  2372. const char* fname);
  2373. WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem,
  2374. int sz, int* used);
  2375. WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm,
  2376. const void* mem, int sz);
  2377. WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm);
  2378. WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
  2379. long sz, int format, int prev_err);
  2380. #ifndef NO_CERTS
  2381. #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
  2382. typedef struct ProcPeerCertArgs {
  2383. buffer* certs;
  2384. #ifdef WOLFSSL_TLS13
  2385. buffer* exts; /* extensions */
  2386. #endif
  2387. DecodedCert* dCert;
  2388. word32 idx;
  2389. word32 begin;
  2390. int totalCerts; /* number of certs in certs buffer */
  2391. int count;
  2392. int certIdx;
  2393. int lastErr;
  2394. #ifdef WOLFSSL_TLS13
  2395. byte ctxSz;
  2396. #endif
  2397. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  2398. char untrustedDepth;
  2399. #endif
  2400. word16 fatal:1;
  2401. word16 verifyErr:1;
  2402. word16 dCertInit:1;
  2403. #ifdef WOLFSSL_TRUST_PEER_CERT
  2404. word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */
  2405. #endif
  2406. } ProcPeerCertArgs;
  2407. WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
  2408. int ret, ProcPeerCertArgs* args);
  2409. #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */
  2410. #endif /* !defined NO_CERTS */
  2411. /* wolfSSL Sock Addr */
  2412. struct WOLFSSL_SOCKADDR {
  2413. unsigned int sz; /* sockaddr size */
  2414. unsigned int bufSz; /* size of allocated buffer */
  2415. void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
  2416. };
  2417. typedef struct WOLFSSL_DTLS_CTX {
  2418. WOLFSSL_SOCKADDR peer;
  2419. int rfd;
  2420. int wfd;
  2421. byte userSet:1;
  2422. byte connected:1; /* When set indicates rfd and wfd sockets are
  2423. * connected (connect() and bind() both called).
  2424. * This means that sendto and recvfrom do not need to
  2425. * specify and store the peer address. */
  2426. } WOLFSSL_DTLS_CTX;
  2427. typedef struct WOLFSSL_DTLS_PEERSEQ {
  2428. word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
  2429. /* Sliding window for current epoch */
  2430. word16 nextEpoch; /* Expected epoch in next record */
  2431. word16 nextSeq_hi; /* Expected sequence in next record */
  2432. word32 nextSeq_lo;
  2433. word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
  2434. /* Sliding window for old epoch */
  2435. word32 prevSeq_lo;
  2436. word16 prevSeq_hi; /* Next sequence in allowed old epoch */
  2437. #ifdef WOLFSSL_MULTICAST
  2438. word16 peerId;
  2439. word32 highwaterMark;
  2440. #endif
  2441. } WOLFSSL_DTLS_PEERSEQ;
  2442. #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
  2443. /* keys and secrets
  2444. * keep as a constant size (no additional ifdefs) for session export */
  2445. typedef struct Keys {
  2446. #if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13)
  2447. byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */
  2448. byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
  2449. #endif
  2450. byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */
  2451. byte server_write_key[MAX_SYM_KEY_SIZE];
  2452. byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
  2453. byte server_write_IV[MAX_WRITE_IV_SZ];
  2454. #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT)
  2455. byte aead_exp_IV[AEAD_MAX_EXP_SZ];
  2456. byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
  2457. byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
  2458. #endif
  2459. #ifdef WOLFSSL_DTLS13
  2460. byte client_sn_key[MAX_SYM_KEY_SIZE];
  2461. byte server_sn_key[MAX_SYM_KEY_SIZE];
  2462. #endif /* WOLFSSL_DTLS13 */
  2463. word32 peer_sequence_number_hi;
  2464. word32 peer_sequence_number_lo;
  2465. word32 sequence_number_hi;
  2466. word32 sequence_number_lo;
  2467. #ifdef WOLFSSL_DTLS
  2468. word16 curEpoch; /* Received epoch in current record */
  2469. word16 curSeq_hi; /* Received sequence in current record */
  2470. word32 curSeq_lo;
  2471. #ifdef WOLFSSL_DTLS13
  2472. w64wrapper curEpoch64; /* Received epoch in current record */
  2473. w64wrapper curSeq;
  2474. #endif /* WOLFSSL_DTLS13 */
  2475. #ifdef WOLFSSL_MULTICAST
  2476. byte curPeerId; /* Received peer group ID in current record */
  2477. #endif
  2478. WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ];
  2479. word16 dtls_peer_handshake_number;
  2480. word16 dtls_expected_peer_handshake_number;
  2481. word16 dtls_epoch; /* Current epoch */
  2482. word16 dtls_sequence_number_hi; /* Current epoch */
  2483. word32 dtls_sequence_number_lo;
  2484. word16 dtls_prev_sequence_number_hi; /* Previous epoch */
  2485. word32 dtls_prev_sequence_number_lo;
  2486. word16 dtls_handshake_number; /* Current tx handshake seq */
  2487. #endif
  2488. word32 encryptSz; /* last size of encrypted data */
  2489. word32 padSz; /* how much to advance after decrypt part */
  2490. byte encryptionOn; /* true after change cipher spec */
  2491. byte decryptedCur; /* only decrypt current record once */
  2492. #ifdef WOLFSSL_TLS13
  2493. byte updateResponseReq:1; /* KeyUpdate response from peer required. */
  2494. byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
  2495. #endif
  2496. #ifdef WOLFSSL_RENESAS_TSIP_TLS
  2497. tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret;
  2498. tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret;
  2499. #endif
  2500. #ifdef WOLFSSL_RENESAS_FSPSM_TLS
  2501. FSPSM_HMAC_WKEY fspsm_client_write_MAC_secret;
  2502. FSPSM_HMAC_WKEY fspsm_server_write_MAC_secret;
  2503. #endif
  2504. } Keys;
  2505. /* Forward declare opaque pointer to make available for func def */
  2506. typedef struct Options Options;
  2507. /** TLS Extensions - RFC 6066 */
  2508. #ifdef HAVE_TLS_EXTENSIONS
  2509. typedef enum {
  2510. #ifdef HAVE_SNI
  2511. TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
  2512. #endif
  2513. TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
  2514. TLSX_TRUSTED_CA_KEYS = 0x0003,
  2515. TLSX_TRUNCATED_HMAC = 0x0004,
  2516. TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
  2517. TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
  2518. TLSX_EC_POINT_FORMATS = 0x000b,
  2519. #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
  2520. TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */
  2521. #endif
  2522. #ifdef WOLFSSL_SRTP
  2523. TLSX_USE_SRTP = 0x000e, /* 14 */
  2524. #endif
  2525. TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
  2526. TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
  2527. #ifdef HAVE_RPK
  2528. TLSX_CLIENT_CERTIFICATE_TYPE = 0x0013, /* RFC8446 */
  2529. TLSX_SERVER_CERTIFICATE_TYPE = 0x0014, /* RFC8446 */
  2530. #endif
  2531. #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
  2532. TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
  2533. #endif
  2534. TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */
  2535. TLSX_SESSION_TICKET = 0x0023,
  2536. #ifdef WOLFSSL_TLS13
  2537. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  2538. TLSX_PRE_SHARED_KEY = 0x0029,
  2539. #endif
  2540. #ifdef WOLFSSL_EARLY_DATA
  2541. TLSX_EARLY_DATA = 0x002a,
  2542. #endif
  2543. TLSX_SUPPORTED_VERSIONS = 0x002b,
  2544. #ifdef WOLFSSL_SEND_HRR_COOKIE
  2545. TLSX_COOKIE = 0x002c,
  2546. #endif
  2547. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  2548. TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
  2549. #endif
  2550. #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
  2551. TLSX_CERTIFICATE_AUTHORITIES = 0x002f,
  2552. #endif
  2553. #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
  2554. TLSX_POST_HANDSHAKE_AUTH = 0x0031,
  2555. #endif
  2556. #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
  2557. TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
  2558. #endif
  2559. TLSX_KEY_SHARE = 0x0033,
  2560. #if defined(WOLFSSL_DTLS_CID)
  2561. TLSX_CONNECTION_ID = 0x0036,
  2562. #endif /* defined(WOLFSSL_DTLS_CID) */
  2563. #ifdef WOLFSSL_QUIC
  2564. TLSX_KEY_QUIC_TP_PARAMS = 0x0039, /* RFC 9001, ch. 8.2 */
  2565. #endif
  2566. #ifdef WOLFSSL_DUAL_ALG_CERTS
  2567. TLSX_CKS = 0xff92, /* X9.146; ff indcates personal
  2568. * use and 92 is hex for 146. */
  2569. #endif
  2570. #endif
  2571. TLSX_RENEGOTIATION_INFO = 0xff01,
  2572. #ifdef WOLFSSL_QUIC
  2573. TLSX_KEY_QUIC_TP_PARAMS_DRAFT = 0xffa5, /* from draft-ietf-quic-tls-27 */
  2574. #endif
  2575. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  2576. TLSX_ECH = 0xfe0d, /* from draft-ietf-tls-esni-13 */
  2577. #endif
  2578. } TLSX_Type;
  2579. /* TLS Certificate type defined RFC7250
  2580. * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3
  2581. */
  2582. #if defined(HAVE_RPK)
  2583. typedef struct RpkConfig {
  2584. /* user's preference */
  2585. byte preferred_ClientCertTypeCnt;
  2586. byte preferred_ClientCertTypes[MAX_CLIENT_CERT_TYPE_CNT];
  2587. byte preferred_ServerCertTypeCnt;
  2588. byte preferred_ServerCertTypes[MAX_CLIENT_CERT_TYPE_CNT];
  2589. /* reflect to client_certificate_type extension in xxxHello */
  2590. } RpkConfig;
  2591. typedef struct RpkState {
  2592. byte sending_ClientCertTypeCnt;
  2593. byte sending_ClientCertTypes[MAX_CLIENT_CERT_TYPE_CNT];
  2594. /* reflect to server_certificate_type extension in xxxHello */
  2595. byte sending_ServerCertTypeCnt;
  2596. byte sending_ServerCertTypes[MAX_SERVER_CERT_TYPE_CNT];
  2597. /* client_certificate_type extension in received yyyHello */
  2598. byte received_ClientCertTypeCnt;
  2599. byte received_ClientCertTypes[MAX_CLIENT_CERT_TYPE_CNT];
  2600. /* server_certificate_type extension in received yyyHello */
  2601. byte received_ServerCertTypeCnt;
  2602. byte received_ServerCertTypes[MAX_SERVER_CERT_TYPE_CNT];
  2603. /* set if Raw-public-key cert is loaded as own certificate */
  2604. int isRPKLoaded;
  2605. } RpkState;
  2606. #endif /* HAVE_RPK */
  2607. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  2608. typedef enum {
  2609. ECH_TYPE_OUTER = 0,
  2610. ECH_TYPE_INNER = 1
  2611. } EchType;
  2612. typedef enum {
  2613. ECH_WRITE_GREASE,
  2614. ECH_WRITE_REAL,
  2615. ECH_WRITE_RETRY_CONFIGS,
  2616. ECH_WRITE_NONE,
  2617. ECH_PARSED_INTERNAL,
  2618. } EchState;
  2619. typedef struct EchCipherSuite {
  2620. word16 kdfId;
  2621. word16 aeadId;
  2622. } EchCipherSuite;
  2623. typedef struct WOLFSSL_EchConfig {
  2624. byte* raw;
  2625. char* publicName;
  2626. void* receiverPrivkey;
  2627. struct WOLFSSL_EchConfig* next;
  2628. EchCipherSuite* cipherSuites;
  2629. word32 rawLen;
  2630. word16 kemId;
  2631. byte configId;
  2632. byte numCipherSuites;
  2633. byte receiverPubkey[HPKE_Npk_MAX];
  2634. } WOLFSSL_EchConfig;
  2635. typedef struct WOLFSSL_ECH {
  2636. Hpke* hpke;
  2637. const byte* aad;
  2638. void* ephemeralKey;
  2639. WOLFSSL_EchConfig* echConfig;
  2640. byte* innerClientHello;
  2641. byte* outerClientPayload;
  2642. EchCipherSuite cipherSuite;
  2643. word16 aadLen;
  2644. word16 paddingLen;
  2645. word16 innerClientHelloLen;
  2646. word16 kemId;
  2647. word16 encLen;
  2648. EchState state;
  2649. byte type;
  2650. byte configId;
  2651. byte enc[HPKE_Npk_MAX];
  2652. } WOLFSSL_ECH;
  2653. WOLFSSL_LOCAL int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config);
  2654. WOLFSSL_LOCAL int TLSX_FinalizeEch(WOLFSSL_ECH* ech, byte* aad, word32 aadLen);
  2655. WOLFSSL_LOCAL int GetEchConfig(WOLFSSL_EchConfig* config, byte* output,
  2656. word32* outputLen);
  2657. WOLFSSL_LOCAL int GetEchConfigsEx(WOLFSSL_EchConfig* configs,
  2658. byte* output, word32* outputLen);
  2659. #endif
  2660. struct TLSX {
  2661. TLSX_Type type; /* Extension Type */
  2662. void* data; /* Extension Data */
  2663. word32 val; /* Extension Value */
  2664. byte resp; /* IsResponse Flag */
  2665. struct TLSX* next; /* List Behavior */
  2666. };
  2667. WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
  2668. WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap);
  2669. WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
  2670. WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
  2671. WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
  2672. #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
  2673. WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
  2674. word16* pLength);
  2675. WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
  2676. byte msgType, word16* pOffset);
  2677. #endif
  2678. #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
  2679. /* TLS 1.3 Certificate messages have extensions. */
  2680. WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
  2681. word16* pLength);
  2682. WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType,
  2683. word16* pOffset);
  2684. #endif
  2685. WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, const byte* input,
  2686. word16 length, byte msgType, int* found);
  2687. WOLFSSL_LOCAL int TLSX_SupportedVersions_Parse(const WOLFSSL* ssl,
  2688. const byte* input, word16 length, byte msgType, ProtocolVersion* pv,
  2689. Options* opts, TLSX** exts);
  2690. WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length,
  2691. byte msgType, Suites *suites);
  2692. WOLFSSL_LOCAL int TLSX_Push(TLSX** list, TLSX_Type type,
  2693. const void* data, void* heap);
  2694. WOLFSSL_LOCAL int TLSX_Append(TLSX** list, TLSX_Type type,
  2695. const void* data, void* heap);
  2696. #elif defined(HAVE_SNI) \
  2697. || defined(HAVE_MAX_FRAGMENT) \
  2698. || defined(HAVE_TRUSTED_CA) \
  2699. || defined(HAVE_TRUNCATED_HMAC) \
  2700. || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  2701. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
  2702. || defined(HAVE_SUPPORTED_CURVES) \
  2703. || defined(HAVE_ALPN) \
  2704. || defined(HAVE_SESSION_TICKET) \
  2705. || defined(HAVE_SECURE_RENEGOTIATION) \
  2706. || defined(HAVE_SERVER_RENEGOTIATION_INFO)
  2707. #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
  2708. #endif /* HAVE_TLS_EXTENSIONS */
  2709. /** Server Name Indication - RFC 6066 (session 3) */
  2710. #ifdef HAVE_SNI
  2711. typedef struct SNI {
  2712. byte type; /* SNI Type */
  2713. union { char* host_name; } data; /* SNI Data */
  2714. struct SNI* next; /* List Behavior */
  2715. byte status; /* Matching result */
  2716. #ifndef NO_WOLFSSL_SERVER
  2717. byte options; /* Behavior options */
  2718. #endif
  2719. } SNI;
  2720. WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
  2721. word16 size, void* heap);
  2722. WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
  2723. WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
  2724. void** data);
  2725. #ifndef NO_WOLFSSL_SERVER
  2726. WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
  2727. byte options);
  2728. WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* clientHello,
  2729. word32 helloSz, byte type, byte* sni, word32* inOutSz);
  2730. #endif
  2731. #endif /* HAVE_SNI */
  2732. /* Trusted CA Key Indication - RFC 6066 (section 6) */
  2733. #ifdef HAVE_TRUSTED_CA
  2734. typedef struct TCA {
  2735. byte type; /* TCA Type */
  2736. byte* id; /* TCA identifier */
  2737. word16 idSz; /* TCA identifier size */
  2738. struct TCA* next; /* List Behavior */
  2739. } TCA;
  2740. WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type,
  2741. const byte* id, word16 idSz, void* heap);
  2742. #endif /* HAVE_TRUSTED_CA */
  2743. /* Application-Layer Protocol Negotiation - RFC 7301 */
  2744. #ifdef HAVE_ALPN
  2745. typedef struct ALPN {
  2746. char* protocol_name; /* ALPN protocol name */
  2747. struct ALPN* next; /* List Behavior */
  2748. byte options; /* Behavior options */
  2749. byte negotiated; /* ALPN protocol negotiated or not */
  2750. } ALPN;
  2751. WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
  2752. void** data, word16 *dataSz);
  2753. WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
  2754. word16 size, byte options, void* heap);
  2755. WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, byte option);
  2756. #endif /* HAVE_ALPN */
  2757. /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
  2758. #ifdef HAVE_MAX_FRAGMENT
  2759. WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
  2760. #endif /* HAVE_MAX_FRAGMENT */
  2761. /** Truncated HMAC - RFC 6066 (session 7) */
  2762. #ifdef HAVE_TRUNCATED_HMAC
  2763. WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
  2764. #endif /* HAVE_TRUNCATED_HMAC */
  2765. /** Certificate Status Request - RFC 6066 (session 8) */
  2766. #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
  2767. typedef struct {
  2768. byte status_type;
  2769. byte options;
  2770. WOLFSSL* ssl;
  2771. union {
  2772. OcspRequest ocsp;
  2773. } request;
  2774. #ifdef WOLFSSL_TLS13
  2775. buffer response;
  2776. #endif
  2777. } CertificateStatusRequest;
  2778. WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
  2779. byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId);
  2780. #ifndef NO_CERTS
  2781. WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
  2782. void* heap);
  2783. #endif
  2784. WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
  2785. WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
  2786. #endif
  2787. /** Certificate Status Request v2 - RFC 6961 */
  2788. #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
  2789. typedef struct CSRIv2 {
  2790. byte status_type;
  2791. byte options;
  2792. word16 requests;
  2793. union {
  2794. OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
  2795. } request;
  2796. struct CSRIv2* next;
  2797. } CertificateStatusRequestItemV2;
  2798. WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
  2799. byte status_type, byte options, void* heap, int devId);
  2800. #ifndef NO_CERTS
  2801. WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
  2802. byte isPeer, void* heap);
  2803. #endif
  2804. WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
  2805. byte idx);
  2806. WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
  2807. #endif
  2808. #if defined(WOLFSSL_PUBLIC_ASN) && defined(HAVE_PK_CALLBACKS)
  2809. /* Internal callback guarded by WOLFSSL_PUBLIC_ASN because of DecodedCert. */
  2810. typedef int (*CallbackProcessPeerCert)(WOLFSSL* ssl, DecodedCert* p_cert);
  2811. WOLFSSL_API void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx,
  2812. CallbackProcessPeerCert cb);
  2813. #endif /* DecodedCert && HAVE_PK_CALLBACKS */
  2814. #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
  2815. typedef struct SignatureAlgorithms {
  2816. /* Not const since it is modified in TLSX_SignatureAlgorithms_MapPss */
  2817. WOLFSSL* ssl;
  2818. word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
  2819. /* Ignore "nonstandard extension used : zero-sized array in struct/union"
  2820. * MSVC warning */
  2821. #ifdef _MSC_VER
  2822. #pragma warning(disable: 4200)
  2823. #endif
  2824. byte hashSigAlgo[]; /* sig/algo to offer */
  2825. } SignatureAlgorithms;
  2826. WOLFSSL_LOCAL SignatureAlgorithms* TLSX_SignatureAlgorithms_New(
  2827. WOLFSSL* ssl, word16 hashSigAlgoSz, void* heap);
  2828. WOLFSSL_LOCAL void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa,
  2829. void* heap);
  2830. #endif
  2831. /** Supported Elliptic Curves - RFC 4492 (session 4) */
  2832. #ifdef HAVE_SUPPORTED_CURVES
  2833. typedef struct SupportedCurve {
  2834. word16 name; /* Curve Names */
  2835. struct SupportedCurve* next; /* List Behavior */
  2836. } SupportedCurve;
  2837. typedef struct PointFormat {
  2838. byte format; /* PointFormat */
  2839. struct PointFormat* next; /* List Behavior */
  2840. } PointFormat;
  2841. WOLFSSL_LOCAL int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap);
  2842. WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
  2843. void* heap);
  2844. WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
  2845. void* heap);
  2846. #ifndef NO_WOLFSSL_SERVER
  2847. WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first,
  2848. byte second, word32* ecdhCurveOID);
  2849. WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
  2850. WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
  2851. #endif
  2852. WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
  2853. int checkSupported);
  2854. WOLFSSL_LOCAL int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl,
  2855. const byte* input, word16 length, byte isRequest, TLSX** extensions);
  2856. #endif /* HAVE_SUPPORTED_CURVES */
  2857. /** Renegotiation Indication - RFC 5746 */
  2858. #if defined(HAVE_SECURE_RENEGOTIATION) \
  2859. || defined(HAVE_SERVER_RENEGOTIATION_INFO)
  2860. enum key_cache_state {
  2861. SCR_CACHE_NULL = 0, /* empty / begin state */
  2862. SCR_CACHE_NEEDED, /* need to cache keys */
  2863. SCR_CACHE_COPY, /* we have a cached copy */
  2864. SCR_CACHE_PARTIAL, /* partial restore to real keys */
  2865. SCR_CACHE_COMPLETE /* complete restore to real keys */
  2866. };
  2867. /* Additional Connection State according to rfc5746 section 3.1 */
  2868. typedef struct SecureRenegotiation {
  2869. byte enabled; /* secure_renegotiation flag in rfc */
  2870. byte verifySet;
  2871. byte startScr; /* server requested client to start scr */
  2872. enum key_cache_state cache_status; /* track key cache state */
  2873. byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
  2874. byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
  2875. byte subject_hash_set; /* if peer cert hash is set */
  2876. byte subject_hash[KEYID_SIZE]; /* peer cert hash */
  2877. Keys tmp_keys; /* can't overwrite real keys yet */
  2878. } SecureRenegotiation;
  2879. WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
  2880. #ifdef HAVE_SERVER_RENEGOTIATION_INFO
  2881. WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
  2882. #endif
  2883. #endif /* HAVE_SECURE_RENEGOTIATION */
  2884. #ifdef HAVE_SESSION_TICKET
  2885. /* Our ticket format. All members need to be a byte or array of byte to
  2886. * avoid alignment issues */
  2887. typedef struct InternalTicket {
  2888. ProtocolVersion pv; /* version when ticket created */
  2889. byte suite[SUITE_LEN]; /* cipher suite when created */
  2890. byte msecret[SECRET_LEN]; /* master secret */
  2891. byte timestamp[TIMESTAMP_LEN]; /* born on */
  2892. byte haveEMS; /* have extended master secret */
  2893. #ifdef WOLFSSL_TLS13
  2894. byte ageAdd[AGEADD_LEN]; /* Obfuscation of age */
  2895. byte namedGroup[NAMEDGROUP_LEN]; /* Named group used */
  2896. byte ticketNonceLen;
  2897. byte ticketNonce[MAX_TICKET_NONCE_STATIC_SZ];
  2898. #ifdef WOLFSSL_EARLY_DATA
  2899. byte maxEarlyDataSz[MAXEARLYDATASZ_LEN]; /* Max size of
  2900. * early data */
  2901. #endif
  2902. #endif
  2903. #ifdef WOLFSSL_TICKET_HAVE_ID
  2904. byte id[ID_LEN];
  2905. #endif
  2906. #ifdef OPENSSL_EXTRA
  2907. byte sessionCtxSz; /* sessionCtx length */
  2908. byte sessionCtx[ID_LEN]; /* app specific context id */
  2909. #endif /* OPENSSL_EXTRA */
  2910. } InternalTicket;
  2911. #ifndef WOLFSSL_TICKET_EXTRA_PADDING_SZ
  2912. #define WOLFSSL_TICKET_EXTRA_PADDING_SZ 32
  2913. #endif
  2914. #define WOLFSSL_TICKET_ENC_SZ \
  2915. (sizeof(InternalTicket) + WOLFSSL_TICKET_EXTRA_PADDING_SZ)
  2916. /* RFC 5077 defines this for session tickets. All members need to be a byte or
  2917. * array of byte to avoid alignment issues */
  2918. typedef struct ExternalTicket {
  2919. byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */
  2920. byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */
  2921. byte enc_len[OPAQUE16_LEN]; /* encrypted length - 2 */
  2922. byte enc_ticket[WOLFSSL_TICKET_ENC_SZ];
  2923. /* encrypted internal ticket */
  2924. byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac - 32 */
  2925. } ExternalTicket;
  2926. /* Cast to int to reduce amount of casts in code */
  2927. #define SESSION_TICKET_LEN ((int)sizeof(ExternalTicket))
  2928. #define WOLFSSL_TICKET_FIXED_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_ENC_SZ)
  2929. typedef struct SessionTicket {
  2930. word32 lifetime;
  2931. #ifdef WOLFSSL_TLS13
  2932. word64 seen;
  2933. word32 ageAdd;
  2934. #endif
  2935. byte* data;
  2936. word16 size;
  2937. } SessionTicket;
  2938. #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER)
  2939. /* Data passed to default SessionTicket enc/dec callback. */
  2940. typedef struct TicketEncCbCtx {
  2941. /* Name for this context. */
  2942. byte name[WOLFSSL_TICKET_NAME_SZ];
  2943. /* Current keys - current and next. */
  2944. byte key[2][WOLFSSL_TICKET_KEY_SZ];
  2945. /* Expirary date of keys. */
  2946. word32 expirary[2];
  2947. /* Random number generator to use for generating name, keys and IV. */
  2948. WC_RNG rng;
  2949. #ifndef SINGLE_THREADED
  2950. /* Mutex for access to changing keys. */
  2951. wolfSSL_Mutex mutex;
  2952. #endif
  2953. /* Pointer back to SSL_CTX. */
  2954. WOLFSSL_CTX* ctx;
  2955. } TicketEncCbCtx;
  2956. #endif /* !WOLFSSL_NO_DEF_TICKET_ENC_CB && !NO_WOLFSSL_SERVER */
  2957. WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
  2958. SessionTicket* ticket, void* heap);
  2959. WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
  2960. byte* data, word16 size, void* heap);
  2961. WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
  2962. #endif /* HAVE_SESSION_TICKET */
  2963. #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
  2964. int TLSX_EncryptThenMac_Respond(WOLFSSL* ssl);
  2965. #endif
  2966. #ifdef WOLFSSL_TLS13
  2967. /* Cookie extension information - cookie data. */
  2968. typedef struct Cookie {
  2969. word16 len;
  2970. /* Ignore "nonstandard extension used : zero-sized array in struct/union"
  2971. * MSVC warning */
  2972. #ifdef _MSC_VER
  2973. #pragma warning(disable: 4200)
  2974. #endif
  2975. byte data[];
  2976. } Cookie;
  2977. WOLFSSL_LOCAL int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data,
  2978. word16 len, byte* mac, byte macSz, int resp, TLSX** exts);
  2979. WOLFSSL_LOCAL int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie,
  2980. word16 cookieSz);
  2981. /* Key Share - TLS v1.3 Specification */
  2982. /* The KeyShare extension information - entry in a linked list. */
  2983. typedef struct KeyShareEntry {
  2984. word16 group; /* NamedGroup */
  2985. byte* ke; /* Key exchange data */
  2986. word32 keLen; /* Key exchange data length */
  2987. void* key; /* Key struct */
  2988. word32 keyLen; /* Key size (bytes) */
  2989. byte* pubKey; /* Public key */
  2990. word32 pubKeyLen; /* Public key length */
  2991. #if !defined(NO_DH) || defined(HAVE_PQC)
  2992. byte* privKey; /* Private key - DH and PQ KEMs only */
  2993. word32 privKeyLen;/* Only for PQ KEMs. */
  2994. #endif
  2995. #ifdef WOLFSSL_ASYNC_CRYPT
  2996. int lastRet;
  2997. #endif
  2998. struct KeyShareEntry* next; /* List pointer */
  2999. } KeyShareEntry;
  3000. WOLFSSL_LOCAL int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group,
  3001. word16 len, byte* data, KeyShareEntry **kse, TLSX** extensions);
  3002. WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
  3003. WOLFSSL_LOCAL int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl,
  3004. TLSX** extensions);
  3005. WOLFSSL_LOCAL int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse);
  3006. WOLFSSL_LOCAL int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
  3007. byte cipherSuite0, byte cipherSuite, KeyShareEntry** kse,
  3008. byte* searched);
  3009. WOLFSSL_LOCAL int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE);
  3010. WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl, int* doHelloRetry);
  3011. WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* sclientKSEclientKSEsl);
  3012. WOLFSSL_LOCAL int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input,
  3013. word16 length, byte msgType);
  3014. WOLFSSL_LOCAL int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl,
  3015. const byte* input, word16 length, TLSX** extensions);
  3016. #ifdef WOLFSSL_DUAL_ALG_CERTS
  3017. WOLFSSL_LOCAL int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input,
  3018. word16 length, TLSX** extensions);
  3019. WOLFSSL_LOCAL int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions);
  3020. #endif
  3021. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  3022. enum PskDecryptReturn {
  3023. PSK_DECRYPT_NONE = 0,
  3024. PSK_DECRYPT_OK,
  3025. PSK_DECRYPT_CREATE,
  3026. PSK_DECRYPT_FAIL,
  3027. };
  3028. #ifdef HAVE_SESSION_TICKET
  3029. typedef struct psk_sess_free_cb_ctx {
  3030. word32 row;
  3031. #ifdef HAVE_EXT_CACHE
  3032. int extCache;
  3033. int freeSess;
  3034. #endif
  3035. } psk_sess_free_cb_ctx;
  3036. typedef void (psk_sess_free_cb)(const WOLFSSL* ssl, const WOLFSSL_SESSION* sess,
  3037. psk_sess_free_cb_ctx* freeCtx);
  3038. #endif
  3039. /* The PreSharedKey extension information - entry in a linked list. */
  3040. typedef struct PreSharedKey {
  3041. word16 identityLen; /* Length of identity */
  3042. byte* identity; /* PSK identity */
  3043. word32 ticketAge; /* Age of the ticket */
  3044. byte cipherSuite0; /* Cipher Suite */
  3045. byte cipherSuite; /* Cipher Suite */
  3046. word32 binderLen; /* Length of HMAC */
  3047. byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */
  3048. byte hmac; /* HMAC algorithm */
  3049. #ifdef HAVE_SESSION_TICKET
  3050. InternalTicket* it; /* ptr to ticket */
  3051. const WOLFSSL_SESSION* sess; /* ptr to session either from external cache or
  3052. * into SessionCache. Work around so that we
  3053. * don't call into the cache more than once */
  3054. psk_sess_free_cb* sess_free_cb; /* callback to free sess */
  3055. psk_sess_free_cb_ctx sess_free_cb_ctx; /* info for sess_free_cb */
  3056. #endif
  3057. byte resumption:1; /* Resumption PSK */
  3058. byte chosen:1; /* Server's choice */
  3059. byte decryptRet:3; /* Ticket decrypt return */
  3060. struct PreSharedKey* next; /* List pointer */
  3061. } PreSharedKey;
  3062. WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
  3063. byte* output, byte msgType,
  3064. word16* pSz);
  3065. WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
  3066. byte msgType, word16* pSz);
  3067. WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(TLSX** extensions, const byte* identity,
  3068. word16 len, word32 age, byte hmac,
  3069. byte cipherSuite0, byte cipherSuite,
  3070. byte resumption,
  3071. PreSharedKey **preSharedKey,
  3072. void* heap);
  3073. WOLFSSL_LOCAL int TLSX_PreSharedKey_Parse_ClientHello(TLSX** extensions,
  3074. const byte* input, word16 length, void* heap);
  3075. /* The possible Pre-Shared Key key exchange modes. */
  3076. enum PskKeyExchangeMode {
  3077. PSK_KE,
  3078. PSK_DHE_KE
  3079. };
  3080. /* User can define this. */
  3081. #ifndef WOLFSSL_DEF_PSK_CIPHER
  3082. #define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256
  3083. #endif
  3084. WOLFSSL_LOCAL int TLSX_PskKeyModes_Use(WOLFSSL* ssl, byte modes);
  3085. WOLFSSL_LOCAL int TLSX_PskKeyModes_Parse_Modes(const byte* input, word16 length,
  3086. byte msgType, byte* modes);
  3087. #ifdef WOLFSSL_EARLY_DATA
  3088. WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max, int is_response);
  3089. #endif
  3090. #endif /* HAVE_SESSION_TICKET || !NO_PSK */
  3091. /* The types of keys to derive for. */
  3092. enum DeriveKeyType {
  3093. no_key,
  3094. early_data_key,
  3095. handshake_key,
  3096. traffic_key,
  3097. update_traffic_key
  3098. };
  3099. WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl);
  3100. WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl);
  3101. WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store);
  3102. WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl);
  3103. WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret);
  3104. WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key);
  3105. WOLFSSL_LOCAL int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
  3106. const char *label, size_t labelLen,
  3107. const unsigned char *context, size_t contextLen);
  3108. /* The key update request values for KeyUpdate message. */
  3109. enum KeyUpdateRequest {
  3110. update_not_requested,
  3111. update_requested
  3112. };
  3113. #endif /* WOLFSSL_TLS13 */
  3114. #ifdef WOLFSSL_DTLS_CID
  3115. WOLFSSL_LOCAL void TLSX_ConnectionID_Free(byte* ext, void* heap);
  3116. WOLFSSL_LOCAL word16 TLSX_ConnectionID_Write(byte* ext, byte* output);
  3117. WOLFSSL_LOCAL word16 TLSX_ConnectionID_GetSize(byte* ext);
  3118. WOLFSSL_LOCAL int TLSX_ConnectionID_Use(WOLFSSL* ssl);
  3119. WOLFSSL_LOCAL int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input,
  3120. word16 length, byte isRequest);
  3121. WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl);
  3122. WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input,
  3123. word16 inputSize);
  3124. #endif /* WOLFSSL_DTLS_CID */
  3125. #ifdef OPENSSL_EXTRA
  3126. enum SetCBIO {
  3127. WOLFSSL_CBIO_NONE = 0,
  3128. WOLFSSL_CBIO_RECV = 0x1,
  3129. WOLFSSL_CBIO_SEND = 0x2,
  3130. };
  3131. #endif
  3132. #ifdef WOLFSSL_STATIC_EPHEMERAL
  3133. /* contains static ephemeral keys */
  3134. typedef struct {
  3135. #ifndef NO_DH
  3136. DerBuffer* dhKey;
  3137. #endif
  3138. #ifdef HAVE_ECC
  3139. DerBuffer* ecKey;
  3140. #endif
  3141. #ifdef HAVE_CURVE25519
  3142. DerBuffer* x25519Key;
  3143. #endif
  3144. #ifdef HAVE_CURVE448
  3145. DerBuffer* x448Key;
  3146. #endif
  3147. } StaticKeyExchangeInfo_t;
  3148. #endif /* WOLFSSL_STATIC_EPHEMERAL */
  3149. /* wolfSSL context type */
  3150. struct WOLFSSL_CTX {
  3151. WOLFSSL_METHOD* method;
  3152. #ifdef SINGLE_THREADED
  3153. WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
  3154. #endif
  3155. wolfSSL_Ref ref;
  3156. int err; /* error code in case of mutex not created */
  3157. #ifndef NO_DH
  3158. buffer serverDH_P;
  3159. buffer serverDH_G;
  3160. #endif
  3161. #ifndef NO_CERTS
  3162. DerBuffer* certificate;
  3163. DerBuffer* certChain;
  3164. /* chain after self, in DER, with leading size for each cert */
  3165. #ifndef WOLFSSL_NO_CA_NAMES
  3166. WOLF_STACK_OF(WOLFSSL_X509_NAME)* client_ca_names;
  3167. #endif
  3168. #ifdef OPENSSL_EXTRA
  3169. WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
  3170. client_cert_cb CBClientCert; /* client certificate callback */
  3171. CertSetupCallback certSetupCb;
  3172. void* certSetupCbArg;
  3173. #endif
  3174. #ifdef WOLFSSL_TLS13
  3175. int certChainCnt;
  3176. #endif
  3177. DerBuffer* privateKey;
  3178. byte privateKeyType:6;
  3179. byte privateKeyId:1;
  3180. byte privateKeyLabel:1;
  3181. int privateKeySz;
  3182. int privateKeyDevId;
  3183. #ifdef WOLFSSL_DUAL_ALG_CERTS
  3184. DerBuffer* altPrivateKey;
  3185. byte altPrivateKeyType;
  3186. int altPrivateKeySz;
  3187. #endif /* WOLFSSL_DUAL_ALG_CERTS */
  3188. #ifdef OPENSSL_ALL
  3189. WOLFSSL_EVP_PKEY* privateKeyPKey;
  3190. #endif
  3191. WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
  3192. #endif
  3193. #ifdef KEEP_OUR_CERT
  3194. WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
  3195. int ownOurCert; /* Dispose of certificate if we own */
  3196. #endif
  3197. Suites* suites; /* make dynamic, user may not need/set */
  3198. void* heap; /* for user memory overrides */
  3199. byte verifyDepth;
  3200. byte verifyPeer:1;
  3201. byte verifyNone:1;
  3202. byte failNoCert:1;
  3203. byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/
  3204. byte sessionCacheOff:1;
  3205. byte sessionCacheFlushOff:1;
  3206. #ifdef HAVE_EXT_CACHE
  3207. byte internalCacheOff:1;
  3208. byte internalCacheLookupOff:1;
  3209. #endif
  3210. byte sendVerify:2; /* for client side (can not be single bit) */
  3211. byte haveRSA:1; /* RSA available */
  3212. byte haveECC:1; /* ECC available */
  3213. byte haveDH:1; /* server DH params set by user */
  3214. byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
  3215. byte haveFalconSig:1; /* server cert signed w/ Falcon */
  3216. byte haveDilithiumSig:1;/* server cert signed w/ Dilithium */
  3217. byte haveStaticECC:1; /* static server ECC private key */
  3218. byte partialWrite:1; /* only one msg per write call */
  3219. byte autoRetry:1; /* retry read/write on a WANT_{READ|WRITE} */
  3220. byte quietShutdown:1; /* don't send close notify */
  3221. byte groupMessages:1; /* group handshake messages before sending */
  3222. byte minDowngrade; /* minimum downgrade version */
  3223. byte haveEMS:1; /* have extended master secret extension */
  3224. byte useClientOrder:1; /* Use client's cipher preference order */
  3225. #if defined(HAVE_SESSION_TICKET)
  3226. byte noTicketTls12:1; /* TLS 1.2 server won't send ticket */
  3227. #endif
  3228. #ifdef WOLFSSL_TLS13
  3229. #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
  3230. unsigned int maxTicketTls13; /* maximum number of tickets to send */
  3231. #endif
  3232. byte noTicketTls13:1; /* TLS 1.3 Server won't create new Ticket */
  3233. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  3234. byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
  3235. #ifdef HAVE_SUPPORTED_CURVES
  3236. byte onlyPskDheKe:1; /* Only use (EC)DHE with PSK */
  3237. #endif
  3238. #endif
  3239. #endif /* WOLFSSL_TLS13 */
  3240. byte mutualAuth:1; /* Mutual authentication required */
  3241. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  3242. byte postHandshakeAuth:1; /* Post-handshake auth supported. */
  3243. byte verifyPostHandshake:1; /* Only send client cert req post
  3244. * handshake, not also during */
  3245. #endif
  3246. #ifndef NO_DH
  3247. #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
  3248. !defined(HAVE_SELFTEST)
  3249. byte dhKeyTested:1; /* Set when key has been tested. */
  3250. #endif
  3251. #endif
  3252. #if defined(HAVE_SECURE_RENEGOTIATION) || defined(HAVE_SERVER_RENEGOTIATION_INFO)
  3253. byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */
  3254. #endif
  3255. #ifdef HAVE_ENCRYPT_THEN_MAC
  3256. byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
  3257. #endif
  3258. #ifdef WOLFSSL_STATIC_MEMORY
  3259. byte onHeapHint:1; /* whether the ctx/method is put on heap hint */
  3260. #endif
  3261. #if defined(WOLFSSL_STATIC_EPHEMERAL) && !defined(SINGLE_THREADED)
  3262. byte staticKELockInit:1;
  3263. #endif
  3264. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
  3265. byte dtlsSctp:1; /* DTLS-over-SCTP mode */
  3266. #endif
  3267. word16 minProto:1; /* sets min to min available */
  3268. word16 maxProto:1; /* sets max to max available */
  3269. #if defined(HAVE_RPK)
  3270. RpkConfig rpkConfig;
  3271. RpkState rpkState;
  3272. #endif /* HAVE_RPK */
  3273. #ifdef WOLFSSL_SRTP
  3274. word16 dtlsSrtpProfiles; /* DTLS-with-SRTP mode
  3275. * (list of selected profiles - up to 16) */
  3276. #endif
  3277. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST)
  3278. byte haveMcast; /* multicast requested */
  3279. byte mcastID; /* multicast group ID */
  3280. #endif
  3281. #if defined(WOLFSSL_DTLS) && \
  3282. (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU))
  3283. word16 dtlsMtuSz; /* DTLS MTU size */
  3284. #endif
  3285. #ifndef NO_DH
  3286. word16 minDhKeySz; /* minimum DH key size */
  3287. word16 maxDhKeySz; /* maximum DH key size */
  3288. #endif
  3289. #ifndef NO_RSA
  3290. short minRsaKeySz; /* minimum RSA key size */
  3291. #endif
  3292. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
  3293. short minEccKeySz; /* minimum ECC key size */
  3294. #endif
  3295. #ifdef HAVE_PQC
  3296. short minFalconKeySz; /* minimum Falcon key size */
  3297. short minDilithiumKeySz;/* minimum Dilithium key size */
  3298. #endif
  3299. unsigned long mask; /* store SSL_OP_ flags */
  3300. #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
  3301. word32 disabledCurves; /* curves disabled by user */
  3302. #endif
  3303. #ifdef WOLFSSL_SESSION_ID_CTX
  3304. byte sessionCtx[ID_LEN]; /* app session context ID */
  3305. byte sessionCtxSz;
  3306. #endif
  3307. #ifdef OPENSSL_EXTRA
  3308. const unsigned char *alpn_cli_protos;/* ALPN client protocol list */
  3309. unsigned int alpn_cli_protos_len;
  3310. byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
  3311. CallbackInfoState* CBIS; /* used to get info about SSL state */
  3312. WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
  3313. #endif
  3314. #ifdef WOLFSSL_WOLFSENTRY_HOOKS
  3315. NetworkFilterCallback_t AcceptFilter;
  3316. void *AcceptFilter_arg;
  3317. NetworkFilterCallback_t ConnectFilter;
  3318. void *ConnectFilter_arg;
  3319. #endif /* WOLFSSL_WOLFSENTRY_HOOKS */
  3320. CallbackIORecv CBIORecv;
  3321. CallbackIOSend CBIOSend;
  3322. #ifdef WOLFSSL_DTLS
  3323. CallbackGenCookie CBIOCookie; /* gen cookie callback */
  3324. #endif /* WOLFSSL_DTLS */
  3325. #ifdef WOLFSSL_SESSION_EXPORT
  3326. #ifdef WOLFSSL_DTLS
  3327. wc_dtls_export dtls_export; /* export function for DTLS session */
  3328. #endif
  3329. CallbackGetPeer CBGetPeer;
  3330. CallbackSetPeer CBSetPeer;
  3331. #endif
  3332. VerifyCallback verifyCallback; /* cert verification callback */
  3333. void* verifyCbCtx; /* cert verify callback user ctx*/
  3334. #ifdef OPENSSL_ALL
  3335. CertVerifyCallback verifyCertCb;
  3336. void* verifyCertCbArg;
  3337. #endif /* OPENSSL_ALL */
  3338. #ifdef OPENSSL_EXTRA
  3339. SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
  3340. void* protoMsgCtx; /* user set context with msg callback */
  3341. #endif
  3342. word32 timeout; /* session timeout */
  3343. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \
  3344. defined(HAVE_ED448)
  3345. word32 ecdhCurveOID; /* curve Ecc_Sum */
  3346. #endif
  3347. #ifdef HAVE_ECC
  3348. word16 eccTempKeySz; /* in octets 20 - 66 */
  3349. #endif
  3350. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
  3351. word32 pkCurveOID; /* curve Ecc_Sum */
  3352. #endif
  3353. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  3354. byte havePSK; /* psk key set by user */
  3355. wc_psk_client_callback client_psk_cb; /* client callback */
  3356. wc_psk_server_callback server_psk_cb; /* server callback */
  3357. #ifdef WOLFSSL_TLS13
  3358. wc_psk_client_cs_callback client_psk_cs_cb; /* client callback */
  3359. wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
  3360. wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
  3361. #endif
  3362. void* psk_ctx;
  3363. char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
  3364. #endif /* HAVE_SESSION_TICKET || !NO_PSK */
  3365. #ifdef WOLFSSL_TLS13
  3366. word16 group[WOLFSSL_MAX_GROUP_COUNT];
  3367. byte numGroups;
  3368. #endif
  3369. #ifdef WOLFSSL_EARLY_DATA
  3370. word32 maxEarlyDataSz;
  3371. #endif
  3372. #ifdef HAVE_ANON
  3373. byte useAnon; /* User wants to allow Anon suites */
  3374. #endif /* HAVE_ANON */
  3375. #ifdef WOLFSSL_ENCRYPTED_KEYS
  3376. wc_pem_password_cb* passwd_cb;
  3377. void* passwd_userdata;
  3378. #endif
  3379. #ifdef WOLFSSL_LOCAL_X509_STORE
  3380. WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
  3381. WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
  3382. #endif
  3383. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
  3384. byte readAhead;
  3385. void* userPRFArg; /* passed to prf callback */
  3386. #endif
  3387. #ifdef HAVE_EX_DATA
  3388. WOLFSSL_CRYPTO_EX_DATA ex_data;
  3389. #endif
  3390. #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
  3391. defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || defined(WOLFSSL_QUIC))
  3392. CallbackALPNSelect alpnSelect;
  3393. void* alpnSelectArg;
  3394. #endif
  3395. #ifdef HAVE_SNI
  3396. CallbackSniRecv sniRecvCb;
  3397. void* sniRecvCbArg;
  3398. #endif
  3399. #if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
  3400. CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
  3401. word32 mcastFirstSeq; /* first trigger level */
  3402. word32 mcastSecondSeq; /* second trigger level */
  3403. word32 mcastMaxSeq; /* max level */
  3404. #endif
  3405. #ifdef HAVE_OCSP
  3406. WOLFSSL_OCSP ocsp;
  3407. #endif
  3408. int devId; /* async device id to use */
  3409. #ifdef HAVE_TLS_EXTENSIONS
  3410. TLSX* extensions; /* RFC 6066 TLS Extensions data */
  3411. #ifndef NO_WOLFSSL_SERVER
  3412. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  3413. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  3414. OcspRequest* certOcspRequest;
  3415. #endif
  3416. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  3417. OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
  3418. #endif
  3419. #endif
  3420. #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
  3421. SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
  3422. void* ticketEncCtx; /* session encrypt context */
  3423. #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
  3424. || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
  3425. ticketCompatCb ticketEncWrapCb; /* callback for OpenSSL ticket key callback */
  3426. #endif
  3427. int ticketHint; /* ticket hint in seconds */
  3428. #ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB
  3429. TicketEncCbCtx ticketKeyCtx;
  3430. #endif
  3431. #endif
  3432. #endif
  3433. #ifdef HAVE_SUPPORTED_CURVES
  3434. byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
  3435. #endif
  3436. #ifdef ATOMIC_USER
  3437. CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
  3438. CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
  3439. #ifdef HAVE_ENCRYPT_THEN_MAC
  3440. CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */
  3441. CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */
  3442. #endif
  3443. #endif
  3444. #ifdef HAVE_PK_CALLBACKS
  3445. #ifdef HAVE_ECC
  3446. CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */
  3447. CallbackEccSign EccSignCb; /* User EccSign Callback handler */
  3448. void* EccSignCtx; /* Ecc Sign Callback Context */
  3449. CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
  3450. CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
  3451. #endif /* HAVE_ECC */
  3452. #ifdef HAVE_HKDF
  3453. CallbackHKDFExtract HkdfExtractCb; /* User hkdf Extract Callback handler */
  3454. #endif
  3455. #ifdef HAVE_ED25519
  3456. /* User Ed25519Sign Callback handler */
  3457. CallbackEd25519Sign Ed25519SignCb;
  3458. /* User Ed25519Verify Callback handler */
  3459. CallbackEd25519Verify Ed25519VerifyCb;
  3460. #endif
  3461. #ifdef HAVE_CURVE25519
  3462. /* User X25519 KeyGen Callback Handler */
  3463. CallbackX25519KeyGen X25519KeyGenCb;
  3464. /* User X25519 SharedSecret Callback handler */
  3465. CallbackX25519SharedSecret X25519SharedSecretCb;
  3466. #endif
  3467. #ifdef HAVE_ED448
  3468. /* User Ed448Sign Callback handler */
  3469. CallbackEd448Sign Ed448SignCb;
  3470. /* User Ed448Verify Callback handler */
  3471. CallbackEd448Verify Ed448VerifyCb;
  3472. #endif
  3473. #ifdef HAVE_CURVE448
  3474. /* User X448 KeyGen Callback Handler */
  3475. CallbackX448KeyGen X448KeyGenCb;
  3476. /* User X448 SharedSecret Callback handler */
  3477. CallbackX448SharedSecret X448SharedSecretCb;
  3478. #endif
  3479. #ifndef NO_DH
  3480. /* User DH KeyGen Callback handler*/
  3481. CallbackDhGenerateKeyPair DhGenerateKeyPairCb;
  3482. /* User DH Agree Callback handler */
  3483. CallbackDhAgree DhAgreeCb;
  3484. #endif
  3485. #ifndef NO_RSA
  3486. /* User RsaSign Callback handler (priv key) */
  3487. CallbackRsaSign RsaSignCb;
  3488. /* User RsaVerify Callback handler (pub key) */
  3489. CallbackRsaVerify RsaVerifyCb;
  3490. /* User VerifyRsaSign Callback handler (priv key) */
  3491. CallbackRsaVerify RsaSignCheckCb;
  3492. #ifdef WC_RSA_PSS
  3493. /* User RsaSign (priv key) */
  3494. CallbackRsaPssSign RsaPssSignCb;
  3495. /* User RsaVerify (pub key) */
  3496. CallbackRsaPssVerify RsaPssVerifyCb;
  3497. /* User VerifyRsaSign (priv key) */
  3498. CallbackRsaPssVerify RsaPssSignCheckCb;
  3499. #endif
  3500. CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
  3501. CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
  3502. #endif /* NO_RSA */
  3503. /* User generate pre-master handler */
  3504. CallbackGenPreMaster GenPreMasterCb;
  3505. /* User generate master secret handler */
  3506. CallbackGenMasterSecret GenMasterCb;
  3507. /* User generate session key handler */
  3508. CallbackGenSessionKey GenSessionKeyCb;
  3509. /* User setting encrypt keys handler */
  3510. CallbackEncryptKeys EncryptKeysCb;
  3511. /* User Tls finished handler */
  3512. CallbackTlsFinished TlsFinishedCb;
  3513. #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
  3514. /* User Verify mac handler */
  3515. CallbackVerifyMac VerifyMacCb;
  3516. #endif
  3517. #if defined(WOLFSSL_PUBLIC_ASN)
  3518. /* User handler to process a certificate */
  3519. CallbackProcessPeerCert ProcessPeerCertCb;
  3520. #endif
  3521. /* User handler to process the server's key exchange public key */
  3522. CallbackProcessServerSigKex ProcessServerSigKexCb;
  3523. /* User handler to process the TLS record */
  3524. CallbackPerformTlsRecordProcessing PerformTlsRecordProcessingCb;
  3525. /* User handler to do HKDF expansions */
  3526. CallbackHKDFExpandLabel HKDFExpandLabelCb;
  3527. #endif /* HAVE_PK_CALLBACKS */
  3528. #ifdef HAVE_WOLF_EVENT
  3529. WOLF_EVENT_QUEUE event_queue;
  3530. #endif /* HAVE_WOLF_EVENT */
  3531. #ifdef HAVE_EXT_CACHE
  3532. WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, const unsigned char*, int, int*);
  3533. int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
  3534. #endif
  3535. #if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
  3536. Rem_Sess_Cb rem_sess_cb;
  3537. #endif
  3538. #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256)
  3539. Srp* srp; /* TLS Secure Remote Password Protocol*/
  3540. byte* srp_password;
  3541. #endif
  3542. #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
  3543. wolfSSL_CTX_keylog_cb_func keyLogCb;
  3544. #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
  3545. #ifdef WOLFSSL_STATIC_EPHEMERAL
  3546. StaticKeyExchangeInfo_t staticKE;
  3547. #ifndef SINGLE_THREADED
  3548. wolfSSL_Mutex staticKELock;
  3549. #endif
  3550. #endif
  3551. #ifdef WOLFSSL_QUIC
  3552. struct {
  3553. const WOLFSSL_QUIC_METHOD *method;
  3554. } quic;
  3555. #endif
  3556. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  3557. WOLFSSL_EchConfig* echConfigs;
  3558. #endif
  3559. #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS)
  3560. byte doAppleNativeCertValidationFlag:1;
  3561. #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
  3562. #ifdef WOLFSSL_DUAL_ALG_CERTS
  3563. byte *sigSpec;
  3564. word16 sigSpecSz;
  3565. #endif
  3566. };
  3567. WOLFSSL_LOCAL
  3568. int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap);
  3569. WOLFSSL_LOCAL
  3570. void FreeSSL_Ctx(WOLFSSL_CTX* ctx);
  3571. WOLFSSL_LOCAL
  3572. void SSL_CtxResourceFree(WOLFSSL_CTX* ctx);
  3573. #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
  3574. #ifndef HAVE_EX_DATA
  3575. #error "HAVE_EX_DATA_CLEANUP_HOOKS requires HAVE_EX_DATA to be defined"
  3576. #endif
  3577. void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data);
  3578. #endif
  3579. WOLFSSL_LOCAL
  3580. int DeriveTlsKeys(WOLFSSL* ssl);
  3581. WOLFSSL_LOCAL
  3582. int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
  3583. word32 inSz, word16 sz);
  3584. #ifndef NO_CERTS
  3585. WOLFSSL_LOCAL
  3586. int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
  3587. WOLFSSL_LOCAL
  3588. int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
  3589. #ifdef WOLFSSL_TRUST_PEER_CERT
  3590. WOLFSSL_LOCAL
  3591. int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
  3592. WOLFSSL_LOCAL
  3593. int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert);
  3594. #endif
  3595. #endif
  3596. /* All cipher suite related info
  3597. * Keep as a constant size (no ifdefs) for session export */
  3598. typedef struct CipherSpecs {
  3599. word16 key_size;
  3600. word16 iv_size;
  3601. word16 block_size;
  3602. word16 aead_mac_size;
  3603. byte bulk_cipher_algorithm;
  3604. byte cipher_type; /* block, stream, or aead */
  3605. byte mac_algorithm;
  3606. byte kea; /* key exchange algo */
  3607. byte sig_algo;
  3608. byte hash_size;
  3609. byte pad_size;
  3610. byte static_ecdh;
  3611. } CipherSpecs;
  3612. void InitCipherSpecs(CipherSpecs* cs);
  3613. /* Supported Key Exchange Protocols */
  3614. enum KeyExchangeAlgorithm {
  3615. no_kea,
  3616. rsa_kea,
  3617. diffie_hellman_kea,
  3618. fortezza_kea,
  3619. psk_kea,
  3620. dhe_psk_kea,
  3621. ecdhe_psk_kea,
  3622. ecc_diffie_hellman_kea,
  3623. ecc_static_diffie_hellman_kea /* for verify suite only */
  3624. };
  3625. /* Used with InitSuitesHashSigAlgo_ex2 */
  3626. #define SIG_ECDSA 0x01
  3627. #define SIG_RSA 0x02
  3628. #define SIG_SM2 0x04
  3629. #define SIG_FALCON 0x08
  3630. #define SIG_DILITHIUM 0x10
  3631. #define SIG_ANON 0x20
  3632. /* Supported Authentication Schemes */
  3633. enum SignatureAlgorithm {
  3634. anonymous_sa_algo = 0,
  3635. rsa_sa_algo = 1,
  3636. dsa_sa_algo = 2,
  3637. ecc_dsa_sa_algo = 3,
  3638. rsa_pss_sa_algo = 8,
  3639. ed25519_sa_algo = 9,
  3640. rsa_pss_pss_algo = 10,
  3641. ed448_sa_algo = 11,
  3642. falcon_level1_sa_algo = 12,
  3643. falcon_level5_sa_algo = 13,
  3644. dilithium_level2_sa_algo = 14,
  3645. dilithium_level3_sa_algo = 15,
  3646. dilithium_level5_sa_algo = 16,
  3647. sm2_sa_algo = 17,
  3648. invalid_sa_algo = 255
  3649. };
  3650. #define PSS_RSAE_TO_PSS_PSS(macAlgo) \
  3651. ((macAlgo) + (pss_sha256 - sha256_mac))
  3652. #define PSS_PSS_HASH_TO_MAC(macAlgo) \
  3653. ((macAlgo) - (pss_sha256 - sha256_mac))
  3654. enum SigAlgRsaPss {
  3655. pss_sha256 = 0x09,
  3656. pss_sha384 = 0x0a,
  3657. pss_sha512 = 0x0b,
  3658. };
  3659. #ifdef WOLFSSL_SM2
  3660. /* Default SM2 signature ID. */
  3661. #define TLS12_SM2_SIG_ID ((byte*)"1234567812345678")
  3662. /* Length of default SM2 signature ID. */
  3663. #define TLS12_SM2_SIG_ID_SZ 16
  3664. /* https://www.rfc-editor.org/rfc/rfc8998.html#name-sm2-signature-scheme */
  3665. /* ID to use when signing/verifying TLS v1.3 data. */
  3666. #define TLS13_SM2_SIG_ID ((byte*)"TLSv1.3+GM+Cipher+Suite")
  3667. /* Length of ID to use when signing/verifying TLS v1.3 data. */
  3668. #define TLS13_SM2_SIG_ID_SZ 23
  3669. #endif
  3670. /* Supported ECC Curve Types */
  3671. enum EccCurves {
  3672. named_curve = 3
  3673. };
  3674. /* Valid client certificate request types from page 27 */
  3675. enum ClientCertificateType {
  3676. rsa_sign = 1,
  3677. dss_sign = 2,
  3678. rsa_fixed_dh = 3,
  3679. dss_fixed_dh = 4,
  3680. rsa_ephemeral_dh = 5,
  3681. dss_ephemeral_dh = 6,
  3682. fortezza_kea_cert = 20,
  3683. ecdsa_sign = 64,
  3684. rsa_fixed_ecdh = 65,
  3685. ecdsa_fixed_ecdh = 66,
  3686. falcon_sign = 67,
  3687. dilithium_sign = 68,
  3688. };
  3689. #ifndef WOLFSSL_AEAD_ONLY
  3690. enum CipherType { stream, block, aead };
  3691. #else
  3692. enum CipherType { aead };
  3693. #endif
  3694. #if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA) || \
  3695. (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13)
  3696. #define CIPHER_NONCE
  3697. #endif
  3698. #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
  3699. enum CipherSrc {
  3700. KEYS_NOT_SET = 0,
  3701. KEYS, /* keys from ssl->keys are loaded */
  3702. SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */
  3703. };
  3704. #endif
  3705. #ifdef WOLFSSL_CIPHER_TEXT_CHECK
  3706. #ifndef WOLFSSL_CIPHER_CHECK_SZ
  3707. /* 64-bits to confirm encrypt operation worked */
  3708. #define WOLFSSL_CIPHER_CHECK_SZ 8
  3709. #endif
  3710. #endif
  3711. /* cipher for now */
  3712. typedef struct Ciphers {
  3713. #ifdef BUILD_ARC4
  3714. Arc4* arc4;
  3715. #endif
  3716. #ifdef BUILD_DES3
  3717. Des3* des3;
  3718. #endif
  3719. #if defined(BUILD_AES) || defined(BUILD_AESGCM)
  3720. Aes* aes;
  3721. #endif
  3722. #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && !defined(WOLFSSL_NO_TLS12)
  3723. byte* additional;
  3724. #endif
  3725. #ifdef HAVE_ARIA
  3726. wc_Aria* aria;
  3727. #endif
  3728. #ifdef CIPHER_NONCE
  3729. byte* nonce;
  3730. #endif
  3731. #ifdef HAVE_CAMELLIA
  3732. Camellia* cam;
  3733. #endif
  3734. #ifdef HAVE_CHACHA
  3735. ChaCha* chacha;
  3736. #endif
  3737. #ifdef WOLFSSL_SM4
  3738. wc_Sm4* sm4;
  3739. #endif
  3740. #if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) && !defined(NO_HMAC)
  3741. Hmac* hmac;
  3742. #endif
  3743. #ifdef WOLFSSL_CIPHER_TEXT_CHECK
  3744. word32 sanityCheck[WOLFSSL_CIPHER_CHECK_SZ/sizeof(word32)];
  3745. #endif
  3746. byte state;
  3747. byte setup; /* have we set it up flag for detection */
  3748. #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
  3749. enum CipherSrc src; /* DTLS uses this to determine which keys
  3750. * are currently loaded */
  3751. #endif
  3752. } Ciphers;
  3753. #ifdef WOLFSSL_DTLS13
  3754. typedef struct RecordNumberCiphers {
  3755. #if defined(BUILD_AES) || defined(BUILD_AESGCM)
  3756. Aes *aes;
  3757. #endif /* BUILD_AES || BUILD_AESGCM */
  3758. #ifdef HAVE_CHACHA
  3759. ChaCha *chacha;
  3760. #endif
  3761. } RecordNumberCiphers;
  3762. #endif /* WOLFSSL_DTLS13 */
  3763. #ifdef HAVE_ONE_TIME_AUTH
  3764. /* Ciphers for one time authentication such as poly1305 */
  3765. typedef struct OneTimeAuth {
  3766. #ifdef HAVE_POLY1305
  3767. Poly1305* poly1305;
  3768. #endif
  3769. byte setup; /* flag for if a cipher has been set */
  3770. } OneTimeAuth;
  3771. #endif
  3772. WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
  3773. WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
  3774. /* hashes type */
  3775. typedef struct Hashes {
  3776. #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
  3777. byte md5[WC_MD5_DIGEST_SIZE];
  3778. #endif
  3779. #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
  3780. defined(WOLFSSL_ALLOW_TLS_SHA1))
  3781. byte sha[WC_SHA_DIGEST_SIZE];
  3782. #endif
  3783. #ifndef NO_SHA256
  3784. byte sha256[WC_SHA256_DIGEST_SIZE];
  3785. #endif
  3786. #ifdef WOLFSSL_SHA384
  3787. byte sha384[WC_SHA384_DIGEST_SIZE];
  3788. #endif
  3789. #ifdef WOLFSSL_SHA512
  3790. byte sha512[WC_SHA512_DIGEST_SIZE];
  3791. #endif
  3792. #ifdef WOLFSSL_SM3
  3793. byte sm3[WC_SM3_DIGEST_SIZE];
  3794. #endif
  3795. } Hashes;
  3796. WOLFSSL_LOCAL int BuildCertHashes(const WOLFSSL* ssl, Hashes* hashes);
  3797. #ifdef WOLFSSL_TLS13
  3798. typedef union Digest {
  3799. #ifndef NO_WOLFSSL_SHA256
  3800. wc_Sha256 sha256;
  3801. #endif
  3802. #ifdef WOLFSSL_SHA384
  3803. wc_Sha384 sha384;
  3804. #endif
  3805. #ifdef WOLFSSL_SHA512
  3806. wc_Sha512 sha512;
  3807. #endif
  3808. #ifdef WOLFSSL_SM3
  3809. wc_Sm3 sm3;
  3810. #endif
  3811. } Digest;
  3812. #endif
  3813. /* Static x509 buffer */
  3814. typedef struct x509_buffer {
  3815. int length; /* actual size */
  3816. byte buffer[MAX_X509_SIZE]; /* max static cert size */
  3817. } x509_buffer;
  3818. /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
  3819. struct WOLFSSL_X509_CHAIN {
  3820. int count; /* total number in chain */
  3821. x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
  3822. };
  3823. typedef enum WOLFSSL_SESSION_TYPE {
  3824. WOLFSSL_SESSION_TYPE_UNKNOWN,
  3825. WOLFSSL_SESSION_TYPE_SSL, /* in ssl->session */
  3826. WOLFSSL_SESSION_TYPE_CACHE, /* pointer to internal cache */
  3827. WOLFSSL_SESSION_TYPE_HEAP /* allocated from heap SESSION_new */
  3828. } WOLFSSL_SESSION_TYPE;
  3829. #ifdef WOLFSSL_QUIC
  3830. typedef struct QuicRecord QuicRecord;
  3831. typedef struct QuicRecord {
  3832. struct QuicRecord *next;
  3833. uint8_t *data;
  3834. word32 capacity;
  3835. word32 len;
  3836. word32 start;
  3837. word32 end;
  3838. WOLFSSL_ENCRYPTION_LEVEL level;
  3839. word32 rec_hdr_remain;
  3840. } QuicEncData;
  3841. typedef struct QuicTransportParam QuicTransportParam;
  3842. struct QuicTransportParam {
  3843. const uint8_t *data;
  3844. word16 len;
  3845. };
  3846. WOLFSSL_LOCAL const QuicTransportParam *QuicTransportParam_new(const uint8_t *data, size_t len, void *heap);
  3847. WOLFSSL_LOCAL const QuicTransportParam *QuicTransportParam_dup(const QuicTransportParam *tp, void *heap);
  3848. WOLFSSL_LOCAL void QuicTransportParam_free(const QuicTransportParam *tp, void *heap);
  3849. WOLFSSL_LOCAL int TLSX_QuicTP_Use(WOLFSSL* ssl, TLSX_Type ext_type, int is_response);
  3850. WOLFSSL_LOCAL int wolfSSL_quic_add_transport_extensions(WOLFSSL *ssl, int msg_type);
  3851. #define QTP_FREE QuicTransportParam_free
  3852. #endif /* WOLFSSL_QUIC */
  3853. /** Session Ticket - RFC 5077 (session 3.2) */
  3854. #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  3855. /* Ticket nonce - for deriving PSK.
  3856. Length allowed to be: 1..255. Only support
  3857. * TLS13_TICKET_NONCE_STATIC_SZ length bytes.
  3858. */
  3859. typedef struct TicketNonce {
  3860. byte len;
  3861. #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
  3862. (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
  3863. byte *data;
  3864. byte dataStatic[MAX_TICKET_NONCE_STATIC_SZ];
  3865. #else
  3866. byte data[MAX_TICKET_NONCE_STATIC_SZ];
  3867. #endif /* WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */
  3868. } TicketNonce;
  3869. #endif
  3870. /* wolfSSL session type */
  3871. struct WOLFSSL_SESSION {
  3872. /* WARNING Do not add fields here. They will be ignored in
  3873. * wolfSSL_DupSession. */
  3874. WOLFSSL_SESSION_TYPE type;
  3875. #ifndef NO_SESSION_CACHE
  3876. int cacheRow; /* row in session cache */
  3877. #endif
  3878. wolfSSL_Ref ref;
  3879. byte altSessionID[ID_LEN];
  3880. byte haveAltSessionID:1;
  3881. #ifdef HAVE_EX_DATA
  3882. byte ownExData:1;
  3883. #endif
  3884. #if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
  3885. Rem_Sess_Cb rem_sess_cb;
  3886. #endif
  3887. void* heap;
  3888. /* WARNING The above fields (up to and including the heap) are not copied
  3889. * in wolfSSL_DupSession. Place new fields after the heap
  3890. * member */
  3891. byte side; /* Either WOLFSSL_CLIENT_END or
  3892. WOLFSSL_SERVER_END */
  3893. word32 bornOn; /* create time in seconds */
  3894. word32 timeout; /* timeout in seconds */
  3895. byte sessionID[ID_LEN]; /* id for protocol or bogus
  3896. * ID for TLS 1.3 */
  3897. byte sessionIDSz;
  3898. byte masterSecret[SECRET_LEN]; /* stored secret */
  3899. word16 haveEMS; /* ext master secret flag */
  3900. #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
  3901. WOLFSSL_X509* peer; /* peer cert */
  3902. #endif
  3903. #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
  3904. defined(HAVE_SESSION_TICKET))
  3905. ProtocolVersion version; /* which version was used */
  3906. #endif
  3907. #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
  3908. (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
  3909. byte cipherSuite0; /* first byte, normally 0 */
  3910. byte cipherSuite; /* 2nd byte, actual suite */
  3911. #endif
  3912. #ifndef NO_CLIENT_CACHE
  3913. word16 idLen; /* serverID length */
  3914. byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
  3915. #endif
  3916. #ifdef WOLFSSL_SESSION_ID_CTX
  3917. byte sessionCtxSz; /* sessionCtx length */
  3918. byte sessionCtx[ID_LEN]; /* app specific context id */
  3919. #endif /* WOLFSSL_SESSION_ID_CTX */
  3920. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  3921. byte peerVerifyRet; /* cert verify error */
  3922. #endif
  3923. #ifdef WOLFSSL_TLS13
  3924. word16 namedGroup;
  3925. #endif
  3926. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  3927. #ifdef WOLFSSL_TLS13
  3928. #ifdef WOLFSSL_32BIT_MILLI_TIME
  3929. word32 ticketSeen; /* Time ticket seen (ms) */
  3930. #else
  3931. sword64 ticketSeen; /* Time ticket seen (ms) */
  3932. #endif
  3933. word32 ticketAdd; /* Added by client */
  3934. TicketNonce ticketNonce; /* Nonce used to derive PSK */
  3935. #endif
  3936. #ifdef WOLFSSL_EARLY_DATA
  3937. word32 maxEarlyDataSz;
  3938. #endif
  3939. #endif
  3940. #ifdef HAVE_SESSION_TICKET
  3941. byte staticTicket[SESSION_TICKET_LEN];
  3942. byte* ticket;
  3943. word16 ticketLen;
  3944. word16 ticketLenAlloc; /* is dynamic */
  3945. #endif
  3946. #ifdef SESSION_CERTS
  3947. WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
  3948. #ifdef WOLFSSL_ALT_CERT_CHAINS
  3949. WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
  3950. #endif
  3951. #endif
  3952. #ifdef HAVE_EX_DATA
  3953. WOLFSSL_CRYPTO_EX_DATA ex_data;
  3954. #endif
  3955. byte isSetup:1;
  3956. };
  3957. #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \
  3958. defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
  3959. (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
  3960. WOLFSSL_LOCAL int SessionTicketNoncePopulate(WOLFSSL_SESSION *session,
  3961. const byte* nonce, byte len);
  3962. #endif /* WOLFSSL_TLS13 && */
  3963. WOLFSSL_LOCAL int wolfSSL_RAND_Init(void);
  3964. WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_NewSession(void* heap);
  3965. WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSession(
  3966. WOLFSSL* ssl, byte* masterSecret, byte restoreSessionCerts);
  3967. WOLFSSL_LOCAL void SetupSession(WOLFSSL* ssl);
  3968. WOLFSSL_LOCAL void AddSession(WOLFSSL* ssl);
  3969. /* use wolfSSL_API visibility to be able to test in tests/api.c */
  3970. WOLFSSL_API int AddSessionToCache(WOLFSSL_CTX* ctx,
  3971. WOLFSSL_SESSION* addSession, const byte* id, byte idSz, int* sessionIndex,
  3972. int side, word16 useTicket, ClientSession** clientCacheEntry);
  3973. #ifndef NO_CLIENT_CACHE
  3974. WOLFSSL_LOCAL ClientSession* AddSessionToClientCache(int side, int row, int idx,
  3975. byte* serverID, word16 idLen, const byte* sessionID,
  3976. word16 useTicket);
  3977. #endif
  3978. WOLFSSL_LOCAL
  3979. WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session);
  3980. WOLFSSL_LOCAL void TlsSessionCacheUnlockRow(word32 row);
  3981. WOLFSSL_LOCAL int TlsSessionCacheGetAndRdLock(const byte *id,
  3982. const WOLFSSL_SESSION **sess, word32 *lockedRow, byte side);
  3983. WOLFSSL_LOCAL int TlsSessionCacheGetAndWrLock(const byte *id,
  3984. WOLFSSL_SESSION **sess, word32 *lockedRow, byte side);
  3985. WOLFSSL_LOCAL void EvictSessionFromCache(WOLFSSL_SESSION* session);
  3986. /* WOLFSSL_API to test it in tests/api.c */
  3987. WOLFSSL_API int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output);
  3988. WOLFSSL_LOCAL int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session);
  3989. WOLFSSL_LOCAL void wolfSSL_FreeSession(WOLFSSL_CTX* ctx,
  3990. WOLFSSL_SESSION* session);
  3991. WOLFSSL_LOCAL int wolfSSL_DupSession(const WOLFSSL_SESSION* input,
  3992. WOLFSSL_SESSION* output, int avoidSysCalls);
  3993. typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
  3994. #ifndef NO_CLIENT_CACHE
  3995. WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSessionClient(
  3996. WOLFSSL* ssl, const byte* id, int len);
  3997. #endif
  3998. /* client connect state for nonblocking restart */
  3999. enum ConnectState {
  4000. CONNECT_BEGIN = 0,
  4001. CLIENT_HELLO_SENT,
  4002. HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
  4003. HELLO_AGAIN_REPLY,
  4004. FIRST_REPLY_DONE,
  4005. FIRST_REPLY_FIRST,
  4006. FIRST_REPLY_SECOND,
  4007. FIRST_REPLY_THIRD,
  4008. FIRST_REPLY_FOURTH,
  4009. FINISHED_DONE,
  4010. SECOND_REPLY_DONE,
  4011. #ifdef WOLFSSL_DTLS13
  4012. WAIT_FINISHED_ACK
  4013. #endif /* WOLFSSL_DTLS13 */
  4014. };
  4015. /* server accept state for nonblocking restart */
  4016. enum AcceptState {
  4017. ACCEPT_BEGIN = 0,
  4018. ACCEPT_BEGIN_RENEG,
  4019. ACCEPT_CLIENT_HELLO_DONE,
  4020. ACCEPT_HELLO_RETRY_REQUEST_DONE,
  4021. ACCEPT_FIRST_REPLY_DONE,
  4022. SERVER_HELLO_SENT,
  4023. CERT_SENT,
  4024. CERT_VERIFY_SENT,
  4025. CERT_STATUS_SENT,
  4026. KEY_EXCHANGE_SENT,
  4027. CERT_REQ_SENT,
  4028. SERVER_HELLO_DONE,
  4029. ACCEPT_SECOND_REPLY_DONE,
  4030. TICKET_SENT,
  4031. CHANGE_CIPHER_SENT,
  4032. ACCEPT_FINISHED_DONE,
  4033. ACCEPT_THIRD_REPLY_DONE
  4034. };
  4035. /* TLS 1.3 server accept state for nonblocking restart */
  4036. enum AcceptStateTls13 {
  4037. TLS13_ACCEPT_BEGIN = 0,
  4038. TLS13_ACCEPT_BEGIN_RENEG,
  4039. TLS13_ACCEPT_CLIENT_HELLO_DONE,
  4040. TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE,
  4041. TLS13_ACCEPT_FIRST_REPLY_DONE,
  4042. TLS13_ACCEPT_SECOND_REPLY_DONE,
  4043. TLS13_SERVER_HELLO_SENT,
  4044. TLS13_ACCEPT_THIRD_REPLY_DONE,
  4045. TLS13_SERVER_EXTENSIONS_SENT,
  4046. TLS13_CERT_REQ_SENT,
  4047. TLS13_CERT_SENT,
  4048. TLS13_CERT_VERIFY_SENT,
  4049. TLS13_ACCEPT_FINISHED_SENT,
  4050. TLS13_PRE_TICKET_SENT,
  4051. TLS13_ACCEPT_FINISHED_DONE,
  4052. TLS13_TICKET_SENT
  4053. };
  4054. /* buffers for struct WOLFSSL */
  4055. typedef struct Buffers {
  4056. bufferStatic inputBuffer;
  4057. bufferStatic outputBuffer;
  4058. buffer domainName; /* for client check */
  4059. buffer clearOutputBuffer;
  4060. buffer sig; /* signature data */
  4061. buffer digest; /* digest data */
  4062. int prevSent; /* previous plain text bytes sent
  4063. when got WANT_WRITE */
  4064. int plainSz; /* plain text bytes in buffer to send
  4065. when got WANT_WRITE */
  4066. byte weOwnCert; /* SSL own cert flag */
  4067. byte weOwnCertChain; /* SSL own cert chain flag */
  4068. byte weOwnKey; /* SSL own key flag */
  4069. #ifdef WOLFSSL_DUAL_ALG_CERTS
  4070. byte weOwnAltKey; /* SSL own alt key flag */
  4071. #endif
  4072. byte weOwnDH; /* SSL own dh (p,g) flag */
  4073. #ifndef NO_DH
  4074. buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
  4075. buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
  4076. buffer serverDH_Pub;
  4077. buffer serverDH_Priv;
  4078. DhKey* serverDH_Key;
  4079. #endif
  4080. #ifndef NO_CERTS
  4081. DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
  4082. DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
  4083. byte keyType:6; /* Type of key: RSA, ECC, Ed25519 */
  4084. byte keyId:1; /* Key data is an id not data */
  4085. byte keyLabel:1; /* Key data is a label not data */
  4086. int keySz; /* Size of RSA key */
  4087. int keyDevId; /* Device Id for key */
  4088. #ifdef WOLFSSL_DUAL_ALG_CERTS
  4089. DerBuffer* altKey; /* WOLFSSL_CTX owns, unless we own */
  4090. byte altKeyType; /* Type of key: dilithium, falcon */
  4091. int altKeySz; /* Size of key */
  4092. #endif
  4093. DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
  4094. /* chain after self, in DER, with leading size for each cert */
  4095. #ifdef WOLFSSL_TLS13
  4096. int certChainCnt;
  4097. DerBuffer* certExts;
  4098. #endif
  4099. #endif
  4100. #ifdef WOLFSSL_SEND_HRR_COOKIE
  4101. buffer tls13CookieSecret; /* HRR cookie secret */
  4102. #endif
  4103. #ifdef WOLFSSL_DTLS
  4104. WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
  4105. #ifndef NO_WOLFSSL_SERVER
  4106. buffer dtlsCookieSecret; /* DTLS cookie secret */
  4107. #endif /* NO_WOLFSSL_SERVER */
  4108. #endif
  4109. #ifdef HAVE_PK_CALLBACKS
  4110. #ifdef HAVE_ECC
  4111. buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
  4112. #endif /* HAVE_ECC */
  4113. #ifdef HAVE_ED25519
  4114. buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
  4115. #endif /* HAVE_ED25519 */
  4116. #ifdef HAVE_ED448
  4117. buffer peerEd448Key; /* for Ed448 Verify Callbacks */
  4118. #endif /* HAVE_ED448 */
  4119. #ifndef NO_RSA
  4120. buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
  4121. #endif /* NO_RSA */
  4122. #endif /* HAVE_PK_CALLBACKS */
  4123. } Buffers;
  4124. /* sub-states for send/do key share (key exchange) */
  4125. enum asyncState {
  4126. TLS_ASYNC_BEGIN = 0,
  4127. TLS_ASYNC_BUILD,
  4128. TLS_ASYNC_DO,
  4129. TLS_ASYNC_VERIFY,
  4130. TLS_ASYNC_FINALIZE,
  4131. TLS_ASYNC_END
  4132. };
  4133. /* sub-states for build message */
  4134. enum buildMsgState {
  4135. BUILD_MSG_BEGIN = 0,
  4136. BUILD_MSG_SIZE,
  4137. BUILD_MSG_HASH,
  4138. BUILD_MSG_VERIFY_MAC,
  4139. BUILD_MSG_ENCRYPT,
  4140. BUILD_MSG_ENCRYPTED_VERIFY_MAC,
  4141. };
  4142. /* sub-states for cipher operations */
  4143. enum cipherState {
  4144. CIPHER_STATE_BEGIN = 0,
  4145. CIPHER_STATE_DO,
  4146. CIPHER_STATE_END,
  4147. };
  4148. struct Options {
  4149. #ifndef NO_PSK
  4150. wc_psk_client_callback client_psk_cb;
  4151. wc_psk_server_callback server_psk_cb;
  4152. #ifdef OPENSSL_EXTRA
  4153. wc_psk_use_session_cb_func session_psk_cb;
  4154. #endif
  4155. #ifdef WOLFSSL_TLS13
  4156. wc_psk_client_cs_callback client_psk_cs_cb; /* client callback */
  4157. wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
  4158. wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
  4159. #endif
  4160. void* psk_ctx;
  4161. #endif /* NO_PSK */
  4162. unsigned long mask; /* store SSL_OP_ flags */
  4163. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
  4164. word16 minProto:1; /* sets min to min available */
  4165. word16 maxProto:1; /* sets max to max available */
  4166. #endif
  4167. #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13)
  4168. unsigned int maxTicketTls13; /* maximum number of tickets to send */
  4169. unsigned int ticketsSent; /* keep track of the total sent */
  4170. #endif
  4171. /* on/off or small bit flags, optimize layout */
  4172. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  4173. word16 havePSK:1; /* psk key set by user */
  4174. #endif /* HAVE_SESSION_TICKET || !NO_PSK */
  4175. word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
  4176. word16 sessionCacheOff:1;
  4177. word16 sessionCacheFlushOff:1;
  4178. #ifdef HAVE_EXT_CACHE
  4179. word16 internalCacheOff:1;
  4180. word16 internalCacheLookupOff:1;
  4181. #endif
  4182. word16 side:2; /* client, server or neither end */
  4183. word16 verifyPeer:1;
  4184. word16 verifyNone:1;
  4185. word16 failNoCert:1;
  4186. word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
  4187. word16 downgrade:1; /* allow downgrade of versions */
  4188. word16 resuming:1;
  4189. #ifdef HAVE_SECURE_RENEGOTIATION
  4190. word16 resumed:1; /* resuming may be reset on SCR */
  4191. #endif
  4192. word16 isPSK:1;
  4193. word16 haveSessionId:1; /* server may not send */
  4194. word16 tls:1; /* using TLS ? */
  4195. word16 tls1_1:1; /* using TLSv1.1+ ? */
  4196. word16 tls1_3:1; /* using TLSv1.3+ ? */
  4197. word16 seenUnifiedHdr:1; /* received msg with unified header */
  4198. word16 dtls:1; /* using datagrams ? */
  4199. #ifdef WOLFSSL_DTLS
  4200. word16 dtlsStateful:1; /* allow stateful processing ? */
  4201. #endif
  4202. word16 connReset:1; /* has the peer reset */
  4203. word16 isClosed:1; /* if we consider conn closed */
  4204. word16 closeNotify:1; /* we've received a close notify */
  4205. word16 sentNotify:1; /* we've sent a close notify */
  4206. word16 shutdownDone:1; /* we've completed a shutdown */
  4207. word16 usingCompression:1; /* are we using compression */
  4208. word16 haveRSA:1; /* RSA available */
  4209. word16 haveECC:1; /* ECC available */
  4210. word16 haveDH:1; /* server DH params set by user */
  4211. word16 haveECDSAsig:1; /* server ECDSA signed cert */
  4212. word16 haveStaticECC:1; /* static server ECC private key */
  4213. word16 haveFalconSig:1; /* server Falcon signed cert */
  4214. word16 haveDilithiumSig:1; /* server Dilithium signed cert */
  4215. word16 havePeerCert:1; /* do we have peer's cert */
  4216. word16 havePeerVerify:1; /* and peer's cert verify */
  4217. word16 usingPSK_cipher:1; /* are using psk as cipher */
  4218. word16 usingAnon_cipher:1; /* are we using an anon cipher */
  4219. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  4220. word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
  4221. #ifdef HAVE_SUPPORTED_CURVES
  4222. word16 onlyPskDheKe:1; /* Only use (EC)DHE with PSK */
  4223. #endif
  4224. #endif
  4225. word16 partialWrite:1; /* only one msg per write call */
  4226. word16 quietShutdown:1; /* don't send close notify */
  4227. word16 certOnly:1; /* stop once we get cert */
  4228. word16 groupMessages:1; /* group handshake messages */
  4229. word16 saveArrays:1; /* save array Memory for user get keys
  4230. or psk */
  4231. word16 weOwnRng:1; /* will be true unless CTX owns */
  4232. word16 dontFreeDigest:1; /* when true, we used SetDigest */
  4233. word16 haveEMS:1; /* using extended master secret */
  4234. #ifdef HAVE_POLY1305
  4235. word16 oldPoly:1; /* set when to use old rfc way of poly*/
  4236. #endif
  4237. word16 useAnon:1; /* User wants to allow Anon suites */
  4238. #ifdef HAVE_SESSION_TICKET
  4239. word16 createTicket:1; /* Server to create new Ticket */
  4240. word16 useTicket:1; /* Use Ticket not session cache */
  4241. word16 rejectTicket:1; /* Callback rejected ticket */
  4242. word16 noTicketTls12:1; /* TLS 1.2 server won't send ticket */
  4243. #ifdef WOLFSSL_TLS13
  4244. word16 noTicketTls13:1; /* Server won't create new Ticket */
  4245. #endif
  4246. #endif
  4247. #ifdef WOLFSSL_DTLS
  4248. #ifdef HAVE_SECURE_RENEGOTIATION
  4249. word16 dtlsDoSCR:1; /* Enough packets were dropped. We
  4250. * need to re-key. */
  4251. #endif
  4252. word16 dtlsUseNonblock:1; /* are we using nonblocking socket */
  4253. word16 dtlsHsRetain:1; /* DTLS retaining HS data */
  4254. word16 haveMcast:1; /* using multicast ? */
  4255. #ifdef WOLFSSL_SCTP
  4256. word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
  4257. #endif
  4258. #endif /* WOLFSSL_DTLS */
  4259. #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
  4260. word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
  4261. #endif
  4262. word16 keepResources:1; /* Keep resources after handshake */
  4263. word16 useClientOrder:1; /* Use client's cipher order */
  4264. word16 mutualAuth:1; /* Mutual authentication is required */
  4265. word16 peerAuthGood:1; /* Any required peer auth done */
  4266. #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
  4267. word16 pskNegotiated:1; /* Session Ticket/PSK negotiated. */
  4268. #endif
  4269. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  4270. word16 postHandshakeAuth:1;/* Client send post_handshake_auth
  4271. * extension */
  4272. word16 verifyPostHandshake:1; /* Only send client cert req post
  4273. * handshake, not also during */
  4274. #endif
  4275. #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
  4276. word16 sendCookie:1; /* Server creates a Cookie in HRR */
  4277. #endif
  4278. #ifdef WOLFSSL_ALT_CERT_CHAINS
  4279. word16 usingAltCertChain:1;/* Alternate cert chain was used */
  4280. #endif
  4281. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
  4282. word16 sentChangeCipher:1; /* Change Cipher Spec sent */
  4283. #endif
  4284. #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
  4285. ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \
  4286. (defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
  4287. (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
  4288. word16 cacheMessages:1; /* Cache messages for sign/verify */
  4289. #endif
  4290. #ifndef NO_DH
  4291. #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
  4292. !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  4293. word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */
  4294. word16 dhKeyTested:1; /* Set when key has been tested. */
  4295. #endif
  4296. #endif
  4297. #ifdef HAVE_ENCRYPT_THEN_MAC
  4298. word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
  4299. word16 encThenMac:1; /* Doing Encrypt-Then-MAC */
  4300. word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */
  4301. word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */
  4302. #endif
  4303. #ifdef WOLFSSL_ASYNC_CRYPT
  4304. word16 buildArgsSet:1; /* buildArgs are set and need to
  4305. * be free'd */
  4306. #endif
  4307. word16 buildingMsg:1; /* If set then we need to re-enter the
  4308. * handshake logic. */
  4309. #ifdef WOLFSSL_DTLS13
  4310. word16 dtls13SendMoreAcks:1; /* Send more acks during the
  4311. * handshake process */
  4312. #ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME
  4313. word16 dtls13NoHrrOnResume:1;
  4314. #endif
  4315. #ifdef WOLFSSL_DTLS_CH_FRAG
  4316. word16 dtls13ChFrag:1;
  4317. #endif
  4318. #endif
  4319. #ifdef WOLFSSL_TLS13
  4320. word16 tls13MiddleBoxCompat:1; /* TLSv1.3 middlebox compatibility */
  4321. #endif
  4322. #ifdef WOLFSSL_DTLS_CID
  4323. word16 useDtlsCID:1;
  4324. #endif /* WOLFSSL_DTLS_CID */
  4325. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  4326. word16 useEch:1;
  4327. #endif
  4328. #ifdef WOLFSSL_SEND_HRR_COOKIE
  4329. word16 cookieGood:1;
  4330. #endif
  4331. #if defined(HAVE_DANE)
  4332. word16 useDANE:1;
  4333. #endif /* HAVE_DANE */
  4334. #if defined(HAVE_RPK)
  4335. RpkConfig rpkConfig;
  4336. RpkState rpkState;
  4337. #endif /* HAVE_RPK */
  4338. /* need full byte values for this section */
  4339. byte processReply; /* nonblocking resume */
  4340. byte cipherSuite0; /* first byte, normally 0 */
  4341. byte cipherSuite; /* second byte, actual suite */
  4342. byte hashAlgo; /* selected hash algorithm */
  4343. byte sigAlgo; /* selected sig algorithm */
  4344. byte peerHashAlgo; /* peer's chosen hash algo */
  4345. byte peerSigAlgo; /* peer's chosen sig algo */
  4346. byte serverState;
  4347. byte clientState;
  4348. byte handShakeState;
  4349. byte handShakeDone; /* at least one handshake complete */
  4350. byte minDowngrade; /* minimum downgrade version */
  4351. byte connectState; /* nonblocking resume */
  4352. byte acceptState; /* nonblocking resume */
  4353. byte asyncState; /* sub-state for enum asyncState */
  4354. byte buildMsgState; /* sub-state for enum buildMsgState */
  4355. byte alertCount; /* detect warning dos attempt */
  4356. #ifdef WOLFSSL_MULTICAST
  4357. word16 mcastID; /* Multicast group ID */
  4358. #endif
  4359. #ifndef NO_DH
  4360. word16 minDhKeySz; /* minimum DH key size */
  4361. word16 maxDhKeySz; /* minimum DH key size */
  4362. word16 dhKeySz; /* actual DH key size */
  4363. #endif
  4364. #ifndef NO_RSA
  4365. short minRsaKeySz; /* minimum RSA key size */
  4366. #endif
  4367. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
  4368. short minEccKeySz; /* minimum ECC key size */
  4369. #endif
  4370. #if defined(HAVE_PQC)
  4371. short minFalconKeySz; /* minimum Falcon key size */
  4372. short minDilithiumKeySz;/* minimum Dilithium key size */
  4373. #endif
  4374. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  4375. byte verifyDepth; /* maximum verification depth */
  4376. #endif
  4377. #ifdef WOLFSSL_EARLY_DATA
  4378. word16 pskIdIndex;
  4379. word32 maxEarlyDataSz;
  4380. #endif
  4381. #ifdef WOLFSSL_TLS13
  4382. byte oldMinor; /* client preferred version < TLS 1.3 */
  4383. #endif
  4384. };
  4385. typedef struct Arrays {
  4386. byte* pendingMsg; /* defrag buffer */
  4387. byte* preMasterSecret;
  4388. word32 preMasterSz; /* differs for DH, actual size */
  4389. word32 pendingMsgSz; /* defrag buffer size */
  4390. word32 pendingMsgOffset; /* current offset into defrag buffer */
  4391. #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  4392. word32 psk_keySz; /* actual size */
  4393. char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
  4394. char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
  4395. byte psk_key[MAX_PSK_KEY_LEN];
  4396. #endif
  4397. byte clientRandom[RAN_LEN];
  4398. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  4399. byte clientRandomInner[RAN_LEN];
  4400. #endif
  4401. byte serverRandom[RAN_LEN];
  4402. byte sessionID[ID_LEN];
  4403. byte sessionIDSz;
  4404. #ifdef WOLFSSL_TLS13
  4405. byte secret[SECRET_LEN];
  4406. #endif
  4407. #ifdef HAVE_KEYING_MATERIAL
  4408. byte exporterSecret[WC_MAX_DIGEST_SIZE];
  4409. #endif
  4410. byte masterSecret[SECRET_LEN];
  4411. #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
  4412. !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
  4413. byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE];
  4414. #endif
  4415. #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
  4416. byte fspsm_masterSecret[FSPSM_TLS_MASTERSECRET_SIZE];
  4417. #endif
  4418. #ifdef WOLFSSL_DTLS
  4419. byte cookie[MAX_COOKIE_LEN];
  4420. byte cookieSz;
  4421. #endif
  4422. byte pendingMsgType; /* defrag buffer message type */
  4423. } Arrays;
  4424. #ifndef ASN_NAME_MAX
  4425. #ifndef NO_ASN
  4426. /* use value from asn.h */
  4427. #define ASN_NAME_MAX WC_ASN_NAME_MAX
  4428. #else
  4429. /* calculate for WOLFSSL_X509 */
  4430. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
  4431. defined(WOLFSSL_CERT_EXT)
  4432. #define ASN_NAME_MAX 330
  4433. #else
  4434. #define ASN_NAME_MAX 256
  4435. #endif
  4436. #endif
  4437. #endif
  4438. #ifndef MAX_DATE_SZ
  4439. #define MAX_DATE_SZ 32
  4440. #endif
  4441. typedef enum {
  4442. STACK_TYPE_X509 = 0,
  4443. STACK_TYPE_GEN_NAME = 1,
  4444. STACK_TYPE_BIO = 2,
  4445. STACK_TYPE_OBJ = 3,
  4446. STACK_TYPE_STRING = 4,
  4447. STACK_TYPE_CIPHER = 5,
  4448. STACK_TYPE_ACCESS_DESCRIPTION = 6,
  4449. STACK_TYPE_X509_EXT = 7,
  4450. STACK_TYPE_NULL = 8,
  4451. STACK_TYPE_X509_NAME = 9,
  4452. STACK_TYPE_CONF_VALUE = 10,
  4453. STACK_TYPE_X509_INFO = 11,
  4454. STACK_TYPE_BY_DIR_entry = 12,
  4455. STACK_TYPE_BY_DIR_hash = 13,
  4456. STACK_TYPE_X509_OBJ = 14,
  4457. STACK_TYPE_DIST_POINT = 15,
  4458. STACK_TYPE_X509_CRL = 16,
  4459. STACK_TYPE_X509_NAME_ENTRY = 17,
  4460. STACK_TYPE_X509_REQ_ATTR = 18,
  4461. } WOLF_STACK_TYPE;
  4462. struct WOLFSSL_STACK {
  4463. unsigned long num; /* number of nodes in stack
  4464. * (safety measure for freeing and shortcut for count) */
  4465. #if defined(OPENSSL_ALL)
  4466. wolf_sk_hash_cb hash_fn;
  4467. unsigned long hash;
  4468. #endif
  4469. union {
  4470. WOLFSSL_X509* x509;
  4471. WOLFSSL_X509_NAME* name;
  4472. WOLFSSL_X509_NAME_ENTRY* name_entry;
  4473. WOLFSSL_X509_INFO* info;
  4474. WOLFSSL_BIO* bio;
  4475. WOLFSSL_ASN1_OBJECT* obj;
  4476. WOLFSSL_CIPHER cipher;
  4477. WOLFSSL_ACCESS_DESCRIPTION* access;
  4478. WOLFSSL_X509_EXTENSION* ext;
  4479. #ifdef OPENSSL_EXTRA
  4480. WOLFSSL_CONF_VALUE* conf;
  4481. #endif
  4482. void* generic;
  4483. char* string;
  4484. WOLFSSL_GENERAL_NAME* gn;
  4485. WOLFSSL_BY_DIR_entry* dir_entry;
  4486. WOLFSSL_BY_DIR_HASH* dir_hash;
  4487. WOLFSSL_X509_OBJECT* x509_obj;
  4488. WOLFSSL_DIST_POINT* dp;
  4489. WOLFSSL_X509_CRL* crl;
  4490. } data;
  4491. void* heap; /* memory heap hint */
  4492. WOLFSSL_STACK* next;
  4493. WOLF_STACK_TYPE type; /* Identifies type of stack. */
  4494. };
  4495. struct WOLFSSL_X509_NAME {
  4496. char *name;
  4497. int dynamicName;
  4498. int sz;
  4499. char staticName[ASN_NAME_MAX];
  4500. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
  4501. !defined(NO_ASN)
  4502. DecodedName fullName;
  4503. int entrySz; /* number of entries */
  4504. WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
  4505. WOLFSSL_X509* x509; /* x509 that struct belongs to */
  4506. #endif /* OPENSSL_EXTRA */
  4507. #ifndef WOLFSSL_NO_CA_NAMES
  4508. byte raw[ASN_NAME_MAX];
  4509. int rawLen;
  4510. WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries;
  4511. #endif
  4512. void* heap;
  4513. };
  4514. #ifndef EXTERNAL_SERIAL_SIZE
  4515. #define EXTERNAL_SERIAL_SIZE 32
  4516. #endif
  4517. #ifdef NO_ASN
  4518. typedef struct DNS_entry DNS_entry;
  4519. #endif
  4520. struct WOLFSSL_X509 {
  4521. int version;
  4522. int serialSz;
  4523. #ifdef WOLFSSL_SEP
  4524. int deviceTypeSz;
  4525. int hwTypeSz;
  4526. byte deviceType[EXTERNAL_SERIAL_SIZE];
  4527. byte hwType[EXTERNAL_SERIAL_SIZE];
  4528. int hwSerialNumSz;
  4529. byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
  4530. #endif /* WOLFSSL_SEP */
  4531. #if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
  4532. defined (OPENSSL_EXTRA)) && \
  4533. (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
  4534. byte certPolicySet;
  4535. byte certPolicyCrit;
  4536. #endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
  4537. #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
  4538. WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
  4539. WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
  4540. WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
  4541. #endif /* WOLFSSL_QT || OPENSSL_ALL */
  4542. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  4543. WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
  4544. #endif
  4545. WOLFSSL_ASN1_TIME notBefore;
  4546. WOLFSSL_ASN1_TIME notAfter;
  4547. buffer sig;
  4548. int sigOID;
  4549. DNS_entry* altNames; /* alt names list */
  4550. buffer pubKey;
  4551. int pubKeyOID;
  4552. DNS_entry* altNamesNext; /* hint for retrieval */
  4553. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
  4554. defined(HAVE_PQC)
  4555. word32 pkCurveOID;
  4556. #endif /* HAVE_ECC || HAVE_PQC */
  4557. #ifndef NO_CERTS
  4558. DerBuffer* derCert; /* may need */
  4559. #endif
  4560. void* heap; /* heap hint */
  4561. byte dynamicMemory; /* dynamic memory flag */
  4562. byte isCa:1;
  4563. #ifdef WOLFSSL_CERT_EXT
  4564. char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
  4565. int certPoliciesNb;
  4566. #endif /* WOLFSSL_CERT_EXT */
  4567. #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
  4568. wolfSSL_Ref ref;
  4569. #endif
  4570. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  4571. #ifdef HAVE_EX_DATA
  4572. WOLFSSL_CRYPTO_EX_DATA ex_data;
  4573. #endif
  4574. byte* authKeyId; /* Points into authKeyIdSrc */
  4575. byte* authKeyIdSrc;
  4576. byte* subjKeyId;
  4577. byte* extKeyUsageSrc;
  4578. #ifdef OPENSSL_ALL
  4579. byte* subjAltNameSrc;
  4580. #endif
  4581. byte* rawCRLInfo;
  4582. byte* CRLInfo;
  4583. byte* authInfo;
  4584. #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
  4585. byte* authInfoCaIssuer;
  4586. int authInfoCaIssuerSz;
  4587. #endif
  4588. word32 pathLength;
  4589. word16 keyUsage;
  4590. int rawCRLInfoSz;
  4591. int CRLInfoSz;
  4592. int authInfoSz;
  4593. word32 authKeyIdSz;
  4594. word32 authKeyIdSrcSz;
  4595. word32 subjKeyIdSz;
  4596. byte extKeyUsage;
  4597. word32 extKeyUsageSz;
  4598. word32 extKeyUsageCount;
  4599. #ifndef IGNORE_NETSCAPE_CERT_TYPE
  4600. byte nsCertType;
  4601. #endif
  4602. #ifdef OPENSSL_ALL
  4603. word32 subjAltNameSz;
  4604. #endif
  4605. byte CRLdistSet:1;
  4606. byte CRLdistCrit:1;
  4607. byte authInfoSet:1;
  4608. byte authInfoCrit:1;
  4609. byte keyUsageSet:1;
  4610. byte keyUsageCrit:1;
  4611. byte extKeyUsageCrit:1;
  4612. byte subjKeyIdSet:1;
  4613. byte subjKeyIdCrit:1;
  4614. byte basicConstSet:1;
  4615. byte basicConstCrit:1;
  4616. byte basicConstPlSet:1;
  4617. byte subjAltNameSet:1;
  4618. byte subjAltNameCrit:1;
  4619. byte authKeyIdSet:1;
  4620. byte authKeyIdCrit:1;
  4621. byte issuerSet:1;
  4622. #ifdef WOLFSSL_CUSTOM_OID
  4623. CertExtension custom_exts[NUM_CUSTOM_EXT];
  4624. int customExtCount;
  4625. #endif /* WOLFSSL_CUSTOM_OID */
  4626. #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
  4627. #ifdef WOLFSSL_CERT_REQ
  4628. byte isCSR:1;
  4629. #endif
  4630. byte serial[EXTERNAL_SERIAL_SIZE];
  4631. char subjectCN[ASN_NAME_MAX]; /* common name short cut */
  4632. #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN)
  4633. #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
  4634. /* stack of CSR attributes */
  4635. WOLF_STACK_OF(WOLFSSL_X509_ATRIBUTE)* reqAttributes;
  4636. #endif
  4637. #if defined(WOLFSSL_CERT_REQ)
  4638. char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
  4639. char contentType[CTC_NAME_SIZE];
  4640. #endif
  4641. #endif /* WOLFSSL_CERT_REQ || WOLFSSL_CERT_GEN */
  4642. WOLFSSL_X509_NAME issuer;
  4643. WOLFSSL_X509_NAME subject;
  4644. #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
  4645. WOLFSSL_X509_ALGOR algor;
  4646. WOLFSSL_X509_PUBKEY key;
  4647. #endif
  4648. #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \
  4649. defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \
  4650. defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
  4651. byte notBeforeData[CTC_DATE_SIZE];
  4652. byte notAfterData[CTC_DATE_SIZE];
  4653. #endif
  4654. #ifdef WOLFSSL_DUAL_ALG_CERTS
  4655. /* Subject Alternative Public Key Info */
  4656. byte *sapkiDer;
  4657. int sapkiLen;
  4658. /* Alternative Signature Algorithm */
  4659. byte *altSigAlgDer;
  4660. int altSigAlgLen;
  4661. /* Alternative Signature Value */
  4662. byte *altSigValDer;
  4663. int altSigValLen;
  4664. #endif /* WOLFSSL_DUAL_ALG_CERTS */
  4665. };
  4666. /* record layer header for PlainText, Compressed, and CipherText */
  4667. typedef struct RecordLayerHeader {
  4668. byte type;
  4669. byte pvMajor;
  4670. byte pvMinor;
  4671. byte length[2];
  4672. } RecordLayerHeader;
  4673. /* record layer header for DTLS PlainText, Compressed, and CipherText */
  4674. typedef struct DtlsRecordLayerHeader {
  4675. byte type;
  4676. byte pvMajor;
  4677. byte pvMinor;
  4678. byte sequence_number[8]; /* per record */
  4679. byte length[2];
  4680. } DtlsRecordLayerHeader;
  4681. typedef struct DtlsFragBucket {
  4682. /* m stands for meta */
  4683. union {
  4684. struct {
  4685. struct DtlsFragBucket* next;
  4686. word32 offset;
  4687. word32 sz;
  4688. } m;
  4689. /* Make sure we have at least DTLS_HANDSHAKE_HEADER_SZ bytes before the
  4690. * buf so that we can reconstruct the header in the allocated
  4691. * DtlsFragBucket buffer. */
  4692. byte padding[DTLS_HANDSHAKE_HEADER_SZ];
  4693. } m;
  4694. /* Ignore "nonstandard extension used : zero-sized array in struct/union"
  4695. * MSVC warning */
  4696. #ifdef _MSC_VER
  4697. #pragma warning(disable: 4200)
  4698. #endif
  4699. byte buf[];
  4700. } DtlsFragBucket;
  4701. typedef struct DtlsMsg {
  4702. struct DtlsMsg* next;
  4703. byte* raw;
  4704. byte* fullMsg; /* for TX fullMsg == raw. For RX this points to
  4705. * the start of the message after headers. */
  4706. DtlsFragBucket* fragBucketList;
  4707. word32 bytesReceived;
  4708. word16 epoch; /* Epoch that this message belongs to */
  4709. word32 seq; /* Handshake sequence number */
  4710. word32 sz; /* Length of whole message */
  4711. byte type;
  4712. byte fragBucketListCount;
  4713. byte ready:1;
  4714. byte encrypted:1;
  4715. } DtlsMsg;
  4716. #ifdef HAVE_NETX
  4717. /* NETX I/O Callback default */
  4718. typedef struct NetX_Ctx {
  4719. NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
  4720. NX_PACKET* nxPacket; /* incoming packet handle for short reads */
  4721. ULONG nxOffset; /* offset already read from nxPacket */
  4722. ULONG nxWait; /* wait option flag */
  4723. } NetX_Ctx;
  4724. #endif
  4725. /* Handshake messages received from peer (plus change cipher */
  4726. typedef struct MsgsReceived {
  4727. word16 got_hello_request:1;
  4728. word16 got_client_hello:2;
  4729. word16 got_server_hello:1;
  4730. word16 got_hello_verify_request:1;
  4731. word16 got_session_ticket:1;
  4732. word16 got_end_of_early_data:1;
  4733. word16 got_hello_retry_request:1;
  4734. word16 got_encrypted_extensions:1;
  4735. word16 got_certificate:1;
  4736. word16 got_certificate_status:1;
  4737. word16 got_server_key_exchange:1;
  4738. word16 got_certificate_request:1;
  4739. word16 got_server_hello_done:1;
  4740. word16 got_certificate_verify:1;
  4741. word16 got_client_key_exchange:1;
  4742. word16 got_finished:1;
  4743. word16 got_key_update:1;
  4744. word16 got_change_cipher:1;
  4745. } MsgsReceived;
  4746. /* Handshake hashes */
  4747. typedef struct HS_Hashes {
  4748. Hashes verifyHashes;
  4749. Hashes certHashes; /* for cert verify */
  4750. #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
  4751. defined(WOLFSSL_ALLOW_TLS_SHA1))
  4752. wc_Sha hashSha; /* sha hash of handshake msgs */
  4753. #endif
  4754. #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
  4755. wc_Md5 hashMd5; /* md5 hash of handshake msgs */
  4756. #endif
  4757. #ifndef NO_SHA256
  4758. wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */
  4759. #endif
  4760. #ifdef WOLFSSL_SHA384
  4761. wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */
  4762. #endif
  4763. #ifdef WOLFSSL_SHA512
  4764. wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
  4765. #endif
  4766. #ifdef WOLFSSL_SM3
  4767. wc_Sm3 hashSm3; /* sm3 hash of handshake msgs */
  4768. #endif
  4769. #if (defined(HAVE_ED25519) || defined(HAVE_ED448) || \
  4770. (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \
  4771. !defined(WOLFSSL_NO_CLIENT_AUTH)
  4772. byte* messages; /* handshake messages */
  4773. int length; /* length of handshake messages' data */
  4774. int prevLen; /* length of messages but last */
  4775. #endif
  4776. } HS_Hashes;
  4777. #ifndef WOLFSSL_NO_TLS12
  4778. /* Persistable BuildMessage arguments */
  4779. typedef struct BuildMsgArgs {
  4780. word32 digestSz;
  4781. word32 sz;
  4782. word32 pad;
  4783. word32 idx;
  4784. word32 headerSz;
  4785. word16 size;
  4786. word32 ivSz; /* TLSv1.1 IV */
  4787. byte* iv;
  4788. ALIGN16 byte staticIvBuffer[MAX_IV_SZ];
  4789. } BuildMsgArgs;
  4790. #endif
  4791. #ifdef WOLFSSL_ASYNC_IO
  4792. #define MAX_ASYNC_ARGS 18
  4793. typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
  4794. struct WOLFSSL_ASYNC {
  4795. #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WOLFSSL_NO_TLS12)
  4796. BuildMsgArgs buildArgs; /* holder for current BuildMessage args */
  4797. #endif
  4798. FreeArgsCb freeArgs; /* function pointer to cleanup args */
  4799. word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
  4800. };
  4801. #endif
  4802. #ifdef HAVE_WRITE_DUP
  4803. #define WRITE_DUP_SIDE 1
  4804. #define READ_DUP_SIDE 2
  4805. typedef struct WriteDup {
  4806. wolfSSL_Mutex dupMutex; /* reference count mutex */
  4807. int dupCount; /* reference count */
  4808. int dupErr; /* under dupMutex, pass to other side */
  4809. } WriteDup;
  4810. WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
  4811. WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
  4812. #endif /* HAVE_WRITE_DUP */
  4813. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  4814. typedef struct CertReqCtx CertReqCtx;
  4815. struct CertReqCtx {
  4816. CertReqCtx* next;
  4817. byte len;
  4818. byte ctx;
  4819. };
  4820. #endif
  4821. #ifdef WOLFSSL_EARLY_DATA
  4822. typedef enum EarlyDataState {
  4823. no_early_data,
  4824. early_data_ext,
  4825. expecting_early_data,
  4826. process_early_data,
  4827. done_early_data
  4828. } EarlyDataState;
  4829. #endif
  4830. #ifdef WOLFSSL_DTLS13
  4831. /* size of the mask used to encrypt/decrypt Record Number */
  4832. #define DTLS13_RN_MASK_SIZE 16
  4833. typedef struct Dtls13UnifiedHdrInfo {
  4834. word16 recordLength;
  4835. byte seqLo;
  4836. byte seqHi;
  4837. byte seqHiPresent:1;
  4838. byte epochBits;
  4839. } Dtls13UnifiedHdrInfo;
  4840. enum {
  4841. DTLS13_EPOCH_EARLYDATA = 1,
  4842. DTLS13_EPOCH_HANDSHAKE = 2,
  4843. DTLS13_EPOCH_TRAFFIC0 = 3
  4844. };
  4845. typedef struct Dtls13Epoch {
  4846. w64wrapper epochNumber;
  4847. w64wrapper nextSeqNumber;
  4848. w64wrapper nextPeerSeqNumber;
  4849. #ifndef WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
  4850. w64wrapper dropCount; /* Amount of records that failed decryption */
  4851. #endif
  4852. word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
  4853. /* key material for the epoch */
  4854. byte client_write_key[MAX_SYM_KEY_SIZE];
  4855. byte server_write_key[MAX_SYM_KEY_SIZE];
  4856. byte client_write_IV[MAX_WRITE_IV_SZ];
  4857. byte server_write_IV[MAX_WRITE_IV_SZ];
  4858. byte aead_exp_IV[AEAD_MAX_EXP_SZ];
  4859. byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
  4860. byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
  4861. byte client_sn_key[MAX_SYM_KEY_SIZE];
  4862. byte server_sn_key[MAX_SYM_KEY_SIZE];
  4863. byte isValid;
  4864. byte side;
  4865. } Dtls13Epoch;
  4866. #ifndef DTLS13_EPOCH_SIZE
  4867. #define DTLS13_EPOCH_SIZE 4
  4868. #endif
  4869. #ifndef DTLS13_RETRANS_RN_SIZE
  4870. #define DTLS13_RETRANS_RN_SIZE 3
  4871. #endif
  4872. enum Dtls13RtxFsmState {
  4873. DTLS13_RTX_FSM_PREPARING = 0,
  4874. DTLS13_RTX_FSM_SENDING,
  4875. DTLS13_RTX_FSM_WAITING,
  4876. DTLS13_RTX_FSM_FINISHED
  4877. };
  4878. typedef struct Dtls13RtxRecord {
  4879. struct Dtls13RtxRecord *next;
  4880. word16 length;
  4881. byte *data;
  4882. w64wrapper epoch;
  4883. w64wrapper seq[DTLS13_RETRANS_RN_SIZE];
  4884. byte rnIdx;
  4885. byte handshakeType;
  4886. } Dtls13RtxRecord;
  4887. typedef struct Dtls13RecordNumber {
  4888. struct Dtls13RecordNumber *next;
  4889. w64wrapper epoch;
  4890. w64wrapper seq;
  4891. } Dtls13RecordNumber;
  4892. typedef struct Dtls13Rtx {
  4893. enum Dtls13RtxFsmState state;
  4894. Dtls13RtxRecord *rtxRecords;
  4895. Dtls13RtxRecord **rtxRecordTailPtr;
  4896. Dtls13RecordNumber *seenRecords;
  4897. word32 lastRtx;
  4898. byte triggeredRtxs;
  4899. byte sendAcks:1;
  4900. byte retransmit:1;
  4901. } Dtls13Rtx;
  4902. #endif /* WOLFSSL_DTLS13 */
  4903. #ifdef WOLFSSL_DTLS_CID
  4904. typedef struct CIDInfo CIDInfo;
  4905. #endif /* WOLFSSL_DTLS_CID */
  4906. /* The idea is to reuse the context suites object whenever possible to save
  4907. * space. */
  4908. #define WOLFSSL_SUITES(ssl) \
  4909. ((const Suites*) ((ssl)->suites != NULL ? \
  4910. (ssl)->suites : \
  4911. (ssl)->ctx->suites))
  4912. /* wolfSSL ssl type */
  4913. struct WOLFSSL {
  4914. WOLFSSL_CTX* ctx;
  4915. #if defined(WOLFSSL_HAPROXY)
  4916. WOLFSSL_CTX* initial_ctx; /* preserve session key materials */
  4917. #endif
  4918. Suites* suites; /* Only need during handshake. Can be NULL when
  4919. * re-using the context's object. When WOLFSSL
  4920. * object needs separate instance of suites use
  4921. * AllocateSuites(). */
  4922. #ifdef OPENSSL_EXTRA
  4923. const Suites* clSuites;
  4924. #endif
  4925. #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
  4926. WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher
  4927. * suites */
  4928. #endif
  4929. Arrays* arrays;
  4930. #ifdef WOLFSSL_TLS13
  4931. byte clientSecret[SECRET_LEN];
  4932. byte serverSecret[SECRET_LEN];
  4933. #endif
  4934. HS_Hashes* hsHashes;
  4935. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  4936. HS_Hashes* hsHashesEch;
  4937. #endif
  4938. void* IOCB_ReadCtx;
  4939. void* IOCB_WriteCtx;
  4940. WC_RNG* rng;
  4941. void* verifyCbCtx; /* cert verify callback user ctx*/
  4942. VerifyCallback verifyCallback; /* cert verification callback */
  4943. void* heap; /* for user overrides */
  4944. #ifdef HAVE_WRITE_DUP
  4945. WriteDup* dupWrite; /* valid pointer indicates ON */
  4946. /* side that decrements dupCount to zero frees overall structure */
  4947. byte dupSide; /* write side or read side */
  4948. #endif
  4949. #ifdef OPENSSL_EXTRA
  4950. byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND:
  4951. * CBIORecv/Send is set */
  4952. #endif
  4953. #ifdef WOLFSSL_WOLFSENTRY_HOOKS
  4954. NetworkFilterCallback_t AcceptFilter;
  4955. void *AcceptFilter_arg;
  4956. NetworkFilterCallback_t ConnectFilter;
  4957. void *ConnectFilter_arg;
  4958. #endif /* WOLFSSL_WOLFSENTRY_HOOKS */
  4959. CallbackIORecv CBIORecv;
  4960. CallbackIOSend CBIOSend;
  4961. #ifdef WOLFSSL_STATIC_MEMORY
  4962. WOLFSSL_HEAP_HINT heap_hint;
  4963. #endif
  4964. #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
  4965. ClientHelloGoodCb chGoodCb; /* notify user we parsed a verified
  4966. * ClientHello that passed basic tests */
  4967. void* chGoodCtx; /* user ClientHello cb context */
  4968. #endif
  4969. #ifndef NO_HANDSHAKE_DONE_CB
  4970. HandShakeDoneCb hsDoneCb; /* notify user handshake done */
  4971. void* hsDoneCtx; /* user handshake cb context */
  4972. #endif
  4973. #ifdef WOLFSSL_ASYNC_IO
  4974. #ifdef WOLFSSL_ASYNC_CRYPT
  4975. WC_ASYNC_DEV* asyncDev;
  4976. #endif
  4977. /* Message building context should be stored here for functions that expect
  4978. * to encounter encryption blocking or fragment the message. */
  4979. struct WOLFSSL_ASYNC* async;
  4980. #endif
  4981. void* hsKey; /* Handshake key (RsaKey or ecc_key)
  4982. * allocated from heap */
  4983. word32 hsType; /* Type of Handshake key (hsKey) */
  4984. WOLFSSL_CIPHER cipher;
  4985. #ifdef WOLFSSL_DUAL_ALG_CERTS
  4986. void* hsAltKey; /* Handshake key (dilithium, falcon)
  4987. * allocated from heap */
  4988. word32 hsAltType; /* Type of Handshake key (hsAltKey) */
  4989. #endif
  4990. #ifndef WOLFSSL_AEAD_ONLY
  4991. hmacfp hmac;
  4992. #endif
  4993. Ciphers encrypt;
  4994. Ciphers decrypt;
  4995. Buffers buffers;
  4996. WOLFSSL_SESSION* session;
  4997. #ifndef NO_CLIENT_CACHE
  4998. ClientSession* clientSession;
  4999. #endif
  5000. WOLFSSL_ALERT_HISTORY alert_history;
  5001. WOLFSSL_ALERT pendingAlert;
  5002. int error;
  5003. int rfd; /* read file descriptor */
  5004. int wfd; /* write file descriptor */
  5005. int rflags; /* user read flags */
  5006. int wflags; /* user write flags */
  5007. word32 timeout; /* session timeout */
  5008. word32 fragOffset; /* fragment offset */
  5009. word16 curSize;
  5010. word32 curStartIdx;
  5011. byte verifyDepth;
  5012. RecordLayerHeader curRL;
  5013. MsgsReceived msgsReceived; /* peer messages received */
  5014. ProtocolVersion version; /* negotiated version */
  5015. ProtocolVersion chVersion; /* client hello version */
  5016. CipherSpecs specs;
  5017. Keys keys;
  5018. Options options;
  5019. #ifdef WOLFSSL_SESSION_ID_CTX
  5020. byte sessionCtx[ID_LEN]; /* app session context ID */
  5021. byte sessionCtxSz; /* size of sessionCtx stored */
  5022. #endif
  5023. #ifdef OPENSSL_EXTRA
  5024. CallbackInfoState* CBIS; /* used to get info about SSL state */
  5025. int cbmode; /* read or write on info callback */
  5026. int cbtype; /* event type in info callback */
  5027. WOLFSSL_BIO* biord; /* socket bio read to free/close */
  5028. WOLFSSL_BIO* biowr; /* socket bio write to free/close */
  5029. WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
  5030. #endif
  5031. #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
  5032. word32 disabledCurves; /* curves disabled by user */
  5033. #endif
  5034. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
  5035. defined(OPENSSL_ALL)
  5036. unsigned long peerVerifyRet;
  5037. #endif
  5038. #ifdef OPENSSL_EXTRA
  5039. byte readAhead;
  5040. #ifdef HAVE_PK_CALLBACKS
  5041. void* loggingCtx; /* logging callback argument */
  5042. #endif
  5043. #endif /* OPENSSL_EXTRA */
  5044. #ifndef NO_RSA
  5045. RsaKey* peerRsaKey;
  5046. #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
  5047. void* RenesasUserCtx;
  5048. byte* peerSceTsipEncRsaKeyIndex;
  5049. #endif
  5050. byte peerRsaKeyPresent;
  5051. #endif
  5052. #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
  5053. word16 namedGroup;
  5054. #endif
  5055. #ifdef WOLFSSL_TLS13
  5056. word16 group[WOLFSSL_MAX_GROUP_COUNT];
  5057. byte numGroups;
  5058. #endif
  5059. word16 pssAlgo;
  5060. #ifdef WOLFSSL_TLS13
  5061. word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
  5062. byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
  5063. * offer */
  5064. #endif
  5065. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
  5066. int eccVerifyRes;
  5067. #endif
  5068. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \
  5069. defined(HAVE_ED448) || defined(HAVE_CURVE448)
  5070. word32 ecdhCurveOID; /* curve Ecc_Sum */
  5071. ecc_key* eccTempKey; /* private ECDHE key */
  5072. byte eccTempKeyPresent; /* also holds type */
  5073. byte peerEccKeyPresent;
  5074. #endif
  5075. #ifdef HAVE_ECC
  5076. ecc_key* peerEccKey; /* peer's ECDHE key */
  5077. ecc_key* peerEccDsaKey; /* peer's ECDSA key */
  5078. word16 eccTempKeySz; /* in octets 20 - 66 */
  5079. byte peerEccDsaKeyPresent;
  5080. #endif
  5081. #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \
  5082. defined(HAVE_CURVE448) || defined(HAVE_ED448)
  5083. word32 pkCurveOID; /* curve Ecc_Sum */
  5084. #endif
  5085. #ifdef HAVE_ED25519
  5086. ed25519_key* peerEd25519Key;
  5087. byte peerEd25519KeyPresent;
  5088. #endif
  5089. #ifdef HAVE_CURVE25519
  5090. curve25519_key* peerX25519Key;
  5091. byte peerX25519KeyPresent;
  5092. #endif
  5093. #ifdef HAVE_ED448
  5094. ed448_key* peerEd448Key;
  5095. byte peerEd448KeyPresent;
  5096. #endif
  5097. #ifdef HAVE_CURVE448
  5098. curve448_key* peerX448Key;
  5099. byte peerX448KeyPresent;
  5100. #endif
  5101. #ifdef HAVE_PQC
  5102. falcon_key* peerFalconKey;
  5103. byte peerFalconKeyPresent;
  5104. dilithium_key* peerDilithiumKey;
  5105. byte peerDilithiumKeyPresent;
  5106. #endif
  5107. #ifdef HAVE_LIBZ
  5108. z_stream c_stream; /* compression stream */
  5109. z_stream d_stream; /* decompression stream */
  5110. byte didStreamInit; /* for stream init and end */
  5111. #endif
  5112. #ifdef WOLFSSL_DTLS
  5113. int dtls_timeout_init; /* starting timeout value */
  5114. int dtls_timeout_max; /* maximum timeout value */
  5115. int dtls_timeout; /* current timeout value, changes */
  5116. #ifndef NO_ASN_TIME
  5117. word32 dtls_start_timeout;
  5118. #endif /* !NO_ASN_TIME */
  5119. word32 dtls_tx_msg_list_sz;
  5120. word32 dtls_rx_msg_list_sz;
  5121. DtlsMsg* dtls_tx_msg_list;
  5122. DtlsMsg* dtls_tx_msg;
  5123. DtlsMsg* dtls_rx_msg_list;
  5124. void* IOCB_CookieCtx; /* gen cookie ctx */
  5125. #ifdef WOLFSSL_SESSION_EXPORT
  5126. wc_dtls_export dtls_export; /* export function for session */
  5127. #endif
  5128. #if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
  5129. word16 dtlsMtuSz;
  5130. #endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */
  5131. #ifdef WOLFSSL_MULTICAST
  5132. void* mcastHwCbCtx; /* Multicast highwater callback ctx */
  5133. #endif /* WOLFSSL_MULTICAST */
  5134. #ifdef WOLFSSL_DTLS_DROP_STATS
  5135. word32 macDropCount;
  5136. word32 replayDropCount;
  5137. #endif /* WOLFSSL_DTLS_DROP_STATS */
  5138. #ifdef WOLFSSL_SRTP
  5139. word16 dtlsSrtpProfiles; /* DTLS-with-SRTP profiles list
  5140. * (selected profiles - up to 16) */
  5141. word16 dtlsSrtpId; /* DTLS-with-SRTP profile ID selected */
  5142. #endif
  5143. #ifdef WOLFSSL_DTLS13
  5144. RecordNumberCiphers dtlsRecordNumberEncrypt;
  5145. RecordNumberCiphers dtlsRecordNumberDecrypt;
  5146. Dtls13Epoch dtls13Epochs[DTLS13_EPOCH_SIZE];
  5147. Dtls13Epoch *dtls13EncryptEpoch;
  5148. Dtls13Epoch *dtls13DecryptEpoch;
  5149. w64wrapper dtls13Epoch;
  5150. w64wrapper dtls13PeerEpoch;
  5151. w64wrapper dtls13InvalidateBefore;
  5152. byte dtls13CurRL[DTLS_RECVD_RL_HEADER_MAX_SZ];
  5153. word16 dtls13CurRlLength;
  5154. /* used to store the message if it needs to be fragmented */
  5155. buffer dtls13FragmentsBuffer;
  5156. byte dtls13SendingFragments:1;
  5157. byte dtls13SendingAckOrRtx:1;
  5158. byte dtls13FastTimeout:1;
  5159. byte dtls13WaitKeyUpdateAck:1;
  5160. byte dtls13DoKeyUpdate:1;
  5161. word32 dtls13MessageLength;
  5162. word32 dtls13FragOffset;
  5163. byte dtls13FragHandshakeType;
  5164. Dtls13Rtx dtls13Rtx;
  5165. byte *dtls13ClientHello;
  5166. word16 dtls13ClientHelloSz;
  5167. #endif /* WOLFSSL_DTLS13 */
  5168. #ifdef WOLFSSL_DTLS_CID
  5169. CIDInfo *dtlsCidInfo;
  5170. #endif /* WOLFSSL_DTLS_CID */
  5171. #endif /* WOLFSSL_DTLS */
  5172. #ifdef WOLFSSL_CALLBACKS
  5173. TimeoutInfo timeoutInfo; /* info saved during handshake */
  5174. HandShakeInfo handShakeInfo; /* info saved during handshake */
  5175. #endif
  5176. #ifdef OPENSSL_EXTRA
  5177. SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
  5178. void* protoMsgCtx; /* user set context with msg callback */
  5179. #endif
  5180. #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
  5181. byte hsInfoOn; /* track handshake info */
  5182. byte toInfoOn; /* track timeout info */
  5183. #endif
  5184. #ifdef HAVE_FUZZER
  5185. CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
  5186. void* fuzzerCtx; /* user defined pointer */
  5187. #endif
  5188. #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  5189. CertReqCtx* certReqCtx;
  5190. #endif
  5191. #ifdef WOLFSSL_LOCAL_X509_STORE
  5192. WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
  5193. #endif
  5194. #ifdef KEEP_PEER_CERT
  5195. /* TODO put this on the heap so we can properly use the
  5196. * reference counter and not have to duplicate it. */
  5197. WOLFSSL_X509 peerCert; /* X509 peer cert */
  5198. #endif
  5199. #ifdef KEEP_OUR_CERT
  5200. WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
  5201. points to ctx if not owned (owned
  5202. flag found in buffers.weOwnCert) */
  5203. #endif
  5204. byte keepCert; /* keep certificate after handshake */
  5205. #ifdef HAVE_EX_DATA
  5206. WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */
  5207. #endif
  5208. int devId; /* async device id to use */
  5209. #ifdef HAVE_ONE_TIME_AUTH
  5210. OneTimeAuth auth;
  5211. #endif
  5212. #ifdef HAVE_TLS_EXTENSIONS
  5213. TLSX* extensions; /* RFC 6066 TLS Extensions data */
  5214. #ifdef HAVE_MAX_FRAGMENT
  5215. word16 max_fragment;
  5216. #endif
  5217. #ifdef HAVE_TRUNCATED_HMAC
  5218. byte truncated_hmac;
  5219. #endif
  5220. #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
  5221. byte status_request;
  5222. #endif
  5223. #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
  5224. byte status_request_v2;
  5225. #endif
  5226. #if defined(HAVE_SECURE_RENEGOTIATION) \
  5227. || defined(HAVE_SERVER_RENEGOTIATION_INFO)
  5228. int secure_rene_count; /* how many times */
  5229. SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
  5230. #endif /* user turned on */
  5231. #ifdef HAVE_ALPN
  5232. byte *alpn_peer_requested; /* the ALPN bytes requested by peer, sequence
  5233. * of length byte + chars */
  5234. word16 alpn_peer_requested_length; /* number of bytes total */
  5235. #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
  5236. defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_QUIC)
  5237. CallbackALPNSelect alpnSelect;
  5238. void* alpnSelectArg;
  5239. #endif
  5240. #endif /* of accepted protocols */
  5241. #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
  5242. CallbackSessionTicket session_ticket_cb;
  5243. void* session_ticket_ctx;
  5244. byte expect_session_ticket;
  5245. #endif
  5246. #endif /* HAVE_TLS_EXTENSIONS */
  5247. #ifdef HAVE_OCSP
  5248. void* ocspIOCtx;
  5249. byte ocspProducedDate[MAX_DATE_SZ];
  5250. int ocspProducedDateFormat;
  5251. #ifdef OPENSSL_EXTRA
  5252. byte* ocspResp;
  5253. int ocspRespSz;
  5254. #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
  5255. char* url;
  5256. #endif
  5257. #endif
  5258. #endif
  5259. #ifdef HAVE_NETX
  5260. NetX_Ctx nxCtx; /* NetX IO Context */
  5261. #endif
  5262. #if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
  5263. void* mnCtx; /* mynewt mn_socket IO Context */
  5264. #endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
  5265. #ifdef WOLFSSL_GNRC
  5266. struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */
  5267. #endif
  5268. #ifdef SESSION_INDEX
  5269. int sessionIndex; /* Session's location in the cache. */
  5270. #endif
  5271. #ifdef ATOMIC_USER
  5272. void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
  5273. void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
  5274. #ifdef HAVE_ENCRYPT_THEN_MAC
  5275. void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */
  5276. void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */
  5277. #endif
  5278. #endif
  5279. #ifdef HAVE_PK_CALLBACKS
  5280. #ifdef HAVE_ECC
  5281. void* EccKeyGenCtx; /* EccKeyGen Callback Context */
  5282. void* EccSignCtx; /* Ecc Sign Callback Context */
  5283. void* EccVerifyCtx; /* Ecc Verify Callback Context */
  5284. void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
  5285. #endif /* HAVE_ECC */
  5286. #ifdef HAVE_HKDF
  5287. void* HkdfExtractCtx; /* Hkdf extract callback context */
  5288. #endif
  5289. #ifdef HAVE_ED25519
  5290. void* Ed25519SignCtx; /* ED25519 Sign Callback Context */
  5291. void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */
  5292. #endif
  5293. #ifdef HAVE_CURVE25519
  5294. void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */
  5295. void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
  5296. #endif
  5297. #ifdef HAVE_ED448
  5298. void* Ed448SignCtx; /* ED448 Sign Callback Context */
  5299. void* Ed448VerifyCtx; /* ED448 Verify Callback Context */
  5300. #endif
  5301. #ifdef HAVE_CURVE448
  5302. void* X448KeyGenCtx; /* X448 KeyGen Callback Context */
  5303. void* X448SharedSecretCtx; /* X448 Pms Callback Context */
  5304. #endif
  5305. #ifndef NO_DH
  5306. void* DhAgreeCtx; /* DH Pms Callback Context */
  5307. #endif /* !NO_DH */
  5308. #ifndef NO_RSA
  5309. void* RsaSignCtx; /* Rsa Sign Callback Context */
  5310. void* RsaVerifyCtx; /* Rsa Verify Callback Context */
  5311. #ifdef WC_RSA_PSS
  5312. void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */
  5313. void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */
  5314. #endif
  5315. void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
  5316. void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
  5317. #endif /* NO_RSA */
  5318. void* GenPreMasterCtx; /* Generate Premaster Callback Context */
  5319. void* GenMasterCtx; /* Generate Master Callback Context */
  5320. void* GenSessionKeyCtx; /* Generate Session Key Callback Context */
  5321. void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */
  5322. void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */
  5323. void* VerifyMacCtx; /* Verify mac Callback Context */
  5324. #endif /* HAVE_PK_CALLBACKS */
  5325. #ifdef HAVE_SECRET_CALLBACK
  5326. SessionSecretCb sessionSecretCb;
  5327. void* sessionSecretCtx;
  5328. #ifdef WOLFSSL_TLS13
  5329. Tls13SecretCb tls13SecretCb;
  5330. void* tls13SecretCtx;
  5331. #endif
  5332. #ifdef OPENSSL_EXTRA
  5333. SessionSecretCb keyLogCb;
  5334. #ifdef WOLFSSL_TLS13
  5335. Tls13SecretCb tls13KeyLogCb;
  5336. #endif
  5337. #endif
  5338. #endif /* HAVE_SECRET_CALLBACK */
  5339. #ifdef WOLFSSL_JNI
  5340. void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
  5341. #endif /* WOLFSSL_JNI */
  5342. #ifdef WOLFSSL_EARLY_DATA
  5343. EarlyDataState earlyData;
  5344. word32 earlyDataSz;
  5345. byte earlyDataStatus;
  5346. #endif
  5347. #if defined(OPENSSL_EXTRA)
  5348. WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
  5349. WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
  5350. #ifdef KEEP_OUR_CERT
  5351. WOLFSSL_STACK* ourCertChain; /* Used in wolfSSL_add1_chain_cert */
  5352. #endif
  5353. #endif
  5354. #ifdef WOLFSSL_STATIC_EPHEMERAL
  5355. StaticKeyExchangeInfo_t staticKE;
  5356. #endif
  5357. #ifdef WOLFSSL_MAXQ10XX_TLS
  5358. maxq_ssl_t maxq_ctx;
  5359. #endif
  5360. #ifdef WOLFSSL_HAVE_TLS_UNIQUE
  5361. /* Added in libest port: allow applications to get the 'tls-unique' Channel
  5362. * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is
  5363. * used in the EST protocol to bind an enrollment to a TLS session through
  5364. * 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4
  5365. * and https://tools.ietf.org/html/rfc7030#section-3.5). */
  5366. byte clientFinished[TLS_FINISHED_SZ_MAX];
  5367. byte serverFinished[TLS_FINISHED_SZ_MAX];
  5368. byte clientFinished_len;
  5369. byte serverFinished_len;
  5370. #endif
  5371. #ifndef WOLFSSL_NO_CA_NAMES
  5372. WOLF_STACK_OF(WOLFSSL_X509_NAME)* client_ca_names;
  5373. #endif
  5374. #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS)
  5375. IOTSAFE iotsafe;
  5376. #endif
  5377. #ifdef WOLFSSL_LWIP_NATIVE
  5378. WOLFSSL_LWIP_NATIVE_STATE lwipCtx; /* LwIP native socket IO Context */
  5379. #endif
  5380. #ifdef WOLFSSL_QUIC
  5381. struct {
  5382. const WOLFSSL_QUIC_METHOD* method;
  5383. WOLFSSL_ENCRYPTION_LEVEL enc_level_read;
  5384. WOLFSSL_ENCRYPTION_LEVEL enc_level_read_next;
  5385. WOLFSSL_ENCRYPTION_LEVEL enc_level_latest_recvd;
  5386. WOLFSSL_ENCRYPTION_LEVEL enc_level_write;
  5387. WOLFSSL_ENCRYPTION_LEVEL enc_level_write_next;
  5388. int transport_version;
  5389. const QuicTransportParam* transport_local;
  5390. const QuicTransportParam* transport_peer;
  5391. const QuicTransportParam* transport_peer_draft;
  5392. QuicRecord* input_head; /* we own, data for handshake */
  5393. QuicRecord* input_tail; /* points to last element for append */
  5394. QuicRecord* scratch; /* we own, record construction */
  5395. enum wolfssl_encryption_level_t output_rec_level;
  5396. /* encryption level of current output record */
  5397. word32 output_rec_remain; /* how many bytes of output TLS record
  5398. * content have not been handled yet by quic */
  5399. } quic;
  5400. #endif /* WOLFSSL_QUIC */
  5401. #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
  5402. WOLFSSL_EchConfig* echConfigs;
  5403. #endif
  5404. #if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_KEYLOGFILE)
  5405. SSLSnifferSecretCb snifferSecretCb;
  5406. #endif /* WOLFSSL_SNIFFER && WOLFSSL_SNIFFER_KEYLOGFILE */
  5407. #ifdef WOLFSSL_DUAL_ALG_CERTS
  5408. byte *sigSpec; /* This pointer never owns the memory. */
  5409. word16 sigSpecSz;
  5410. byte *peerSigSpec; /* This pointer always owns the memory. */
  5411. word16 peerSigSpecSz;
  5412. #endif
  5413. };
  5414. /*
  5415. * wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error
  5416. * to the error queue on file end. This should not be left
  5417. * for the caller to find so we clear the last error.
  5418. */
  5419. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_ERROR_QUEUE)
  5420. #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \
  5421. (err) = wolfSSL_ERR_peek_last_error(); \
  5422. if (ERR_GET_LIB(err) == ERR_LIB_PEM && \
  5423. ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { \
  5424. wc_RemoveErrorNode(-1); \
  5425. }
  5426. #else
  5427. #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) (void)(err);
  5428. #endif
  5429. /*
  5430. * The SSL object may have its own certificate store. The below macros simplify
  5431. * logic for choosing which WOLFSSL_CERT_MANAGER and WOLFSSL_X509_STORE to use.
  5432. * Always use SSL specific objects when available and revert to CTX otherwise.
  5433. */
  5434. #ifdef WOLFSSL_LOCAL_X509_STORE
  5435. #define SSL_CM(ssl) ((ssl)->x509_store_pt ? (ssl)->x509_store_pt->cm : \
  5436. ((ssl)->ctx->x509_store_pt ? (ssl)->ctx->x509_store_pt->cm : \
  5437. (ssl)->ctx->cm))
  5438. #define SSL_STORE(ssl) ((ssl)->x509_store_pt ? (ssl)->x509_store_pt : \
  5439. ((ssl)->ctx->x509_store_pt ? (ssl)->ctx->x509_store_pt : \
  5440. &(ssl)->ctx->x509_store))
  5441. #define CTX_STORE(ctx) ((ctx)->x509_store_pt ? (ctx)->x509_store_pt : \
  5442. &(ctx)->x509_store)
  5443. #else
  5444. #define SSL_CM(ssl) (ssl)->ctx->cm
  5445. #endif
  5446. /* Issue warning when we are modifying the overall context CM */
  5447. #define SSL_CM_WARNING(ssl) \
  5448. do { \
  5449. if (SSL_CM( (ssl) ) == (ssl)->ctx->cm) { \
  5450. WOLFSSL_MSG("Modifying SSL_CTX CM not SSL specific CM"); \
  5451. } \
  5452. } while (0)
  5453. WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
  5454. WOLFSSL_LOCAL int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
  5455. WOLFSSL_LOCAL int ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
  5456. WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap);
  5457. WOLFSSL_API void SSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */
  5458. #ifndef NO_CERTS
  5459. WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
  5460. long sz, int format, int type, WOLFSSL* ssl,
  5461. long* used, int userChain, int verify);
  5462. WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
  5463. int type, WOLFSSL* ssl, int userChain,
  5464. WOLFSSL_CRL* crl, int verify);
  5465. WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
  5466. size_t domainNameLen);
  5467. #endif
  5468. #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
  5469. WOLFSSL_LOCAL void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl);
  5470. WOLFSSL_LOCAL void FinishHandShakeInfo(HandShakeInfo* info);
  5471. WOLFSSL_LOCAL void AddPacketName(WOLFSSL* ssl, const char* name);
  5472. WOLFSSL_LOCAL void InitTimeoutInfo(TimeoutInfo* info);
  5473. WOLFSSL_LOCAL void FreeTimeoutInfo(TimeoutInfo* info, void* heap);
  5474. WOLFSSL_LOCAL int AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
  5475. const byte* data, int sz, int written, int lateRL,
  5476. void* heap);
  5477. WOLFSSL_LOCAL void AddLateName(const char* name, TimeoutInfo* info);
  5478. WOLFSSL_LOCAL void AddLateRecordHeader(const RecordLayerHeader* rl,
  5479. TimeoutInfo* info);
  5480. #endif
  5481. /* Record Layer Header identifier from page 12 */
  5482. enum ContentType {
  5483. no_type = 0,
  5484. change_cipher_spec = 20,
  5485. alert = 21,
  5486. handshake = 22,
  5487. application_data = 23,
  5488. #ifdef WOLFSSL_DTLS13
  5489. ack = 26,
  5490. #endif /* WOLFSSL_DTLS13 */
  5491. };
  5492. /* handshake header, same for each message type, pgs 20/21 */
  5493. typedef struct HandShakeHeader {
  5494. byte type;
  5495. word24 length;
  5496. } HandShakeHeader;
  5497. /* DTLS handshake header, same for each message type */
  5498. typedef struct DtlsHandShakeHeader {
  5499. byte type;
  5500. word24 length;
  5501. byte message_seq[2]; /* start at 0, retransmit gets same # */
  5502. word24 fragment_offset; /* bytes in previous fragments */
  5503. word24 fragment_length; /* length of this fragment */
  5504. } DtlsHandShakeHeader;
  5505. enum HandShakeType {
  5506. hello_request = 0,
  5507. client_hello = 1,
  5508. server_hello = 2,
  5509. hello_verify_request = 3, /* DTLS addition */
  5510. session_ticket = 4,
  5511. end_of_early_data = 5,
  5512. hello_retry_request = 6,
  5513. encrypted_extensions = 8,
  5514. certificate = 11,
  5515. server_key_exchange = 12,
  5516. certificate_request = 13,
  5517. server_hello_done = 14,
  5518. certificate_verify = 15,
  5519. client_key_exchange = 16,
  5520. finished = 20,
  5521. certificate_status = 22,
  5522. key_update = 24,
  5523. change_cipher_hs = 55, /* simulate unique handshake type for sanity
  5524. checks. record layer change_cipher
  5525. conflicts with handshake finished */
  5526. message_hash = 254, /* synthetic message type for TLS v1.3 */
  5527. no_shake = 255 /* used to initialize the DtlsMsg record */
  5528. };
  5529. enum ProvisionSide {
  5530. PROVISION_CLIENT = 1,
  5531. PROVISION_SERVER = 2,
  5532. PROVISION_CLIENT_SERVER = 3
  5533. };
  5534. /* cipher requirements */
  5535. enum {
  5536. REQUIRES_RSA,
  5537. REQUIRES_DHE,
  5538. REQUIRES_ECC,
  5539. REQUIRES_ECC_STATIC,
  5540. REQUIRES_PSK,
  5541. REQUIRES_RSA_SIG,
  5542. REQUIRES_AEAD
  5543. };
  5544. static const byte kTlsClientStr[SIZEOF_SENDER+1] = { 0x43, 0x4C, 0x4E, 0x54, 0x00 }; /* CLNT */
  5545. static const byte kTlsServerStr[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* SRVR */
  5546. static const byte kTlsClientFinStr[FINISHED_LABEL_SZ + 1] = "client finished";
  5547. static const byte kTlsServerFinStr[FINISHED_LABEL_SZ + 1] = "server finished";
  5548. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  5549. typedef struct {
  5550. int name_len;
  5551. const char *name;
  5552. int nid;
  5553. } WOLF_EC_NIST_NAME;
  5554. extern const WOLF_EC_NIST_NAME kNistCurves[];
  5555. /* This is the longest and shortest curve name in the kNistCurves list. Note we
  5556. * also have quantum-safe group names as well. */
  5557. #define kNistCurves_MIN_NAME_LEN 5
  5558. #ifdef HAVE_PQC
  5559. #define kNistCurves_MAX_NAME_LEN 32
  5560. #else
  5561. #define kNistCurves_MAX_NAME_LEN 7
  5562. #endif
  5563. #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
  5564. /* internal functions */
  5565. WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL* ssl);
  5566. WOLFSSL_LOCAL int SendTicket(WOLFSSL* ssl);
  5567. #ifdef HAVE_SESSION_TICKET
  5568. WOLFSSL_LOCAL int DoDecryptTicket(const WOLFSSL* ssl, const byte* input,
  5569. word32 len, InternalTicket **it);
  5570. /* Return 0 when check successful. <0 on failure. */
  5571. WOLFSSL_LOCAL void DoClientTicketFinalize(WOLFSSL* ssl, InternalTicket* it,
  5572. const WOLFSSL_SESSION* sess);
  5573. #ifdef WOLFSSL_TLS13
  5574. WOLFSSL_LOCAL int DoClientTicketCheck(const WOLFSSL* ssl,
  5575. const PreSharedKey* psk, sword64 timeout, const byte* suite);
  5576. WOLFSSL_LOCAL void CleanupClientTickets(PreSharedKey* psk);
  5577. WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk,
  5578. int retainSess);
  5579. #endif
  5580. WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len);
  5581. #endif /* HAVE_SESSION_TICKET */
  5582. WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz);
  5583. #ifdef WOLFSSL_TLS13
  5584. WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType);
  5585. #endif
  5586. WOLFSSL_LOCAL int SendCertificate(WOLFSSL* ssl);
  5587. WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL* ssl);
  5588. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  5589. || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  5590. WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
  5591. buffer* response);
  5592. #endif
  5593. #if defined(HAVE_SECURE_RENEGOTIATION) && \
  5594. !defined(NO_WOLFSSL_SERVER)
  5595. WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL* ssl);
  5596. #endif
  5597. WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL* ssl);
  5598. WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL* ssl);
  5599. WOLFSSL_LOCAL int SendBuffered(WOLFSSL* ssl);
  5600. WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek);
  5601. WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl);
  5602. WOLFSSL_LOCAL int RetrySendAlert(WOLFSSL* ssl);
  5603. WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type);
  5604. WOLFSSL_LOCAL int SendFatalAlertOnly(WOLFSSL *ssl, int error);
  5605. WOLFSSL_LOCAL int ProcessReply(WOLFSSL* ssl);
  5606. WOLFSSL_LOCAL int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr);
  5607. WOLFSSL_LOCAL const char* AlertTypeToString(int type);
  5608. WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL* ssl);
  5609. WOLFSSL_LOCAL int GetCipherSpec(word16 side, byte cipherSuite0,
  5610. byte cipherSuite, CipherSpecs* specs, Options* opts);
  5611. WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL* ssl);
  5612. WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
  5613. WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
  5614. WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
  5615. WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
  5616. WOLFSSL_LOCAL int IsAtLeastTLSv1_3(ProtocolVersion pv);
  5617. WOLFSSL_LOCAL int IsEncryptionOn(const WOLFSSL* ssl, int isSend);
  5618. WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl);
  5619. WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
  5620. WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
  5621. WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
  5622. WOLFSSL_LOCAL byte* GetOutputBuffer(WOLFSSL* ssl);
  5623. WOLFSSL_LOCAL int CipherRequires(byte first, byte second, int requirement);
  5624. WOLFSSL_LOCAL int VerifyClientSuite(word16 havePSK, byte cipherSuite0,
  5625. byte cipherSuite);
  5626. WOLFSSL_LOCAL int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length);
  5627. WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment);
  5628. #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS)
  5629. WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl);
  5630. WOLFSSL_LOCAL int wolfSSL_set_iotsafe_ctx(WOLFSSL *ssl, IOTSAFE *iotsafe);
  5631. #endif
  5632. #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_ECC)
  5633. WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey);
  5634. WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey);
  5635. #endif
  5636. #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
  5637. WOLFSSL_LOCAL int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
  5638. word16 curve_id);
  5639. #else
  5640. static WC_INLINE int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
  5641. word16 curve_id)
  5642. {
  5643. (void)ssl;
  5644. (void)curve_id;
  5645. return 0;
  5646. }
  5647. #endif
  5648. WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
  5649. int *initTmpRng);
  5650. #ifndef NO_CERTS
  5651. #ifndef NO_RSA
  5652. #ifdef WC_RSA_PSS
  5653. WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
  5654. byte* out, word32 sigSz, enum wc_HashType hashType);
  5655. WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
  5656. enum wc_HashType* hashType, int* mgf);
  5657. #endif
  5658. WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
  5659. word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo,
  5660. int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo);
  5661. WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
  5662. byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
  5663. DerBuffer* keyBufInfo);
  5664. WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
  5665. byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
  5666. buffer* keyBufInfo);
  5667. WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
  5668. word32* outSz, RsaKey* key, DerBuffer* keyBufInfo);
  5669. WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
  5670. word32* outSz, RsaKey* key, buffer* keyBufInfo);
  5671. #endif /* !NO_RSA */
  5672. #ifdef HAVE_ECC
  5673. WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
  5674. byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo);
  5675. WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
  5676. const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo);
  5677. WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
  5678. ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
  5679. word32* outlen, int side);
  5680. #endif /* HAVE_ECC */
  5681. #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
  5682. WOLFSSL_LOCAL int Sm2wSm3Sign(WOLFSSL* ssl, const byte* id, word32 idSz,
  5683. const byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key,
  5684. DerBuffer* keyBufInfo);
  5685. WOLFSSL_LOCAL int Sm2wSm3Verify(WOLFSSL* ssl, const byte* id,
  5686. word32 idSz, const byte* in, word32 inSz, const byte* out,
  5687. word32 outSz, ecc_key* key, buffer* keyBufInfo);
  5688. #endif /* WOLFSSL_SM2 && WOLFSSL_SM3 */
  5689. #ifdef HAVE_ED25519
  5690. WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl);
  5691. WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
  5692. byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo);
  5693. WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in,
  5694. word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
  5695. buffer* keyBufInfo);
  5696. #endif /* HAVE_ED25519 */
  5697. #ifdef HAVE_ED448
  5698. WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl);
  5699. WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
  5700. byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo);
  5701. WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in,
  5702. word32 inSz, const byte* msg, word32 msgSz, ed448_key* key,
  5703. buffer* keyBufInfo);
  5704. #endif /* HAVE_ED448 */
  5705. #ifdef WOLFSSL_TRUST_PEER_CERT
  5706. /* options for searching hash table for a matching trusted peer cert */
  5707. #define WC_MATCH_SKID 0
  5708. #define WC_MATCH_NAME 1
  5709. WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert);
  5710. WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
  5711. DecodedCert* cert);
  5712. #endif
  5713. #ifndef GetCA
  5714. WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash);
  5715. #endif
  5716. #ifdef WOLFSSL_AKID_NAME
  5717. WOLFSSL_LOCAL Signer* GetCAByAKID(void* vp, const byte* issuer,
  5718. word32 issuerSz, const byte* serial, word32 serialSz);
  5719. #endif
  5720. #if !defined(NO_SKID) && !defined(GetCAByName)
  5721. WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
  5722. #endif
  5723. #endif /* !NO_CERTS */
  5724. WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
  5725. word32* hashLen);
  5726. WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
  5727. const byte* sender);
  5728. WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
  5729. WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
  5730. WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
  5731. WOLFSSL_LOCAL int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted);
  5732. WOLFSSL_LOCAL int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type,
  5733. word32 msgSz);
  5734. #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
  5735. WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
  5736. #endif
  5737. #ifndef NO_TLS
  5738. WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL* ssl);
  5739. #ifndef WOLFSSL_AEAD_ONLY
  5740. WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
  5741. word32 sz, int padSz, int content, int verify, int epochOrder);
  5742. #endif
  5743. #endif
  5744. WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
  5745. #ifndef NO_WOLFSSL_CLIENT
  5746. WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl);
  5747. WOLFSSL_LOCAL int SendClientHello(WOLFSSL* ssl);
  5748. WOLFSSL_LOCAL int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
  5749. word32 size);
  5750. #ifdef WOLFSSL_TLS13
  5751. WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL* ssl);
  5752. #endif
  5753. WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL* ssl);
  5754. WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL* ssl);
  5755. #endif /* NO_WOLFSSL_CLIENT */
  5756. #ifndef NO_WOLFSSL_SERVER
  5757. WOLFSSL_LOCAL int SendServerHello(WOLFSSL* ssl);
  5758. WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl);
  5759. #endif /* NO_WOLFSSL_SERVER */
  5760. #ifdef WOLFSSL_DTLS
  5761. WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap);
  5762. WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap);
  5763. /* Use WOLFSSL_API to enable src/api.c testing */
  5764. WOLFSSL_API void DtlsMsgListDelete(DtlsMsg* head, void* heap);
  5765. WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl);
  5766. WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch,
  5767. const byte* data, byte type,
  5768. word32 fragOffset, word32 fragSz, void* heap,
  5769. word32 totalLen, byte encrypted);
  5770. /* Use WOLFSSL_API to enable src/api.c testing */
  5771. WOLFSSL_API DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq);
  5772. /* Use WOLFSSL_API to enable src/api.c testing */
  5773. WOLFSSL_API void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq,
  5774. const byte* data, word32 dataSz, byte type,
  5775. word32 fragOffset, word32 fragSz,
  5776. void* heap);
  5777. WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item);
  5778. WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data,
  5779. word32 dataSz, enum HandShakeType type);
  5780. WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL* ssl);
  5781. WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type,
  5782. word32 fragOffset);
  5783. WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* item);
  5784. WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL* ssl);
  5785. WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket);
  5786. WOLFSSL_LOCAL void DtlsMsgDestroyFragBucket(DtlsFragBucket* fragBucket, void* heap);
  5787. WOLFSSL_LOCAL int GetDtlsHandShakeHeader(WOLFSSL *ssl, const byte *input,
  5788. word32 *inOutIdx, byte *type, word32 *size, word32 *fragOffset,
  5789. word32 *fragSz, word32 totalSz);
  5790. WOLFSSL_LOCAL int DtlsMsgDrain(WOLFSSL *ssl);
  5791. WOLFSSL_LOCAL int SendHelloVerifyRequest(WOLFSSL* ssl,
  5792. const byte* cookie, byte cookieSz);
  5793. #if !defined(NO_WOLFSSL_SERVER)
  5794. WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
  5795. const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
  5796. #endif /* !defined(NO_WOLFSSL_SERVER) */
  5797. #endif /* WOLFSSL_DTLS */
  5798. #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
  5799. WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl);
  5800. WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl);
  5801. WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl);
  5802. WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order);
  5803. #endif
  5804. WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl);
  5805. WOLFSSL_LOCAL int IsDtlsNotSctpMode(WOLFSSL* ssl);
  5806. WOLFSSL_LOCAL int IsDtlsNotSrtpMode(WOLFSSL* ssl);
  5807. WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out);
  5808. #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
  5809. #ifdef WOLFSSL_32BIT_MILLI_TIME
  5810. WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
  5811. #else
  5812. WOLFSSL_LOCAL sword64 TimeNowInMilliseconds(void);
  5813. #endif
  5814. #endif
  5815. WOLFSSL_LOCAL word32 LowResTimer(void);
  5816. WOLFSSL_LOCAL int FindSuiteSSL(const WOLFSSL* ssl, byte* suite);
  5817. WOLFSSL_LOCAL void DecodeSigAlg(const byte* input, byte* hashAlgo,
  5818. byte* hsType);
  5819. WOLFSSL_LOCAL enum wc_HashType HashAlgoToType(int hashAlgo);
  5820. #ifndef NO_CERTS
  5821. WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag,
  5822. void* heap);
  5823. WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
  5824. WOLFSSL_LOCAL void InitX509(WOLFSSL_X509* x509, int dynamicFlag,
  5825. void* heap);
  5826. WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509* x509);
  5827. WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509* x509,
  5828. DecodedCert* dCert);
  5829. #endif
  5830. #ifndef MAX_CIPHER_NAME
  5831. #define MAX_CIPHER_NAME 50
  5832. #endif
  5833. #ifdef WOLFSSL_NAMES_STATIC
  5834. typedef char cipher_name[MAX_CIPHER_NAME];
  5835. #else
  5836. typedef const char* cipher_name;
  5837. #endif
  5838. typedef struct CipherSuiteInfo {
  5839. cipher_name name;
  5840. #ifndef NO_ERROR_STRINGS
  5841. cipher_name name_iana;
  5842. #endif
  5843. byte cipherSuite0;
  5844. byte cipherSuite;
  5845. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
  5846. defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
  5847. byte minor;
  5848. byte major;
  5849. #endif
  5850. byte flags;
  5851. } CipherSuiteInfo;
  5852. WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
  5853. WOLFSSL_LOCAL int GetCipherNamesSize(void);
  5854. WOLFSSL_LOCAL const char* GetCipherNameInternal(byte cipherSuite0, byte cipherSuite);
  5855. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
  5856. /* used in wolfSSL_sk_CIPHER_description */
  5857. #define MAX_SEGMENTS 5
  5858. #define MAX_SEGMENT_SZ 20
  5859. WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher);
  5860. WOLFSSL_LOCAL const char* GetCipherSegment(const WOLFSSL_CIPHER* cipher,
  5861. char n[][MAX_SEGMENT_SZ]);
  5862. WOLFSSL_LOCAL const char* GetCipherProtocol(byte minor);
  5863. WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]);
  5864. WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]);
  5865. WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]);
  5866. WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]);
  5867. WOLFSSL_LOCAL int SetCipherBits(const char* enc);
  5868. WOLFSSL_LOCAL int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]);
  5869. #endif
  5870. WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite);
  5871. WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
  5872. WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
  5873. WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
  5874. byte* cipherSuite, int* flags);
  5875. enum encrypt_side {
  5876. ENCRYPT_SIDE_ONLY = 1,
  5877. DECRYPT_SIDE_ONLY,
  5878. ENCRYPT_AND_DECRYPT_SIDE
  5879. };
  5880. WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side);
  5881. /* Set*Internal and Set*External functions */
  5882. WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
  5883. WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
  5884. WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
  5885. WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa);
  5886. typedef enum elem_set {
  5887. ELEMENT_P = 0x01,
  5888. ELEMENT_Q = 0x02,
  5889. ELEMENT_G = 0x04,
  5890. ELEMENT_PUB = 0x08,
  5891. ELEMENT_PRV = 0x10,
  5892. } Element_Set;
  5893. WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, int elm );
  5894. WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh);
  5895. WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
  5896. #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK))
  5897. WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
  5898. byte* priv, word32* privSz,
  5899. byte* pub, word32* pubSz);
  5900. WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
  5901. const byte* priv, word32 privSz,
  5902. const byte* otherPub, word32 otherPubSz,
  5903. byte* agree, word32* agreeSz,
  5904. const byte* prime, word32 primeSz);
  5905. #endif /* !NO_DH */
  5906. #ifdef HAVE_ECC
  5907. WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
  5908. WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum);
  5909. #endif
  5910. WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
  5911. WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
  5912. WOLFSSL_LOCAL int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
  5913. HS_Hashes** destination);
  5914. #ifndef WOLFSSL_NO_TLS12
  5915. WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args);
  5916. #endif
  5917. WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
  5918. const byte* input, int inSz, int type, int hashOutput,
  5919. int sizeOnly, int asyncOkay, int epochOrder);
  5920. #ifdef WOLFSSL_TLS13
  5921. /* Use WOLFSSL_API to use this function in tests/api.c */
  5922. WOLFSSL_API int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
  5923. int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
  5924. WOLFSSL_LOCAL int Tls13UpdateKeys(WOLFSSL* ssl);
  5925. #endif
  5926. WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
  5927. WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
  5928. #ifdef WOLFSSL_ASYNC_CRYPT
  5929. WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags);
  5930. WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
  5931. WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
  5932. #endif
  5933. #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
  5934. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
  5935. !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  5936. WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store,
  5937. X509_NAME* issuer, int Type);
  5938. #endif
  5939. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  5940. WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void);
  5941. WOLFSSL_LOCAL void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash);
  5942. WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void);
  5943. WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_find(
  5944. WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind);
  5945. WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk);
  5946. WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value(
  5947. const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i);
  5948. WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
  5949. WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk);
  5950. WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
  5951. void (*f) (WOLFSSL_BY_DIR_HASH*));
  5952. WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk);
  5953. WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
  5954. WOLFSSL_BY_DIR_HASH* in);
  5955. /* WOLFSSL_BY_DIR_entry stuff */
  5956. WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void);
  5957. WOLFSSL_LOCAL void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry);
  5958. WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void);
  5959. WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk);
  5960. WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value(
  5961. const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i);
  5962. WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop(
  5963. WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk);
  5964. WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk,
  5965. void (*f) (WOLFSSL_BY_DIR_entry*));
  5966. WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk);
  5967. WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk,
  5968. WOLFSSL_BY_DIR_entry* in);
  5969. #endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
  5970. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  5971. WOLFSSL_LOCAL int oid2nid(word32 oid, int grp);
  5972. WOLFSSL_LOCAL word32 nid2oid(int nid, int grp);
  5973. #endif
  5974. #ifdef WOLFSSL_DTLS
  5975. WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
  5976. word16* next_hi, word32* next_lo, word32 *window);
  5977. WOLFSSL_LOCAL int DtlsUpdateWindow(WOLFSSL* ssl);
  5978. WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl);
  5979. WOLFSSL_LOCAL int DtlsIgnoreError(int err);
  5980. WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl);
  5981. #endif
  5982. #ifdef WOLFSSL_DTLS13
  5983. /* Use WOLFSSL_API to use this function in tests/api.c */
  5984. WOLFSSL_API struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl,
  5985. w64wrapper epochNumber);
  5986. WOLFSSL_LOCAL void Dtls13SetOlderEpochSide(WOLFSSL* ssl, w64wrapper epochNumber,
  5987. int side);
  5988. WOLFSSL_LOCAL int Dtls13NewEpoch(WOLFSSL* ssl, w64wrapper epochNumber,
  5989. int side);
  5990. WOLFSSL_LOCAL int Dtls13SetEpochKeys(WOLFSSL* ssl, w64wrapper epochNumber,
  5991. enum encrypt_side side);
  5992. WOLFSSL_LOCAL int Dtls13GetSeq(WOLFSSL* ssl, int order, word32* seq,
  5993. byte increment);
  5994. WOLFSSL_LOCAL int Dtls13DoScheduledWork(WOLFSSL* ssl);
  5995. WOLFSSL_LOCAL int Dtls13DeriveSnKeys(WOLFSSL* ssl, int provision);
  5996. WOLFSSL_LOCAL int Dtls13SetRecordNumberKeys(WOLFSSL* ssl,
  5997. enum encrypt_side side);
  5998. WOLFSSL_LOCAL int Dtls13AddHeaders(byte* output, word32 length,
  5999. enum HandShakeType hs_type, WOLFSSL* ssl);
  6000. WOLFSSL_LOCAL word16 Dtls13GetHeadersLength(WOLFSSL *ssl,
  6001. enum HandShakeType type);
  6002. WOLFSSL_LOCAL word16 Dtls13GetRlHeaderLength(WOLFSSL *ssl, byte is_encrypted);
  6003. WOLFSSL_LOCAL int Dtls13RlAddCiphertextHeader(WOLFSSL* ssl, byte* out,
  6004. word16 length);
  6005. WOLFSSL_LOCAL int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out,
  6006. enum ContentType content_type, word16 length);
  6007. WOLFSSL_LOCAL int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr,
  6008. word16 recordLength);
  6009. WOLFSSL_LOCAL int Dtls13IsUnifiedHeader(byte header_flags);
  6010. WOLFSSL_LOCAL int Dtls13GetUnifiedHeaderSize(WOLFSSL* ssl, const byte input,
  6011. word16* size);
  6012. WOLFSSL_LOCAL int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input,
  6013. word16 input_size, Dtls13UnifiedHdrInfo* hdrInfo);
  6014. WOLFSSL_LOCAL int Dtls13HandshakeSend(WOLFSSL* ssl, byte* output,
  6015. word16 output_size, word16 length, enum HandShakeType handshake_type,
  6016. int hash_output);
  6017. WOLFSSL_LOCAL int Dtls13RecordRecvd(WOLFSSL* ssl);
  6018. WOLFSSL_LOCAL int Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input,
  6019. word32* inOutIdx, word32 totalSz);
  6020. WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output,
  6021. enum HandShakeType msg_type, word32 length);
  6022. #define EE_MASK (0x3)
  6023. WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl);
  6024. WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
  6025. word32* processedSize);
  6026. WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits,
  6027. w64wrapper* epoch);
  6028. WOLFSSL_LOCAL int Dtls13ReconstructSeqNumber(WOLFSSL* ssl,
  6029. Dtls13UnifiedHdrInfo* hdrInfo, w64wrapper* out);
  6030. WOLFSSL_LOCAL int SendDtls13Ack(WOLFSSL* ssl);
  6031. WOLFSSL_LOCAL int Dtls13RtxProcessingCertificate(WOLFSSL* ssl, byte* input,
  6032. word32 inputSize);
  6033. WOLFSSL_LOCAL int Dtls13HashHandshake(WOLFSSL* ssl, const byte* input,
  6034. word16 length);
  6035. WOLFSSL_LOCAL int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash,
  6036. int* hashSz, const byte* body, word32 length, CipherSpecs* specs);
  6037. WOLFSSL_LOCAL void Dtls13FreeFsmResources(WOLFSSL* ssl);
  6038. WOLFSSL_LOCAL void Dtls13RtxFlushBuffered(WOLFSSL* ssl,
  6039. byte keepNewSessionTicket);
  6040. WOLFSSL_LOCAL int Dtls13RtxTimeout(WOLFSSL* ssl);
  6041. WOLFSSL_LOCAL int Dtls13ProcessBufferedMessages(WOLFSSL* ssl);
  6042. WOLFSSL_LOCAL int Dtls13CheckAEADFailLimit(WOLFSSL* ssl);
  6043. WOLFSSL_LOCAL int Dtls13UpdateWindowRecordRecvd(WOLFSSL* ssl);
  6044. #endif /* WOLFSSL_DTLS13 */
  6045. #ifdef WOLFSSL_STATIC_EPHEMERAL
  6046. WOLFSSL_LOCAL int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr);
  6047. #endif
  6048. #ifndef NO_CERTS
  6049. #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
  6050. defined(OPENSSL_EXTRA_X509_SMALL)
  6051. WOLFSSL_LOCAL int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
  6052. const WOLFSSL_ASN1_STRING* asn_in);
  6053. #endif
  6054. #ifdef OPENSSL_EXTRA
  6055. WOLFSSL_LOCAL int GetX509Error(int e);
  6056. #endif
  6057. #endif
  6058. #if defined(HAVE_EX_DATA) && \
  6059. (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
  6060. defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
  6061. defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
  6062. defined(WOLFSSL_WPAS_SMALL)
  6063. typedef struct CRYPTO_EX_cb_ctx {
  6064. long ctx_l;
  6065. void *ctx_ptr;
  6066. WOLFSSL_CRYPTO_EX_new* new_func;
  6067. WOLFSSL_CRYPTO_EX_free* free_func;
  6068. WOLFSSL_CRYPTO_EX_dup* dup_func;
  6069. struct CRYPTO_EX_cb_ctx* next;
  6070. } CRYPTO_EX_cb_ctx;
  6071. /* use wolfSSL_API visibility to be able to clear in tests/api.c */
  6072. WOLFSSL_API extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session;
  6073. WOLFSSL_API void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx);
  6074. WOLFSSL_LOCAL void crypto_ex_cb_setup_new_data(void *new_obj,
  6075. CRYPTO_EX_cb_ctx* cb_ctx, WOLFSSL_CRYPTO_EX_DATA* ex_data);
  6076. WOLFSSL_LOCAL void crypto_ex_cb_free_data(void *obj, CRYPTO_EX_cb_ctx* cb_ctx,
  6077. WOLFSSL_CRYPTO_EX_DATA* ex_data);
  6078. WOLFSSL_LOCAL int crypto_ex_cb_dup_data(const WOLFSSL_CRYPTO_EX_DATA *in,
  6079. WOLFSSL_CRYPTO_EX_DATA *out, CRYPTO_EX_cb_ctx* cb_ctx);
  6080. WOLFSSL_LOCAL int wolfssl_get_ex_new_index(int class_index, long ctx_l,
  6081. void* ctx_ptr, WOLFSSL_CRYPTO_EX_new* new_func,
  6082. WOLFSSL_CRYPTO_EX_dup* dup_func, WOLFSSL_CRYPTO_EX_free* free_func);
  6083. #endif
  6084. WOLFSSL_LOCAL WC_RNG* wolfssl_get_global_rng(void);
  6085. WOLFSSL_LOCAL WC_RNG* wolfssl_make_global_rng(void);
  6086. #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
  6087. #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
  6088. WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
  6089. unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz);
  6090. #endif
  6091. #endif
  6092. #if !defined(NO_RSA)
  6093. WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf,
  6094. int publicKey, void* heap);
  6095. #endif
  6096. #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
  6097. || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK)
  6098. WOLFSSL_LOCAL int wolfSSL_SSL_do_handshake_internal(WOLFSSL *s);
  6099. #endif
  6100. #ifdef WOLFSSL_QUIC
  6101. #define WOLFSSL_IS_QUIC(s) (((s) != NULL) && ((s)->quic.method != NULL))
  6102. WOLFSSL_LOCAL int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz);
  6103. WOLFSSL_LOCAL int wolfSSL_quic_send(WOLFSSL* ssl);
  6104. WOLFSSL_LOCAL void wolfSSL_quic_clear(WOLFSSL* ssl);
  6105. WOLFSSL_LOCAL void wolfSSL_quic_free(WOLFSSL* ssl);
  6106. WOLFSSL_LOCAL int wolfSSL_quic_forward_secrets(WOLFSSL *ssl,
  6107. int ktype, int side);
  6108. WOLFSSL_LOCAL int wolfSSL_quic_keys_active(WOLFSSL* ssl, enum encrypt_side side);
  6109. #else
  6110. #define WOLFSSL_IS_QUIC(s) 0
  6111. #endif /* WOLFSSL_QUIC (else) */
  6112. #if defined(SHOW_SECRETS) && defined(WOLFSSL_SSLKEYLOGFILE)
  6113. WOLFSSL_LOCAL int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret,
  6114. int secretSz, void* ctx);
  6115. #endif
  6116. /* Optional Pre-Master-Secret logging for Wireshark */
  6117. #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
  6118. #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT
  6119. #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log"
  6120. #endif
  6121. #endif
  6122. #if defined(WOLFSSL_TLS13) && !defined(NO_PSK)
  6123. WOLFSSL_LOCAL int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk,
  6124. byte* psk_key, word32* psk_keySz, const byte* suite, int* found,
  6125. byte* foundSuite);
  6126. #endif
  6127. WOLFSSL_LOCAL int wolfSSL_GetHmacType_ex(CipherSpecs* specs);
  6128. #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
  6129. WOLFSSL_LOCAL int CreateCookieExt(const WOLFSSL* ssl, byte* hash,
  6130. word16 hashSz, TLSX** exts,
  6131. byte cipherSuite0, byte cipherSuite);
  6132. #endif
  6133. WOLFSSL_LOCAL int TranslateErrorToAlert(int err);
  6134. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  6135. void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type);
  6136. WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type);
  6137. #endif
  6138. #ifdef __cplusplus
  6139. } /* extern "C" */
  6140. #endif
  6141. #endif /* wolfSSL_INT_H */