internal.h
1 /* internal.h
2  *
3  * Copyright (C) 2006-2019 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
22 
23 
24 #ifndef WOLFSSL_INT_H
25 #define WOLFSSL_INT_H
26 
27 
29 #include <wolfssl/ssl.h>
30 #ifdef HAVE_CRL
31  #include <wolfssl/crl.h>
32 #endif
34 #ifndef NO_DES3
35  #include <wolfssl/wolfcrypt/des3.h>
36 #endif
37 #ifndef NO_HC128
38  #include <wolfssl/wolfcrypt/hc128.h>
39 #endif
40 #ifndef NO_RABBIT
42 #endif
43 #ifdef HAVE_CHACHA
45 #endif
46 #ifndef NO_ASN
47  #include <wolfssl/wolfcrypt/asn.h>
48  #include <wolfssl/wolfcrypt/pkcs12.h>
49 #endif
50 #ifndef NO_MD5
51  #include <wolfssl/wolfcrypt/md5.h>
52 #endif
53 #ifndef NO_SHA
54  #include <wolfssl/wolfcrypt/sha.h>
55 #endif
56 #ifndef NO_AES
57  #include <wolfssl/wolfcrypt/aes.h>
58 #endif
59 #ifdef HAVE_POLY1305
61 #endif
62 #ifdef HAVE_CAMELLIA
64 #endif
66 #ifndef NO_HMAC
67  #include <wolfssl/wolfcrypt/hmac.h>
68 #endif
69 #ifndef NO_RC4
70  #include <wolfssl/wolfcrypt/arc4.h>
71 #endif
72 #ifndef NO_SHA256
74 #endif
75 #ifdef HAVE_OCSP
76  #include <wolfssl/ocsp.h>
77 #endif
78 #ifdef WOLFSSL_SHA384
80 #endif
81 #ifdef WOLFSSL_SHA512
83 #endif
84 #ifdef HAVE_AESGCM
86 #endif
87 #ifdef WOLFSSL_RIPEMD
89 #endif
90 #ifdef HAVE_IDEA
91  #include <wolfssl/wolfcrypt/idea.h>
92 #endif
93 #ifndef NO_RSA
94  #include <wolfssl/wolfcrypt/rsa.h>
95 #endif
96 #ifdef HAVE_ECC
97  #include <wolfssl/wolfcrypt/ecc.h>
98 #endif
99 #ifndef NO_DH
100  #include <wolfssl/wolfcrypt/dh.h>
101 #endif
102 #ifdef HAVE_ED25519
103  #include <wolfssl/wolfcrypt/ed25519.h>
104 #endif
105 #ifdef HAVE_CURVE25519
107 #endif
108 
110 #include <wolfssl/wolfcrypt/hash.h>
111 
112 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
113  #include <wolfssl/callbacks.h>
114 #endif
115 #ifdef WOLFSSL_CALLBACKS
116  #include <signal.h>
117 #endif
118 
119 #ifdef USE_WINDOWS_API
120  #ifdef WOLFSSL_GAME_BUILD
121  #include "system/xtl.h"
122  #else
123  #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
124  /* On WinCE winsock2.h must be included before windows.h */
125  #include <winsock2.h>
126  #endif
127  #include <windows.h>
128  #endif
129 #elif defined(THREADX)
130  #ifndef SINGLE_THREADED
131  #include "tx_api.h"
132  #endif
133 
134 #elif defined(WOLFSSL_DEOS)
135  /* do nothing, just don't pick Unix */
136 #elif defined(MICRIUM)
137  /* do nothing, just don't pick Unix */
138 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
139  /* do nothing */
140 #elif defined(EBSNET)
141  /* do nothing */
142 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
143  /* do nothing */
144 #elif defined(FREESCALE_FREE_RTOS)
145  #include "fsl_os_abstraction.h"
146 #elif defined(WOLFSSL_uITRON4)
147  /* do nothing */
148 #elif defined(WOLFSSL_uTKERNEL2)
149  /* do nothing */
150 #elif defined(WOLFSSL_CMSIS_RTOS)
151  #include "cmsis_os.h"
152 #elif defined(WOLFSSL_CMSIS_RTOSv2)
153  #include "cmsis_os2.h"
154 #elif defined(WOLFSSL_MDK_ARM)
155  #if defined(WOLFSSL_MDK5)
156  #include "cmsis_os.h"
157  #else
158  #include <rtl.h>
159  #endif
160 #elif defined(MBED)
161 #elif defined(WOLFSSL_TIRTOS)
162  /* do nothing */
163 #elif defined(INTIME_RTOS)
164  #include <rt.h>
165 #elif defined(WOLFSSL_NUCLEUS_1_2)
166  /* do nothing */
167 #elif defined(WOLFSSL_APACHE_MYNEWT)
168  #if !defined(WOLFSSL_LWIP)
169  void mynewt_ctx_clear(void *ctx);
170  void* mynewt_ctx_new();
171  #endif
172 #elif defined(WOLFSSL_ZEPHYR)
173  #ifndef SINGLE_THREADED
174  #include <kernel.h>
175  #endif
176 #else
177  #ifndef SINGLE_THREADED
178  #define WOLFSSL_PTHREADS
179  #include <pthread.h>
180  #endif
181  #ifdef OPENSSL_EXTRA
182  #include <unistd.h> /* for close of BIO */
183  #endif
184 #endif
185 
186 #ifndef CHAR_BIT
187  /* Needed for DTLS without big math */
188  #include <limits.h>
189 #endif
190 
191 
192 #ifdef HAVE_LIBZ
193  #include "zlib.h"
194 #endif
195 
196 #ifdef WOLFSSL_ASYNC_CRYPT
197  #include <wolfssl/wolfcrypt/async.h>
198 #endif
199 
200 #ifdef OPENSSL_EXTRA
201  #ifdef WOLFCRYPT_HAVE_SRP
202  #include <wolfssl/wolfcrypt/srp.h>
203  #endif
204 #endif
205 
206 #ifdef _MSC_VER
207  /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
208  #pragma warning(disable: 4996)
209 #endif
210 
211 #ifdef NO_SHA
212  #define WC_SHA_DIGEST_SIZE 20
213 #endif
214 
215 #ifdef NO_SHA256
216  #define WC_SHA256_DIGEST_SIZE 32
217 #endif
218 
219 #ifdef NO_MD5
220  #define WC_MD5_DIGEST_SIZE 16
221 #endif
222 
223 
224 #ifdef __cplusplus
225  extern "C" {
226 #endif
227 
228 /* Define or comment out the cipher suites you'd like to be compiled in
229  make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
230 
231  When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
232 
233  Now that there is a maximum strength crypto build, the following BUILD_XXX
234  flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
235  Those that do not use Perfect Forward Security and do not use AEAD ciphers
236  need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
237  CHACHA-POLY.
238 */
239 
240 /* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
241  * not turned off. */
242 #if defined(WOLFSSL_MAX_STRENGTH) && \
243  ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
244  (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
245  (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
246  (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
247  !defined(NO_OLD_TLS))
248 
249  #error "You are trying to build max strength with requirements disabled."
250 #endif
251 
252 /* Have QSH : Quantum-safe Handshake */
253 #if defined(HAVE_QSH)
254  #define BUILD_TLS_QSH
255 #endif
256 
257 #ifndef WOLFSSL_MAX_STRENGTH
258 
259 #ifdef WOLFSSL_AEAD_ONLY
260  /* AES CBC ciphers are not allowed in AEAD only mode */
261  #undef HAVE_AES_CBC
262 #endif
263 
264 #ifndef WOLFSSL_AEAD_ONLY
265  #if !defined(NO_RSA) && !defined(NO_RC4)
266  #if defined(WOLFSSL_STATIC_RSA)
267  #if !defined(NO_SHA)
268  #define BUILD_SSL_RSA_WITH_RC4_128_SHA
269  #endif
270  #if !defined(NO_MD5)
271  #define BUILD_SSL_RSA_WITH_RC4_128_MD5
272  #endif
273  #endif
274  #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
275  && defined(WOLFSSL_STATIC_RSA)
276  #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
277  #endif
278  #endif
279 
280  #if !defined(NO_RSA) && !defined(NO_DES3)
281  #if !defined(NO_SHA)
282  #if defined(WOLFSSL_STATIC_RSA)
283  #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
284  #endif
285  #if !defined(NO_TLS) && defined(HAVE_NTRU) \
286  && defined(WOLFSSL_STATIC_RSA)
287  #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
288  #endif
289  #endif
290  #endif
291 
292  #if !defined(NO_RSA) && defined(HAVE_IDEA)
293  #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
294  #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
295  #endif
296  #endif
297 #endif /* !WOLFSSL_AEAD_ONLY */
298 
299  #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
300  #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
301  #if defined(WOLFSSL_STATIC_RSA)
302  #ifdef WOLFSSL_AES_128
303  #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
304  #endif
305  #ifdef WOLFSSL_AES_256
306  #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
307  #endif
308  #endif
309  #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
310  #ifdef WOLFSSL_AES_128
311  #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
312  #endif
313  #ifdef WOLFSSL_AES_256
314  #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
315  #endif
316  #endif
317  #endif
318  #if defined(WOLFSSL_STATIC_RSA)
319  #if !defined (NO_SHA256) && defined(HAVE_AES_CBC)
320  #ifdef WOLFSSL_AES_128
321  #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
322  #endif
323  #ifdef WOLFSSL_AES_256
324  #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
325  #endif
326  #endif
327  #if defined (HAVE_AESGCM)
328  #ifdef WOLFSSL_AES_128
329  #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
330  #endif
331  #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
332  #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
333  #endif
334  #endif
335  #if defined (HAVE_AESCCM)
336  #ifdef WOLFSSL_AES_128
337  #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
338  #endif
339  #ifdef WOLFSSL_AES_256
340  #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
341  #endif
342  #endif
343  #if defined(HAVE_BLAKE2) && defined(HAVE_AES_CBC)
344  #ifdef WOLFSSL_AES_128
345  #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
346  #endif
347  #ifdef WOLFSSL_AES_256
348  #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
349  #endif
350  #endif
351  #endif
352  #endif
353 
354  #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC)
355  #ifndef NO_RSA
356  #if defined(WOLFSSL_STATIC_RSA)
357  #if !defined(NO_SHA)
358  #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
359  #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
360  #endif
361  #ifndef NO_SHA256
362  #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
363  #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
364  #endif
365  #endif
366  #if !defined(NO_DH)
367  #if !defined(NO_SHA)
368  #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
369  #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
370  #endif
371  #ifndef NO_SHA256
372  #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
373  #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
374  #endif
375  #endif
376  #endif
377  #endif
378 
379 #if defined(WOLFSSL_STATIC_PSK)
380  #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
381  #if !defined(NO_SHA)
382  #ifdef WOLFSSL_AES_128
383  #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
384  #endif
385  #ifdef WOLFSSL_AES_256
386  #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
387  #endif
388  #endif
389  #ifndef NO_SHA256
390  #ifdef WOLFSSL_AES_128
391  #ifdef HAVE_AES_CBC
392  #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
393  #endif
394  #ifdef HAVE_AESGCM
395  #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
396  #endif
397  #endif /* WOLFSSL_AES_128 */
398  #ifdef HAVE_AESCCM
399  #ifdef WOLFSSL_AES_128
400  #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
401  #define BUILD_TLS_PSK_WITH_AES_128_CCM
402  #endif
403  #ifdef WOLFSSL_AES_256
404  #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
405  #define BUILD_TLS_PSK_WITH_AES_256_CCM
406  #endif
407  #endif
408  #endif
409  #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
410  #ifdef HAVE_AES_CBC
411  #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
412  #endif
413  #ifdef HAVE_AESGCM
414  #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
415  #endif
416  #endif
417  #endif
418 #endif
419 
420  #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
421  #if !defined(NO_RSA)
422  #if defined(WOLFSSL_STATIC_RSA)
423  #if !defined(NO_SHA)
424  #define BUILD_TLS_RSA_WITH_NULL_SHA
425  #endif
426  #ifndef NO_SHA256
427  #define BUILD_TLS_RSA_WITH_NULL_SHA256
428  #endif
429  #endif
430  #endif
431  #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
432  #if !defined(NO_SHA)
433  #define BUILD_TLS_PSK_WITH_NULL_SHA
434  #endif
435  #ifndef NO_SHA256
436  #define BUILD_TLS_PSK_WITH_NULL_SHA256
437  #endif
438  #ifdef WOLFSSL_SHA384
439  #define BUILD_TLS_PSK_WITH_NULL_SHA384
440  #endif
441  #endif
442  #endif
443 
444 #if defined(WOLFSSL_STATIC_RSA)
445  #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
446  #ifndef NO_MD5
447  #define BUILD_TLS_RSA_WITH_HC_128_MD5
448  #endif
449  #if !defined(NO_SHA)
450  #define BUILD_TLS_RSA_WITH_HC_128_SHA
451  #endif
452  #if defined(HAVE_BLAKE2)
453  #define BUILD_TLS_RSA_WITH_HC_128_B2B256
454  #endif
455  #endif
456 
457  #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
458  #if !defined(NO_SHA)
459  #define BUILD_TLS_RSA_WITH_RABBIT_SHA
460  #endif
461  #endif
462 #endif
463 
464  #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
465  !defined(NO_RSA)
466 
467  #if !defined(NO_SHA)
468  #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
469  #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
470  #endif
471  #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
472  #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
473  #endif
474  #if !defined(NO_DES3)
475  #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
476  #endif
477  #endif
478  #if !defined(NO_SHA256) && defined(HAVE_AES_CBC)
479  #ifdef WOLFSSL_AES_128
480  #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
481  #endif
482  #ifdef WOLFSSL_AES_256
483  #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
484  #endif
485  #endif
486  #endif
487 
488  #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
489  !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
490  #ifdef HAVE_AES_CBC
491  #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
492  #endif
493 
494  #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
495  #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
496  #endif
497  #endif
498 
499  #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
500  #ifndef NO_SHA256
501  #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \
502  defined(HAVE_AES_CBC)
503  #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
504  #endif
505  #ifdef HAVE_NULL_CIPHER
506  #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
507  #endif
508  #endif
509  #ifdef WOLFSSL_SHA384
510  #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \
511  defined(HAVE_AES_CBC)
512  #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
513  #endif
514  #ifdef HAVE_NULL_CIPHER
515  #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
516  #endif
517  #endif
518  #endif
519 
520  #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS)
521  #if !defined(NO_AES)
522  #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
523  #if !defined(NO_RSA)
524  #ifdef WOLFSSL_AES_128
525  #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
526  #endif
527  #ifdef WOLFSSL_AES_256
528  #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
529  #endif
530  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
531  #ifdef WOLFSSL_AES_128
532  #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
533  #endif
534  #ifdef WOLFSSL_AES_256
535  #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
536  #endif
537  #endif
538  #endif
539 
540  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
541  defined(HAVE_ED25519))
542  #ifdef WOLFSSL_AES_128
543  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
544  #endif
545  #ifdef WOLFSSL_AES_256
546  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
547  #endif
548  #endif
549 
550  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
551  #ifdef WOLFSSL_AES_128
552  #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
553  #endif
554  #ifdef WOLFSSL_AES_256
555  #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
556  #endif
557  #endif
558  #endif /* NO_SHA */
559  #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
560  defined(HAVE_AES_CBC)
561  #if !defined(NO_RSA)
562  #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
563  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
564  #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
565  #endif
566  #endif
567  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
568  defined(HAVE_ED25519))
569  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
570  #endif
571  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
572  #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
573  #endif
574  #endif
575 
576  #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
577  defined(HAVE_AES_CBC)
578  #if !defined(NO_RSA)
579  #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
580  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
581  #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
582  #endif
583  #endif
584  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
585  defined(HAVE_ED25519))
586  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
587  #endif
588  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
589  #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
590  #endif
591  #endif
592 
593  #if defined (HAVE_AESGCM)
594  #if !defined(NO_RSA)
595  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
596  #ifdef WOLFSSL_AES_128
597  #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
598  #endif
599  #endif
600  #if defined(WOLFSSL_SHA384)
601  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
602  #ifdef WOLFSSL_AES_256
603  #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
604  #endif
605  #endif
606  #endif
607  #endif
608 
609  #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \
610  defined(HAVE_ECC)
611  #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
612  #endif
613 
614  #if defined(WOLFSSL_SHA384)
615  #if defined(WOLFSSL_STATIC_DH) && \
616  defined(WOLFSSL_AES_256) && defined(HAVE_ECC)
617  #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
618  #endif
619  #endif
620  #endif
621  #endif /* NO_AES */
622  #if !defined(NO_RC4)
623  #if !defined(NO_SHA)
624  #if !defined(NO_RSA)
625  #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
626  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
627  #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
628  #endif
629  #endif
630 
631  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
632  defined(HAVE_ED25519))
633  #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
634  #endif
635  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
636  #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
637  #endif
638  #endif
639  #endif
640  #if !defined(NO_DES3)
641  #ifndef NO_SHA
642  #if !defined(NO_RSA)
643  #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
644  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
645  #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
646  #endif
647  #endif
648 
649  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
650  defined(HAVE_ED25519))
651  #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
652  #endif
653  #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
654  #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
655  #endif
656  #endif /* NO_SHA */
657  #endif
658  #if defined(HAVE_NULL_CIPHER)
659  #if !defined(NO_SHA)
660  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
661  defined(HAVE_ED25519))
662  #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
663  #endif
664  #endif
665  #if !defined(NO_PSK) && !defined(NO_SHA256)
666  #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
667  #endif
668  #endif
669  #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
670  defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
671  #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
672  #endif
673  #endif
674  #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
675  #if !defined(NO_OLD_POLY1305)
676  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
677  defined(HAVE_ED25519))
678  #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
679  #endif
680  #if !defined(NO_RSA) && defined(HAVE_ECC)
681  #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
682  #endif
683  #if !defined(NO_DH) && !defined(NO_RSA)
684  #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
685  #endif
686  #endif /* NO_OLD_POLY1305 */
687  #if !defined(NO_PSK)
688  #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
689  #if defined(HAVE_ECC) || defined(HAVE_ED25519)
690  #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
691  #endif
692  #ifndef NO_DH
693  #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
694  #endif
695  #endif /* !NO_PSK */
696  #endif
697 
698 #endif /* !WOLFSSL_MAX_STRENGTH */
699 
700 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
701  !defined(NO_RSA) && defined(HAVE_AESGCM)
702 
703  #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
704  #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
705  #endif
706 
707  #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
708  #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
709  #endif
710 #endif
711 
712 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
713  #ifndef NO_SHA256
714  #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
715  #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
716  #endif
717  #ifdef HAVE_AESCCM
718  #ifdef WOLFSSL_AES_128
719  #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
720  #endif
721  #ifdef WOLFSSL_AES_256
722  #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
723  #endif
724  #endif
725  #endif
726  #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \
727  defined(WOLFSSL_AES_256)
728  #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
729  #endif
730 #endif
731 
732 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \
733  !defined(NO_AES)
734  #ifdef HAVE_AESGCM
735  #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
736  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
737  defined(HAVE_ED25519))
738  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
739  #endif
740  #ifndef NO_RSA
741  #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
742  #endif
743  #endif
744  #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
745  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
746  defined(HAVE_ED25519))
747  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
748  #endif
749  #ifndef NO_RSA
750  #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
751  #endif
752  #endif
753  #endif
754  #if defined(HAVE_AESCCM) && !defined(NO_SHA256)
755  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
756  defined(HAVE_ED25519))
757  #ifdef WOLFSSL_AES_128
758  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
759  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
760  #endif
761  #ifdef WOLFSSL_AES_256
762  #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
763  #endif
764  #endif
765  #endif
766 #endif
767 
768 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
769  #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
770  #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
771  defined(HAVE_ED25519))
772  #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
773  #endif
774  #ifndef NO_RSA
775  #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
776  #endif
777  #endif
778  #if !defined(NO_DH) && !defined(NO_RSA)
779  #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
780  #endif
781 #endif
782 
783 #if defined(WOLFSSL_TLS13)
784  #ifdef HAVE_AESGCM
785  #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
786  #define BUILD_TLS_AES_128_GCM_SHA256
787  #endif
788  #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
789  #define BUILD_TLS_AES_256_GCM_SHA384
790  #endif
791  #endif
792 
793  #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
794  #ifndef NO_SHA256
795  #define BUILD_TLS_CHACHA20_POLY1305_SHA256
796  #endif
797  #endif
798 
799  #ifdef HAVE_AESCCM
800  #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
801  #define BUILD_TLS_AES_128_CCM_SHA256
802  #define BUILD_TLS_AES_128_CCM_8_SHA256
803  #endif
804  #endif
805 #endif
806 
807 #ifdef WOLFSSL_MULTICAST
808  #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
809  #define BUILD_WDM_WITH_NULL_SHA256
810  #endif
811 #endif
812 
813 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
814  defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
815  #define BUILD_ARC4
816 #endif
817 
818 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
819  #define BUILD_DES3
820 #endif
821 
822 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
823  defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
824  defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \
825  defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
826  #undef BUILD_AES
827  #define BUILD_AES
828 #endif
829 
830 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
831  defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
832  defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
833  defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
834  defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
835  defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
836  defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
837  defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
838  defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
839  defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384)
840  #define BUILD_AESGCM
841 #else
842  /* No AES-GCM cipher suites available with build */
843  #define NO_AESGCM_AEAD
844 #endif
845 
846 #if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
847  defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
848  defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
849  defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \
850  defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
851  defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
852  defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
853  defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
854  defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
855  defined(BUILD_TLS_CHACHA20_POLY1305_SHA256)
856  /* Have an available ChaCha Poly cipher suite */
857 #else
858  /* No ChaCha Poly cipher suites available with build */
859  #define NO_CHAPOL_AEAD
860 #endif
861 
862 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
863  defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
864  defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
865  #define BUILD_HC128
866 #endif
867 
868 #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
869  #define BUILD_RABBIT
870 #endif
871 
872 #ifdef NO_DES3
873  #define DES_BLOCK_SIZE 8
874 #else
875  #undef BUILD_DES3
876  #define BUILD_DES3
877 #endif
878 
879 #if defined(NO_AES) || defined(NO_AES_DECRYPT)
880  #define AES_BLOCK_SIZE 16
881  #undef BUILD_AES
882 #else
883  #undef BUILD_AES
884  #define BUILD_AES
885 #endif
886 
887 #ifndef NO_RC4
888  #undef BUILD_ARC4
889  #define BUILD_ARC4
890 #endif
891 
892 #ifdef HAVE_CHACHA
893  #define CHACHA20_BLOCK_SIZE 16
894 #endif
895 
896 #if defined(WOLFSSL_MAX_STRENGTH) || \
897  (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \
898  defined(HAVE_AESCCM) || \
899  (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD))
900 
901  #define HAVE_AEAD
902 #endif
903 
904 #if defined(WOLFSSL_MAX_STRENGTH) || \
905  defined(HAVE_ECC) || !defined(NO_DH)
906 
907  #define HAVE_PFS
908 #endif
909 
910 #if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
911  #define BUILD_IDEA
912 #endif
913 
914 /* actual cipher values, 2nd byte */
915 enum {
916  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
917  TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
918  TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
919  TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
920  TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
921  TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
922  TLS_RSA_WITH_NULL_SHA = 0x02,
923  TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
924  TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
925  TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
926  TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
927  TLS_PSK_WITH_NULL_SHA256 = 0xb0,
928  TLS_PSK_WITH_NULL_SHA384 = 0xb1,
929  TLS_PSK_WITH_NULL_SHA = 0x2c,
930  SSL_RSA_WITH_RC4_128_SHA = 0x05,
931  SSL_RSA_WITH_RC4_128_MD5 = 0x04,
932  SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
933  SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
934 
935  /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
936  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
937  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
938  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
939  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
940  TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
941  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
942  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
943  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
944  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
945  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
946  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
947  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
948  TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
949  TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
950  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
951 
952  /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
953  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
954  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
955  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
956  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
957  TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
958  TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
959  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
960  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
961  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
962  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
963  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
964  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
965 
966  /* wolfSSL extension - eSTREAM */
967  TLS_RSA_WITH_HC_128_MD5 = 0xFB,
968  TLS_RSA_WITH_HC_128_SHA = 0xFC,
969  TLS_RSA_WITH_RABBIT_SHA = 0xFD,
970  WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
971 
972  /* wolfSSL extension - Blake2b 256 */
973  TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
974  TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
975  TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
976 
977  /* wolfSSL extension - NTRU */
978  TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
979  TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
980  TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
981  TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
982 
983  /* wolfSSL extension - NTRU , Quantum-safe Handshake
984  first byte is 0xD0 (QSH_BYTE) */
985  TLS_QSH = 0x01,
986 
987  /* SHA256 */
988  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
989  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
990  TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
991  TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
992  TLS_RSA_WITH_NULL_SHA256 = 0x3b,
993  TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
994  TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
995 
996  /* SHA384 */
997  TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
998  TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
999 
1000  /* AES-GCM */
1001  TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
1002  TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
1003  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
1004  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
1005  TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
1006  TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
1007  TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
1008  TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
1009  TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
1010 
1011  /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
1012  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
1013  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
1014  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
1015  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
1016  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
1017  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
1018  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
1019  TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
1020 
1021  /* AES-CCM, first byte is 0xC0 but isn't ECC,
1022  * also, in some of the other AES-CCM suites
1023  * there will be second byte number conflicts
1024  * with non-ECC AES-GCM */
1025  TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
1026  TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
1027  TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
1028  TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
1029  TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
1030  TLS_PSK_WITH_AES_128_CCM = 0xa4,
1031  TLS_PSK_WITH_AES_256_CCM = 0xa5,
1032  TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
1033  TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
1034  TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
1035  TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
1036 
1037  /* Camellia */
1038  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
1039  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
1040  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
1041  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
1042  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
1043  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
1044  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
1045  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
1046 
1047  /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
1048  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
1049  TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
1050  TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
1051  TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
1052  TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
1053  TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
1054 
1055  /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
1056  TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
1057  TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
1058  TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
1059 
1060  /* TLS v1.3 cipher suites */
1061  TLS_AES_128_GCM_SHA256 = 0x01,
1062  TLS_AES_256_GCM_SHA384 = 0x02,
1063  TLS_CHACHA20_POLY1305_SHA256 = 0x03,
1064  TLS_AES_128_CCM_SHA256 = 0x04,
1065  TLS_AES_128_CCM_8_SHA256 = 0x05,
1066 
1067  /* Renegotiation Indication Extension Special Suite */
1068  TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
1069 };
1070 
1071 
1072 #ifndef WOLFSSL_SESSION_TIMEOUT
1073  #define WOLFSSL_SESSION_TIMEOUT 500
1074  /* default session resumption cache timeout in seconds */
1075 #endif
1076 
1077 
1078 #ifndef WOLFSSL_DTLS_WINDOW_WORDS
1079  #define WOLFSSL_DTLS_WINDOW_WORDS 2
1080 #endif /* WOLFSSL_DTLS_WINDOW_WORDS */
1081 #define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
1082 #define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
1083 #define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
1084 
1085 #ifndef WOLFSSL_MULTICAST
1086  #define WOLFSSL_DTLS_PEERSEQ_SZ 1
1087 #else
1088  #ifndef WOLFSSL_MULTICAST_PEERS
1089  /* max allowed multicast group peers */
1090  #define WOLFSSL_MULTICAST_PEERS 100
1091  #endif
1092  #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS
1093 #endif /* WOLFSSL_MULTICAST */
1094 
1095 #ifndef WOLFSSL_MAX_MTU
1096  #define WOLFSSL_MAX_MTU 1500
1097 #endif /* WOLFSSL_MAX_MTU */
1098 
1099 
1100 /* set minimum DH key size allowed */
1101 #ifndef WOLFSSL_MIN_DHKEY_BITS
1102  #ifdef WOLFSSL_MAX_STRENGTH
1103  #define WOLFSSL_MIN_DHKEY_BITS 2048
1104  #else
1105  #define WOLFSSL_MIN_DHKEY_BITS 1024
1106  #endif
1107 #endif
1108 #if (WOLFSSL_MIN_DHKEY_BITS % 8)
1109  #error DH minimum bit size must be multiple of 8
1110 #endif
1111 #if (WOLFSSL_MIN_DHKEY_BITS > 16000)
1112  #error DH minimum bit size must not be greater than 16000
1113 #endif
1114 #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
1115 /* set maximum DH key size allowed */
1116 #ifndef WOLFSSL_MAX_DHKEY_BITS
1117  #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
1118  #define WOLFSSL_MAX_DHKEY_BITS 8192
1119  #else
1120  #define WOLFSSL_MAX_DHKEY_BITS 4096
1121  #endif
1122 #endif
1123 #if (WOLFSSL_MAX_DHKEY_BITS % 8)
1124  #error DH maximum bit size must be multiple of 8
1125 #endif
1126 #if (WOLFSSL_MAX_DHKEY_BITS > 16000)
1127  #error DH maximum bit size must not be greater than 16000
1128 #endif
1129 #define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
1130 
1131 
1132 
1133 enum Misc {
1134  CIPHER_BYTE = 0x00, /* Default ciphers */
1135  ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
1136  QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
1137  CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
1138  TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
1139 
1140  SEND_CERT = 1,
1141  SEND_BLANK_CERT = 2,
1142 
1143  DTLS_MAJOR = 0xfe, /* DTLS major version number */
1144  DTLS_MINOR = 0xff, /* DTLS minor version number */
1145  DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
1146  SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
1147  SSLv3_MINOR = 0, /* TLSv1 minor version number */
1148  TLSv1_MINOR = 1, /* TLSv1 minor version number */
1149  TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
1150  TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
1151  TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
1152 #ifdef WOLFSSL_TLS13_DRAFT
1153  TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
1154 #ifdef WOLFSSL_TLS13_DRAFT_18
1155  TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
1156 #elif defined(WOLFSSL_TLS13_DRAFT_22)
1157  TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */
1158 #elif defined(WOLFSSL_TLS13_DRAFT_23)
1159  TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */
1160 #elif defined(WOLFSSL_TLS13_DRAFT_26)
1161  TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */
1162 #else
1163  TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */
1164 #endif
1165 #endif
1166  OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
1167  INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
1168  NO_COMPRESSION = 0,
1169  ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
1170  HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
1171  HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
1172  SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
1173  /* pre RSA and all master */
1174  MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
1175 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
1176  (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
1177 #ifndef NO_PSK
1178  ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */
1179 #else
1180  ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */
1181 #endif
1182 #else
1183 #ifndef NO_PSK
1184  ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */
1185 #else
1186  ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
1187 #endif
1188 #endif
1189  SIZEOF_SENDER = 4, /* clnt or srvr */
1190  FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
1191  MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
1192  MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
1193  /* max added to msg, mac + pad from */
1194  /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
1195  digest sz + BLOC_SZ (iv) + pad byte (1) */
1196  MAX_COMP_EXTRA = 1024, /* max compression extra */
1197  MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
1198  MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
1199  MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */
1200  /* 4096 p, pub, g + 2 byte size for each */
1201  MAX_STR_VERSION = 8, /* string rep of protocol version */
1202 
1203  PAD_MD5 = 48, /* pad length for finished */
1204  PAD_SHA = 40, /* pad length for finished */
1205  MAX_PAD_SIZE = 256, /* maximum length of padding */
1206 
1207  LENGTH_SZ = 2, /* length field for HMAC, data only */
1208  VERSION_SZ = 2, /* length of proctocol version */
1209  SEQ_SZ = 8, /* 64 bit sequence number */
1210  ALERT_SIZE = 2, /* level + description */
1211  VERIFY_HEADER = 2, /* always use 2 bytes */
1212  EXTS_SZ = 2, /* always use 2 bytes */
1213  EXT_ID_SZ = 2, /* always use 2 bytes */
1214  MAX_DH_SIZE = MAX_DHKEY_SZ+1,
1215  /* Max size plus possible leading 0 */
1216  NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
1217  SESSION_HINT_SZ = 4, /* session timeout hint */
1218  SESSION_ADD_SZ = 4, /* session age add */
1219  TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
1220  DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
1221  MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */
1222  MAX_LIFETIME = 604800, /* maximum ticket lifetime */
1223  MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */
1224 
1225  RAN_LEN = 32, /* random length */
1226  SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
1227  ID_LEN = 32, /* session id length */
1228  COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
1229  MAX_COOKIE_LEN = 32, /* max dtls cookie size */
1230  COOKIE_SZ = 20, /* use a 20 byte cookie */
1231  SUITE_LEN = 2, /* cipher suite sz length */
1232  ENUM_LEN = 1, /* always a byte */
1233  OPAQUE8_LEN = 1, /* 1 byte */
1234  OPAQUE16_LEN = 2, /* 2 bytes */
1235  OPAQUE24_LEN = 3, /* 3 bytes */
1236  OPAQUE32_LEN = 4, /* 4 bytes */
1237  OPAQUE64_LEN = 8, /* 8 bytes */
1238  COMP_LEN = 1, /* compression length */
1239  CURVE_LEN = 2, /* ecc named curve length */
1240  KE_GROUP_LEN = 2, /* key exchange group length */
1241  SERVER_ID_LEN = 20, /* server session id length */
1242 
1243  HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
1244  RECORD_HEADER_SZ = 5, /* type + version + len(2) */
1245  CERT_HEADER_SZ = 3, /* always 3 bytes */
1246  REQ_HEADER_SZ = 2, /* cert request header sz */
1247  HINT_LEN_SZ = 2, /* length of hint size field */
1248  TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
1249  HELLO_EXT_SZ = 4, /* base length of a hello extension */
1250  HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
1251  HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
1252  HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
1253 
1254  DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
1255  DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
1256  DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
1257  DTLS_RECORD_EXTRA = 8, /* diff from normal */
1258  DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
1259  DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
1260  DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
1261  DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
1262  DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
1263  DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */
1264  DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
1265  DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */
1266  DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
1267  /* max amount of bytes used from Keys */
1268  DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
1269  /* min amount of bytes used from Keys */
1270  DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
1271  DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
1272  DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
1273  MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
1274  FINISHED_LABEL_SZ = 15, /* TLS finished label size */
1275  TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
1276  EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
1277  MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
1278  KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
1279  PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
1280  MAX_LABEL_SZ = 34, /* Maximum length of a label */
1281  MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
1282  OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
1283  OPAQUE8_LEN + WC_MAX_DIGEST_SIZE,
1284  MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
1285  SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
1286  TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */
1287 
1288 #if defined(HAVE_FIPS) && \
1289  (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
1290  MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
1291 #else
1292  MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
1293 #endif
1294 
1295 #ifdef HAVE_SELFTEST
1296  #define WOLFSSL_AES_KEY_SIZE_ENUM
1297  AES_IV_SIZE = 16,
1298  AES_128_KEY_SIZE = 16,
1299  AES_192_KEY_SIZE = 24,
1300  AES_256_KEY_SIZE = 32,
1301 #endif
1302 
1303  MAX_IV_SZ = AES_BLOCK_SIZE,
1304 
1305  AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
1306  AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
1307  AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
1308  AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
1309  AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
1310  AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
1311  AEAD_NONCE_SZ = 12,
1312  AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
1313  AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
1314  AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
1315 
1316  CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
1317  CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
1318  CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
1319 
1320  /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
1321 
1322  AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
1323  AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
1324  AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
1325  AESCCM_NONCE_SZ = 12,
1326 
1327  CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
1328  CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
1329  CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
1330  CAMELLIA_IV_SIZE = 16, /* always block size */
1331 
1332  CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
1333  CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
1334  CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
1335 
1336  POLY1305_AUTH_SZ = 16, /* 128 bits */
1337 
1338  HC_128_KEY_SIZE = 16, /* 128 bits */
1339  HC_128_IV_SIZE = 16, /* also 128 bits */
1340 
1341  RABBIT_KEY_SIZE = 16, /* 128 bits */
1342  RABBIT_IV_SIZE = 8, /* 64 bits for iv */
1343 
1344  EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
1345 
1346 #ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */
1347  ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
1348 #endif
1349  MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
1350  MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
1351 
1352  NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */
1353  ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
1354  ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
1355  ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
1356  ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
1357 
1358  MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
1359  MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
1360 
1361 #ifndef NO_RSA
1362  MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */
1363 #elif defined(HAVE_ECC)
1364  MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */
1365 #elif defined(HAVE_ED25519)
1366  MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */
1367 #else
1368  MAX_CERT_VERIFY_SZ = 1024, /* max default */
1369 #endif
1370  CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
1371  MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
1372 
1373  DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
1374  DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
1375  DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
1376 
1377  NULL_TERM_LEN = 1, /* length of null '\0' termination character */
1378  MAX_PSK_KEY_LEN = 64, /* max psk key supported */
1379  MIN_PSK_ID_LEN = 6, /* min length of identities */
1380  MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
1381  MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */
1382 
1383  MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */
1384 
1385 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
1386  MAX_EX_DATA = 5, /* allow for five items of ex_data */
1387 #endif
1388 
1389  MAX_X509_SIZE = 2048, /* max static x509 buffer size */
1390  CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
1391 
1392  MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
1393  MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
1394  MAX_NTRU_BITS = 256, /* max symmetric bit strength */
1395  NO_SNIFF = 0, /* not sniffing */
1396  SNIFF = 1, /* currently sniffing */
1397 
1398  HASH_SIG_SIZE = 2, /* default SHA1 RSA */
1399 
1400  NO_COPY = 0, /* should we copy static buffer for write */
1401  COPY = 1, /* should we copy static buffer for write */
1402 
1403  INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */
1404 
1405  PREV_ORDER = -1, /* Sequence number is in previous epoch. */
1406  PEER_ORDER = 1, /* Peer sequence number for verify. */
1407  CUR_ORDER = 0, /* Current sequence number. */
1408  WRITE_PROTO = 1, /* writing a protocol message */
1409  READ_PROTO = 0 /* reading a protocol message */
1410 };
1411 
1412 /* minimum Downgrade Minor version */
1413 #ifndef WOLFSSL_MIN_DOWNGRADE
1414  #ifndef NO_OLD_TLS
1415  #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
1416  #else
1417  #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
1418  #endif
1419 #endif
1420 
1421 /* Set max implicit IV size for AEAD cipher suites */
1422 #define AEAD_MAX_IMP_SZ 12
1423 
1424 /* Set max explicit IV size for AEAD cipher suites */
1425 #define AEAD_MAX_EXP_SZ 8
1426 
1427 
1428 #ifndef WOLFSSL_MAX_SUITE_SZ
1429  #define WOLFSSL_MAX_SUITE_SZ 300
1430  /* 150 suites for now! */
1431 #endif
1432 
1433 /* number of items in the signature algo list */
1434 #ifndef WOLFSSL_MAX_SIGALGO
1435  #define WOLFSSL_MAX_SIGALGO 32
1436 #endif
1437 
1438 
1439 /* set minimum ECC key size allowed */
1440 #ifndef WOLFSSL_MIN_ECC_BITS
1441  #ifdef WOLFSSL_MAX_STRENGTH
1442  #define WOLFSSL_MIN_ECC_BITS 256
1443  #else
1444  #define WOLFSSL_MIN_ECC_BITS 224
1445  #endif
1446 #endif /* WOLFSSL_MIN_ECC_BITS */
1447 #if (WOLFSSL_MIN_ECC_BITS % 8)
1448  /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1.
1449  In these cases round down to the nearest value divisible by 8. The
1450  restriction of being divisible by 8 is in place to match wc_ecc_size
1451  function from wolfSSL.
1452  */
1453  #error ECC minimum bit size must be a multiple of 8
1454 #endif
1455 #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
1456 
1457 /* set minimum RSA key size allowed */
1458 #ifndef WOLFSSL_MIN_RSA_BITS
1459  #ifdef WOLFSSL_MAX_STRENGTH
1460  #define WOLFSSL_MIN_RSA_BITS 2048
1461  #else
1462  #define WOLFSSL_MIN_RSA_BITS 1024
1463  #endif
1464 #endif /* WOLFSSL_MIN_RSA_BITS */
1465 #if (WOLFSSL_MIN_RSA_BITS % 8)
1466  /* This is to account for the example case of a min size of 2050 bits but
1467  still allows 2049 bit key. So we need the measurement to be in bytes. */
1468  #error RSA minimum bit size must be a multiple of 8
1469 #endif
1470 #define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
1471 
1472 #ifdef SESSION_INDEX
1473 /* Shift values for making a session index */
1474 #define SESSIDX_ROW_SHIFT 4
1475 #define SESSIDX_IDX_MASK 0x0F
1476 #endif
1477 
1478 
1479 /* max cert chain peer depth */
1480 #ifndef MAX_CHAIN_DEPTH
1481  #define MAX_CHAIN_DEPTH 9
1482 #endif
1483 
1484 /* max size of a certificate message payload */
1485 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
1486 #ifndef MAX_CERTIFICATE_SZ
1487  #define MAX_CERTIFICATE_SZ \
1488  CERT_HEADER_SZ + \
1489  (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
1490 #endif
1491 
1492 /* max size of a handshake message, currently set to the certificate */
1493 #ifndef MAX_HANDSHAKE_SZ
1494  #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
1495 #endif
1496 
1497 #ifndef SESSION_TICKET_LEN
1498  #define SESSION_TICKET_LEN 256
1499 #endif
1500 
1501 #ifndef SESSION_TICKET_HINT_DEFAULT
1502  #define SESSION_TICKET_HINT_DEFAULT 300
1503 #endif
1504 
1505 
1506 /* don't use extra 3/4k stack space unless need to */
1507 #ifdef HAVE_NTRU
1508  #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
1509 #else
1510  #define MAX_ENCRYPT_SZ ENCRYPT_LEN
1511 #endif
1512 
1513 
1514 /* states */
1515 enum states {
1516  NULL_STATE = 0,
1517 
1518  SERVER_HELLOVERIFYREQUEST_COMPLETE,
1519  SERVER_HELLO_RETRY_REQUEST_COMPLETE,
1520  SERVER_HELLO_COMPLETE,
1521  SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
1522  SERVER_CERT_COMPLETE,
1523  SERVER_KEYEXCHANGE_COMPLETE,
1524  SERVER_HELLODONE_COMPLETE,
1525  SERVER_CHANGECIPHERSPEC_COMPLETE,
1526  SERVER_FINISHED_COMPLETE,
1527 
1528  CLIENT_HELLO_RETRY,
1529  CLIENT_HELLO_COMPLETE,
1530  CLIENT_KEYEXCHANGE_COMPLETE,
1531  CLIENT_CHANGECIPHERSPEC_COMPLETE,
1532  CLIENT_FINISHED_COMPLETE,
1533 
1534  HANDSHAKE_DONE
1535 };
1536 
1537 /* SSL Version */
1538 typedef struct ProtocolVersion {
1539  byte major;
1540  byte minor;
1541 } WOLFSSL_PACK ProtocolVersion;
1542 
1543 
1544 WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
1545 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
1546 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
1547 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
1548 WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
1549 
1550 #ifdef WOLFSSL_DTLS
1551  WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
1552  WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
1553 
1554  #ifdef WOLFSSL_SESSION_EXPORT
1555  WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
1556  word32 sz);
1557  WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
1558  word32 sz);
1559  WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
1560  #endif
1561 #endif
1562 
1563 
1564 /* wolfSSL BIO_METHOD type */
1566  byte type; /* method type */
1567 };
1568 
1569 
1570 /* wolfSSL BIO type */
1571 struct WOLFSSL_BIO {
1572  WOLFSSL_BUF_MEM* mem_buf;
1573  WOLFSSL* ssl; /* possible associated ssl */
1574 #ifndef NO_FILESYSTEM
1575  XFILE file;
1576 #endif
1577  WOLFSSL_BIO* prev; /* previous in chain */
1578  WOLFSSL_BIO* next; /* next in chain */
1579  WOLFSSL_BIO* pair; /* BIO paired with */
1580  void* heap; /* user heap hint */
1581  byte* mem; /* memory buffer */
1582  int wrSz; /* write buffer size (mem) */
1583  int wrIdx; /* current index for write buffer */
1584  int rdIdx; /* current read index */
1585  int readRq; /* read request */
1586  int memLen; /* memory buffer length */
1587  int fd; /* possible file descriptor */
1588  int eof; /* eof flag */
1589  int flags;
1590  byte type; /* method type */
1591  byte close; /* close flag */
1592 };
1593 
1594 
1595 /* wolfSSL method type */
1597  ProtocolVersion version;
1598  byte side; /* connection side, server or client */
1599  byte downgrade; /* whether to downgrade version, default no */
1600 };
1601 
1602 /* wolfSSL buffer type - internal uses "buffer" type */
1603 typedef WOLFSSL_BUFFER_INFO buffer;
1604 
1605 typedef struct Suites Suites;
1606 
1607 
1608 /* defaults to client */
1609 WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
1610 
1611 WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
1612 WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
1613 
1614 /* for sniffer */
1615 WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1616  word32 size, word32 totalSz, int sniff);
1617 WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
1618 /* TLS v1.3 needs these */
1619 WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
1620  Suites* clSuites);
1621 #ifdef WOLFSSL_TLS13
1622 WOLFSSL_LOCAL int FindSuite(Suites* suites, byte first, byte second);
1623 #endif
1624 WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
1625  word32);
1626 #ifdef WOLFSSL_TLS13
1627 WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
1628  word32* inOutIdx, word32 helloSz);
1629 #endif
1630 WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
1631  word32);
1632 WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
1633 WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
1634 WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
1635  word32 hashSigAlgoSz);
1636 WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
1637 #ifdef HAVE_PK_CALLBACKS
1638 WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
1639 #ifndef NO_ASN
1640  WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
1641 #endif
1642 #endif
1643 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
1644 WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
1645 WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
1646 #ifndef NO_CERTS
1647 WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
1648 #endif
1649 WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
1650 WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
1651 WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
1652  int ivSz);
1653 WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
1654 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1655 WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
1656 #endif
1657 #ifdef WOLFSSL_TLS13
1658 WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
1659  word16 sz, const byte* aad, word16 aadSz);
1660 WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
1661  word32* inOutIdx, byte type,
1662  word32 size, word32 totalSz);
1663 WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
1664  word32* inOutIdx, word32 totalSz);
1665 WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
1666  word32* inOutIdx, word32 helloSz,
1667  byte* extMsgType);
1668 #endif
1669 int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
1670  int pLen, int content);
1671 
1672 
1673 enum {
1674  FORCED_FREE = 1,
1675  NO_FORCED_FREE = 0
1676 };
1677 
1678 
1679 /* only use compression extra if using compression */
1680 #ifdef HAVE_LIBZ
1681  #define COMP_EXTRA MAX_COMP_EXTRA
1682 #else
1683  #define COMP_EXTRA 0
1684 #endif
1685 
1686 /* only the sniffer needs space in the buffer for extra MTU record(s) */
1687 #ifdef WOLFSSL_SNIFFER
1688  #define MTU_EXTRA MAX_MTU * 3
1689 #else
1690  #define MTU_EXTRA 0
1691 #endif
1692 
1693 
1694 /* embedded callbacks require large static buffers, make sure on */
1695 #ifdef WOLFSSL_CALLBACKS
1696  #undef LARGE_STATIC_BUFFERS
1697  #define LARGE_STATIC_BUFFERS
1698 #endif
1699 
1700 
1701 /* give user option to use 16K static buffers */
1702 #if defined(LARGE_STATIC_BUFFERS)
1703  #define RECORD_SIZE MAX_RECORD_SIZE
1704 #else
1705  #ifdef WOLFSSL_DTLS
1706  #define RECORD_SIZE MAX_MTU
1707  #else
1708  #define RECORD_SIZE 128
1709  #endif
1710 #endif
1711 
1712 
1713 /* user option to turn off 16K output option */
1714 /* if using small static buffers (default) and SSL_write tries to write data
1715  larger than the record we have, dynamically get it, unless user says only
1716  write in static buffer chunks */
1717 #ifndef STATIC_CHUNKS_ONLY
1718  #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
1719 #else
1720  #define OUTPUT_RECORD_SIZE RECORD_SIZE
1721 #endif
1722 
1723 /* wolfSSL input buffer
1724 
1725  RFC 2246:
1726 
1727  length
1728  The length (in bytes) of the following TLSPlaintext.fragment.
1729  The length should not exceed 2^14.
1730 */
1731 #if defined(LARGE_STATIC_BUFFERS)
1732  #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
1733  MTU_EXTRA + MAX_MSG_EXTRA
1734 #else
1735  /* don't fragment memory from the record header */
1736  #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
1737 #endif
1738 
1739 typedef struct {
1740  ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
1741  byte* buffer; /* place holder for static or dynamic buffer */
1742  word32 length; /* total buffer length used */
1743  word32 idx; /* idx to part of length already consumed */
1744  word32 bufferSize; /* current buffer size */
1745  byte dynamicFlag; /* dynamic memory currently in use */
1746  byte offset; /* alignment offset attempt */
1747 } bufferStatic;
1748 
1749 /* Cipher Suites holder */
1750 struct Suites {
1751  word16 suiteSz; /* suite length in bytes */
1752  word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
1753  byte suites[WOLFSSL_MAX_SUITE_SZ];
1754  byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
1755  byte setSuites; /* user set suites from default */
1756  byte hashAlgo; /* selected hash algorithm */
1757  byte sigAlgo; /* selected sig algorithm */
1758 };
1759 
1760 
1761 WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
1762  int haveRSAsig, int haveAnon,
1763  int tls1_2, int keySz);
1764 WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
1765  word16, word16, word16, word16, word16, int);
1766 WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
1767 WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
1768 
1769 #ifndef PSK_TYPES_DEFINED
1770  typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
1771  unsigned int, unsigned char*, unsigned int);
1772  typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
1773  unsigned char*, unsigned int);
1774 #ifdef WOLFSSL_TLS13
1775  typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
1776  char*, unsigned int, unsigned char*, unsigned int,
1777  const char**);
1778  typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
1779  unsigned char*, unsigned int, const char**);
1780 #endif
1781 #endif /* PSK_TYPES_DEFINED */
1782 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
1783  !defined(WOLFSSL_DTLS_EXPORT_TYPES)
1784  typedef int (*wc_dtls_export)(WOLFSSL* ssl,
1785  unsigned char* exportBuffer, unsigned int sz, void* userCtx);
1786 #define WOLFSSL_DTLS_EXPORT_TYPES
1787 #endif /* WOLFSSL_DTLS_EXPORT_TYPES */
1788 
1789 
1790 /* wolfSSL Cipher type just points back to SSL */
1792  WOLFSSL* ssl;
1793 };
1794 
1795 
1796 #ifdef NO_ASN
1797  /* no_asn won't have */
1798  typedef struct CertStatus CertStatus;
1799 #endif
1800 
1801 #ifndef HAVE_OCSP
1802  typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
1803 #endif
1804 
1805 /* wolfSSL OCSP controller */
1806 #ifdef HAVE_OCSP
1808  WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1809  OcspEntry* ocspList; /* OCSP response list */
1810  wolfSSL_Mutex ocspLock; /* OCSP list lock */
1811 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
1812  defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1813  int(*statusCb)(WOLFSSL*, void*);
1814 #endif
1815 };
1816 #endif
1817 
1818 #ifndef MAX_DATE_SIZE
1819 #define MAX_DATE_SIZE 32
1820 #endif
1821 
1822 typedef struct CRL_Entry CRL_Entry;
1823 
1824 #ifdef NO_SHA
1825  #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1826 #else
1827  #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1828 #endif
1829 
1830 #ifdef NO_ASN
1831  typedef struct RevokedCert RevokedCert;
1832 #endif
1833 
1834 /* Complete CRL */
1835 struct CRL_Entry {
1836  CRL_Entry* next; /* next entry */
1837  byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
1838  /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
1839  /* restore the hash here if needed for optimized comparisons */
1840  byte lastDate[MAX_DATE_SIZE]; /* last date updated */
1841  byte nextDate[MAX_DATE_SIZE]; /* next update date */
1842  byte lastDateFormat; /* last date format */
1843  byte nextDateFormat; /* next date format */
1844  RevokedCert* certs; /* revoked cert list */
1845  int totalCerts; /* number on list */
1846  int verified;
1847  byte* toBeSigned;
1848  word32 tbsSz;
1849  byte* signature;
1850  word32 signatureSz;
1851  word32 signatureOID;
1852 #if !defined(NO_SKID) && defined(CRL_SKID_READY)
1853  byte extAuthKeyIdSet;
1854  byte extAuthKeyId[KEYID_SIZE];
1855 #endif
1856 };
1857 
1858 
1859 typedef struct CRL_Monitor CRL_Monitor;
1860 
1861 /* CRL directory monitor */
1862 struct CRL_Monitor {
1863  char* path; /* full dir path, if valid pointer we're using */
1864  int type; /* PEM or ASN1 type */
1865 };
1866 
1867 
1868 #if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
1869  #undef HAVE_CRL_MONITOR
1870 #endif
1871 
1872 /* wolfSSL CRL controller */
1873 struct WOLFSSL_CRL {
1874  WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1875  CRL_Entry* crlList; /* our CRL list */
1876 #ifdef HAVE_CRL_IO
1877  CbCrlIO crlIOCb;
1878 #endif
1879  wolfSSL_Mutex crlLock; /* CRL list lock */
1880  CRL_Monitor monitors[2]; /* PEM and DER possible */
1881 #ifdef HAVE_CRL_MONITOR
1882  pthread_cond_t cond; /* condition to signal setup */
1883  pthread_t tid; /* monitoring thread */
1884  int mfd; /* monitor fd, -1 if no init yet */
1885  int setup; /* thread is setup predicate */
1886 #endif
1887  void* heap; /* heap hint for dynamic memory */
1888 };
1889 
1890 
1891 #ifdef NO_ASN
1892  typedef struct Signer Signer;
1893 #ifdef WOLFSSL_TRUST_PEER_CERT
1894  typedef struct TrustedPeerCert TrustedPeerCert;
1895 #endif
1896 #endif
1897 
1898 
1899 #ifndef CA_TABLE_SIZE
1900  #define CA_TABLE_SIZE 11
1901 #endif
1902 #ifdef WOLFSSL_TRUST_PEER_CERT
1903  #define TP_TABLE_SIZE 11
1904 #endif
1905 
1906 /* wolfSSL Certificate Manager */
1908  Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
1909  void* heap; /* heap helper */
1910 #ifdef WOLFSSL_TRUST_PEER_CERT
1911  TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
1912  wolfSSL_Mutex tpLock; /* trusted peer list lock */
1913 #endif
1914  WOLFSSL_CRL* crl; /* CRL checker */
1915  WOLFSSL_OCSP* ocsp; /* OCSP checker */
1916 #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
1917  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
1918  WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
1919 #endif
1920  char* ocspOverrideURL; /* use this responder */
1921  void* ocspIOCtx; /* I/O callback CTX */
1922  CallbackCACache caCacheCallback; /* CA cache addition callback */
1923  CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
1924  CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
1925  CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
1926  wolfSSL_Mutex caLock; /* CA list lock */
1927  byte crlEnabled; /* is CRL on ? */
1928  byte crlCheckAll; /* always leaf, but all ? */
1929  byte ocspEnabled; /* is OCSP on ? */
1930  byte ocspCheckAll; /* always leaf, but all ? */
1931  byte ocspSendNonce; /* send the OCSP nonce ? */
1932  byte ocspUseOverrideURL; /* ignore cert's responder, override */
1933  byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
1934 
1935 #ifndef NO_RSA
1936  short minRsaKeySz; /* minimum allowed RSA key size */
1937 #endif
1938 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
1939  short minEccKeySz; /* minimum allowed ECC key size */
1940 #endif
1941 };
1942 
1943 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
1944 WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*);
1945 WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
1946 WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
1947 WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
1948 
1949 /* wolfSSL Sock Addr */
1951  unsigned int sz; /* sockaddr size */
1952  void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
1953 };
1954 
1955 typedef struct WOLFSSL_DTLS_CTX {
1956  WOLFSSL_SOCKADDR peer;
1957  int rfd;
1958  int wfd;
1960 
1961 
1962 typedef struct WOLFSSL_DTLS_PEERSEQ {
1963  word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
1964  /* Sliding window for current epoch */
1965  word16 nextEpoch; /* Expected epoch in next record */
1966  word16 nextSeq_hi; /* Expected sequence in next record */
1967  word32 nextSeq_lo;
1968 
1969  word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
1970  /* Sliding window for old epoch */
1971  word32 prevSeq_lo;
1972  word16 prevSeq_hi; /* Next sequence in allowed old epoch */
1973 
1974 #ifdef WOLFSSL_MULTICAST
1975  word16 peerId;
1976  word32 highwaterMark;
1977 #endif
1979 
1980 
1981 #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
1982 
1983 /* keys and secrets
1984  * keep as a constant size (no additional ifdefs) for session export */
1985 typedef struct Keys {
1986 #if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13)
1987  byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */
1988  byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
1989 #endif
1990  byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */
1991  byte server_write_key[MAX_SYM_KEY_SIZE];
1992  byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
1993  byte server_write_IV[MAX_WRITE_IV_SZ];
1994 #if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT)
1995  byte aead_exp_IV[AEAD_MAX_EXP_SZ];
1996  byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
1997  byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
1998 #endif
1999 
2000  word32 peer_sequence_number_hi;
2001  word32 peer_sequence_number_lo;
2002  word32 sequence_number_hi;
2003  word32 sequence_number_lo;
2004 
2005 #ifdef WOLFSSL_DTLS
2006  word16 curEpoch; /* Received epoch in current record */
2007  word16 curSeq_hi; /* Received sequence in current record */
2008  word32 curSeq_lo;
2009 #ifdef WOLFSSL_MULTICAST
2010  byte curPeerId; /* Received peer group ID in current record */
2011 #endif
2012  WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ];
2013 
2014  word16 dtls_peer_handshake_number;
2015  word16 dtls_expected_peer_handshake_number;
2016 
2017  word16 dtls_epoch; /* Current epoch */
2018  word16 dtls_sequence_number_hi; /* Current epoch */
2019  word32 dtls_sequence_number_lo;
2020  word16 dtls_prev_sequence_number_hi; /* Previous epoch */
2021  word32 dtls_prev_sequence_number_lo;
2022  word16 dtls_handshake_number; /* Current tx handshake seq */
2023 #endif
2024 
2025  word32 encryptSz; /* last size of encrypted data */
2026  word32 padSz; /* how much to advance after decrypt part */
2027  byte encryptionOn; /* true after change cipher spec */
2028  byte decryptedCur; /* only decrypt current record once */
2029 #ifdef WOLFSSL_TLS13
2030  byte updateResponseReq:1; /* KeyUpdate response from peer required. */
2031  byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
2032 #endif
2033 } Keys;
2034 
2035 
2036 
2038 #ifdef HAVE_TLS_EXTENSIONS
2039 
2040 typedef enum {
2041  TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
2042  TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
2043  TLSX_TRUSTED_CA_KEYS = 0x0003,
2044  TLSX_TRUNCATED_HMAC = 0x0004,
2045  TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
2046  TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
2047  TLSX_EC_POINT_FORMATS = 0x000b,
2048  TLSX_SIGNATURE_ALGORITHMS = 0x000d,
2049  TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
2050  TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
2051  TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
2052  TLSX_SESSION_TICKET = 0x0023,
2053 #ifdef WOLFSSL_TLS13
2054  #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2055  TLSX_PRE_SHARED_KEY = 0x0029,
2056  #endif
2057  #ifdef WOLFSSL_EARLY_DATA
2058  TLSX_EARLY_DATA = 0x002a,
2059  #endif
2060  TLSX_SUPPORTED_VERSIONS = 0x002b,
2061  TLSX_COOKIE = 0x002c,
2062  #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2063  TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
2064  #endif
2065  #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
2066  TLSX_POST_HANDSHAKE_AUTH = 0x0031,
2067  #endif
2068  #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22)
2069  TLSX_KEY_SHARE = 0x0028,
2070  #else
2071  TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
2072  TLSX_KEY_SHARE = 0x0033,
2073  #endif
2074 #endif
2075  TLSX_RENEGOTIATION_INFO = 0xff01
2076 } TLSX_Type;
2077 
2078 typedef struct TLSX {
2079  TLSX_Type type; /* Extension Type */
2080  void* data; /* Extension Data */
2081  word32 val; /* Extension Value */
2082  byte resp; /* IsResponse Flag */
2083  struct TLSX* next; /* List Behavior */
2084 } TLSX;
2085 
2086 WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
2087 WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap);
2088 WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
2089 WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
2090 WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
2091 
2092 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
2093 WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
2094  word16* pLength);
2095 WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
2096  byte msgType, word16* pOffset);
2097 #endif
2098 
2099 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
2100 /* TLS 1.3 Certificate messages have extensions. */
2101 WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
2102  word16* pLength);
2103 WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType,
2104  word16* pOffset);
2105 #endif
2106 
2107 WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length,
2108  byte msgType, int* found);
2109 WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
2110  byte msgType, Suites *suites);
2111 
2112 #elif defined(HAVE_SNI) \
2113  || defined(HAVE_MAX_FRAGMENT) \
2114  || defined(HAVE_TRUSTED_CA) \
2115  || defined(HAVE_TRUNCATED_HMAC) \
2116  || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2117  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
2118  || defined(HAVE_SUPPORTED_CURVES) \
2119  || defined(HAVE_ALPN) \
2120  || defined(HAVE_QSH) \
2121  || defined(HAVE_SESSION_TICKET) \
2122  || defined(HAVE_SECURE_RENEGOTIATION) \
2123  || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2124 
2125 #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
2126 
2127 #endif /* HAVE_TLS_EXTENSIONS */
2128 
2130 #ifdef HAVE_SNI
2131 
2132 typedef struct SNI {
2133  byte type; /* SNI Type */
2134  union { char* host_name; } data; /* SNI Data */
2135  struct SNI* next; /* List Behavior */
2136  byte status; /* Matching result */
2137 #ifndef NO_WOLFSSL_SERVER
2138  byte options; /* Behavior options */
2139 #endif
2140 } SNI;
2141 
2142 WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
2143  word16 size, void* heap);
2144 WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
2145 WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
2146  void** data);
2147 
2148 #ifndef NO_WOLFSSL_SERVER
2149 WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
2150  byte options);
2151 WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
2152  byte type, byte* sni, word32* inOutSz);
2153 #endif
2154 
2155 #endif /* HAVE_SNI */
2156 
2157 /* Trusted CA Key Indication - RFC 6066 (section 6) */
2158 #ifdef HAVE_TRUSTED_CA
2159 
2160 typedef struct TCA {
2161  byte type; /* TCA Type */
2162  byte* id; /* TCA identifier */
2163  word16 idSz; /* TCA identifier size */
2164  struct TCA* next; /* List Behavior */
2165 } TCA;
2166 
2167 WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type,
2168  const byte* id, word16 idSz, void* heap);
2169 
2170 #endif /* HAVE_TRUSTED_CA */
2171 
2172 /* Application-Layer Protocol Negotiation - RFC 7301 */
2173 #ifdef HAVE_ALPN
2174 typedef struct ALPN {
2175  char* protocol_name; /* ALPN protocol name */
2176  struct ALPN* next; /* List Behavior */
2177  byte options; /* Behavior options */
2178  byte negotiated; /* ALPN protocol negotiated or not */
2179 } ALPN;
2180 
2181 WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
2182  void** data, word16 *dataSz);
2183 
2184 WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
2185  word16 size, byte options, void* heap);
2186 
2187 WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
2188 
2189 #endif /* HAVE_ALPN */
2190 
2192 #ifdef HAVE_MAX_FRAGMENT
2193 
2194 WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
2195 
2196 #endif /* HAVE_MAX_FRAGMENT */
2197 
2199 #ifdef HAVE_TRUNCATED_HMAC
2200 
2201 WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
2202 
2203 #endif /* HAVE_TRUNCATED_HMAC */
2204 
2206 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
2207 
2208 typedef struct {
2209  byte status_type;
2210  byte options;
2211  WOLFSSL* ssl;
2212  union {
2213  OcspRequest ocsp;
2214  } request;
2215 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
2216  buffer response;
2217 #endif
2219 
2220 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
2221  byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId);
2222 #ifndef NO_CERTS
2223 WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
2224  void* heap);
2225 #endif
2226 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
2227 WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
2228 
2229 #endif
2230 
2232 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
2233 
2234 typedef struct CSRIv2 {
2235  byte status_type;
2236  byte options;
2237  word16 requests;
2238  union {
2239  OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
2240  } request;
2241  struct CSRIv2* next;
2243 
2244 WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
2245  byte status_type, byte options, void* heap, int devId);
2246 #ifndef NO_CERTS
2247 WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
2248  byte isPeer, void* heap);
2249 #endif
2250 WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
2251  byte index);
2252 WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
2253 
2254 #endif
2255 
2257 #ifdef HAVE_SUPPORTED_CURVES
2258 
2259 typedef struct SupportedCurve {
2260  word16 name; /* Curve Names */
2261  struct SupportedCurve* next; /* List Behavior */
2262 } SupportedCurve;
2263 
2264 typedef struct PointFormat {
2265  byte format; /* PointFormat */
2266  struct PointFormat* next; /* List Behavior */
2267 } PointFormat;
2268 
2269 WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
2270  void* heap);
2271 
2272 WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
2273  void* heap);
2274 
2275 #ifndef NO_WOLFSSL_SERVER
2276 WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first,
2277  byte second);
2278 WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
2279 WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
2280 #endif
2281 WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
2282  int checkSupported);
2283 
2284 #endif /* HAVE_SUPPORTED_CURVES */
2285 
2287 #if defined(HAVE_SECURE_RENEGOTIATION) \
2288  || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2289 
2290 enum key_cache_state {
2291  SCR_CACHE_NULL = 0, /* empty / begin state */
2292  SCR_CACHE_NEEDED, /* need to cache keys */
2293  SCR_CACHE_COPY, /* we have a cached copy */
2294  SCR_CACHE_PARTIAL, /* partial restore to real keys */
2295  SCR_CACHE_COMPLETE /* complete restore to real keys */
2296 };
2297 
2298 /* Additional Connection State according to rfc5746 section 3.1 */
2299 typedef struct SecureRenegotiation {
2300  byte enabled; /* secure_renegotiation flag in rfc */
2301  byte verifySet;
2302  byte startScr; /* server requested client to start scr */
2303  enum key_cache_state cache_status; /* track key cache state */
2304  byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
2305  byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
2306  byte subject_hash[KEYID_SIZE]; /* peer cert hash */
2307  Keys tmp_keys; /* can't overwrite real keys yet */
2309 
2310 WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
2311 
2312 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
2313 WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
2314 #endif
2315 
2316 #endif /* HAVE_SECURE_RENEGOTIATION */
2317 
2319 #ifdef HAVE_SESSION_TICKET
2320 
2321 typedef struct SessionTicket {
2322  word32 lifetime;
2323 #ifdef WOLFSSL_TLS13
2324  word64 seen;
2325  word32 ageAdd;
2326 #endif
2327  byte* data;
2328  word16 size;
2329 } SessionTicket;
2330 
2331 WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
2332  SessionTicket* ticket, void* heap);
2333 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
2334  byte* data, word16 size, void* heap);
2335 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
2336 
2337 #endif /* HAVE_SESSION_TICKET */
2338 
2340 #ifdef HAVE_QSH
2341 
2342 typedef struct QSHScheme {
2343  struct QSHScheme* next; /* List Behavior */
2344  byte* PK;
2345  word16 name; /* QSHScheme Names */
2346  word16 PKLen;
2347 } QSHScheme;
2348 
2349 typedef struct QSHkey {
2350  struct QSHKey* next;
2351  word16 name;
2352  buffer pub;
2353  buffer pri;
2354 } QSHKey;
2355 
2356 typedef struct QSHSecret {
2357  QSHScheme* list;
2358  buffer* SerSi;
2359  buffer* CliSi;
2360 } QSHSecret;
2361 
2362 /* used in key exchange during handshake */
2363 WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
2364  word16 length, byte isServer);
2365 WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
2366 WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
2367 
2368 /* used by api for setting a specific QSH scheme */
2369 WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
2370  byte* pKey, word16 pKeySz, void* heap);
2371 
2372 /* used when parsing in QSHCipher structs */
2373 WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
2374  byte* out, word16* szOut);
2375 #ifndef NO_WOLFSSL_SERVER
2376 WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
2377 #endif
2378 
2379 #endif /* HAVE_QSH */
2380 
2381 #ifdef WOLFSSL_TLS13
2382 /* Cookie extension information - cookie data. */
2383 typedef struct Cookie {
2384  word16 len;
2385  byte data;
2386 } Cookie;
2387 
2388 WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len,
2389  byte* mac, byte macSz, int resp);
2390 
2391 
2392 /* Key Share - TLS v1.3 Specification */
2393 
2394 /* The KeyShare extension information - entry in a linked list. */
2395 typedef struct KeyShareEntry {
2396  word16 group; /* NamedGroup */
2397  byte* ke; /* Key exchange data */
2398  word32 keLen; /* Key exchange data length */
2399  void* key; /* Private key */
2400  word32 keyLen; /* Private key length */
2401  byte* pubKey; /* Public key */
2402  word32 pubKeyLen; /* Public key length */
2403  struct KeyShareEntry* next; /* List pointer */
2404 } KeyShareEntry;
2405 
2406 WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
2407  byte* data, KeyShareEntry **kse);
2408 WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
2409 WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
2410 WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
2411 
2412 
2413 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2414 #ifndef WOLFSSL_TLS13_DRAFT_18
2415 /* Ticket nonce - for deriving PSK.
2416  * Length allowed to be: 1..255. Only support 4 bytes.
2417  */
2418 typedef struct TicketNonce {
2419  byte len;
2420  byte data[MAX_TICKET_NONCE_SZ];
2421 } TicketNonce;
2422 #endif
2423 
2424 /* The PreSharedKey extension information - entry in a linked list. */
2425 typedef struct PreSharedKey {
2426  word16 identityLen; /* Length of identity */
2427  byte* identity; /* PSK identity */
2428  word32 ticketAge; /* Age of the ticket */
2429  byte cipherSuite0; /* Cipher Suite */
2430  byte cipherSuite; /* Cipher Suite */
2431  word32 binderLen; /* Length of HMAC */
2432  byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */
2433  byte hmac; /* HMAC algorithm */
2434  byte resumption:1; /* Resumption PSK */
2435  byte chosen:1; /* Server's choice */
2436  struct PreSharedKey* next; /* List pointer */
2437 } PreSharedKey;
2438 
2439 WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
2440  byte* output, byte msgType);
2441 WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
2442  byte msgType);
2443 WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
2444  word16 len, word32 age, byte hmac,
2445  byte cipherSuite0, byte cipherSuite,
2446  byte resumption,
2447  PreSharedKey **preSharedKey);
2448 
2449 /* The possible Pre-Shared Key key exchange modes. */
2450 enum PskKeyExchangeMode {
2451  PSK_KE,
2452  PSK_DHE_KE
2453 };
2454 
2455 /* User can define this. */
2456 #ifndef WOLFSSL_DEF_PSK_CIPHER
2457 #define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256
2458 #endif
2459 
2460 WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
2461 
2462 #ifdef WOLFSSL_EARLY_DATA
2463 WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max);
2464 #endif
2465 #endif /* HAVE_SESSION_TICKET || !NO_PSK */
2466 
2467 
2468 /* The types of keys to derive for. */
2469 enum DeriveKeyType {
2470  no_key,
2471  early_data_key,
2472  handshake_key,
2473  traffic_key,
2474  update_traffic_key
2475 };
2476 
2477 /* The key update request values for KeyUpdate message. */
2478 enum KeyUpdateRequest {
2479  update_not_requested,
2480  update_requested
2481 };
2482 #endif /* WOLFSSL_TLS13 */
2483 
2484 
2485 #ifdef OPENSSL_EXTRA
2486 enum SetCBIO {
2487  WOLFSSL_CBIO_NONE = 0,
2488  WOLFSSL_CBIO_RECV = 0x1,
2489  WOLFSSL_CBIO_SEND = 0x2,
2490 };
2491 #endif
2492 
2493 /* wolfSSL context type */
2494 struct WOLFSSL_CTX {
2495  WOLFSSL_METHOD* method;
2496 #ifdef SINGLE_THREADED
2497  WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
2498 #endif
2499  wolfSSL_Mutex countMutex; /* reference count mutex */
2500  int refCount; /* reference count */
2501  int err; /* error code in case of mutex not created */
2502 #ifndef NO_DH
2503  buffer serverDH_P;
2504  buffer serverDH_G;
2505 #endif
2506 #ifndef NO_CERTS
2507  DerBuffer* certificate;
2508  DerBuffer* certChain;
2509  /* chain after self, in DER, with leading size for each cert */
2510  #ifdef OPENSSL_EXTRA
2511  WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
2512  #endif
2513  #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
2514  defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
2515  WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
2516  #endif
2517 #ifdef WOLFSSL_TLS13
2518  int certChainCnt;
2519 #endif
2520  DerBuffer* privateKey;
2521  byte privateKeyType:7;
2522  byte privateKeyId:1;
2523  int privateKeySz;
2524  int privateKeyDevId;
2525  WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
2526 #endif
2527 #ifdef KEEP_OUR_CERT
2528  WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
2529  int ownOurCert; /* Dispose of certificate if we own */
2530 #endif
2531  Suites* suites; /* make dynamic, user may not need/set */
2532  void* heap; /* for user memory overrides */
2533  byte verifyDepth;
2534  byte verifyPeer:1;
2535  byte verifyNone:1;
2536  byte failNoCert:1;
2537  byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/
2538  byte sessionCacheOff:1;
2539  byte sessionCacheFlushOff:1;
2540 #ifdef HAVE_EXT_CACHE
2541  byte internalCacheOff:1;
2542 #endif
2543  byte sendVerify:2; /* for client side (can not be single bit) */
2544  byte haveRSA:1; /* RSA available */
2545  byte haveECC:1; /* ECC available */
2546  byte haveDH:1; /* server DH parms set by user */
2547  byte haveNTRU:1; /* server private NTRU key loaded */
2548  byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
2549  byte haveStaticECC:1; /* static server ECC private key */
2550  byte partialWrite:1; /* only one msg per write call */
2551  byte quietShutdown:1; /* don't send close notify */
2552  byte groupMessages:1; /* group handshake messages before sending */
2553  byte minDowngrade; /* minimum downgrade version */
2554  byte haveEMS:1; /* have extended master secret extension */
2555  byte useClientOrder:1; /* Use client's cipher preference order */
2556 #ifdef WOLFSSL_TLS13
2557  byte noTicketTls13:1; /* Server won't create new Ticket */
2558  byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
2559 #endif
2560 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
2561  byte postHandshakeAuth:1; /* Post-handshake auth supported. */
2562 #endif
2563 #ifndef NO_DH
2564  #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
2565  !defined(HAVE_SELFTEST)
2566  byte dhKeyTested:1; /* Set when key has been tested. */
2567  #endif
2568 #endif
2569 #ifdef WOLFSSL_MULTICAST
2570  byte haveMcast; /* multicast requested */
2571  byte mcastID; /* multicast group ID */
2572 #endif
2573 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
2574  byte dtlsSctp; /* DTLS-over-SCTP mode */
2575  word16 dtlsMtuSz; /* DTLS MTU size */
2576 #endif
2577 #ifndef NO_DH
2578  word16 minDhKeySz; /* minimum DH key size */
2579  word16 maxDhKeySz; /* maximum DH key size */
2580 #endif
2581 #ifndef NO_RSA
2582  short minRsaKeySz; /* minimum RSA key size */
2583 #endif
2584 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
2585  short minEccKeySz; /* minimum ECC key size */
2586 #endif
2587 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
2588  unsigned long mask; /* store SSL_OP_ flags */
2589 #endif
2590 #ifdef OPENSSL_EXTRA
2591  byte sessionCtx[ID_LEN]; /* app session context ID */
2592  word32 disabledCurves; /* curves disabled by user */
2593  const unsigned char *alpn_cli_protos;/* ALPN client protocol list */
2594  unsigned int alpn_cli_protos_len;
2595  byte sessionCtxSz;
2596  byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
2597  CallbackInfoState* CBIS; /* used to get info about SSL state */
2598 #endif
2599  CallbackIORecv CBIORecv;
2600  CallbackIOSend CBIOSend;
2601 #ifdef WOLFSSL_DTLS
2602  CallbackGenCookie CBIOCookie; /* gen cookie callback */
2603 #ifdef WOLFSSL_SESSION_EXPORT
2604  wc_dtls_export dtls_export; /* export function for DTLS session */
2605  CallbackGetPeer CBGetPeer;
2606  CallbackSetPeer CBSetPeer;
2607 #endif
2608 #endif /* WOLFSSL_DTLS */
2609  VerifyCallback verifyCallback; /* cert verification callback */
2610  word32 timeout; /* session timeout */
2611 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
2612  word32 ecdhCurveOID; /* curve Ecc_Sum */
2613 #endif
2614 #ifdef HAVE_ECC
2615  word16 eccTempKeySz; /* in octets 20 - 66 */
2616 #endif
2617 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
2618  word32 pkCurveOID; /* curve Ecc_Sum */
2619 #endif
2620 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2621  byte havePSK; /* psk key set by user */
2622  wc_psk_client_callback client_psk_cb; /* client callback */
2623  wc_psk_server_callback server_psk_cb; /* server callback */
2624 #ifdef WOLFSSL_TLS13
2625  wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
2626  wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
2627 #endif
2628  char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
2629 #endif /* HAVE_SESSION_TICKET || !NO_PSK */
2630 #ifdef WOLFSSL_TLS13
2631  word16 group[WOLFSSL_MAX_GROUP_COUNT];
2632  byte numGroups;
2633 #endif
2634 #ifdef WOLFSSL_EARLY_DATA
2635  word32 maxEarlyDataSz;
2636 #endif
2637 #ifdef HAVE_ANON
2638  byte haveAnon; /* User wants to allow Anon suites */
2639 #endif /* HAVE_ANON */
2640 #ifdef WOLFSSL_ENCRYPTED_KEYS
2641  pem_password_cb* passwd_cb;
2642  void* passwd_userdata;
2643 #endif
2644 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
2645  WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
2646  WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
2647  byte readAhead;
2648  void* userPRFArg; /* passed to prf callback */
2649 #endif
2650 #ifdef HAVE_EX_DATA
2651  void* ex_data[MAX_EX_DATA];
2652 #endif
2653 #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
2654  CallbackALPNSelect alpnSelect;
2655  void* alpnSelectArg;
2656 #endif
2657 #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
2658  defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
2659  defined(WOLFSSL_HAPROXY)))
2660  CallbackSniRecv sniRecvCb;
2661  void* sniRecvCbArg;
2662 #endif
2663 #if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
2664  CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
2665  word32 mcastFirstSeq; /* first trigger level */
2666  word32 mcastSecondSeq; /* second trigger level */
2667  word32 mcastMaxSeq; /* max level */
2668 #endif
2669 #ifdef HAVE_OCSP
2670  WOLFSSL_OCSP ocsp;
2671 #endif
2672  int devId; /* async device id to use */
2673 #ifdef HAVE_TLS_EXTENSIONS
2674  TLSX* extensions; /* RFC 6066 TLS Extensions data */
2675  #ifndef NO_WOLFSSL_SERVER
2676  #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2677  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2678  OcspRequest* certOcspRequest;
2679  #endif
2680  #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2681  OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
2682  #endif
2683  #endif
2684  #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
2685  SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
2686  void* ticketEncCtx; /* session encrypt context */
2687  int ticketHint; /* ticket hint in seconds */
2688  #endif
2689  #ifdef HAVE_SUPPORTED_CURVES
2690  byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
2691  #endif
2692 #endif
2693 #ifdef ATOMIC_USER
2694  CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
2695  CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
2696 #endif
2697 #ifdef HAVE_PK_CALLBACKS
2698  #ifdef HAVE_ECC
2699  CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */
2700  CallbackEccSign EccSignCb; /* User EccSign Callback handler */
2701  CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
2702  CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
2703  #ifdef HAVE_ED25519
2704  /* User Ed25519Sign Callback handler */
2705  CallbackEd25519Sign Ed25519SignCb;
2706  /* User Ed25519Verify Callback handler */
2707  CallbackEd25519Verify Ed25519VerifyCb;
2708  #endif
2709  #ifdef HAVE_CURVE25519
2710  /* User X25519 KeyGen Callback Handler */
2711  CallbackX25519KeyGen X25519KeyGenCb;
2712  /* User X25519 SharedSecret Callback handler */
2713  CallbackX25519SharedSecret X25519SharedSecretCb;
2714  #endif
2715  #endif /* HAVE_ECC */
2716  #ifndef NO_DH
2717  CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */
2718  #endif
2719  #ifndef NO_RSA
2720  CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */
2721  CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */
2722  CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */
2723  #ifdef WC_RSA_PSS
2724  CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */
2725  CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */
2726  CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */
2727  #endif
2728  CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
2729  CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
2730  #endif /* NO_RSA */
2731 #endif /* HAVE_PK_CALLBACKS */
2732 #ifdef HAVE_WOLF_EVENT
2733  WOLF_EVENT_QUEUE event_queue;
2734 #endif /* HAVE_WOLF_EVENT */
2735 #ifdef HAVE_EXT_CACHE
2736  WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*);
2737  int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
2738  void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
2739 #endif
2740 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256)
2741  Srp* srp; /* TLS Secure Remote Password Protocol*/
2742  byte* srp_password;
2743 #endif
2744 };
2745 
2746 WOLFSSL_LOCAL
2747 int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
2748 WOLFSSL_LOCAL
2749 void FreeSSL_Ctx(WOLFSSL_CTX*);
2750 WOLFSSL_LOCAL
2751 void SSL_CtxResourceFree(WOLFSSL_CTX*);
2752 
2753 WOLFSSL_LOCAL
2754 int DeriveTlsKeys(WOLFSSL* ssl);
2755 WOLFSSL_LOCAL
2756 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
2757  word32 inSz, word16 sz);
2758 
2759 #ifndef NO_CERTS
2760  WOLFSSL_LOCAL
2761  int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
2762  WOLFSSL_LOCAL
2763  int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
2764 #ifdef WOLFSSL_TRUST_PEER_CERT
2765  WOLFSSL_LOCAL
2766  int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
2767  WOLFSSL_LOCAL
2768  int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
2769 #endif
2770 #endif
2771 
2772 /* All cipher suite related info
2773  * Keep as a constant size (no ifdefs) for session export */
2774 typedef struct CipherSpecs {
2775  word16 key_size;
2776  word16 iv_size;
2777  word16 block_size;
2778  word16 aead_mac_size;
2779  byte bulk_cipher_algorithm;
2780  byte cipher_type; /* block, stream, or aead */
2781  byte mac_algorithm;
2782  byte kea; /* key exchange algo */
2783  byte sig_algo;
2784  byte hash_size;
2785  byte pad_size;
2786  byte static_ecdh;
2787 } CipherSpecs;
2788 
2789 
2790 void InitCipherSpecs(CipherSpecs* cs);
2791 
2792 
2793 /* Supported Key Exchange Protocols */
2794 enum KeyExchangeAlgorithm {
2795  no_kea,
2796  rsa_kea,
2797  diffie_hellman_kea,
2798  fortezza_kea,
2799  psk_kea,
2800  dhe_psk_kea,
2801  ecdhe_psk_kea,
2802  ntru_kea,
2803  ecc_diffie_hellman_kea,
2804  ecc_static_diffie_hellman_kea /* for verify suite only */
2805 };
2806 
2807 
2808 /* Supported Authentication Schemes */
2809 enum SignatureAlgorithm {
2810  anonymous_sa_algo = 0,
2811  rsa_sa_algo = 1,
2812  dsa_sa_algo = 2,
2813  ecc_dsa_sa_algo = 3,
2814  rsa_pss_sa_algo = 8,
2815  ed25519_sa_algo = 9
2816 };
2817 
2818 
2819 /* Supprted ECC Curve Types */
2820 enum EccCurves {
2821  named_curve = 3
2822 };
2823 
2824 
2825 /* Valid client certificate request types from page 27 */
2826 enum ClientCertificateType {
2827  rsa_sign = 1,
2828  dss_sign = 2,
2829  rsa_fixed_dh = 3,
2830  dss_fixed_dh = 4,
2831  rsa_ephemeral_dh = 5,
2832  dss_ephemeral_dh = 6,
2833  fortezza_kea_cert = 20,
2834  ecdsa_sign = 64,
2835  rsa_fixed_ecdh = 65,
2836  ecdsa_fixed_ecdh = 66
2837 };
2838 
2839 
2840 #ifndef WOLFSSL_AEAD_ONLY
2841 enum CipherType { stream, block, aead };
2842 #else
2843 enum CipherType { aead };
2844 #endif
2845 
2846 
2847 
2848 
2849 
2850 
2851 /* cipher for now */
2852 typedef struct Ciphers {
2853 #ifdef BUILD_ARC4
2854  Arc4* arc4;
2855 #endif
2856 #ifdef BUILD_DES3
2857  Des3* des3;
2858 #endif
2859 #if defined(BUILD_AES) || defined(BUILD_AESGCM)
2860  Aes* aes;
2861  #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(WOLFSSL_TLS13)
2862  byte* additional;
2863  byte* nonce;
2864  #endif
2865 #endif
2866 #ifdef HAVE_CAMELLIA
2867  Camellia* cam;
2868 #endif
2869 #ifdef HAVE_CHACHA
2870  ChaCha* chacha;
2871 #endif
2872 #ifdef HAVE_HC128
2873  HC128* hc128;
2874 #endif
2875 #ifdef BUILD_RABBIT
2876  Rabbit* rabbit;
2877 #endif
2878 #ifdef HAVE_IDEA
2879  Idea* idea;
2880 #endif
2881  byte state;
2882  byte setup; /* have we set it up flag for detection */
2883 } Ciphers;
2884 
2885 
2886 #ifdef HAVE_ONE_TIME_AUTH
2887 /* Ciphers for one time authentication such as poly1305 */
2888 typedef struct OneTimeAuth {
2889 #ifdef HAVE_POLY1305
2890  Poly1305* poly1305;
2891 #endif
2892  byte setup; /* flag for if a cipher has been set */
2893 
2894 } OneTimeAuth;
2895 #endif
2896 
2897 
2898 WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
2899 WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
2900 
2901 
2902 /* hashes type */
2903 typedef struct Hashes {
2904  #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
2905  byte md5[WC_MD5_DIGEST_SIZE];
2906  #endif
2907  #if !defined(NO_SHA)
2908  byte sha[WC_SHA_DIGEST_SIZE];
2909  #endif
2910  #ifndef NO_SHA256
2911  byte sha256[WC_SHA256_DIGEST_SIZE];
2912  #endif
2913  #ifdef WOLFSSL_SHA384
2914  byte sha384[WC_SHA384_DIGEST_SIZE];
2915  #endif
2916  #ifdef WOLFSSL_SHA512
2917  byte sha512[WC_SHA512_DIGEST_SIZE];
2918  #endif
2919 } Hashes;
2920 
2921 WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
2922 
2923 #ifdef WOLFSSL_TLS13
2924 typedef union Digest {
2925 #ifndef NO_WOLFSSL_SHA256
2926  wc_Sha256 sha256;
2927 #endif
2928 #ifdef WOLFSSL_SHA384
2929  wc_Sha384 sha384;
2930 #endif
2931 #ifdef WOLFSSL_SHA512
2932  wc_Sha512 sha512;
2933 #endif
2934 } Digest;
2935 #endif
2936 
2937 /* Static x509 buffer */
2938 typedef struct x509_buffer {
2939  int length; /* actual size */
2940  byte buffer[MAX_X509_SIZE]; /* max static cert size */
2941 } x509_buffer;
2942 
2943 
2944 /* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
2946  int count; /* total number in chain */
2947  x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
2948 };
2949 
2950 
2951 /* wolfSSL session type */
2953  word32 bornOn; /* create time in seconds */
2954  word32 timeout; /* timeout in seconds */
2955  byte sessionID[ID_LEN]; /* id for protocol */
2956  byte sessionIDSz;
2957  byte masterSecret[SECRET_LEN]; /* stored secret */
2958  word16 haveEMS; /* ext master secret flag */
2959 #ifdef SESSION_CERTS
2960  WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
2961  #ifdef WOLFSSL_ALT_CERT_CHAINS
2962  WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
2963  #endif
2964 #endif
2965 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
2966  defined(HAVE_SESSION_TICKET))
2967  ProtocolVersion version; /* which version was used */
2968  byte cipherSuite0; /* first byte, normally 0 */
2969  byte cipherSuite; /* 2nd byte, actual suite */
2970 #endif
2971 #ifndef NO_CLIENT_CACHE
2972  word16 idLen; /* serverID length */
2973  byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
2974 #endif
2975 #ifdef OPENSSL_EXTRA
2976  byte sessionCtxSz; /* sessionCtx length */
2977  byte sessionCtx[ID_LEN]; /* app specific context id */
2978 #endif
2979 #ifdef WOLFSSL_TLS13
2980  word16 namedGroup;
2981 #endif
2982 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2983  #ifdef WOLFSSL_TLS13
2984  word32 ticketSeen; /* Time ticket seen (ms) */
2985  word32 ticketAdd; /* Added by client */
2986  #ifndef WOLFSSL_TLS13_DRAFT_18
2987  TicketNonce ticketNonce; /* Nonce used to derive PSK */
2988  #endif
2989  #endif
2990  #ifdef WOLFSSL_EARLY_DATA
2991  word32 maxEarlyDataSz;
2992  #endif
2993 #endif
2994 #ifdef HAVE_SESSION_TICKET
2995  byte* ticket;
2996  word16 ticketLen;
2997  byte staticTicket[SESSION_TICKET_LEN];
2998  byte isDynamic;
2999 #endif
3000 #ifdef HAVE_EXT_CACHE
3001  byte isAlloced;
3002 #endif
3003 #ifdef HAVE_EX_DATA
3004  void* ex_data[MAX_EX_DATA];
3005 #endif
3006 };
3007 
3008 
3009 WOLFSSL_LOCAL
3010 WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
3011 WOLFSSL_LOCAL
3012 int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
3013 
3014 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int);
3015 
3016 #ifndef NO_CLIENT_CACHE
3017  WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
3018 #endif
3019 
3020 /* client connect state for nonblocking restart */
3021 enum ConnectState {
3022  CONNECT_BEGIN = 0,
3023  CLIENT_HELLO_SENT,
3024  HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
3025  HELLO_AGAIN_REPLY,
3026  FIRST_REPLY_DONE,
3027  FIRST_REPLY_FIRST,
3028  FIRST_REPLY_SECOND,
3029  FIRST_REPLY_THIRD,
3030  FIRST_REPLY_FOURTH,
3031  FINISHED_DONE,
3032  SECOND_REPLY_DONE
3033 };
3034 
3035 
3036 /* server accept state for nonblocking restart */
3037 enum AcceptState {
3038  ACCEPT_BEGIN = 0,
3039  ACCEPT_CLIENT_HELLO_DONE,
3040  ACCEPT_HELLO_RETRY_REQUEST_DONE,
3041  ACCEPT_FIRST_REPLY_DONE,
3042  SERVER_HELLO_SENT,
3043  SERVER_EXTENSIONS_SENT,
3044  CERT_SENT,
3045  CERT_VERIFY_SENT,
3046  CERT_STATUS_SENT,
3047  KEY_EXCHANGE_SENT,
3048  CERT_REQ_SENT,
3049  SERVER_HELLO_DONE,
3050  ACCEPT_SECOND_REPLY_DONE,
3051  TICKET_SENT,
3052  CHANGE_CIPHER_SENT,
3053  ACCEPT_FINISHED_DONE,
3054  ACCEPT_THIRD_REPLY_DONE
3055 };
3056 
3057 /* TLS 1.3 server accept state for nonblocking restart */
3058 enum AcceptStateTls13 {
3059  TLS13_ACCEPT_BEGIN = 0,
3060  TLS13_ACCEPT_CLIENT_HELLO_DONE,
3061  TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE,
3062  TLS13_ACCEPT_FIRST_REPLY_DONE,
3063  TLS13_ACCEPT_SECOND_REPLY_DONE,
3064  TLS13_SERVER_HELLO_SENT,
3065  TLS13_ACCEPT_THIRD_REPLY_DONE,
3066  TLS13_SERVER_EXTENSIONS_SENT,
3067  TLS13_CERT_REQ_SENT,
3068  TLS13_CERT_SENT,
3069  TLS13_CERT_VERIFY_SENT,
3070  TLS13_ACCEPT_FINISHED_SENT,
3071  TLS13_PRE_TICKET_SENT,
3072  TLS13_ACCEPT_FINISHED_DONE,
3073  TLS13_TICKET_SENT
3074 };
3075 
3076 /* buffers for struct WOLFSSL */
3077 typedef struct Buffers {
3078  bufferStatic inputBuffer;
3079  bufferStatic outputBuffer;
3080  buffer domainName; /* for client check */
3081  buffer clearOutputBuffer;
3082  buffer sig; /* signature data */
3083  buffer digest; /* digest data */
3084  int prevSent; /* previous plain text bytes sent
3085  when got WANT_WRITE */
3086  int plainSz; /* plain text bytes in buffer to send
3087  when got WANT_WRITE */
3088  byte weOwnCert; /* SSL own cert flag */
3089  byte weOwnCertChain; /* SSL own cert chain flag */
3090  byte weOwnKey; /* SSL own key flag */
3091  byte weOwnDH; /* SSL own dh (p,g) flag */
3092 #ifndef NO_DH
3093  buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
3094  buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
3095  buffer serverDH_Pub;
3096  buffer serverDH_Priv;
3097  DhKey* serverDH_Key;
3098 #endif
3099 #ifndef NO_CERTS
3100  DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
3101  DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
3102  byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */
3103  byte keyId:1; /* Key data is an id not data */
3104  int keySz; /* Size of RSA key */
3105  int keyDevId; /* Device Id for key */
3106  DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
3107  /* chain after self, in DER, with leading size for each cert */
3108 #ifdef WOLFSSL_TLS13
3109  int certChainCnt;
3110  DerBuffer* certExts;
3111 #endif
3112 #endif
3113 #ifdef WOLFSSL_SEND_HRR_COOKIE
3114  buffer tls13CookieSecret; /* HRR cookie secret */
3115 #endif
3116 #ifdef WOLFSSL_DTLS
3117  WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
3118  #ifndef NO_WOLFSSL_SERVER
3119  buffer dtlsCookieSecret; /* DTLS cookie secret */
3120  #endif /* NO_WOLFSSL_SERVER */
3121 #endif
3122 #ifdef HAVE_PK_CALLBACKS
3123  #ifdef HAVE_ECC
3124  buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
3125  #endif /* HAVE_ECC */
3126  #ifdef HAVE_ED25519
3127  buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
3128  #endif /* HAVE_ED25519 */
3129  #ifndef NO_RSA
3130  buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
3131  #endif /* NO_RSA */
3132 #endif /* HAVE_PK_CALLBACKS */
3133 } Buffers;
3134 
3135 /* sub-states for send/do key share (key exchange) */
3136 enum asyncState {
3137  TLS_ASYNC_BEGIN = 0,
3138  TLS_ASYNC_BUILD,
3139  TLS_ASYNC_DO,
3140  TLS_ASYNC_VERIFY,
3141  TLS_ASYNC_FINALIZE,
3142  TLS_ASYNC_END
3143 };
3144 
3145 /* sub-states for build message */
3146 enum buildMsgState {
3147  BUILD_MSG_BEGIN = 0,
3148  BUILD_MSG_SIZE,
3149  BUILD_MSG_HASH,
3150  BUILD_MSG_VERIFY_MAC,
3151  BUILD_MSG_ENCRYPT,
3152 };
3153 
3154 /* sub-states for cipher operations */
3155 enum cipherState {
3156  CIPHER_STATE_BEGIN = 0,
3157  CIPHER_STATE_DO,
3158  CIPHER_STATE_END,
3159 };
3160 
3161 typedef struct Options {
3162 #ifndef NO_PSK
3163  wc_psk_client_callback client_psk_cb;
3164  wc_psk_server_callback server_psk_cb;
3165 #ifdef WOLFSSL_TLS13
3166  wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
3167  wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
3168 #endif
3169 #endif /* NO_PSK */
3170 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
3171  unsigned long mask; /* store SSL_OP_ flags */
3172 #endif
3173 
3174  /* on/off or small bit flags, optimize layout */
3175 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3176  word16 havePSK:1; /* psk key set by user */
3177 #endif /* HAVE_SESSION_TICKET || !NO_PSK */
3178  word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
3179  word16 sessionCacheOff:1;
3180  word16 sessionCacheFlushOff:1;
3181 #ifdef HAVE_EXT_CACHE
3182  word16 internalCacheOff:1;
3183 #endif
3184  word16 side:2; /* client, server or neither end */
3185  word16 verifyPeer:1;
3186  word16 verifyNone:1;
3187  word16 failNoCert:1;
3188  word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
3189  word16 downgrade:1; /* allow downgrade of versions */
3190  word16 resuming:1;
3191  word16 haveSessionId:1; /* server may not send */
3192  word16 tls:1; /* using TLS ? */
3193  word16 tls1_1:1; /* using TLSv1.1+ ? */
3194  word16 tls1_3:1; /* using TLSv1.3+ ? */
3195  word16 dtls:1; /* using datagrams ? */
3196  word16 connReset:1; /* has the peer reset */
3197  word16 isClosed:1; /* if we consider conn closed */
3198  word16 closeNotify:1; /* we've received a close notify */
3199  word16 sentNotify:1; /* we've sent a close notify */
3200  word16 usingCompression:1; /* are we using compression */
3201  word16 haveRSA:1; /* RSA available */
3202  word16 haveECC:1; /* ECC available */
3203  word16 haveDH:1; /* server DH parms set by user */
3204  word16 haveNTRU:1; /* server NTRU private key loaded */
3205  word16 haveQSH:1; /* have QSH ability */
3206  word16 haveECDSAsig:1; /* server ECDSA signed cert */
3207  word16 haveStaticECC:1; /* static server ECC private key */
3208  word16 havePeerCert:1; /* do we have peer's cert */
3209  word16 havePeerVerify:1; /* and peer's cert verify */
3210  word16 usingPSK_cipher:1; /* are using psk as cipher */
3211  word16 usingAnon_cipher:1; /* are we using an anon cipher */
3212  word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
3213  word16 sendAlertState:1; /* nonblocking resume */
3214  word16 partialWrite:1; /* only one msg per write call */
3215  word16 quietShutdown:1; /* don't send close notify */
3216  word16 certOnly:1; /* stop once we get cert */
3217  word16 groupMessages:1; /* group handshake messages */
3218  word16 saveArrays:1; /* save array Memory for user get keys
3219  or psk */
3220  word16 weOwnRng:1; /* will be true unless CTX owns */
3221  word16 haveEMS:1; /* using extended master secret */
3222 #ifdef HAVE_POLY1305
3223  word16 oldPoly:1; /* set when to use old rfc way of poly*/
3224 #endif
3225 #ifdef HAVE_ANON
3226  word16 haveAnon:1; /* User wants to allow Anon suites */
3227 #endif
3228 #ifdef HAVE_SESSION_TICKET
3229  word16 createTicket:1; /* Server to create new Ticket */
3230  word16 useTicket:1; /* Use Ticket not session cache */
3231  word16 rejectTicket:1; /* Callback rejected ticket */
3232 #ifdef WOLFSSL_TLS13
3233  word16 noTicketTls13:1; /* Server won't create new Ticket */
3234 #endif
3235 #endif
3236 #ifdef WOLFSSL_DTLS
3237  word16 dtlsUseNonblock:1; /* are we using nonblocking socket */
3238  word16 dtlsHsRetain:1; /* DTLS retaining HS data */
3239  word16 haveMcast:1; /* using multicast ? */
3240 #ifdef WOLFSSL_SCTP
3241  word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
3242 #endif
3243 #endif
3244 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
3245  word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
3246 #endif
3247  word16 keepResources:1; /* Keep resources after handshake */
3248  word16 useClientOrder:1; /* Use client's cipher order */
3249 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3250  word16 postHandshakeAuth:1;/* Client send post_handshake_auth
3251  * extension */
3252 #endif
3253 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
3254  word16 sendCookie:1; /* Server creates a Cookie in HRR */
3255 #endif
3256 #ifdef WOLFSSL_ALT_CERT_CHAINS
3257  word16 usingAltCertChain:1;/* Alternate cert chain was used */
3258 #endif
3259 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
3260  word16 sentChangeCipher:1; /* Change Cipher Spec sent */
3261 #endif
3262 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \
3263  !defined(NO_ED25519_CLIENT_AUTH)
3264  word16 cacheMessages:1; /* Cache messages for sign/verify */
3265 #endif
3266 #ifndef NO_DH
3267  #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
3268  !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
3269  word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */
3270  word16 dhKeyTested:1; /* Set when key has been tested. */
3271  #endif
3272 #endif
3273 #ifdef SINGLE_THREADED
3274  word16 ownSuites:1; /* if suites are malloced in ssl object */
3275 #endif
3276 
3277  /* need full byte values for this section */
3278  byte processReply; /* nonblocking resume */
3279  byte cipherSuite0; /* first byte, normally 0 */
3280  byte cipherSuite; /* second byte, actual suite */
3281  byte serverState;
3282  byte clientState;
3283  byte handShakeState;
3284  byte handShakeDone; /* at least one handshake complete */
3285  byte minDowngrade; /* minimum downgrade version */
3286  byte connectState; /* nonblocking resume */
3287  byte acceptState; /* nonblocking resume */
3288  byte asyncState; /* sub-state for enum asyncState */
3289  byte buildMsgState; /* sub-state for enum buildMsgState */
3290  byte alertCount; /* detect warning dos attempt */
3291 #ifdef WOLFSSL_MULTICAST
3292  word16 mcastID; /* Multicast group ID */
3293 #endif
3294 #ifndef NO_DH
3295  word16 minDhKeySz; /* minimum DH key size */
3296  word16 maxDhKeySz; /* minimum DH key size */
3297  word16 dhKeySz; /* actual DH key size */
3298 #endif
3299 #ifndef NO_RSA
3300  short minRsaKeySz; /* minimum RSA key size */
3301 #endif
3302 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
3303  short minEccKeySz; /* minimum ECC key size */
3304 #endif
3305 #ifdef OPENSSL_EXTRA
3306  byte verifyDepth; /* maximum verification depth */
3307 #endif
3308 #ifdef WOLFSSL_EARLY_DATA
3309  word16 pskIdIndex;
3310  word32 maxEarlyDataSz;
3311 #endif
3312 #ifdef WOLFSSL_TLS13
3313  byte oldMinor; /* client preferred version < TLS 1.3 */
3314 #endif
3315 } Options;
3316 
3317 typedef struct Arrays {
3318  byte* pendingMsg; /* defrag buffer */
3319  byte* preMasterSecret;
3320  word32 preMasterSz; /* differs for DH, actual size */
3321  word32 pendingMsgSz; /* defrag buffer size */
3322  word32 pendingMsgOffset; /* current offset into defrag buffer */
3323 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3324  word32 psk_keySz; /* actual size */
3325  char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
3326  char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
3327  byte psk_key[MAX_PSK_KEY_LEN];
3328 #endif
3329  byte clientRandom[RAN_LEN];
3330  byte serverRandom[RAN_LEN];
3331  byte sessionID[ID_LEN];
3332  byte sessionIDSz;
3333 #ifdef WOLFSSL_TLS13
3334  byte secret[SECRET_LEN];
3335 #endif
3336  byte masterSecret[SECRET_LEN];
3337 #ifdef WOLFSSL_DTLS
3338  byte cookie[MAX_COOKIE_LEN];
3339  byte cookieSz;
3340 #endif
3341  byte pendingMsgType; /* defrag buffer message type */
3342 } Arrays;
3343 
3344 #ifndef ASN_NAME_MAX
3345 #define ASN_NAME_MAX 256
3346 #endif
3347 
3348 #ifndef MAX_DATE_SZ
3349 #define MAX_DATE_SZ 32
3350 #endif
3351 
3353  unsigned long num; /* number of nodes in stack
3354  * (safety measure for freeing and shortcut for count) */
3355  union {
3356  WOLFSSL_X509* x509;
3357  WOLFSSL_X509_NAME* name;
3358  WOLFSSL_BIO* bio;
3359  WOLFSSL_ASN1_OBJECT* obj;
3360  char* string;
3361  } data;
3362  WOLFSSL_STACK* next;
3363 };
3364 
3365 
3367  char *name;
3368  int dynamicName;
3369  int sz;
3370  char staticName[ASN_NAME_MAX];
3371 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
3372  !defined(NO_ASN)
3373  DecodedName fullName;
3374  WOLFSSL_X509_NAME_ENTRY cnEntry;
3375  WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
3376  WOLFSSL_X509* x509; /* x509 that struct belongs to */
3377 #endif /* OPENSSL_EXTRA */
3378 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
3379  byte raw[ASN_NAME_MAX];
3380  int rawLen;
3381 #endif
3382 };
3383 
3384 #ifndef EXTERNAL_SERIAL_SIZE
3385  #define EXTERNAL_SERIAL_SIZE 32
3386 #endif
3387 
3388 #ifdef NO_ASN
3389  typedef struct DNS_entry DNS_entry;
3390 #endif
3391 
3393  int version;
3394  int serialSz;
3395 #ifdef WOLFSSL_SEP
3396  int deviceTypeSz;
3397  int hwTypeSz;
3398  byte deviceType[EXTERNAL_SERIAL_SIZE];
3399  byte hwType[EXTERNAL_SERIAL_SIZE];
3400  int hwSerialNumSz;
3401  byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
3402  #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3403  byte certPolicySet;
3404  byte certPolicyCrit;
3405  #endif /* OPENSSL_EXTRA */
3406 #endif
3407  int notBeforeSz;
3408  int notAfterSz;
3409  byte notBefore[MAX_DATE_SZ];
3410  byte notAfter[MAX_DATE_SZ];
3411  buffer sig;
3412  int sigOID;
3413  DNS_entry* altNames; /* alt names list */
3414  buffer pubKey;
3415  int pubKeyOID;
3416  DNS_entry* altNamesNext; /* hint for retrieval */
3417  #if defined(HAVE_ECC) || defined(HAVE_ED25519)
3418  word32 pkCurveOID;
3419  #endif /* HAVE_ECC */
3420  #ifndef NO_CERTS
3421  DerBuffer* derCert; /* may need */
3422  #endif
3423  void* heap; /* heap hint */
3424  byte dynamicMemory; /* dynamic memory flag */
3425  byte isCa:1;
3426 #ifdef WOLFSSL_CERT_EXT
3427  char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
3428  int certPoliciesNb;
3429 #endif /* WOLFSSL_CERT_EXT */
3430 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3431 #ifdef HAVE_EX_DATA
3432  void* ex_data[MAX_EX_DATA];
3433 #endif
3434  byte* authKeyId;
3435  byte* subjKeyId;
3436  byte* extKeyUsageSrc;
3437  const byte* CRLInfo;
3438  byte* authInfo;
3439  word32 pathLength;
3440  word16 keyUsage;
3441  int CRLInfoSz;
3442  int authInfoSz;
3443  word32 authKeyIdSz;
3444  word32 subjKeyIdSz;
3445  word32 extKeyUsageSz;
3446  word32 extKeyUsageCount;
3447 
3448  byte CRLdistSet:1;
3449  byte CRLdistCrit:1;
3450  byte authInfoSet:1;
3451  byte authInfoCrit:1;
3452  byte keyUsageSet:1;
3453  byte keyUsageCrit:1;
3454  byte extKeyUsageCrit:1;
3455  byte subjKeyIdSet:1;
3456 
3457  byte subjKeyIdCrit:1;
3458  byte basicConstSet:1;
3459  byte basicConstCrit:1;
3460  byte basicConstPlSet:1;
3461  byte subjAltNameSet:1;
3462  byte subjAltNameCrit:1;
3463  byte authKeyIdSet:1;
3464  byte authKeyIdCrit:1;
3465 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
3466  byte serial[EXTERNAL_SERIAL_SIZE];
3467  char subjectCN[ASN_NAME_MAX]; /* common name short cut */
3468 #ifdef WOLFSSL_CERT_REQ
3469  char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
3470 #endif
3471  WOLFSSL_X509_NAME issuer;
3472  WOLFSSL_X509_NAME subject;
3473 };
3474 
3475 
3476 /* record layer header for PlainText, Compressed, and CipherText */
3477 typedef struct RecordLayerHeader {
3478  byte type;
3479  byte pvMajor;
3480  byte pvMinor;
3481  byte length[2];
3483 
3484 
3485 /* record layer header for DTLS PlainText, Compressed, and CipherText */
3486 typedef struct DtlsRecordLayerHeader {
3487  byte type;
3488  byte pvMajor;
3489  byte pvMinor;
3490  byte sequence_number[8]; /* per record */
3491  byte length[2];
3493 
3494 
3495 typedef struct DtlsFrag {
3496  word32 begin;
3497  word32 end;
3498  struct DtlsFrag* next;
3499 } DtlsFrag;
3500 
3501 
3502 typedef struct DtlsMsg {
3503  struct DtlsMsg* next;
3504  byte* buf;
3505  byte* msg;
3506  DtlsFrag* fragList;
3507  word32 fragSz; /* Length of fragments received */
3508  word32 seq; /* Handshake sequence number */
3509  word32 sz; /* Length of whole message */
3510  byte type;
3511 } DtlsMsg;
3512 
3513 
3514 #ifdef HAVE_NETX
3515 
3516  /* NETX I/O Callback default */
3517  typedef struct NetX_Ctx {
3518  NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
3519  NX_PACKET* nxPacket; /* incoming packet handle for short reads */
3520  ULONG nxOffset; /* offset already read from nxPacket */
3521  ULONG nxWait; /* wait option flag */
3522  } NetX_Ctx;
3523 
3524 #endif
3525 
3526 /* Handshake messages received from peer (plus change cipher */
3527 typedef struct MsgsReceived {
3528  word16 got_hello_request:1;
3529  word16 got_client_hello:2;
3530  word16 got_server_hello:2;
3531  word16 got_hello_verify_request:1;
3532  word16 got_session_ticket:1;
3533  word16 got_end_of_early_data:1;
3534  word16 got_hello_retry_request:1;
3535  word16 got_encrypted_extensions:1;
3536  word16 got_certificate:1;
3537  word16 got_certificate_status:1;
3538  word16 got_server_key_exchange:1;
3539  word16 got_certificate_request:1;
3540  word16 got_server_hello_done:1;
3541  word16 got_certificate_verify:1;
3542  word16 got_client_key_exchange:1;
3543  word16 got_finished:1;
3544  word16 got_key_update:1;
3545  word16 got_change_cipher:1;
3546 } MsgsReceived;
3547 
3548 
3549 /* Handshake hashes */
3550 typedef struct HS_Hashes {
3551  Hashes verifyHashes;
3552  Hashes certHashes; /* for cert verify */
3553 #ifndef NO_SHA
3554  wc_Sha hashSha; /* sha hash of handshake msgs */
3555 #endif
3556 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
3557  wc_Md5 hashMd5; /* md5 hash of handshake msgs */
3558 #endif
3559 #ifndef NO_SHA256
3560  wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */
3561 #endif
3562 #ifdef WOLFSSL_SHA384
3563  wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */
3564 #endif
3565 #ifdef WOLFSSL_SHA512
3566  wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
3567 #endif
3568 #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH)
3569  byte* messages; /* handshake messages */
3570  int length; /* length of handshake messages' data */
3571  int prevLen; /* length of messages but last */
3572 #endif
3573 } HS_Hashes;
3574 
3575 
3576 #ifdef WOLFSSL_ASYNC_CRYPT
3577  #define MAX_ASYNC_ARGS 18
3578  typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
3579 
3580  struct WOLFSSL_ASYNC {
3581  WC_ASYNC_DEV* dev;
3582  FreeArgsCb freeArgs; /* function pointer to cleanup args */
3583  word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
3584  };
3585 #endif
3586 
3587 #ifdef HAVE_WRITE_DUP
3588 
3589  #define WRITE_DUP_SIDE 1
3590  #define READ_DUP_SIDE 2
3591 
3592  typedef struct WriteDup {
3593  wolfSSL_Mutex dupMutex; /* reference count mutex */
3594  int dupCount; /* reference count */
3595  int dupErr; /* under dupMutex, pass to other side */
3596  } WriteDup;
3597 
3598  WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
3599  WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
3600 #endif /* HAVE_WRITE_DUP */
3601 
3602 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3603 typedef struct CertReqCtx CertReqCtx;
3604 
3605 struct CertReqCtx {
3606  CertReqCtx* next;
3607  byte len;
3608  byte ctx;
3609 };
3610 #endif
3611 
3612 #ifdef WOLFSSL_EARLY_DATA
3613 typedef enum EarlyDataState {
3614  no_early_data,
3615  expecting_early_data,
3616  process_early_data,
3617  done_early_data
3618 } EarlyDataState;
3619 #endif
3620 
3621 /* wolfSSL ssl type */
3622 struct WOLFSSL {
3623  WOLFSSL_CTX* ctx;
3624  Suites* suites; /* only need during handshake */
3625  Arrays* arrays;
3626 #ifdef WOLFSSL_TLS13
3627  byte clientSecret[SECRET_LEN];
3628  byte serverSecret[SECRET_LEN];
3629 #endif
3630  HS_Hashes* hsHashes;
3631  void* IOCB_ReadCtx;
3632  void* IOCB_WriteCtx;
3633  WC_RNG* rng;
3634  void* verifyCbCtx; /* cert verify callback user ctx*/
3635  VerifyCallback verifyCallback; /* cert verification callback */
3636  void* heap; /* for user overrides */
3637 #ifdef HAVE_WRITE_DUP
3638  WriteDup* dupWrite; /* valid pointer indicates ON */
3639  /* side that decrements dupCount to zero frees overall structure */
3640  byte dupSide; /* write side or read side */
3641 #endif
3642 #ifdef OPENSSL_EXTRA
3643  byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
3644 #endif
3645  CallbackIORecv CBIORecv;
3646  CallbackIOSend CBIOSend;
3647 #ifdef WOLFSSL_STATIC_MEMORY
3648  WOLFSSL_HEAP_HINT heap_hint;
3649 #endif
3650 #ifndef NO_HANDSHAKE_DONE_CB
3651  HandShakeDoneCb hsDoneCb; /* notify user handshake done */
3652  void* hsDoneCtx; /* user handshake cb context */
3653 #endif
3654 #ifdef WOLFSSL_ASYNC_CRYPT
3655  struct WOLFSSL_ASYNC async;
3656 #elif defined(WOLFSSL_NONBLOCK_OCSP)
3657  void* nonblockarg; /* dynamic arg for handling non-block resume */
3658 #endif
3659  void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
3660  word32 hsType; /* Type of Handshake key (hsKey) */
3661  WOLFSSL_CIPHER cipher;
3662 #ifndef WOLFSSL_AEAD_ONLY
3663  hmacfp hmac;
3664 #endif
3665  Ciphers encrypt;
3666  Ciphers decrypt;
3667  Buffers buffers;
3668  WOLFSSL_SESSION session;
3669 #ifdef HAVE_EXT_CACHE
3670  WOLFSSL_SESSION* extSession;
3671 #endif
3672  WOLFSSL_ALERT_HISTORY alert_history;
3673  int error;
3674  int rfd; /* read file descriptor */
3675  int wfd; /* write file descriptor */
3676  int rflags; /* user read flags */
3677  int wflags; /* user write flags */
3678  word32 timeout; /* session timeout */
3679  word32 fragOffset; /* fragment offset */
3680  word16 curSize;
3681  byte verifyDepth;
3682  RecordLayerHeader curRL;
3683  MsgsReceived msgsReceived; /* peer messages received */
3684  ProtocolVersion version; /* negotiated version */
3685  ProtocolVersion chVersion; /* client hello version */
3686  CipherSpecs specs;
3687  Keys keys;
3688  Options options;
3689 #ifdef OPENSSL_EXTRA
3690  CallbackInfoState* CBIS; /* used to get info about SSL state */
3691  int cbmode; /* read or write on info callback */
3692  int cbtype; /* event type in info callback */
3693  WOLFSSL_BIO* biord; /* socket bio read to free/close */
3694  WOLFSSL_BIO* biowr; /* socket bio write to free/close */
3695  byte sessionCtx[ID_LEN]; /* app session context ID */
3696  unsigned long peerVerifyRet;
3697  byte readAhead;
3698  byte sessionCtxSz; /* size of sessionCtx stored */
3699 #ifdef HAVE_PK_CALLBACKS
3700  void* loggingCtx; /* logging callback argument */
3701 #endif
3702 #endif /* OPENSSL_EXTRA */
3703 #ifndef NO_RSA
3704  RsaKey* peerRsaKey;
3705  byte peerRsaKeyPresent;
3706 #endif
3707 #ifdef HAVE_QSH
3708  QSHKey* QSH_Key;
3709  QSHKey* peerQSHKey;
3710  QSHSecret* QSH_secret;
3711  byte isQSH; /* is the handshake a QSH? */
3712  byte sendQSHKeys; /* flag for if the client should sen
3713  public keys */
3714  byte peerQSHKeyPresent;
3715  byte minRequest;
3716  byte maxRequest;
3717  byte user_set_QSHSchemes;
3718 #endif
3719 #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
3720  word16 namedGroup;
3721 #endif
3722 #ifdef WOLFSSL_TLS13
3723  word16 group[WOLFSSL_MAX_GROUP_COUNT];
3724  byte numGroups;
3725 #endif
3726  byte pssAlgo;
3727 #ifdef WOLFSSL_TLS13
3728  #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
3729  word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
3730  byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
3731  * offer */
3732  #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
3733 #endif
3734 #ifdef HAVE_NTRU
3735  word16 peerNtruKeyLen;
3736  byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
3737  byte peerNtruKeyPresent;
3738 #endif
3739 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
3740  int eccVerifyRes;
3741 #endif
3742 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
3743  word32 ecdhCurveOID; /* curve Ecc_Sum */
3744  ecc_key* eccTempKey; /* private ECDHE key */
3745  byte eccTempKeyPresent; /* also holds type */
3746  byte peerEccKeyPresent;
3747 #endif
3748 #ifdef HAVE_ECC
3749  ecc_key* peerEccKey; /* peer's ECDHE key */
3750  ecc_key* peerEccDsaKey; /* peer's ECDSA key */
3751  word16 eccTempKeySz; /* in octets 20 - 66 */
3752  byte peerEccDsaKeyPresent;
3753 #endif
3754 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
3755  word32 pkCurveOID; /* curve Ecc_Sum */
3756 #endif
3757 #ifdef HAVE_ED25519
3758  ed25519_key* peerEd25519Key;
3759  byte peerEd25519KeyPresent;
3760 #endif
3761 #ifdef HAVE_CURVE25519
3762  curve25519_key* peerX25519Key;
3763  byte peerX25519KeyPresent;
3764 #endif
3765 #ifdef HAVE_LIBZ
3766  z_stream c_stream; /* compression stream */
3767  z_stream d_stream; /* decompression stream */
3768  byte didStreamInit; /* for stream init and end */
3769 #endif
3770 #ifdef WOLFSSL_DTLS
3771  int dtls_timeout_init; /* starting timeout value */
3772  int dtls_timeout_max; /* maximum timeout value */
3773  int dtls_timeout; /* current timeout value, changes */
3774  word32 dtls_tx_msg_list_sz;
3775  word32 dtls_rx_msg_list_sz;
3776  DtlsMsg* dtls_tx_msg_list;
3777  DtlsMsg* dtls_tx_msg;
3778  DtlsMsg* dtls_rx_msg_list;
3779  void* IOCB_CookieCtx; /* gen cookie ctx */
3780  word32 dtls_expected_rx;
3781 #ifdef WOLFSSL_SESSION_EXPORT
3782  wc_dtls_export dtls_export; /* export function for session */
3783 #endif
3784 #ifdef WOLFSSL_SCTP
3785  word16 dtlsMtuSz;
3786 #endif /* WOLFSSL_SCTP */
3787 #ifdef WOLFSSL_MULTICAST
3788  void* mcastHwCbCtx; /* Multicast highwater callback ctx */
3789 #endif /* WOLFSSL_MULTICAST */
3790 #ifdef WOLFSSL_DTLS_DROP_STATS
3791  word32 macDropCount;
3792  word32 replayDropCount;
3793 #endif /* WOLFSSL_DTLS_DROP_STATS */
3794 #endif /* WOLFSSL_DTLS */
3795 #ifdef WOLFSSL_CALLBACKS
3796  TimeoutInfo timeoutInfo; /* info saved during handshake */
3797  HandShakeInfo handShakeInfo; /* info saved during handshake */
3798 #endif
3799 #ifdef OPENSSL_EXTRA
3800  SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
3801  void* protoMsgCtx; /* user set context with msg callback */
3802 #endif
3803 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
3804  byte hsInfoOn; /* track handshake info */
3805  byte toInfoOn; /* track timeout info */
3806 #endif
3807 #ifdef HAVE_FUZZER
3808  CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
3809  void* fuzzerCtx; /* user defined pointer */
3810 #endif
3811 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3812  CertReqCtx* certReqCtx;
3813 #endif
3814 #ifdef KEEP_PEER_CERT
3815  WOLFSSL_X509 peerCert; /* X509 peer cert */
3816 #endif
3817 #ifdef KEEP_OUR_CERT
3818  WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
3819  points to ctx if not owned (owned
3820  flag found in buffers.weOwnCert) */
3821 #endif
3822  byte keepCert; /* keep certificate after handshake */
3823 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
3824  void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
3825 #endif
3826  int devId; /* async device id to use */
3827 #ifdef HAVE_ONE_TIME_AUTH
3828  OneTimeAuth auth;
3829 #endif
3830 #ifdef HAVE_TLS_EXTENSIONS
3831  TLSX* extensions; /* RFC 6066 TLS Extensions data */
3832  #ifdef HAVE_MAX_FRAGMENT
3833  word16 max_fragment;
3834  #endif
3835  #ifdef HAVE_TRUNCATED_HMAC
3836  byte truncated_hmac;
3837  #endif
3838  #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
3839  byte status_request;
3840  #endif
3841  #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
3842  byte status_request_v2;
3843  #endif
3844  #if defined(HAVE_SECURE_RENEGOTIATION) \
3845  || defined(HAVE_SERVER_RENEGOTIATION_INFO)
3846  SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
3847  #endif /* user turned on */
3848  #ifdef HAVE_ALPN
3849  char* alpn_client_list; /* keep the client's list */
3850  #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3851  CallbackALPNSelect alpnSelect;
3852  void* alpnSelectArg;
3853  #endif
3854  #endif /* of accepted protocols */
3855  #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
3856  CallbackSessionTicket session_ticket_cb;
3857  void* session_ticket_ctx;
3858  byte expect_session_ticket;
3859  #endif
3860 #endif /* HAVE_TLS_EXTENSIONS */
3861 #ifdef HAVE_OCSP
3862  void* ocspIOCtx;
3863  #ifdef OPENSSL_EXTRA
3864  byte* ocspResp;
3865  int ocspRespSz;
3866  #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3867  char* url;
3868  #endif
3869  #endif
3870 #endif
3871 #ifdef HAVE_NETX
3872  NetX_Ctx nxCtx; /* NetX IO Context */
3873 #endif
3874 #if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
3875  void* mnCtx; /* mynewt mn_socket IO Context */
3876 #endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
3877 #ifdef SESSION_INDEX
3878  int sessionIndex; /* Session's location in the cache. */
3879 #endif
3880 #ifdef ATOMIC_USER
3881  void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
3882  void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
3883 #endif
3884 #ifdef HAVE_PK_CALLBACKS
3885  #ifdef HAVE_ECC
3886  void* EccKeyGenCtx; /* EccKeyGen Callback Context */
3887  void* EccSignCtx; /* Ecc Sign Callback Context */
3888  void* EccVerifyCtx; /* Ecc Verify Callback Context */
3889  void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
3890  #ifdef HAVE_ED25519
3891  void* Ed25519SignCtx; /* ED25519 Sign Callback Context */
3892  void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */
3893  #endif
3894  #ifdef HAVE_CURVE25519
3895  void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */
3896  void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
3897  #endif
3898  #endif /* HAVE_ECC */
3899  #ifndef NO_DH
3900  void* DhAgreeCtx; /* DH Pms Callback Context */
3901  #endif /* !NO_DH */
3902  #ifndef NO_RSA
3903  void* RsaSignCtx; /* Rsa Sign Callback Context */
3904  void* RsaVerifyCtx; /* Rsa Verify Callback Context */
3905  #ifdef WC_RSA_PSS
3906  void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */
3907  void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */
3908  #endif
3909  void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
3910  void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
3911  #endif /* NO_RSA */
3912 #endif /* HAVE_PK_CALLBACKS */
3913 #ifdef HAVE_SECRET_CALLBACK
3914  SessionSecretCb sessionSecretCb;
3915  void* sessionSecretCtx;
3916 #endif /* HAVE_SECRET_CALLBACK */
3917 #ifdef WOLFSSL_JNI
3918  void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
3919 #endif /* WOLFSSL_JNI */
3920 #ifdef WOLFSSL_EARLY_DATA
3921  EarlyDataState earlyData;
3922  word32 earlyDataSz;
3923 #endif
3924 };
3925 
3926 
3927 WOLFSSL_LOCAL
3928 int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
3929 WOLFSSL_LOCAL
3930 int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
3931 WOLFSSL_LOCAL
3932 void FreeSSL(WOLFSSL*, void* heap);
3933 WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
3934 
3935 
3936 
3937 #ifndef NO_CERTS
3938 
3939  WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
3940  long sz, int format, int type, WOLFSSL* ssl,
3941  long* used, int userChain);
3942  WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
3943  int type, WOLFSSL* ssl, int userChain,
3944  WOLFSSL_CRL* crl);
3945 
3946  #ifdef OPENSSL_EXTRA
3947  WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
3948  size_t domainNameLen);
3949  #endif
3950 #endif
3951 
3952 
3953 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
3954  WOLFSSL_LOCAL
3955  void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*);
3956  WOLFSSL_LOCAL
3957  void FinishHandShakeInfo(HandShakeInfo*);
3958  WOLFSSL_LOCAL
3959  void AddPacketName(WOLFSSL* ssl, const char* name);
3960 
3961  WOLFSSL_LOCAL
3962  void InitTimeoutInfo(TimeoutInfo*);
3963  WOLFSSL_LOCAL
3964  void FreeTimeoutInfo(TimeoutInfo*, void*);
3965  WOLFSSL_LOCAL
3966  void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
3967  const byte* data, int sz, int write, void* heap);
3968  WOLFSSL_LOCAL
3969  void AddLateName(const char*, TimeoutInfo*);
3970  WOLFSSL_LOCAL
3971  void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
3972 #endif
3973 
3974 
3975 /* Record Layer Header identifier from page 12 */
3976 enum ContentType {
3977  no_type = 0,
3978  change_cipher_spec = 20,
3979  alert = 21,
3980  handshake = 22,
3981  application_data = 23
3982 };
3983 
3984 
3985 /* handshake header, same for each message type, pgs 20/21 */
3986 typedef struct HandShakeHeader {
3987  byte type;
3988  word24 length;
3989 } HandShakeHeader;
3990 
3991 
3992 /* DTLS handshake header, same for each message type */
3993 typedef struct DtlsHandShakeHeader {
3994  byte type;
3995  word24 length;
3996  byte message_seq[2]; /* start at 0, retransmit gets same # */
3997  word24 fragment_offset; /* bytes in previous fragments */
3998  word24 fragment_length; /* length of this fragment */
4000 
4001 
4002 enum HandShakeType {
4003  hello_request = 0,
4004  client_hello = 1,
4005  server_hello = 2,
4006  hello_verify_request = 3, /* DTLS addition */
4007  session_ticket = 4,
4008  end_of_early_data = 5,
4009  hello_retry_request = 6,
4010  encrypted_extensions = 8,
4011  certificate = 11,
4012  server_key_exchange = 12,
4013  certificate_request = 13,
4014  server_hello_done = 14,
4015  certificate_verify = 15,
4016  client_key_exchange = 16,
4017  finished = 20,
4018  certificate_status = 22,
4019  key_update = 24,
4020  change_cipher_hs = 55, /* simulate unique handshake type for sanity
4021  checks. record layer change_cipher
4022  conflicts with handshake finished */
4023  message_hash = 254, /* synthetic message type for TLS v1.3 */
4024  no_shake = 255 /* used to initialize the DtlsMsg record */
4025 };
4026 
4027 enum ProvisionSide {
4028  PROVISION_CLIENT = 1,
4029  PROVISION_SERVER = 2,
4030  PROVISION_CLIENT_SERVER = 3
4031 };
4032 
4033 
4034 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
4035 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
4036 
4037 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
4038 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
4039 
4040 
4041 /* internal functions */
4042 WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
4043 WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
4044 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
4045 WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
4046 #ifdef WOLFSSL_TLS13
4047 #ifdef WOLFSSL_TLS13_DRAFT_18
4048 WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
4049 #else
4050 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
4051 #endif
4052 #endif
4053 WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
4054 WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
4055 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
4056  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
4057 WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*);
4058 #endif
4059 #if defined(HAVE_SECURE_RENEGOTIATION) && \
4060  defined(HAVE_SERVER_RENEGOTIATION_INFO)
4061 WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*);
4062 #endif
4063 WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
4064 WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
4065 WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
4066 WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
4067 WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
4068 WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
4069 WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
4070 
4071 WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
4072 WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
4073 
4074 WOLFSSL_LOCAL int AddSession(WOLFSSL*);
4075 WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
4076 WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
4077 
4078 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
4079 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
4080 WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
4081 
4082 WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
4083 WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
4084 WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
4085 
4086 WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
4087 
4088 WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
4089 WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
4090 
4091 #ifndef NO_CERTS
4092  #ifndef NO_RSA
4093  #ifdef WC_RSA_PSS
4094  WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
4095  byte* out, word32 sigSz, enum wc_HashType hashType);
4096  WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
4097  enum wc_HashType* hashType, int* mgf);
4098  #endif
4099  WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
4100  word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo,
4101  int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo);
4102  WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
4103  byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
4104  DerBuffer* keyBufInfo);
4105  WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
4106  byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
4107  buffer* keyBufInfo);
4108  WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
4109  word32* outSz, RsaKey* key, DerBuffer* keyBufInfo);
4110  WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
4111  word32* outSz, RsaKey* key, buffer* keyBufInfo);
4112  #endif /* !NO_RSA */
4113 
4114  #ifdef HAVE_ECC
4115  WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
4116  byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo);
4117  WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
4118  const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo);
4119  WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
4120  ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
4121  word32* outlen, int side);
4122  #endif /* HAVE_ECC */
4123  #ifdef HAVE_ED25519
4124  WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl);
4125  WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
4126  byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo);
4127  WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in,
4128  word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
4129  buffer* keyBufInfo);
4130  #endif /* HAVE_ED25519 */
4131 
4132 
4133  #ifdef WOLFSSL_TRUST_PEER_CERT
4134 
4135  /* options for searching hash table for a matching trusted peer cert */
4136  #define WC_MATCH_SKID 0
4137  #define WC_MATCH_NAME 1
4138 
4139  WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
4140  int type);
4141  WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
4142  DecodedCert* cert);
4143  #endif
4144 
4145  WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
4146  #ifndef NO_SKID
4147  WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
4148  #endif
4149 #endif /* !NO_CERTS */
4150 WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
4151  word32* hashLen);
4152 WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
4153  const byte* sender);
4154 WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
4155 WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
4156 WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
4157 
4158 #ifndef NO_TLS
4159  WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
4160 #ifndef WOLFSSL_AEAD_ONLY
4161  WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
4162  word32 sz, int padSz, int content, int verify);
4163 #endif
4164 #endif
4165 
4166 #ifndef NO_WOLFSSL_CLIENT
4167  WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
4168  #ifdef WOLFSSL_TLS13
4169  WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
4170  #endif
4171  WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
4172  WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
4173 #endif /* NO_WOLFSSL_CLIENT */
4174 
4175 #ifndef NO_WOLFSSL_SERVER
4176  WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
4177  WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
4178 #endif /* NO_WOLFSSL_SERVER */
4179 
4180 #ifdef WOLFSSL_DTLS
4181  WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
4182  WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
4183  WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
4184  WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
4185  word32, word32, void*);
4186  WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
4187  WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,
4188  byte, word32, word32, void*);
4189  WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
4190 
4191  WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32);
4192  WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
4193  WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
4194  WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
4195  WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
4196 #endif /* WOLFSSL_DTLS */
4197 
4198 #ifndef NO_TLS
4199 
4200 
4201 #endif /* NO_TLS */
4202 
4203 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
4204  WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
4205 #endif
4206 WOLFSSL_LOCAL word32 LowResTimer(void);
4207 
4208 #ifndef NO_CERTS
4209  WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
4210  WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
4211  WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
4212  WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
4213  WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
4214 #endif
4215 
4216 typedef struct CipherSuiteInfo {
4217  const char* name;
4218 #ifndef NO_ERROR_STRINGS
4219  const char* name_iana;
4220 #endif
4221  byte cipherSuite0;
4222  byte cipherSuite;
4223 } CipherSuiteInfo;
4224 
4225 WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
4226 WOLFSSL_LOCAL int GetCipherNamesSize(void);
4227 WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite);
4228 WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite);
4229 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
4230 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
4231 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
4232  byte* cipherSuite);
4233 
4234 enum encrypt_side {
4235  ENCRYPT_SIDE_ONLY = 1,
4236  DECRYPT_SIDE_ONLY,
4237  ENCRYPT_AND_DECRYPT_SIDE
4238 };
4239 
4240 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
4241 
4242 
4243 #ifndef NO_DH
4244  WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
4245  byte* priv, word32* privSz,
4246  byte* pub, word32* pubSz);
4247  WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
4248  const byte* priv, word32 privSz,
4249  const byte* otherPub, word32 otherPubSz,
4250  byte* agree, word32* agreeSz);
4251 #endif /* !NO_DH */
4252 
4253 #ifdef HAVE_ECC
4254  WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
4255 #endif
4256 
4257 WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
4258 WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
4259 
4260 WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
4261  const byte* input, int inSz, int type, int hashOutput,
4262  int sizeOnly, int asyncOkay);
4263 
4264 #ifdef WOLFSSL_TLS13
4265 int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
4266  int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
4267 #endif
4268 
4269 WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
4270 WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
4271 
4272 #ifdef WOLFSSL_ASYNC_CRYPT
4273  WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags);
4274  WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
4275  WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
4276 #endif
4277 
4278 
4279 #ifdef __cplusplus
4280  } /* extern "C" */
4281 #endif
4282 
4283 #endif /* wolfSSL_INT_H */
Definition: internal.h:2264
Definition: asn.h:1197
Definition: internal.h:1862
Definition: poly1305.h:69
Definition: internal.h:2342
Definition: arc4.h:46
Definition: memory.h:177
Definition: setup.py:1
Definition: camellia.h:74
Definition: asn.h:1175
Definition: wc_port.h:146
Definition: sha256.h:125
Definition: md5.h:79
Definition: internal.h:2132
Definition: internal.h:3517
Definition: internal.h:2299
Definition: asn.h:1120
Definition: internal.h:1950
Definition: rabbit.h:53
Definition: asn.h:534
Definition: internal.h:1739
Definition: internal.h:1873
Definition: srp.h:103
Definition: asn.h:515
Header file containing key wolfSSL API.
Definition: internal.h:2383
Definition: asn.h:680
Definition: internal.h:1962
Definition: internal.h:2259
Definition: internal.h:3317
Definition: internal.h:3352
Definition: internal.h:3527
Definition: internal.h:2418
Definition: internal.h:3986
Definition: internal.h:2494
Definition: aes.h:130
Definition: internal.h:2903
Definition: internal.h:2349
Definition: callbacks.h:45
Definition: internal.h:2234
Definition: ssl.h:212
Definition: hc128.h:43
Definition: asn.h:859
Definition: internal.h:1750
Definition: internal.h:1538
Definition: internal.h:3502
Definition: internal.h:2924
Definition: ssl.h:347
Definition: client.py:1
Definition: sha512.h:116
Definition: internal.h:1835
Definition: ssl.h:302
Definition: dh.h:60
Definition: internal.h:3392
Definition: internal.h:2425
Definition: internal.h:2945
Definition: internal.h:3592
Definition: wolfevent.h:83
Definition: internal.h:2852
Definition: chacha.h:58
Definition: internal.h:1807
Definition: internal.h:1791
Definition: internal.h:2321
Definition: ecc.h:341
Definition: internal.h:3477
Definition: ssl.h:2600
Definition: internal.h:1907
Definition: asn.h:891
Definition: internal.h:4216
Definition: internal.h:3366
Definition: internal.h:3605
Definition: random.h:153
Definition: internal.h:1955
Definition: idea.h:51
Definition: internal.h:3580
Definition: internal.h:2774
Definition: callbacks.h:75
Definition: internal.h:1571
Definition: internal.h:2938
Definition: internal.h:2888
Definition: internal.h:2395
Definition: wolfcaam_sha.h:68
Definition: ssl.h:284
Definition: internal.h:1596
Definition: ed25519.h:72
Definition: asn.h:1226
Definition: internal.h:3550
Definition: internal.h:2174
Definition: internal.h:2952
Definition: ssl.h:329
Definition: internal.h:3495
Definition: des3.h:98
Definition: internal.h:3486
Definition: asn.h:608
Definition: internal.h:3993
Definition: internal.h:3077
Definition: user_rsa.h:60
Definition: internal.h:2208
Definition: curve25519.h:64
Definition: asn_public.h:159
Definition: internal.h:3161
Definition: internal.h:3622
Definition: internal.h:2356
Definition: internal.h:2078
Definition: server.py:1
Definition: internal.h:1565
Definition: internal.h:1985
Definition: internal.h:2160