diff --git a/source/libwolfssl/callbacks.h b/source/libwolfssl/callbacks.h index 2e95072e..fe7a077a 100644 --- a/source/libwolfssl/callbacks.h +++ b/source/libwolfssl/callbacks.h @@ -1,6 +1,6 @@ /* callbacks.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,7 @@ #endif -enum { /* CALLBACK CONTSTANTS */ +enum { /* CALLBACK CONSTANTS */ MAX_PACKETNAME_SZ = 24, MAX_CIPHERNAME_SZ = 24, MAX_TIMEOUT_NAME_SZ = 24, @@ -53,19 +53,21 @@ typedef struct handShakeInfo_st { #if defined(HAVE_SYS_TIME_H) && !defined(NO_TIMEVAL) - typedef struct timeval Timeval; + typedef struct timeval WOLFSSL_TIMEVAL; #else /* HAVE_SYS_TIME_H */ - /* Define the Timeval explicitly. */ + /* Define the timeval explicitly. */ typedef struct { long tv_sec; /* Seconds. */ long tv_usec; /* Microseconds. */ - } Timeval; + } WOLFSSL_TIMEVAL; #endif /* HAVE_SYS_TIME_H */ - +#if !defined(NO_OLD_TIMEVAL_NAME) + #define Timeval WOLFSSL_TIMEVAL +#endif typedef struct packetInfo_st { char packetName[MAX_PACKETNAME_SZ + 1]; /* SSL packet name */ - Timeval timestamp; /* when it occurred */ + WOLFSSL_TIMEVAL timestamp; /* when it occurred */ unsigned char value[MAX_VALUE_SZ]; /* if fits, it's here */ unsigned char* bufferValue; /* otherwise here (non 0) */ int valueSz; /* sz of value or buffer */ @@ -77,7 +79,7 @@ typedef struct timeoutInfo_st { int flags; /* for future use */ int numberPackets; /* actual # of packets */ PacketInfo packets[MAX_PACKETS_HANDSHAKE]; /* list of all packets */ - Timeval timeoutValue; /* timer that caused it */ + WOLFSSL_TIMEVAL timeoutValue; /* timer that caused it */ } TimeoutInfo; diff --git a/source/libwolfssl/certs_test.h b/source/libwolfssl/certs_test.h index deefb57e..6562e9f6 100644 --- a/source/libwolfssl/certs_test.h +++ b/source/libwolfssl/certs_test.h @@ -2308,8 +2308,949 @@ static const unsigned char rsa_key_der_3072[] = }; static const int sizeof_rsa_key_der_3072 = sizeof(rsa_key_der_3072); +/* ./certs/3072/client-key.der, 3072-bit */ +static const unsigned char client_key_der_3072[] = +{ + 0x30, 0x82, 0x06, 0xE4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8, 0x10, + 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A, 0x41, + 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0, 0x88, + 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73, 0x42, + 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA, 0xBC, + 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA, 0x5C, + 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3, 0x58, + 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02, 0x00, + 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F, 0x2A, + 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B, 0x0B, + 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06, 0x7E, + 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C, 0x64, + 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA, 0x6A, + 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A, 0x89, + 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06, 0x48, + 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27, 0xEA, + 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06, 0x59, + 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2, 0xC0, + 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF, 0xF7, + 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5, 0xC8, + 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79, 0x5D, + 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8, 0xEE, + 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78, 0x0C, + 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9, 0xFC, + 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD, 0xA1, + 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB, 0xB9, + 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA, 0xCC, + 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61, 0xFC, + 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3, 0x2D, + 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1, 0x7F, + 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26, 0x35, + 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC, 0xCA, + 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B, 0xA1, + 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73, 0xF4, + 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7, 0x6F, + 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA, 0x13, + 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57, + 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9, + 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x01, 0x80, 0x40, 0x19, 0x74, 0xDB, 0xF5, + 0xCA, 0x48, 0x49, 0xA6, 0x0D, 0xDF, 0x55, 0x2C, 0xFB, 0x4B, + 0x0D, 0xBB, 0xC9, 0xEA, 0x4C, 0x65, 0x43, 0x65, 0xA5, 0xEC, + 0xEE, 0xE4, 0x3D, 0x42, 0x6C, 0xF1, 0xC2, 0x6D, 0x05, 0xA7, + 0x70, 0x1C, 0x7E, 0x1F, 0x48, 0xA9, 0xC0, 0x2E, 0xD7, 0x9F, + 0x01, 0x98, 0xC2, 0x3E, 0xD7, 0x83, 0x11, 0x35, 0xD6, 0x5B, + 0x13, 0x87, 0xAE, 0xAC, 0x32, 0xF8, 0xDE, 0xB6, 0x08, 0x25, + 0x4E, 0x59, 0xBA, 0x09, 0xEC, 0xC6, 0x97, 0x04, 0x85, 0xE8, + 0x93, 0xC6, 0xBB, 0x03, 0x7A, 0x94, 0x20, 0x3B, 0x27, 0x87, + 0x6A, 0x36, 0x41, 0x7C, 0xD5, 0xF4, 0x81, 0x1C, 0x0B, 0x39, + 0xEB, 0x14, 0xA7, 0xA6, 0x01, 0x37, 0x50, 0x48, 0xD5, 0xC6, + 0x57, 0x9A, 0x1B, 0x01, 0x02, 0x1F, 0x80, 0x34, 0x45, 0x09, + 0xE6, 0xBF, 0x31, 0x19, 0xB7, 0xE1, 0xBA, 0xDA, 0xEB, 0x1A, + 0xB0, 0xCD, 0xF5, 0xA6, 0x91, 0x63, 0xAC, 0x28, 0xE4, 0x8F, + 0xEA, 0x7E, 0xF6, 0x0A, 0x4A, 0x71, 0x21, 0xA5, 0xF1, 0x70, + 0x0D, 0x1B, 0xD9, 0x70, 0x64, 0x74, 0x57, 0x2F, 0x9F, 0xEC, + 0xD4, 0x93, 0x16, 0xC7, 0xEE, 0xF8, 0xC0, 0x9F, 0x52, 0x4A, + 0x1F, 0xAD, 0xDD, 0x40, 0x98, 0x53, 0x68, 0xFA, 0xDE, 0xA2, + 0x04, 0xA0, 0x24, 0x05, 0xEF, 0xCB, 0x4F, 0x70, 0xDF, 0xB9, + 0x5C, 0xC2, 0x5E, 0xE4, 0xC9, 0xCD, 0x0F, 0x5E, 0x4B, 0x77, + 0xBB, 0x84, 0x69, 0x54, 0x98, 0x41, 0xB7, 0x9C, 0x0E, 0x38, + 0xD8, 0xF7, 0xF3, 0x9F, 0xEF, 0xE5, 0x9B, 0xB6, 0x4B, 0xD6, + 0x7A, 0x65, 0xF5, 0x69, 0xFA, 0xC2, 0x13, 0x70, 0x6C, 0x28, + 0xA4, 0x29, 0xAC, 0xD9, 0xBF, 0xEC, 0x6A, 0x2E, 0xED, 0xE4, + 0xBA, 0xDF, 0xD0, 0xF1, 0xF3, 0x3C, 0x6C, 0x84, 0xDF, 0xB7, + 0x5A, 0x94, 0xCF, 0xD9, 0x2D, 0xEA, 0xEA, 0xB4, 0xD0, 0x91, + 0x2E, 0x77, 0x15, 0x18, 0x0D, 0x6B, 0xBA, 0x2A, 0x0C, 0xF1, + 0x92, 0x9D, 0xD6, 0x04, 0x05, 0xB6, 0x38, 0xC2, 0xE0, 0xA7, + 0x2D, 0x64, 0xF8, 0xDF, 0x0C, 0x3A, 0x93, 0x83, 0xE1, 0x88, + 0x83, 0x5F, 0x67, 0x90, 0x9F, 0x2B, 0xE0, 0x60, 0x8E, 0xCA, + 0x30, 0x13, 0xCA, 0x9F, 0xCF, 0x7B, 0x6D, 0xD8, 0xCD, 0xEE, + 0xF9, 0x96, 0xDD, 0x5E, 0xF4, 0x47, 0xC9, 0x4C, 0xE6, 0x8F, + 0x7F, 0x33, 0x2A, 0x38, 0x30, 0xAF, 0xD5, 0x4A, 0x79, 0x47, + 0x06, 0xCC, 0x96, 0x44, 0x29, 0x8C, 0x60, 0x2B, 0x08, 0xC7, + 0xD0, 0xD3, 0xC3, 0xC5, 0x2C, 0x63, 0x6C, 0x87, 0xD2, 0xAE, + 0x2A, 0xA4, 0x86, 0xE7, 0x76, 0x74, 0x90, 0xD1, 0x04, 0x37, + 0x64, 0x1A, 0xED, 0x08, 0xD9, 0x98, 0x07, 0x1A, 0x98, 0x0B, + 0x89, 0x99, 0xA4, 0xB0, 0x8C, 0x1A, 0x10, 0xEB, 0xEC, 0xF4, + 0xEE, 0x3C, 0xC4, 0x00, 0xCC, 0x30, 0x9C, 0x43, 0x01, 0x02, + 0x81, 0xC1, 0x00, 0xD9, 0x43, 0xF6, 0x2C, 0x78, 0x26, 0xD2, + 0xE7, 0x15, 0xA7, 0x0A, 0x88, 0x5E, 0xDB, 0x2D, 0xAF, 0xC6, + 0xA9, 0x6F, 0x73, 0x88, 0x3B, 0x6A, 0x08, 0x1F, 0xF5, 0x80, + 0xB5, 0x2E, 0x29, 0x8B, 0x72, 0xF8, 0x35, 0xC8, 0x23, 0x18, + 0x1C, 0x0D, 0x0E, 0x38, 0x82, 0xBB, 0x5B, 0x2F, 0xB4, 0x5C, + 0x4E, 0x24, 0x05, 0xA7, 0x4C, 0x79, 0x48, 0x89, 0x8D, 0x1C, + 0x1D, 0x0A, 0x2C, 0xFE, 0xD9, 0x99, 0xDF, 0x25, 0x8A, 0x2D, + 0xF8, 0xEB, 0x2F, 0xDA, 0x1B, 0x63, 0xE1, 0xCD, 0x09, 0x97, + 0x64, 0x14, 0xAB, 0xEA, 0x0B, 0xD8, 0xE2, 0xA8, 0x2A, 0x63, + 0x35, 0x90, 0xEE, 0x7F, 0xEA, 0xCE, 0xA5, 0xEF, 0x7F, 0xAB, + 0x87, 0x47, 0x9B, 0x45, 0x35, 0x9A, 0xDA, 0x8C, 0xF4, 0xD3, + 0x8A, 0x0B, 0x9B, 0xE6, 0xEA, 0x92, 0xBB, 0x05, 0xE1, 0xAC, + 0x3E, 0x35, 0xDB, 0xED, 0x65, 0x1D, 0xB6, 0x92, 0xEB, 0x29, + 0x79, 0xF8, 0x3F, 0xC2, 0x58, 0x40, 0x32, 0x66, 0x87, 0x56, + 0x50, 0xFF, 0xBF, 0x3E, 0xBD, 0xE9, 0x94, 0xBF, 0x31, 0xBE, + 0x87, 0x2D, 0xEF, 0x64, 0x1E, 0x0E, 0x67, 0x3A, 0x9C, 0x94, + 0xDA, 0x5B, 0x0C, 0x8C, 0x3D, 0xEE, 0x9D, 0xCD, 0x92, 0xDE, + 0x40, 0x02, 0x65, 0x36, 0xC9, 0x1B, 0xF5, 0x7E, 0x4E, 0x07, + 0xB4, 0x7F, 0x14, 0x0E, 0x03, 0x2E, 0x86, 0xF0, 0x45, 0x5F, + 0xDC, 0xA2, 0xE8, 0xC7, 0x83, 0x02, 0x81, 0xC1, 0x00, 0xCA, + 0xED, 0xA5, 0x3F, 0x59, 0xAC, 0x4C, 0xAD, 0xAB, 0x23, 0x02, + 0x95, 0x80, 0xA0, 0xAF, 0x35, 0x17, 0xDB, 0xE7, 0x7F, 0x72, + 0x41, 0x2C, 0x5C, 0xB4, 0x43, 0x85, 0x46, 0x73, 0x9F, 0x58, + 0xE9, 0x40, 0x8B, 0xEC, 0xB0, 0xEF, 0x86, 0x4C, 0x31, 0xDE, + 0xC8, 0x6C, 0x74, 0x75, 0xA2, 0xDB, 0x65, 0xF4, 0x50, 0xC6, + 0x99, 0xA2, 0x70, 0xDE, 0xB6, 0x22, 0xC2, 0x01, 0x15, 0x49, + 0x13, 0xA0, 0xE2, 0x20, 0x78, 0x44, 0xEC, 0x1F, 0x42, 0xB3, + 0x25, 0x09, 0xCE, 0x75, 0x13, 0x75, 0x36, 0x11, 0x47, 0x2C, + 0x3C, 0x15, 0x1F, 0xF0, 0x54, 0xD5, 0x18, 0xAE, 0x61, 0x07, + 0xAC, 0x3D, 0x83, 0x46, 0x03, 0x8C, 0xBF, 0x63, 0x26, 0xA8, + 0x19, 0x7C, 0xFF, 0xDE, 0x20, 0x78, 0xD0, 0xDA, 0x70, 0x2E, + 0xBD, 0xFA, 0x96, 0xDD, 0x15, 0x78, 0x9B, 0xEF, 0xED, 0x17, + 0x90, 0x6F, 0x14, 0x35, 0x50, 0x8E, 0x1D, 0x78, 0xB0, 0x8A, + 0xA0, 0x53, 0x10, 0x15, 0x64, 0xCC, 0x47, 0x05, 0xB6, 0xC6, + 0x48, 0xC0, 0x5D, 0xB4, 0x4B, 0x1A, 0x5F, 0xB8, 0x9E, 0x75, + 0xCD, 0xC3, 0x64, 0x66, 0x88, 0x10, 0x9C, 0x8B, 0x87, 0x14, + 0x34, 0xE6, 0x60, 0x3C, 0xA5, 0xB7, 0x81, 0x1D, 0x0B, 0x79, + 0x93, 0x5D, 0x4A, 0x42, 0x7A, 0x7F, 0x33, 0xF0, 0x3E, 0x9E, + 0x63, 0xBD, 0xB6, 0x5F, 0xF9, 0x47, 0xA7, 0x0A, 0x49, 0x70, + 0xB1, 0x02, 0x81, 0xC0, 0x6F, 0xC6, 0xF4, 0x3E, 0xDA, 0xAD, + 0xF6, 0xB1, 0x66, 0xC5, 0x62, 0xB8, 0xD8, 0x3C, 0x61, 0x1B, + 0xDE, 0xD4, 0x4A, 0xFF, 0xA0, 0x66, 0x18, 0xDE, 0x07, 0x3B, + 0x32, 0x35, 0x84, 0x83, 0x61, 0x38, 0x0C, 0x14, 0xF7, 0x5B, + 0x7E, 0xCA, 0xE7, 0xB8, 0x9A, 0x40, 0x40, 0x0D, 0xE0, 0xD4, + 0x24, 0xED, 0x1A, 0xC1, 0x41, 0xDA, 0x29, 0x47, 0xB5, 0x64, + 0xC0, 0xC2, 0xFB, 0xFA, 0x3C, 0x3F, 0x4D, 0x57, 0xAD, 0xA3, + 0x92, 0x95, 0x4E, 0xC2, 0x76, 0xAE, 0xC2, 0xCB, 0x67, 0xC6, + 0x78, 0x79, 0xC7, 0xDC, 0xCE, 0x73, 0xBB, 0xE8, 0x98, 0x65, + 0xFE, 0x56, 0x8F, 0xB2, 0xF4, 0x62, 0xA4, 0x60, 0x60, 0x80, + 0x49, 0x8A, 0x36, 0xBF, 0xDE, 0x72, 0x7E, 0xB1, 0xD3, 0xF5, + 0x1D, 0x64, 0x17, 0x26, 0xE5, 0x3D, 0x67, 0xB2, 0x0A, 0x8B, + 0x99, 0x27, 0x04, 0x64, 0x9A, 0x94, 0xFC, 0x1D, 0x73, 0x26, + 0xC3, 0x56, 0xF9, 0xEE, 0x2B, 0x99, 0x65, 0xA5, 0xC8, 0x73, + 0xF6, 0x67, 0x83, 0xBC, 0x2B, 0x96, 0x5F, 0x36, 0xE4, 0xCA, + 0xBD, 0xE0, 0x24, 0x34, 0xD6, 0x48, 0x54, 0x56, 0xAD, 0xA3, + 0xE3, 0x3D, 0x17, 0xBC, 0xB3, 0xE6, 0x24, 0xFE, 0x50, 0xC6, + 0x2F, 0xCB, 0xB4, 0xAF, 0xC7, 0xE8, 0xDD, 0x96, 0x86, 0x9D, + 0xB4, 0x7F, 0x1B, 0x26, 0x01, 0x33, 0x87, 0xDB, 0x6A, 0x7F, + 0xF6, 0x9A, 0xB7, 0xC1, 0x94, 0xEB, 0x02, 0x81, 0xC1, 0x00, + 0xB0, 0x6D, 0x20, 0x68, 0x0D, 0x7C, 0x81, 0x45, 0xD4, 0x2E, + 0x22, 0x06, 0xFC, 0xC7, 0xB6, 0xCC, 0x40, 0x2C, 0x0D, 0xFE, + 0x7D, 0xC5, 0x2F, 0xDE, 0x81, 0x52, 0xDA, 0xC2, 0x3F, 0xAF, + 0xE0, 0x4B, 0x1A, 0xB5, 0x0C, 0x59, 0x60, 0x45, 0xB0, 0x65, + 0x03, 0x3D, 0xD9, 0x1C, 0xFF, 0x51, 0x51, 0xD2, 0x38, 0x31, + 0x2A, 0x19, 0x54, 0x63, 0x31, 0x1D, 0xC4, 0xE6, 0x4A, 0xAE, + 0xC8, 0xD3, 0xE9, 0xE1, 0xEF, 0x3C, 0xE1, 0x1F, 0x30, 0xA6, + 0x7A, 0xBD, 0xCE, 0xE2, 0xD2, 0x62, 0xD2, 0x5A, 0xE9, 0x76, + 0xA9, 0x7C, 0xAB, 0x19, 0x13, 0x87, 0x8D, 0xA5, 0x61, 0xA6, + 0x36, 0x57, 0x87, 0x3B, 0x64, 0x59, 0x9D, 0xBA, 0x9F, 0x67, + 0x72, 0x6A, 0x86, 0x84, 0xA6, 0x08, 0x31, 0x41, 0xD3, 0x48, + 0x09, 0x3B, 0x5E, 0x6C, 0x5F, 0x56, 0x55, 0x7F, 0xAD, 0x7E, + 0xC2, 0x27, 0xEE, 0x8A, 0xF1, 0x37, 0x51, 0xF7, 0x49, 0x80, + 0xA3, 0x65, 0x74, 0x11, 0xDD, 0xA7, 0xBE, 0xFA, 0x58, 0x7B, + 0x69, 0xB4, 0xC2, 0x9A, 0x35, 0x2F, 0xBE, 0x84, 0x4E, 0x2C, + 0x66, 0x5B, 0x38, 0x6F, 0x47, 0xBD, 0x30, 0x44, 0x0A, 0x02, + 0xAC, 0x8C, 0xB9, 0x66, 0x1E, 0x14, 0x2D, 0x90, 0x71, 0x42, + 0x12, 0xB7, 0x0E, 0x3A, 0x8B, 0xC5, 0x98, 0x65, 0xFD, 0x8F, + 0x53, 0x81, 0x7F, 0xE4, 0xD9, 0x58, 0x0E, 0xF5, 0xA9, 0x39, + 0xE4, 0x61, 0x02, 0x81, 0xC1, 0x00, 0xB3, 0x94, 0x8F, 0x2B, + 0xFD, 0x84, 0x2E, 0x83, 0x42, 0x86, 0x56, 0x7E, 0xB5, 0xF8, + 0x3C, 0xC5, 0x0C, 0xCB, 0xBD, 0x32, 0x0C, 0xD7, 0xAA, 0xA7, + 0xB0, 0xE9, 0xA4, 0x6A, 0xD1, 0x01, 0xDB, 0x87, 0x2A, 0xF7, + 0xDF, 0xEC, 0xC2, 0x03, 0x5D, 0x55, 0xA8, 0x66, 0x73, 0x79, + 0xA9, 0xAB, 0xBD, 0xAF, 0x69, 0x37, 0xFE, 0x41, 0xB5, 0x53, + 0xB3, 0xB2, 0xC0, 0xB1, 0x80, 0x34, 0xE6, 0xE1, 0x7B, 0xAE, + 0x67, 0xC7, 0xF3, 0x57, 0xFE, 0x12, 0xBC, 0x78, 0xAA, 0x75, + 0x0D, 0xAC, 0x79, 0x90, 0x14, 0x49, 0xFE, 0x6B, 0x51, 0xE3, + 0xE4, 0x46, 0xB2, 0x10, 0x4D, 0x05, 0x6A, 0x12, 0x80, 0x2A, + 0x8F, 0x39, 0x42, 0x0E, 0x3B, 0x24, 0x2B, 0x50, 0x5D, 0xF3, + 0xA7, 0x7F, 0x2F, 0x82, 0x89, 0x87, 0x9F, 0xF8, 0x7B, 0x1E, + 0x05, 0x6E, 0x75, 0x83, 0x04, 0x35, 0x66, 0x4A, 0x06, 0x57, + 0x39, 0xAB, 0x21, 0x0B, 0x94, 0x41, 0x6A, 0x2A, 0xC7, 0xDE, + 0x98, 0x45, 0x8F, 0x96, 0x1C, 0xF2, 0xD8, 0xFB, 0x9C, 0x10, + 0x8E, 0x41, 0x7A, 0xDD, 0xDD, 0x1D, 0xEF, 0xA5, 0x67, 0xEC, + 0xFE, 0xA3, 0x2D, 0xA9, 0xFD, 0xF3, 0xEE, 0x35, 0xF4, 0xA7, + 0xBC, 0xF9, 0x71, 0xCC, 0xB9, 0xC0, 0x5F, 0x58, 0x5B, 0xBD, + 0x1A, 0x9E, 0xC7, 0x08, 0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE, + 0xE3, 0xF8, 0xBE, 0x1E, 0xC7, 0xD2, 0x28, 0x97 +}; +static const int sizeof_client_key_der_3072 = sizeof(client_key_der_3072); + +/* ./certs/3072/client-keyPub.der, 3072-bit */ +static const unsigned char client_keypub_der_3072[] = +{ + 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, 0x01, 0x8A, 0x02, 0x82, + 0x01, 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8, + 0x10, 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A, + 0x41, 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0, + 0x88, 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73, + 0x42, 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA, + 0xBC, 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA, + 0x5C, 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3, + 0x58, 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02, + 0x00, 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F, + 0x2A, 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B, + 0x0B, 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06, + 0x7E, 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C, + 0x64, 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA, + 0x6A, 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A, + 0x89, 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06, + 0x48, 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27, + 0xEA, 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06, + 0x59, 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2, + 0xC0, 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF, + 0xF7, 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5, + 0xC8, 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79, + 0x5D, 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8, + 0xEE, 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78, + 0x0C, 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9, + 0xFC, 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD, + 0xA1, 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB, + 0xB9, 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA, + 0xCC, 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61, + 0xFC, 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3, + 0x2D, 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1, + 0x7F, 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26, + 0x35, 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC, + 0xCA, 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B, + 0xA1, 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73, + 0xF4, 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7, + 0x6F, 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA, + 0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45, + 0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE, + 0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01, + 0x00, 0x01 +}; +static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072); + +/* ./certs/3072/client-cert.der, 3072-bit */ +static const unsigned char client_cert_der_3072[] = +{ + 0x30, 0x82, 0x05, 0xF8, 0x30, 0x82, 0x04, 0x60, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x2F, 0x06, 0x07, 0xA8, 0xB6, + 0xF4, 0xEE, 0x10, 0x91, 0x43, 0xDE, 0xE1, 0x46, 0x99, 0xC4, + 0x90, 0x79, 0xE6, 0xF1, 0xD1, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x33, 0x30, 0x37, 0x32, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, + 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x33, 0x30, + 0x37, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x31, 0x32, + 0x32, 0x30, 0x35, 0x35, 0x31, 0x34, 0x38, 0x5A, 0x17, 0x0D, + 0x32, 0x32, 0x31, 0x30, 0x31, 0x38, 0x30, 0x35, 0x35, 0x31, + 0x34, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x33, 0x30, 0x37, 0x32, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, + 0x2D, 0x33, 0x30, 0x37, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, + 0x01, 0x8A, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAC, 0x39, 0x50, + 0x68, 0x8F, 0x78, 0xF8, 0x10, 0x9B, 0x68, 0x96, 0xD3, 0xE1, + 0x9C, 0x56, 0x68, 0x5A, 0x41, 0x62, 0xE3, 0xB3, 0x41, 0xB0, + 0x55, 0x80, 0x17, 0xB0, 0x88, 0x16, 0x9B, 0xE0, 0x97, 0x74, + 0x5F, 0x42, 0x79, 0x73, 0x42, 0xDF, 0x93, 0xF3, 0xAA, 0x9D, + 0xEE, 0x2D, 0x6F, 0xAA, 0xBC, 0x27, 0x90, 0x84, 0xC0, 0x5D, + 0xC7, 0xEC, 0x49, 0xEA, 0x5C, 0x66, 0x1D, 0x70, 0x9C, 0x53, + 0x5C, 0xBA, 0xA1, 0xB3, 0x58, 0xC9, 0x3E, 0x8E, 0x9B, 0x72, + 0x3D, 0x6E, 0x02, 0x02, 0x00, 0x9C, 0x65, 0x56, 0x82, 0xA3, + 0x22, 0xB4, 0x08, 0x5F, 0x2A, 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, + 0x31, 0x59, 0x26, 0x5B, 0x0B, 0x1C, 0x63, 0x61, 0xFF, 0xD5, + 0x69, 0x32, 0x19, 0x06, 0x7E, 0x0F, 0x40, 0x3C, 0x7A, 0x1E, + 0xC8, 0xFC, 0x58, 0x6C, 0x64, 0xAE, 0x10, 0x3D, 0xA8, 0x23, + 0xFF, 0x8E, 0x1A, 0xCA, 0x6A, 0x82, 0xE2, 0xF9, 0x01, 0x64, + 0x2C, 0x97, 0xA0, 0x1A, 0x89, 0xA0, 0x74, 0xD3, 0xB6, 0x05, + 0x11, 0xF2, 0x62, 0x06, 0x48, 0x2A, 0xF7, 0x66, 0xCE, 0xC1, + 0x85, 0xE1, 0xD2, 0x27, 0xEA, 0xCA, 0x12, 0xA5, 0x91, 0x97, + 0x3E, 0xFC, 0x94, 0x06, 0x59, 0x51, 0xC0, 0xE7, 0x13, 0xB6, + 0x87, 0x7B, 0x5F, 0xD2, 0xC0, 0x56, 0x2F, 0x5E, 0x1D, 0x02, + 0xC3, 0x11, 0x2C, 0xDF, 0xF7, 0x01, 0xDA, 0xBD, 0x85, 0x54, + 0x35, 0x32, 0x5F, 0xC5, 0xC8, 0xF9, 0x7A, 0x9F, 0x89, 0xF7, + 0x03, 0x0E, 0x7E, 0x79, 0x5D, 0x04, 0x82, 0x35, 0x10, 0xFE, + 0x6D, 0x9B, 0xBF, 0xB8, 0xEE, 0xE2, 0x62, 0x87, 0x26, 0x5E, + 0x2F, 0x50, 0x2F, 0x78, 0x0C, 0xE8, 0x73, 0x4F, 0x88, 0x6A, + 0xD6, 0x26, 0xA4, 0xC9, 0xFC, 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, + 0x32, 0xCF, 0x57, 0xCD, 0xA1, 0x58, 0x8A, 0x49, 0x0F, 0xBB, + 0xA9, 0x1D, 0x86, 0xAB, 0xB9, 0x8F, 0x8D, 0x57, 0x19, 0xB2, + 0x5A, 0x7E, 0xA4, 0xEA, 0xCC, 0xB7, 0x96, 0x7A, 0x3B, 0x38, + 0xCD, 0xDE, 0xE0, 0x61, 0xFC, 0xC9, 0x06, 0x8F, 0x93, 0x5A, + 0xCE, 0xAD, 0x2A, 0xE3, 0x2D, 0x3E, 0x39, 0x5D, 0x41, 0x83, + 0x01, 0x1F, 0x0F, 0xE1, 0x7F, 0x76, 0xC7, 0x28, 0xDA, 0x56, + 0xEF, 0xBF, 0xDC, 0x26, 0x35, 0x40, 0xBE, 0xAD, 0xC7, 0x38, + 0xAD, 0xA4, 0x06, 0xAC, 0xCA, 0xE8, 0x51, 0xEB, 0xC0, 0xF8, + 0x68, 0x02, 0x2C, 0x9B, 0xA1, 0x14, 0xBC, 0xF8, 0x61, 0x86, + 0xD7, 0x56, 0xD7, 0x73, 0xF4, 0xAB, 0xBB, 0x6A, 0x21, 0xD3, + 0x88, 0x22, 0xB4, 0xE7, 0x6F, 0x7F, 0x91, 0xE5, 0x0E, 0xC6, + 0x08, 0x49, 0xDE, 0xEA, 0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, + 0xF9, 0x36, 0x03, 0x45, 0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, + 0xC4, 0x8C, 0xA3, 0xEE, 0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, + 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x2A, + 0x30, 0x82, 0x01, 0x26, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0x3D, 0xD1, 0x84, 0xC2, 0xAF, + 0xB0, 0x20, 0x49, 0xBC, 0x74, 0x87, 0x41, 0x38, 0xAB, 0xBA, + 0xD2, 0xD4, 0x0C, 0xA3, 0xA8, 0x30, 0x81, 0xDE, 0x06, 0x03, + 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, + 0x14, 0x3D, 0xD1, 0x84, 0xC2, 0xAF, 0xB0, 0x20, 0x49, 0xBC, + 0x74, 0x87, 0x41, 0x38, 0xAB, 0xBA, 0xD2, 0xD4, 0x0C, 0xA3, + 0xA8, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, + 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x33, 0x30, + 0x37, 0x32, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, + 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x33, 0x30, 0x37, 0x32, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, + 0x2F, 0x06, 0x07, 0xA8, 0xB6, 0xF4, 0xEE, 0x10, 0x91, 0x43, + 0xDE, 0xE1, 0x46, 0x99, 0xC4, 0x90, 0x79, 0xE6, 0xF1, 0xD1, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1D, + 0x11, 0x04, 0x0F, 0x30, 0x0D, 0x82, 0x0B, 0x65, 0x78, 0x61, + 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, 0x04, 0xF5, + 0xE0, 0xE5, 0x75, 0x6B, 0xCF, 0xEE, 0x19, 0xEF, 0x3C, 0xB5, + 0xB6, 0x78, 0xCE, 0xB2, 0xC3, 0xF2, 0x3E, 0x0D, 0x3F, 0xB7, + 0x6D, 0x59, 0x7D, 0xB6, 0x7E, 0x6A, 0x91, 0x0F, 0x85, 0xAC, + 0xCA, 0x56, 0x30, 0x3C, 0x3F, 0x5D, 0x30, 0x10, 0x7C, 0x5E, + 0x7F, 0x98, 0xB2, 0x9D, 0x95, 0x04, 0xE1, 0xEE, 0xC0, 0x9E, + 0x1B, 0x01, 0x39, 0xCB, 0x02, 0x05, 0xB9, 0x9B, 0x02, 0x88, + 0xEB, 0xD0, 0xAD, 0x06, 0xD5, 0x39, 0x2D, 0x24, 0xE6, 0xDC, + 0x4E, 0xCE, 0x8C, 0x36, 0x7D, 0xB6, 0x8E, 0x1D, 0xE8, 0xB7, + 0xEF, 0xFF, 0xB4, 0x17, 0xC1, 0xA5, 0xD8, 0xFA, 0x34, 0xDD, + 0x99, 0x3D, 0x30, 0x4B, 0x45, 0xA2, 0x14, 0x6A, 0x88, 0x93, + 0xCA, 0x25, 0xE2, 0x5C, 0xD5, 0xBA, 0xE8, 0x9D, 0xEF, 0xD7, + 0x68, 0x76, 0x05, 0x92, 0x48, 0x19, 0x92, 0x11, 0x79, 0xC2, + 0xFE, 0x11, 0x49, 0x4D, 0xD6, 0xD1, 0x8F, 0x32, 0x1C, 0x5F, + 0x3B, 0x41, 0x2C, 0x08, 0xB2, 0x72, 0x65, 0x1C, 0xE5, 0x86, + 0x02, 0x94, 0xB3, 0x9D, 0x30, 0xDA, 0x59, 0x42, 0xA1, 0xB0, + 0x1E, 0x00, 0x92, 0x93, 0x6E, 0x0D, 0x27, 0xCF, 0xDF, 0xD8, + 0xCF, 0x2B, 0xCD, 0xCB, 0x8C, 0xFF, 0xB5, 0x6F, 0x83, 0x92, + 0x27, 0x00, 0x58, 0x59, 0xA2, 0x0B, 0x91, 0xB0, 0x39, 0xCA, + 0xA8, 0x78, 0xFD, 0x83, 0x56, 0x4F, 0xA1, 0x6E, 0xC3, 0xE0, + 0x2B, 0xAE, 0xEF, 0x3C, 0x09, 0x04, 0xF0, 0x9B, 0x5B, 0x00, + 0xD3, 0xED, 0xB6, 0x06, 0xF6, 0x9C, 0xDA, 0xAF, 0x61, 0x68, + 0x8F, 0xE3, 0x2A, 0xC3, 0x85, 0x20, 0x66, 0x2C, 0xAC, 0xDD, + 0x65, 0x37, 0x36, 0xC2, 0x2F, 0xBA, 0xB8, 0x90, 0x66, 0x6E, + 0x9E, 0x58, 0xA2, 0x4B, 0xD6, 0xA7, 0x30, 0xC8, 0xC9, 0x6C, + 0xBD, 0x13, 0x40, 0xA0, 0xCA, 0x59, 0x7C, 0xC5, 0x86, 0x9C, + 0x55, 0xC5, 0x68, 0xC7, 0x0C, 0x7F, 0x94, 0x73, 0xA5, 0x4B, + 0xEB, 0xF1, 0x27, 0x96, 0xB5, 0xF9, 0x69, 0x6B, 0x2B, 0xB6, + 0x62, 0xD7, 0x3A, 0x0D, 0x40, 0x65, 0xF0, 0x0D, 0xDE, 0x91, + 0x77, 0xD4, 0xF6, 0xBB, 0x13, 0x7B, 0x4A, 0x55, 0x8F, 0x7E, + 0x49, 0x65, 0x89, 0x37, 0x46, 0x05, 0x2F, 0x90, 0x14, 0x73, + 0x0D, 0x2D, 0x1E, 0xA4, 0xD4, 0xBB, 0x4E, 0x6D, 0x29, 0xDA, + 0x79, 0x6E, 0x73, 0x08, 0xDE, 0x5F, 0x27, 0xDC, 0x23, 0x14, + 0xDB, 0x7B, 0xE7, 0x02, 0x13, 0x2E, 0xC7, 0x94, 0x19, 0xF3, + 0x7D, 0x2E, 0xC4, 0x8A, 0x69, 0xBA, 0xF5, 0xBA, 0x62, 0xC2, + 0x88, 0xB5, 0xCB, 0xC7, 0x92, 0xA2, 0x8A, 0xE3, 0x69, 0x10, + 0x6E, 0xC5, 0xB8, 0xB2, 0x10, 0x7E, 0xB6, 0x0C, 0x71, 0x2A, + 0xC3, 0xE9, 0x71, 0x0C, 0xA2, 0x8B, 0x9A, 0x1D, 0x2C, 0x4E, + 0x21, 0x68, 0x53, 0x51, 0x6D, 0x0C, 0xD2, 0xB4, 0x4B, 0x50, + 0x4B, 0x0A +}; +static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072); + #endif /* USE_CERT_BUFFERS_3072 */ +#ifdef USE_CERT_BUFFERS_4096 + +/* ./certs/4096/client-key.der, 4096-bit */ +static const unsigned char client_key_der_4096[] = +{ + 0x30, 0x82, 0x09, 0x28, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, + 0x01, 0x00, 0xF5, 0xD0, 0x31, 0xE4, 0x71, 0x59, 0x58, 0xB3, + 0x07, 0x50, 0xDD, 0x16, 0x79, 0xFC, 0xC6, 0x95, 0x50, 0xFC, + 0x46, 0x0E, 0x57, 0x12, 0x86, 0x71, 0x8D, 0xE3, 0x9B, 0x4A, + 0x33, 0xEA, 0x4F, 0xD9, 0x17, 0x13, 0x6D, 0x48, 0x69, 0xDF, + 0x59, 0x11, 0x08, 0x02, 0x9D, 0xAF, 0x2B, 0xC7, 0x30, 0xBE, + 0x0C, 0xDC, 0x87, 0xD4, 0x5A, 0x12, 0x09, 0x23, 0x5D, 0xE1, + 0x76, 0x5A, 0x62, 0x37, 0x46, 0x74, 0xEF, 0x03, 0x05, 0xBB, + 0x1E, 0x6D, 0x29, 0x75, 0x6C, 0x2E, 0x9D, 0x87, 0x0D, 0x8F, + 0x87, 0xCB, 0x14, 0x95, 0x9B, 0xBE, 0x17, 0x6B, 0x51, 0xD1, + 0x4C, 0xDA, 0xD7, 0x91, 0x66, 0xC5, 0x36, 0xEB, 0xE0, 0x07, + 0x1A, 0x76, 0x4D, 0xB0, 0xFB, 0xC1, 0xF5, 0x5E, 0x05, 0xDB, + 0xBA, 0xCB, 0x25, 0xD9, 0x99, 0x13, 0x1C, 0xC0, 0x35, 0xDC, + 0x40, 0xE9, 0x36, 0xCD, 0xC4, 0xD5, 0x7A, 0x41, 0x70, 0x0F, + 0x36, 0xEB, 0xA5, 0x4E, 0x17, 0x05, 0xD5, 0x75, 0x1B, 0x64, + 0x62, 0x7A, 0x3F, 0x0D, 0x28, 0x48, 0x6A, 0xE3, 0xAC, 0x9C, + 0xA8, 0x8F, 0xE9, 0xED, 0xF7, 0xCD, 0x24, 0xA0, 0xB1, 0xA0, + 0x03, 0xAC, 0xE3, 0x03, 0xF5, 0x3F, 0xD1, 0x96, 0xFF, 0x2A, + 0x7E, 0x08, 0xB1, 0xD3, 0xE0, 0x18, 0x14, 0xEC, 0x65, 0x37, + 0x50, 0x43, 0xC2, 0x6A, 0x8C, 0xF4, 0x5B, 0xFE, 0xC4, 0xCB, + 0x8D, 0x3F, 0x81, 0x02, 0xF7, 0xC2, 0xDD, 0xE4, 0xC1, 0x8E, + 0x80, 0x0C, 0x04, 0x25, 0x2D, 0x80, 0x5A, 0x2E, 0x0F, 0x22, + 0x35, 0x4A, 0xF4, 0x85, 0xED, 0x51, 0xD8, 0xAB, 0x6D, 0x8F, + 0xA2, 0x3B, 0x24, 0x00, 0x6E, 0x81, 0xE2, 0x1E, 0x76, 0xD6, + 0xAC, 0x31, 0x12, 0xDB, 0xF3, 0x8E, 0x07, 0xA1, 0xDE, 0x89, + 0x4A, 0x39, 0x60, 0x77, 0xC5, 0xAA, 0xF1, 0x51, 0xE6, 0x06, + 0xF1, 0x95, 0x56, 0x2A, 0xE1, 0x8E, 0x92, 0x30, 0x9F, 0xFE, + 0x58, 0x44, 0xAC, 0x46, 0xF2, 0xFD, 0x9A, 0xFC, 0xA8, 0x1D, + 0xA1, 0xD3, 0x55, 0x37, 0x4A, 0x8B, 0xFC, 0x9C, 0x33, 0xF8, + 0xA7, 0x61, 0x48, 0x41, 0x7C, 0x9C, 0x77, 0x3F, 0xF5, 0x80, + 0x23, 0x7D, 0x43, 0xB4, 0xD5, 0x88, 0x0A, 0xC9, 0x75, 0xD7, + 0x44, 0x19, 0x4D, 0x77, 0x6C, 0x0B, 0x0A, 0x49, 0xAA, 0x1C, + 0x2F, 0xD6, 0x5A, 0x44, 0xA6, 0x47, 0x4D, 0xE5, 0x36, 0x96, + 0x40, 0x99, 0x2C, 0x56, 0x26, 0xB1, 0xF2, 0x92, 0x31, 0x59, + 0xD7, 0x2C, 0xD4, 0xB4, 0x21, 0xD6, 0x65, 0x13, 0x0B, 0x3E, + 0xFB, 0xFF, 0x04, 0xEB, 0xB9, 0x85, 0xB9, 0xD8, 0xD8, 0x28, + 0x4F, 0x5C, 0x17, 0x96, 0xA3, 0x51, 0xBE, 0xFE, 0x7D, 0x0B, + 0x1B, 0x48, 0x40, 0x25, 0x76, 0x94, 0xDC, 0x41, 0xFB, 0xBF, + 0x73, 0x76, 0xDA, 0xEB, 0xB3, 0x62, 0xE7, 0xC1, 0xC8, 0x54, + 0x6A, 0x93, 0xE1, 0x8D, 0x31, 0xE8, 0x3E, 0x3E, 0xDF, 0xBC, + 0x87, 0x02, 0x30, 0x22, 0x57, 0xC4, 0xE0, 0x18, 0x7A, 0xD3, + 0xAE, 0xE4, 0x02, 0x9B, 0xAA, 0xBD, 0x4E, 0x49, 0x47, 0x72, + 0xE9, 0x8D, 0x13, 0x2D, 0x54, 0x9B, 0x00, 0xA7, 0x91, 0x61, + 0x71, 0xC9, 0xCC, 0x48, 0x4F, 0xEE, 0xDF, 0x5E, 0x1B, 0x1A, + 0xDF, 0x67, 0xD3, 0x20, 0xE6, 0x44, 0x45, 0x98, 0x7E, 0xE7, + 0x0E, 0x63, 0x16, 0x83, 0xC9, 0x26, 0x5D, 0x90, 0xC1, 0xE5, + 0x2A, 0x5C, 0x45, 0x54, 0x13, 0xB2, 0x81, 0x18, 0x06, 0x20, + 0x2E, 0x2E, 0x66, 0x5A, 0xB5, 0x7B, 0x6E, 0xD6, 0x0C, 0x4E, + 0x89, 0x01, 0x56, 0x70, 0xBB, 0xAE, 0xDE, 0xE9, 0x99, 0x5E, + 0xD1, 0xB9, 0x3A, 0xB7, 0x6C, 0x17, 0xB6, 0x03, 0xA9, 0x08, + 0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4, + 0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2, + 0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, + 0x82, 0x02, 0x01, 0x00, 0xC5, 0x76, 0x57, 0x7D, 0xF1, 0x68, + 0x1A, 0x8E, 0xC6, 0x63, 0xB9, 0x16, 0xA3, 0x2B, 0xE1, 0xC2, + 0x74, 0xEA, 0x12, 0xC4, 0xD6, 0x41, 0x75, 0x6A, 0xA6, 0xD6, + 0x9E, 0x1A, 0x7F, 0x95, 0xCC, 0x4A, 0xD1, 0xF4, 0xB3, 0x27, + 0x26, 0x95, 0x5A, 0x91, 0x09, 0xE4, 0x40, 0x13, 0x45, 0x91, + 0x9F, 0xA0, 0x2B, 0xE8, 0xC3, 0xDC, 0x5B, 0xF6, 0x7D, 0x0C, + 0xC2, 0x0F, 0xA9, 0xE9, 0x75, 0x58, 0x7D, 0xEA, 0xD5, 0x4D, + 0x92, 0x3E, 0xFC, 0x74, 0x28, 0x87, 0xC1, 0x3D, 0xB9, 0x21, + 0x92, 0x4D, 0x28, 0x82, 0x84, 0xA8, 0xA2, 0x11, 0x93, 0xF2, + 0x8C, 0x29, 0x1C, 0x19, 0xF8, 0x6D, 0x3F, 0x27, 0x51, 0xB5, + 0x2D, 0xA3, 0xC7, 0x28, 0x1D, 0xC4, 0xFC, 0x98, 0x94, 0xA8, + 0xD0, 0xFF, 0xF0, 0x0F, 0xDC, 0xF9, 0xED, 0xB3, 0xA2, 0xB6, + 0xED, 0x0D, 0x5F, 0xBF, 0x78, 0x5C, 0xD7, 0xAF, 0xBD, 0xA3, + 0xEF, 0x86, 0xE9, 0x51, 0x66, 0xDB, 0x52, 0x37, 0x47, 0x7F, + 0xE9, 0x5F, 0x3C, 0x94, 0x83, 0x2D, 0xE8, 0x9C, 0x33, 0xF1, + 0x6C, 0xE9, 0xF3, 0xA6, 0x97, 0xFE, 0xA7, 0xBF, 0x4D, 0x9B, + 0x20, 0xD5, 0x2F, 0xDE, 0xA4, 0x06, 0xBB, 0xEE, 0x66, 0x49, + 0x6B, 0xF5, 0x10, 0x85, 0x9F, 0x84, 0x5A, 0x52, 0x3E, 0x0C, + 0xA0, 0x4A, 0x4C, 0xDA, 0x01, 0xC5, 0x62, 0x31, 0xB1, 0xEC, + 0xF8, 0xDD, 0xA3, 0x3B, 0xCE, 0x41, 0x3A, 0x12, 0x79, 0xF9, + 0x97, 0x5B, 0x07, 0x95, 0x9F, 0x86, 0xD6, 0x04, 0x73, 0x6C, + 0xE8, 0x8F, 0x4C, 0x4C, 0x48, 0x1D, 0x85, 0xC4, 0xE7, 0xCE, + 0xDE, 0x16, 0x31, 0xF6, 0x5C, 0x37, 0x54, 0x8E, 0x55, 0xBC, + 0xAF, 0x2E, 0x47, 0xE8, 0xAC, 0x03, 0xB0, 0xA4, 0xF9, 0x90, + 0x98, 0x99, 0xA4, 0xDC, 0x6E, 0x98, 0x08, 0x5C, 0x07, 0xBB, + 0x08, 0x93, 0xAF, 0x61, 0x8D, 0x74, 0xA8, 0xF8, 0xC4, 0x89, + 0x64, 0x10, 0xE1, 0xE6, 0xC0, 0xCD, 0x1D, 0x39, 0x20, 0xD6, + 0x5A, 0x89, 0x83, 0xFC, 0x37, 0xE2, 0x12, 0x66, 0xA8, 0x12, + 0xCC, 0x72, 0xBB, 0x1E, 0xFB, 0x6A, 0xE3, 0x7C, 0x71, 0x7E, + 0xB9, 0x2E, 0x8E, 0x84, 0x66, 0xE1, 0xB9, 0xD0, 0x25, 0x9A, + 0x6F, 0x9D, 0x19, 0xE6, 0x7E, 0xE8, 0xD8, 0xF0, 0xC5, 0x23, + 0x16, 0x9A, 0x68, 0x2C, 0x1D, 0x55, 0xAE, 0x8E, 0x90, 0xEE, + 0x8E, 0xEC, 0x5E, 0x46, 0x9D, 0x60, 0x52, 0x32, 0x17, 0x28, + 0x59, 0xC4, 0x49, 0x2A, 0x20, 0x3E, 0x95, 0xC5, 0xDF, 0xF6, + 0x3D, 0xF7, 0xC5, 0xCF, 0xB1, 0xC2, 0xC9, 0x76, 0xF8, 0x3D, + 0xBE, 0xF4, 0x63, 0xFC, 0x2A, 0x00, 0x6F, 0x99, 0xA6, 0xB6, + 0xAD, 0x35, 0xEE, 0xDE, 0xC5, 0xE0, 0x97, 0xC6, 0x73, 0xEE, + 0x33, 0xA0, 0xA8, 0xFC, 0x4C, 0x8F, 0xF2, 0x8C, 0x61, 0xFB, + 0x03, 0x19, 0xA1, 0xE8, 0x17, 0x4E, 0xE3, 0x21, 0x58, 0xCE, + 0xFE, 0xF2, 0x5F, 0xBB, 0xDD, 0x4F, 0xF7, 0x18, 0xCB, 0x35, + 0x57, 0xDD, 0xE5, 0x50, 0x2A, 0x7B, 0x1A, 0xE9, 0x12, 0xF2, + 0x7A, 0x11, 0xB1, 0x43, 0xB9, 0x70, 0x07, 0x0C, 0x8F, 0x69, + 0xB9, 0xE5, 0xA5, 0xC9, 0xE2, 0x1B, 0x96, 0x74, 0x11, 0xF5, + 0x95, 0xB9, 0x58, 0xC0, 0xBD, 0x37, 0xFB, 0x28, 0x2A, 0xBD, + 0x84, 0xB1, 0x2B, 0x67, 0x42, 0x82, 0xC3, 0x95, 0x55, 0x45, + 0xD5, 0xEA, 0xC3, 0x8A, 0x42, 0x3A, 0x43, 0x17, 0x5E, 0xCD, + 0xD2, 0xEA, 0xFC, 0xDF, 0x67, 0xEC, 0xE1, 0x6C, 0xA8, 0x03, + 0x19, 0xB2, 0x1D, 0x4A, 0x5F, 0x4F, 0xE7, 0xD3, 0xE0, 0x86, + 0xC5, 0x1A, 0x10, 0xC3, 0x08, 0xD2, 0xED, 0x85, 0x93, 0x08, + 0x51, 0x05, 0xA6, 0x37, 0x15, 0x32, 0xBD, 0x6C, 0x73, 0x63, + 0x01, 0x5D, 0x5B, 0x4F, 0x6A, 0xDC, 0x6D, 0x1D, 0x55, 0x91, + 0x21, 0xE4, 0x8E, 0xB7, 0xF0, 0x81, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xFD, 0x27, 0xC8, 0xFE, 0x76, 0x5C, 0x89, 0x32, 0xCB, + 0x8A, 0x22, 0x87, 0x61, 0x48, 0x91, 0x4A, 0x05, 0xAD, 0xA4, + 0x5C, 0x8A, 0xCA, 0x5C, 0x02, 0x88, 0x7E, 0x51, 0xC5, 0x66, + 0x90, 0x2C, 0xA3, 0xED, 0xA7, 0x43, 0x19, 0x0B, 0xA2, 0x42, + 0xB4, 0xE0, 0xE0, 0x45, 0xBF, 0xFE, 0xA0, 0xF2, 0x75, 0x0B, + 0x8E, 0x7D, 0x9D, 0x73, 0x67, 0xD3, 0x10, 0x09, 0xC5, 0xD9, + 0x8C, 0xAD, 0x3A, 0x64, 0x72, 0xAD, 0x96, 0x35, 0x91, 0x0F, + 0x4B, 0xC9, 0xBD, 0x4F, 0x65, 0x47, 0xA6, 0x2D, 0xEB, 0x3F, + 0xE2, 0x99, 0x72, 0x66, 0x12, 0xED, 0xEB, 0xD2, 0x7C, 0xFF, + 0x3A, 0x20, 0x37, 0x2A, 0xD3, 0x65, 0x51, 0x9B, 0xC3, 0xAA, + 0x18, 0xB1, 0x1F, 0x6E, 0x9D, 0x40, 0x47, 0xA4, 0x1F, 0x82, + 0x9B, 0xDB, 0x50, 0x6B, 0x86, 0x2F, 0xFB, 0x3F, 0x31, 0xB9, + 0x81, 0x11, 0x04, 0x14, 0x63, 0x86, 0x4F, 0x40, 0x2A, 0xF5, + 0xF9, 0x7C, 0xA1, 0x78, 0x19, 0x13, 0xD0, 0x51, 0x51, 0x0F, + 0x79, 0x88, 0x8D, 0x14, 0xA3, 0xDE, 0xB6, 0x33, 0x29, 0x42, + 0xB9, 0xE8, 0x59, 0x76, 0xF7, 0x43, 0x1A, 0xB6, 0xA6, 0xDF, + 0x0A, 0xC1, 0x42, 0xC7, 0x3F, 0x1C, 0x7E, 0x5C, 0x2C, 0x91, + 0x4B, 0x1E, 0xF8, 0x46, 0x91, 0x1F, 0xEE, 0x56, 0xB3, 0x0E, + 0xC8, 0xD0, 0x31, 0xD3, 0x3D, 0xED, 0x3D, 0xD9, 0xC5, 0x30, + 0x0C, 0x58, 0xD8, 0xB7, 0xB5, 0xEC, 0x14, 0xAC, 0x41, 0x64, + 0x6D, 0xE4, 0xC6, 0x59, 0xFD, 0x14, 0x05, 0x60, 0x65, 0xD8, + 0xC4, 0x84, 0x44, 0x7E, 0x1B, 0xB4, 0xA4, 0x16, 0x75, 0xC1, + 0x27, 0x96, 0xB2, 0x19, 0xD6, 0x39, 0x54, 0xC0, 0x93, 0xF3, + 0xD7, 0x1F, 0xCD, 0x1B, 0xDF, 0xF8, 0x12, 0x88, 0x14, 0x9F, + 0x98, 0x05, 0x47, 0x46, 0x71, 0x81, 0x6C, 0xDF, 0x91, 0xEF, + 0x53, 0xE3, 0xC5, 0xB1, 0x89, 0x2F, 0xE1, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xF8, 0x93, 0x4A, 0x28, 0x77, 0x94, 0xEF, 0xE9, + 0xC4, 0x0A, 0xC3, 0xE8, 0x52, 0x59, 0xB6, 0x1D, 0x8D, 0xCE, + 0x14, 0xE7, 0x43, 0xC6, 0xED, 0x09, 0x27, 0x5D, 0xF3, 0x8E, + 0x08, 0x6A, 0x19, 0x6B, 0x2C, 0x97, 0x9B, 0x88, 0x53, 0x2B, + 0xDA, 0xFE, 0x4B, 0x94, 0x66, 0x84, 0xD5, 0xA9, 0xCE, 0xA5, + 0x43, 0x70, 0xFB, 0x01, 0x5A, 0x6F, 0xCD, 0xF7, 0xD1, 0x9D, + 0x51, 0xEE, 0xA0, 0xDC, 0x46, 0xF5, 0x7D, 0xA7, 0xEE, 0xA0, + 0x86, 0xB7, 0x83, 0xFF, 0x21, 0x8B, 0x76, 0x05, 0x7D, 0xDE, + 0xC4, 0x26, 0x36, 0xBC, 0xB4, 0x8A, 0x48, 0xC3, 0x06, 0x90, + 0x97, 0xE5, 0xA6, 0x38, 0xC3, 0xE6, 0x7C, 0xD0, 0xF8, 0x23, + 0xD2, 0x33, 0x1F, 0x81, 0xC3, 0xE3, 0x7D, 0x85, 0x5A, 0x38, + 0x10, 0x03, 0xE6, 0x88, 0xDB, 0xC8, 0x4C, 0xD0, 0xF7, 0xB2, + 0x4D, 0x27, 0x33, 0x85, 0xCD, 0x3A, 0x74, 0x83, 0x6B, 0x82, + 0x58, 0xD9, 0xDF, 0xEE, 0xF5, 0xD3, 0xE9, 0xFE, 0x1C, 0xEF, + 0x06, 0x12, 0x16, 0xD1, 0x4C, 0xAE, 0x54, 0x4B, 0x0D, 0x1A, + 0xBD, 0xE2, 0xCF, 0x56, 0xB3, 0x74, 0xBE, 0x44, 0x4F, 0xA4, + 0x73, 0x0A, 0x98, 0x8D, 0x61, 0x84, 0x38, 0x46, 0xDC, 0x95, + 0xCF, 0x3F, 0x6B, 0xE7, 0x65, 0x87, 0x02, 0xBF, 0x4B, 0x57, + 0xE2, 0x3D, 0xC4, 0x2B, 0x1C, 0x82, 0x1D, 0xCC, 0x13, 0x7F, + 0xC0, 0x06, 0x12, 0x8C, 0x6F, 0x97, 0x50, 0x7B, 0x8C, 0x81, + 0xC3, 0x23, 0x15, 0xEB, 0x70, 0x07, 0x8E, 0xA1, 0x07, 0x1E, + 0x59, 0xFA, 0x10, 0xCA, 0x7E, 0x0F, 0xE2, 0xBB, 0xEE, 0x86, + 0x26, 0x1E, 0x55, 0xB9, 0x98, 0x66, 0x85, 0xEC, 0x27, 0xC5, + 0xD9, 0x63, 0x8D, 0x51, 0x77, 0xAA, 0xA0, 0x36, 0x55, 0x33, + 0x10, 0x21, 0x5E, 0xEC, 0x47, 0x67, 0x71, 0xD1, 0xAF, 0xFC, + 0x3E, 0x50, 0xF5, 0xBE, 0xD6, 0x92, 0xE7, 0x0B, 0x02, 0x82, + 0x01, 0x00, 0x21, 0x7C, 0x8A, 0xC4, 0xC6, 0x29, 0x55, 0x68, + 0xA7, 0xAD, 0xDD, 0x05, 0x65, 0x63, 0xF0, 0xFC, 0x06, 0xA6, + 0x42, 0x70, 0x8F, 0x57, 0x57, 0x36, 0x6A, 0x91, 0xB3, 0x05, + 0x56, 0x9C, 0xC9, 0x9A, 0xE1, 0x8B, 0xD7, 0x7F, 0x4F, 0x9F, + 0xA6, 0x0D, 0x41, 0x15, 0xC9, 0x84, 0x2D, 0x0D, 0x63, 0x25, + 0x02, 0x63, 0x55, 0xD0, 0x66, 0xFC, 0x9B, 0xD9, 0xAA, 0x41, + 0x46, 0x96, 0xAA, 0x2F, 0x68, 0x2C, 0x17, 0x34, 0x20, 0x5F, + 0xD0, 0xD3, 0x28, 0x9B, 0x67, 0x0E, 0x31, 0x9D, 0x14, 0xC3, + 0xE2, 0x8E, 0x79, 0xD7, 0xBD, 0x12, 0xD1, 0xEF, 0xF8, 0xC6, + 0xDA, 0x07, 0xF9, 0x4C, 0xF2, 0xD8, 0x45, 0xB5, 0xB6, 0xD1, + 0xFA, 0x05, 0x0C, 0x20, 0xE9, 0x43, 0xD9, 0xC5, 0xE0, 0x3A, + 0xDE, 0xCE, 0xF9, 0x02, 0xB9, 0x46, 0x65, 0xC0, 0x69, 0x4A, + 0x8D, 0x8C, 0x3A, 0x10, 0xFD, 0x15, 0x71, 0x25, 0xB8, 0x8A, + 0x36, 0x41, 0x4B, 0x30, 0x1C, 0xAF, 0xCC, 0x84, 0x28, 0xCD, + 0x7D, 0x2B, 0x89, 0x59, 0x88, 0x1A, 0x69, 0x12, 0x56, 0xD0, + 0x25, 0x68, 0x6C, 0x08, 0xB1, 0x88, 0xE1, 0x92, 0x7E, 0x08, + 0xB2, 0xC6, 0x3C, 0x6C, 0x35, 0xE8, 0xEE, 0x3E, 0xF4, 0xB8, + 0x5C, 0x7B, 0xC0, 0x5B, 0xFD, 0x11, 0xA3, 0x54, 0xA6, 0x99, + 0x46, 0xE2, 0x5F, 0x4F, 0xC7, 0xEE, 0x90, 0x1C, 0x37, 0x5B, + 0x33, 0x10, 0xDF, 0x0B, 0xC3, 0xB9, 0x47, 0xC2, 0x30, 0x4A, + 0xF2, 0x1A, 0xEB, 0x41, 0x25, 0x94, 0x29, 0x7A, 0xD0, 0x96, + 0x88, 0x46, 0xEE, 0x6C, 0x14, 0xF6, 0x5B, 0x3D, 0xBD, 0x4E, + 0xD4, 0x3F, 0x05, 0x5B, 0x07, 0xB9, 0xE3, 0x99, 0x87, 0x63, + 0xCA, 0xC4, 0x71, 0x0B, 0x73, 0x9D, 0x7B, 0xB6, 0x0F, 0xD4, + 0x12, 0x8C, 0x4C, 0x5E, 0x72, 0x3D, 0xFF, 0x6D, 0xC4, 0x61, + 0x0C, 0x74, 0x5F, 0x53, 0xBE, 0x39, 0x34, 0x61, 0x02, 0x82, + 0x01, 0x00, 0x5F, 0xF2, 0xF2, 0xB0, 0x16, 0x20, 0x8E, 0x4E, + 0xCC, 0x96, 0x5F, 0x32, 0x80, 0xFF, 0x11, 0xF5, 0xEC, 0x73, + 0xBC, 0xCB, 0xDB, 0xF4, 0xA0, 0x30, 0x65, 0x5A, 0xB5, 0x95, + 0x80, 0x97, 0xFB, 0xC1, 0xCB, 0xCF, 0xA5, 0x80, 0x84, 0xA2, + 0x2C, 0x00, 0xF6, 0x89, 0x8C, 0xDC, 0xFF, 0x60, 0x71, 0x5C, + 0x87, 0x60, 0xC7, 0xF2, 0xA8, 0xC6, 0xF9, 0x59, 0x0C, 0x37, + 0x4E, 0x95, 0xEE, 0xCF, 0xB8, 0x30, 0x30, 0x55, 0xAF, 0x1D, + 0x95, 0x82, 0xA6, 0xD7, 0xC7, 0x49, 0xFE, 0xBF, 0x75, 0xEB, + 0x94, 0x09, 0x30, 0x1D, 0xBD, 0x0E, 0x97, 0xB1, 0x78, 0x0A, + 0x3E, 0x27, 0xAD, 0xF6, 0xC1, 0x5F, 0x69, 0x94, 0x7C, 0x03, + 0xCF, 0xB2, 0x5E, 0x1A, 0x07, 0xD3, 0xFA, 0xF2, 0x8B, 0x75, + 0x92, 0x70, 0xFE, 0xFE, 0x9A, 0xDF, 0x81, 0x0F, 0x34, 0x5D, + 0x45, 0xBC, 0xB8, 0xFD, 0x8F, 0xCF, 0x5D, 0x84, 0x10, 0xEE, + 0x9A, 0x7F, 0x57, 0x19, 0xF5, 0x17, 0xDC, 0x7D, 0x73, 0x0B, + 0xAC, 0x6B, 0x35, 0x15, 0x8B, 0x24, 0xCB, 0x72, 0xC0, 0xD7, + 0x2E, 0xAE, 0xAA, 0xDB, 0xCB, 0x9F, 0x67, 0x86, 0x14, 0xBB, + 0xE4, 0x90, 0x15, 0x7C, 0x95, 0x44, 0xA5, 0x38, 0x6D, 0x13, + 0x02, 0x91, 0x77, 0x84, 0x35, 0x43, 0x5D, 0x03, 0x1C, 0x01, + 0x0B, 0x5A, 0x4E, 0x2B, 0x59, 0xF0, 0xBB, 0xB1, 0xB7, 0x61, + 0x1B, 0x6C, 0xFC, 0xA1, 0xEA, 0xBD, 0x1C, 0x9A, 0xE4, 0x0C, + 0x7E, 0x97, 0x3F, 0x71, 0xC6, 0xA7, 0x94, 0x1D, 0x82, 0x12, + 0xEC, 0x26, 0x43, 0x6E, 0xF6, 0x24, 0x09, 0xA0, 0x03, 0x1D, + 0x12, 0xFF, 0xA8, 0x95, 0x60, 0x47, 0x4A, 0xB0, 0x72, 0x55, + 0xC3, 0x68, 0xD2, 0xF6, 0xBC, 0x5B, 0x47, 0x46, 0x51, 0xB2, + 0xC9, 0x2A, 0x28, 0x6A, 0xC9, 0xD1, 0x1B, 0x35, 0x16, 0x5A, + 0x26, 0x6F, 0xB7, 0xBB, 0xF7, 0x35, 0x73, 0x2B, 0x02, 0x82, + 0x01, 0x00, 0x56, 0xBA, 0xD8, 0x02, 0xD7, 0x4B, 0x30, 0x5E, + 0x1B, 0x1E, 0x2F, 0xF3, 0x0D, 0xBC, 0xF1, 0x05, 0x6A, 0x68, + 0x4A, 0xE1, 0xEA, 0xB3, 0xDE, 0x61, 0x8C, 0x89, 0x44, 0xBA, + 0x63, 0x5E, 0xDF, 0x05, 0x24, 0x32, 0x71, 0x65, 0x1A, 0x36, + 0x2F, 0xBC, 0x07, 0x75, 0xA3, 0xCE, 0x9E, 0x52, 0x92, 0x95, + 0x4D, 0x3F, 0xC9, 0x06, 0xBC, 0xA1, 0x14, 0x33, 0x37, 0x95, + 0xAB, 0x9A, 0xEB, 0x04, 0xF6, 0x15, 0xC3, 0x9B, 0x10, 0x56, + 0x53, 0xA2, 0x28, 0xF2, 0x68, 0xDA, 0x7D, 0x97, 0x52, 0x63, + 0xAC, 0x9B, 0x56, 0xA9, 0xAB, 0x2E, 0x1E, 0x9E, 0x01, 0x70, + 0xFF, 0x2B, 0x6D, 0x0C, 0x4B, 0xA6, 0xC3, 0x3A, 0xB3, 0xD1, + 0xA7, 0x4B, 0x5E, 0x49, 0x2E, 0x95, 0xD6, 0x6A, 0xAE, 0x58, + 0x13, 0x66, 0x8F, 0x2F, 0x93, 0xE4, 0x6E, 0x8B, 0xFA, 0x94, + 0x30, 0x3E, 0xEC, 0x96, 0xAB, 0x46, 0x20, 0x3E, 0xC5, 0x30, + 0xB4, 0xEB, 0x41, 0x00, 0x39, 0x60, 0x1D, 0xE1, 0x20, 0xCE, + 0x31, 0x70, 0x17, 0x39, 0xCB, 0x76, 0x56, 0x6C, 0x55, 0x7B, + 0x90, 0x20, 0xBC, 0x39, 0xB2, 0x5B, 0xD1, 0x28, 0x6F, 0x0C, + 0x4F, 0x45, 0x6B, 0x82, 0xC4, 0x57, 0x23, 0x0C, 0x3F, 0x3F, + 0x2D, 0x83, 0xB3, 0x3D, 0x8E, 0xF9, 0x1A, 0xDA, 0x77, 0x54, + 0x2E, 0xFE, 0x16, 0x2E, 0xBA, 0x99, 0xDD, 0xCA, 0xB3, 0xD1, + 0xD8, 0xBB, 0x87, 0xE1, 0xD0, 0xA9, 0xD4, 0xE6, 0x8F, 0xE8, + 0x00, 0x3E, 0x49, 0x8A, 0xDD, 0xA6, 0x32, 0x91, 0x00, 0x31, + 0x31, 0x21, 0x98, 0x18, 0x94, 0xC9, 0x2D, 0x27, 0x05, 0xB7, + 0x9B, 0x09, 0x2E, 0xBB, 0x5D, 0xBF, 0x67, 0xE8, 0x0E, 0xD1, + 0x44, 0x75, 0x80, 0x1D, 0x0A, 0x21, 0x8F, 0x95, 0x76, 0xB0, + 0xFC, 0x19, 0x3C, 0xFF, 0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1, + 0x4E, 0xFE, 0x4D, 0x2B, 0x4B, 0x18, 0xE6, 0xCE +}; +static const int sizeof_client_key_der_4096 = sizeof(client_key_der_4096); + +/* ./certs/4096/client-keyPub.der, 4096-bit */ +static const unsigned char client_keypub_der_4096[] = +{ + 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, + 0x02, 0x01, 0x00, 0xF5, 0xD0, 0x31, 0xE4, 0x71, 0x59, 0x58, + 0xB3, 0x07, 0x50, 0xDD, 0x16, 0x79, 0xFC, 0xC6, 0x95, 0x50, + 0xFC, 0x46, 0x0E, 0x57, 0x12, 0x86, 0x71, 0x8D, 0xE3, 0x9B, + 0x4A, 0x33, 0xEA, 0x4F, 0xD9, 0x17, 0x13, 0x6D, 0x48, 0x69, + 0xDF, 0x59, 0x11, 0x08, 0x02, 0x9D, 0xAF, 0x2B, 0xC7, 0x30, + 0xBE, 0x0C, 0xDC, 0x87, 0xD4, 0x5A, 0x12, 0x09, 0x23, 0x5D, + 0xE1, 0x76, 0x5A, 0x62, 0x37, 0x46, 0x74, 0xEF, 0x03, 0x05, + 0xBB, 0x1E, 0x6D, 0x29, 0x75, 0x6C, 0x2E, 0x9D, 0x87, 0x0D, + 0x8F, 0x87, 0xCB, 0x14, 0x95, 0x9B, 0xBE, 0x17, 0x6B, 0x51, + 0xD1, 0x4C, 0xDA, 0xD7, 0x91, 0x66, 0xC5, 0x36, 0xEB, 0xE0, + 0x07, 0x1A, 0x76, 0x4D, 0xB0, 0xFB, 0xC1, 0xF5, 0x5E, 0x05, + 0xDB, 0xBA, 0xCB, 0x25, 0xD9, 0x99, 0x13, 0x1C, 0xC0, 0x35, + 0xDC, 0x40, 0xE9, 0x36, 0xCD, 0xC4, 0xD5, 0x7A, 0x41, 0x70, + 0x0F, 0x36, 0xEB, 0xA5, 0x4E, 0x17, 0x05, 0xD5, 0x75, 0x1B, + 0x64, 0x62, 0x7A, 0x3F, 0x0D, 0x28, 0x48, 0x6A, 0xE3, 0xAC, + 0x9C, 0xA8, 0x8F, 0xE9, 0xED, 0xF7, 0xCD, 0x24, 0xA0, 0xB1, + 0xA0, 0x03, 0xAC, 0xE3, 0x03, 0xF5, 0x3F, 0xD1, 0x96, 0xFF, + 0x2A, 0x7E, 0x08, 0xB1, 0xD3, 0xE0, 0x18, 0x14, 0xEC, 0x65, + 0x37, 0x50, 0x43, 0xC2, 0x6A, 0x8C, 0xF4, 0x5B, 0xFE, 0xC4, + 0xCB, 0x8D, 0x3F, 0x81, 0x02, 0xF7, 0xC2, 0xDD, 0xE4, 0xC1, + 0x8E, 0x80, 0x0C, 0x04, 0x25, 0x2D, 0x80, 0x5A, 0x2E, 0x0F, + 0x22, 0x35, 0x4A, 0xF4, 0x85, 0xED, 0x51, 0xD8, 0xAB, 0x6D, + 0x8F, 0xA2, 0x3B, 0x24, 0x00, 0x6E, 0x81, 0xE2, 0x1E, 0x76, + 0xD6, 0xAC, 0x31, 0x12, 0xDB, 0xF3, 0x8E, 0x07, 0xA1, 0xDE, + 0x89, 0x4A, 0x39, 0x60, 0x77, 0xC5, 0xAA, 0xF1, 0x51, 0xE6, + 0x06, 0xF1, 0x95, 0x56, 0x2A, 0xE1, 0x8E, 0x92, 0x30, 0x9F, + 0xFE, 0x58, 0x44, 0xAC, 0x46, 0xF2, 0xFD, 0x9A, 0xFC, 0xA8, + 0x1D, 0xA1, 0xD3, 0x55, 0x37, 0x4A, 0x8B, 0xFC, 0x9C, 0x33, + 0xF8, 0xA7, 0x61, 0x48, 0x41, 0x7C, 0x9C, 0x77, 0x3F, 0xF5, + 0x80, 0x23, 0x7D, 0x43, 0xB4, 0xD5, 0x88, 0x0A, 0xC9, 0x75, + 0xD7, 0x44, 0x19, 0x4D, 0x77, 0x6C, 0x0B, 0x0A, 0x49, 0xAA, + 0x1C, 0x2F, 0xD6, 0x5A, 0x44, 0xA6, 0x47, 0x4D, 0xE5, 0x36, + 0x96, 0x40, 0x99, 0x2C, 0x56, 0x26, 0xB1, 0xF2, 0x92, 0x31, + 0x59, 0xD7, 0x2C, 0xD4, 0xB4, 0x21, 0xD6, 0x65, 0x13, 0x0B, + 0x3E, 0xFB, 0xFF, 0x04, 0xEB, 0xB9, 0x85, 0xB9, 0xD8, 0xD8, + 0x28, 0x4F, 0x5C, 0x17, 0x96, 0xA3, 0x51, 0xBE, 0xFE, 0x7D, + 0x0B, 0x1B, 0x48, 0x40, 0x25, 0x76, 0x94, 0xDC, 0x41, 0xFB, + 0xBF, 0x73, 0x76, 0xDA, 0xEB, 0xB3, 0x62, 0xE7, 0xC1, 0xC8, + 0x54, 0x6A, 0x93, 0xE1, 0x8D, 0x31, 0xE8, 0x3E, 0x3E, 0xDF, + 0xBC, 0x87, 0x02, 0x30, 0x22, 0x57, 0xC4, 0xE0, 0x18, 0x7A, + 0xD3, 0xAE, 0xE4, 0x02, 0x9B, 0xAA, 0xBD, 0x4E, 0x49, 0x47, + 0x72, 0xE9, 0x8D, 0x13, 0x2D, 0x54, 0x9B, 0x00, 0xA7, 0x91, + 0x61, 0x71, 0xC9, 0xCC, 0x48, 0x4F, 0xEE, 0xDF, 0x5E, 0x1B, + 0x1A, 0xDF, 0x67, 0xD3, 0x20, 0xE6, 0x44, 0x45, 0x98, 0x7E, + 0xE7, 0x0E, 0x63, 0x16, 0x83, 0xC9, 0x26, 0x5D, 0x90, 0xC1, + 0xE5, 0x2A, 0x5C, 0x45, 0x54, 0x13, 0xB2, 0x81, 0x18, 0x06, + 0x20, 0x2E, 0x2E, 0x66, 0x5A, 0xB5, 0x7B, 0x6E, 0xD6, 0x0C, + 0x4E, 0x89, 0x01, 0x56, 0x70, 0xBB, 0xAE, 0xDE, 0xE9, 0x99, + 0x5E, 0xD1, 0xB9, 0x3A, 0xB7, 0x6C, 0x17, 0xB6, 0x03, 0xA9, + 0x08, 0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72, + 0xD4, 0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, + 0xF2, 0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, 0x01, 0x00, 0x01 + +}; +static const int sizeof_client_keypub_der_4096 = sizeof(client_keypub_der_4096); + +/* ./certs/4096/client-cert.der, 4096-bit */ +static const unsigned char client_cert_der_4096[] = +{ + 0x30, 0x82, 0x06, 0xE0, 0x30, 0x82, 0x04, 0xC8, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x2F, 0x0F, 0xAB, 0x23, 0xBC, + 0xA3, 0x14, 0x07, 0x91, 0x06, 0x55, 0x35, 0x01, 0x63, 0x7F, + 0x42, 0xBD, 0xFB, 0xF2, 0x43, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x34, 0x30, 0x39, 0x36, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, + 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x34, 0x30, + 0x39, 0x36, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x37, 0x30, + 0x39, 0x30, 0x33, 0x30, 0x36, 0x30, 0x32, 0x5A, 0x17, 0x0D, + 0x32, 0x32, 0x30, 0x34, 0x30, 0x34, 0x30, 0x33, 0x30, 0x36, + 0x30, 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x34, 0x30, 0x39, 0x36, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, + 0x2D, 0x34, 0x30, 0x39, 0x36, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, + 0x02, 0x0A, 0x02, 0x82, 0x02, 0x01, 0x00, 0xF5, 0xD0, 0x31, + 0xE4, 0x71, 0x59, 0x58, 0xB3, 0x07, 0x50, 0xDD, 0x16, 0x79, + 0xFC, 0xC6, 0x95, 0x50, 0xFC, 0x46, 0x0E, 0x57, 0x12, 0x86, + 0x71, 0x8D, 0xE3, 0x9B, 0x4A, 0x33, 0xEA, 0x4F, 0xD9, 0x17, + 0x13, 0x6D, 0x48, 0x69, 0xDF, 0x59, 0x11, 0x08, 0x02, 0x9D, + 0xAF, 0x2B, 0xC7, 0x30, 0xBE, 0x0C, 0xDC, 0x87, 0xD4, 0x5A, + 0x12, 0x09, 0x23, 0x5D, 0xE1, 0x76, 0x5A, 0x62, 0x37, 0x46, + 0x74, 0xEF, 0x03, 0x05, 0xBB, 0x1E, 0x6D, 0x29, 0x75, 0x6C, + 0x2E, 0x9D, 0x87, 0x0D, 0x8F, 0x87, 0xCB, 0x14, 0x95, 0x9B, + 0xBE, 0x17, 0x6B, 0x51, 0xD1, 0x4C, 0xDA, 0xD7, 0x91, 0x66, + 0xC5, 0x36, 0xEB, 0xE0, 0x07, 0x1A, 0x76, 0x4D, 0xB0, 0xFB, + 0xC1, 0xF5, 0x5E, 0x05, 0xDB, 0xBA, 0xCB, 0x25, 0xD9, 0x99, + 0x13, 0x1C, 0xC0, 0x35, 0xDC, 0x40, 0xE9, 0x36, 0xCD, 0xC4, + 0xD5, 0x7A, 0x41, 0x70, 0x0F, 0x36, 0xEB, 0xA5, 0x4E, 0x17, + 0x05, 0xD5, 0x75, 0x1B, 0x64, 0x62, 0x7A, 0x3F, 0x0D, 0x28, + 0x48, 0x6A, 0xE3, 0xAC, 0x9C, 0xA8, 0x8F, 0xE9, 0xED, 0xF7, + 0xCD, 0x24, 0xA0, 0xB1, 0xA0, 0x03, 0xAC, 0xE3, 0x03, 0xF5, + 0x3F, 0xD1, 0x96, 0xFF, 0x2A, 0x7E, 0x08, 0xB1, 0xD3, 0xE0, + 0x18, 0x14, 0xEC, 0x65, 0x37, 0x50, 0x43, 0xC2, 0x6A, 0x8C, + 0xF4, 0x5B, 0xFE, 0xC4, 0xCB, 0x8D, 0x3F, 0x81, 0x02, 0xF7, + 0xC2, 0xDD, 0xE4, 0xC1, 0x8E, 0x80, 0x0C, 0x04, 0x25, 0x2D, + 0x80, 0x5A, 0x2E, 0x0F, 0x22, 0x35, 0x4A, 0xF4, 0x85, 0xED, + 0x51, 0xD8, 0xAB, 0x6D, 0x8F, 0xA2, 0x3B, 0x24, 0x00, 0x6E, + 0x81, 0xE2, 0x1E, 0x76, 0xD6, 0xAC, 0x31, 0x12, 0xDB, 0xF3, + 0x8E, 0x07, 0xA1, 0xDE, 0x89, 0x4A, 0x39, 0x60, 0x77, 0xC5, + 0xAA, 0xF1, 0x51, 0xE6, 0x06, 0xF1, 0x95, 0x56, 0x2A, 0xE1, + 0x8E, 0x92, 0x30, 0x9F, 0xFE, 0x58, 0x44, 0xAC, 0x46, 0xF2, + 0xFD, 0x9A, 0xFC, 0xA8, 0x1D, 0xA1, 0xD3, 0x55, 0x37, 0x4A, + 0x8B, 0xFC, 0x9C, 0x33, 0xF8, 0xA7, 0x61, 0x48, 0x41, 0x7C, + 0x9C, 0x77, 0x3F, 0xF5, 0x80, 0x23, 0x7D, 0x43, 0xB4, 0xD5, + 0x88, 0x0A, 0xC9, 0x75, 0xD7, 0x44, 0x19, 0x4D, 0x77, 0x6C, + 0x0B, 0x0A, 0x49, 0xAA, 0x1C, 0x2F, 0xD6, 0x5A, 0x44, 0xA6, + 0x47, 0x4D, 0xE5, 0x36, 0x96, 0x40, 0x99, 0x2C, 0x56, 0x26, + 0xB1, 0xF2, 0x92, 0x31, 0x59, 0xD7, 0x2C, 0xD4, 0xB4, 0x21, + 0xD6, 0x65, 0x13, 0x0B, 0x3E, 0xFB, 0xFF, 0x04, 0xEB, 0xB9, + 0x85, 0xB9, 0xD8, 0xD8, 0x28, 0x4F, 0x5C, 0x17, 0x96, 0xA3, + 0x51, 0xBE, 0xFE, 0x7D, 0x0B, 0x1B, 0x48, 0x40, 0x25, 0x76, + 0x94, 0xDC, 0x41, 0xFB, 0xBF, 0x73, 0x76, 0xDA, 0xEB, 0xB3, + 0x62, 0xE7, 0xC1, 0xC8, 0x54, 0x6A, 0x93, 0xE1, 0x8D, 0x31, + 0xE8, 0x3E, 0x3E, 0xDF, 0xBC, 0x87, 0x02, 0x30, 0x22, 0x57, + 0xC4, 0xE0, 0x18, 0x7A, 0xD3, 0xAE, 0xE4, 0x02, 0x9B, 0xAA, + 0xBD, 0x4E, 0x49, 0x47, 0x72, 0xE9, 0x8D, 0x13, 0x2D, 0x54, + 0x9B, 0x00, 0xA7, 0x91, 0x61, 0x71, 0xC9, 0xCC, 0x48, 0x4F, + 0xEE, 0xDF, 0x5E, 0x1B, 0x1A, 0xDF, 0x67, 0xD3, 0x20, 0xE6, + 0x44, 0x45, 0x98, 0x7E, 0xE7, 0x0E, 0x63, 0x16, 0x83, 0xC9, + 0x26, 0x5D, 0x90, 0xC1, 0xE5, 0x2A, 0x5C, 0x45, 0x54, 0x13, + 0xB2, 0x81, 0x18, 0x06, 0x20, 0x2E, 0x2E, 0x66, 0x5A, 0xB5, + 0x7B, 0x6E, 0xD6, 0x0C, 0x4E, 0x89, 0x01, 0x56, 0x70, 0xBB, + 0xAE, 0xDE, 0xE9, 0x99, 0x5E, 0xD1, 0xB9, 0x3A, 0xB7, 0x6C, + 0x17, 0xB6, 0x03, 0xA9, 0x08, 0xDD, 0x9C, 0xF4, 0x14, 0xC9, + 0xC9, 0x59, 0x39, 0x72, 0xD4, 0x7E, 0x02, 0x37, 0x31, 0xCD, + 0x0E, 0xA7, 0x3D, 0xF8, 0xF2, 0xCF, 0x6B, 0x15, 0xAB, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x12, 0x30, 0x82, + 0x01, 0x0E, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0xFA, 0x54, 0x89, 0x67, 0xE5, 0x5F, 0xB7, + 0x31, 0x40, 0xEA, 0xFD, 0xE7, 0xF6, 0xA3, 0xC6, 0x5A, 0x56, + 0x16, 0xA5, 0x6E, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, + 0x23, 0x04, 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0xFA, + 0x54, 0x89, 0x67, 0xE5, 0x5F, 0xB7, 0x31, 0x40, 0xEA, 0xFD, + 0xE7, 0xF6, 0xA3, 0xC6, 0x5A, 0x56, 0x16, 0xA5, 0x6E, 0xA1, + 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, + 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, + 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, + 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x34, 0x30, 0x39, 0x36, + 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, + 0x6E, 0x67, 0x2D, 0x34, 0x30, 0x39, 0x36, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x2F, 0x0F, + 0xAB, 0x23, 0xBC, 0xA3, 0x14, 0x07, 0x91, 0x06, 0x55, 0x35, + 0x01, 0x63, 0x7F, 0x42, 0xBD, 0xFB, 0xF2, 0x43, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, + 0x01, 0x00, 0x57, 0x0D, 0x97, 0x98, 0x78, 0xBF, 0x2A, 0x31, + 0x9A, 0x39, 0x41, 0x38, 0x33, 0x46, 0xD5, 0x50, 0x47, 0xE8, + 0x19, 0x62, 0xA8, 0x36, 0x1E, 0xB7, 0xFD, 0xD1, 0xBC, 0x50, + 0x5C, 0x3A, 0xEB, 0x96, 0x1A, 0x9B, 0x43, 0xB0, 0x67, 0x5D, + 0xF4, 0x51, 0x77, 0x87, 0x33, 0x0B, 0x90, 0x6F, 0xE8, 0xD3, + 0x82, 0x4D, 0x1A, 0xAA, 0x93, 0x5F, 0x7D, 0x78, 0xB1, 0xE0, + 0x7B, 0xEE, 0x88, 0x01, 0xE7, 0xB3, 0xFA, 0x7E, 0x0B, 0x76, + 0x9C, 0x9E, 0x81, 0x36, 0xE4, 0xA3, 0xC1, 0x41, 0x62, 0xA4, + 0x0A, 0x7E, 0x24, 0xD0, 0xAB, 0x9F, 0xBA, 0xD8, 0x1E, 0x38, + 0xAD, 0xF1, 0x12, 0x52, 0x0D, 0xF2, 0x96, 0x8A, 0x0B, 0x25, + 0xA2, 0x49, 0x3F, 0x88, 0x5B, 0xEA, 0x23, 0x87, 0x26, 0x22, + 0x7A, 0xB9, 0x60, 0x6B, 0xD6, 0x7A, 0x88, 0x37, 0xAC, 0x64, + 0x9B, 0x18, 0x51, 0x07, 0xEA, 0xDF, 0x00, 0x96, 0x70, 0x95, + 0x88, 0x9D, 0x8F, 0xAF, 0xBE, 0x3C, 0x4E, 0xC7, 0x5E, 0x55, + 0x15, 0x3D, 0x1F, 0xE4, 0x2D, 0xDC, 0xC9, 0xA3, 0xAE, 0xAF, + 0xFA, 0x44, 0xA8, 0xE2, 0xF4, 0xDF, 0x8E, 0xCD, 0xF9, 0x10, + 0x7F, 0x8B, 0x86, 0xCC, 0x6D, 0x45, 0x91, 0x91, 0x4F, 0xE3, + 0xD0, 0xA7, 0xD2, 0xD9, 0x8E, 0x09, 0xC6, 0xF8, 0xEB, 0xE7, + 0xBD, 0x17, 0x19, 0xD6, 0xE7, 0x1A, 0xB8, 0xCA, 0x4D, 0xEC, + 0x34, 0x07, 0x7D, 0x2D, 0xE8, 0x23, 0x9D, 0x82, 0xE9, 0xF7, + 0x47, 0x03, 0xAB, 0x5F, 0x7C, 0xF5, 0x41, 0x6F, 0x70, 0x11, + 0xCB, 0x24, 0xD8, 0x23, 0xC2, 0x65, 0x31, 0xB7, 0x0B, 0x8F, + 0x0A, 0x26, 0x5B, 0x0F, 0xF6, 0x9B, 0x11, 0x7F, 0x9A, 0x8D, + 0x94, 0x6D, 0x5A, 0x9C, 0x5E, 0x73, 0x35, 0x15, 0x7B, 0xE3, + 0x09, 0xE8, 0x08, 0xD0, 0x3F, 0xB4, 0xE5, 0x29, 0x2C, 0xF6, + 0x3E, 0x71, 0x6E, 0xF4, 0x1B, 0x20, 0x55, 0x34, 0x40, 0x2F, + 0xB0, 0x9B, 0xDD, 0xF1, 0xDC, 0xBF, 0x17, 0x1D, 0xA7, 0x2D, + 0x85, 0x01, 0xD6, 0xD2, 0xB2, 0x56, 0x56, 0x98, 0x33, 0x85, + 0xED, 0xF6, 0xA3, 0xF6, 0x3E, 0x7B, 0xF4, 0x03, 0xA4, 0x58, + 0x8E, 0xC5, 0x5B, 0xAB, 0x66, 0xE8, 0x0F, 0x34, 0x17, 0x2D, + 0x33, 0x36, 0x71, 0x0C, 0xB8, 0xD9, 0x78, 0xE7, 0x06, 0xFC, + 0xDA, 0x4F, 0xA1, 0xFA, 0xDB, 0x74, 0xCE, 0xEA, 0x85, 0x27, + 0xF9, 0x75, 0xA9, 0xAD, 0x50, 0x86, 0x6E, 0xEA, 0x01, 0x01, + 0x19, 0x0D, 0x28, 0x4A, 0xED, 0x06, 0xBE, 0x65, 0x70, 0xB2, + 0x06, 0x46, 0x2E, 0x16, 0x57, 0xDF, 0x55, 0xC7, 0x8E, 0xCD, + 0x5B, 0xAD, 0x66, 0x28, 0xB8, 0x74, 0x87, 0xBF, 0xC4, 0xC7, + 0x08, 0x3F, 0x37, 0xA3, 0x23, 0x84, 0x9F, 0x4E, 0xE8, 0x48, + 0x6C, 0x8D, 0x54, 0x9F, 0xFB, 0xE0, 0xFB, 0x53, 0xA3, 0x41, + 0xE1, 0x68, 0x8A, 0x94, 0xC9, 0xF5, 0xEE, 0x3E, 0x15, 0x46, + 0xD2, 0x62, 0x33, 0x86, 0x86, 0x06, 0x34, 0xB4, 0xE4, 0x2F, + 0xDA, 0x28, 0x2E, 0x2F, 0xC0, 0xBD, 0x75, 0xE8, 0x2C, 0x3F, + 0xE2, 0xA5, 0x43, 0x7D, 0x02, 0xEB, 0x25, 0xB9, 0xEF, 0x87, + 0x8A, 0xD7, 0x57, 0x61, 0x16, 0xE8, 0x9E, 0x83, 0x65, 0xF9, + 0x10, 0xF4, 0x5E, 0x5F, 0x1C, 0x7A, 0x25, 0xD6, 0x47, 0xBD, + 0x29, 0xC5, 0x4F, 0x8B, 0xB9, 0x6A, 0x48, 0x7A, 0x9B, 0x1E, + 0x6D, 0x77, 0x8E, 0x72, 0x6C, 0x0C, 0x07, 0xFE, 0x4C, 0xC5, + 0xCF, 0x55, 0x0E, 0xCB, 0x4B, 0xAD, 0x16, 0xE1, 0xE2, 0x54, + 0xB8, 0x9D, 0x34, 0x03, 0xD1, 0x8D, 0xB7, 0x37, 0x9B, 0xE3, + 0x5A, 0x32, 0x60, 0x03, 0x7F, 0x61, 0x0F, 0x50, 0x0B, 0x72, + 0x54, 0x8B, 0x0D, 0xC7, 0x97, 0x7E, 0xBB, 0x9B, 0xB2, 0xF7, + 0x73, 0x47, 0x71, 0x7B, 0x78, 0x65, 0x36, 0xDF, 0x57, 0x72, + 0x9E, 0x42, 0x9C, 0x8A +}; +static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096); + +/* ./certs/dh4096.der, 4096-bit */ +static const unsigned char dh_key_der_4096[] = +{ + 0x30, 0x82, 0x02, 0x08, 0x02, 0x82, 0x02, 0x01, 0x00, 0xE9, + 0x0E, 0x3E, 0x79, 0x4F, 0xC9, 0xB2, 0xA0, 0xB1, 0xDB, 0x2F, + 0x1E, 0x24, 0x21, 0x90, 0x5C, 0x50, 0xA4, 0x34, 0xDB, 0x99, + 0x90, 0xAC, 0xF7, 0xBF, 0x2F, 0x01, 0x4B, 0xAC, 0x87, 0x70, + 0xBA, 0xEC, 0xD1, 0x64, 0xDE, 0x04, 0xCA, 0xFC, 0xF9, 0x51, + 0x69, 0x1E, 0xB7, 0x99, 0xE2, 0xB4, 0x0D, 0xDB, 0x5D, 0x78, + 0x38, 0x38, 0x41, 0x05, 0xE8, 0x67, 0x48, 0x65, 0x54, 0x71, + 0xCC, 0xC9, 0xAA, 0x95, 0x1E, 0xD4, 0xBF, 0xBC, 0xCA, 0x5D, + 0xC2, 0x9C, 0x9E, 0x7E, 0x5E, 0x94, 0x5B, 0x2F, 0x60, 0x72, + 0xED, 0xEB, 0x54, 0x0C, 0x48, 0x2B, 0x21, 0x74, 0x4D, 0x37, + 0x04, 0x5A, 0x2F, 0x8B, 0x24, 0x4A, 0xDB, 0xEE, 0xFA, 0xA9, + 0x94, 0x13, 0x8F, 0x52, 0x4A, 0x1B, 0xAE, 0xE6, 0xC8, 0x7F, + 0x99, 0x09, 0x23, 0x84, 0x89, 0xE9, 0xA6, 0x53, 0x82, 0xB6, + 0x03, 0x6D, 0x38, 0x5D, 0x2E, 0xEB, 0x0B, 0xF0, 0xE6, 0xAA, + 0xB1, 0x8B, 0x51, 0xFC, 0xD6, 0x13, 0xFB, 0x20, 0xCB, 0xDF, + 0x79, 0x97, 0xDB, 0x55, 0x74, 0xC2, 0x21, 0xE8, 0xDB, 0x8C, + 0x6A, 0x95, 0x2D, 0x51, 0x91, 0xA7, 0xA1, 0x3C, 0x9B, 0xEF, + 0xF5, 0x43, 0xAC, 0xA6, 0x69, 0xCE, 0x66, 0x5C, 0xD5, 0xB1, + 0xF8, 0xBA, 0xD4, 0x86, 0x25, 0x29, 0x2E, 0x0E, 0x23, 0x05, + 0xDA, 0x7C, 0x7C, 0xC2, 0x7B, 0xC8, 0xB5, 0x79, 0x84, 0x6D, + 0x68, 0x2D, 0x82, 0x4A, 0x35, 0x9F, 0xDC, 0x0E, 0x63, 0x2B, + 0x58, 0x5F, 0x34, 0x7E, 0xA8, 0x73, 0xCE, 0x44, 0x53, 0x11, + 0xE3, 0xDB, 0x46, 0xFA, 0x3A, 0xC3, 0xDA, 0x63, 0xA5, 0x65, + 0x56, 0x99, 0xA5, 0x91, 0x27, 0xD6, 0xE7, 0xDF, 0x2D, 0xEF, + 0xA0, 0x81, 0xB6, 0x07, 0x3A, 0xC6, 0xC1, 0x2B, 0xA1, 0x3A, + 0x74, 0xB4, 0xE9, 0xE1, 0x2F, 0x6B, 0x2B, 0xE4, 0xF0, 0x98, + 0xBE, 0x6F, 0xCB, 0xBB, 0xAE, 0x8D, 0xD2, 0x7E, 0x1B, 0x6F, + 0xBA, 0xF2, 0xB2, 0xB8, 0xB1, 0x5D, 0x9E, 0x79, 0x19, 0xF7, + 0x94, 0xB2, 0xC1, 0x17, 0x5E, 0x9B, 0xB3, 0x05, 0x67, 0x6D, + 0x5C, 0x62, 0x64, 0xA8, 0x2B, 0xB0, 0x36, 0x3D, 0xF9, 0x4C, + 0x65, 0x53, 0xEE, 0x2E, 0x55, 0x69, 0xCC, 0x1C, 0xF5, 0x96, + 0xDC, 0xBE, 0x60, 0x5E, 0x37, 0xEE, 0xD4, 0x63, 0x96, 0x51, + 0x97, 0x96, 0x14, 0x3C, 0x61, 0xBF, 0x53, 0xAA, 0x24, 0xB5, + 0x24, 0x5B, 0x26, 0x67, 0xAD, 0x02, 0x67, 0xB8, 0xD3, 0x05, + 0x6E, 0xA4, 0x8F, 0x46, 0x91, 0x9D, 0x84, 0xA6, 0x2C, 0x44, + 0x9F, 0x2D, 0x18, 0x2F, 0x73, 0xA5, 0xE5, 0xC4, 0xD9, 0x4F, + 0xD9, 0x9F, 0xF5, 0xC0, 0xC5, 0x48, 0xE8, 0x23, 0x32, 0xC4, + 0x4A, 0xCE, 0xFF, 0x3B, 0x16, 0x87, 0x85, 0xA5, 0x1F, 0x22, + 0xA8, 0x0B, 0x91, 0x97, 0x24, 0x95, 0x07, 0xC8, 0x73, 0xD2, + 0xB0, 0x01, 0xF8, 0x20, 0xA9, 0xAB, 0x6B, 0x71, 0x79, 0x24, + 0xF3, 0x79, 0xB5, 0x9B, 0x00, 0xF5, 0xF9, 0xAE, 0x23, 0xAC, + 0xEA, 0xE1, 0x48, 0x88, 0x28, 0x53, 0xE0, 0xC8, 0x76, 0x29, + 0xAE, 0x3E, 0x25, 0x9F, 0x1C, 0xC5, 0x8A, 0x86, 0x33, 0x02, + 0x21, 0xAB, 0xA5, 0x10, 0xF0, 0x07, 0x1B, 0x56, 0x8F, 0xCD, + 0xFC, 0x87, 0x9E, 0x2E, 0xD0, 0x44, 0x98, 0x44, 0x99, 0xB3, + 0xC2, 0x14, 0xCE, 0xD8, 0x93, 0xEA, 0xD1, 0x82, 0x3C, 0x1B, + 0x49, 0xE8, 0x6F, 0x04, 0xB2, 0xF5, 0xAF, 0x9B, 0x37, 0x7D, + 0xE5, 0xE0, 0x56, 0xE9, 0xEE, 0x00, 0x58, 0x25, 0x16, 0x23, + 0xC3, 0x8E, 0xF0, 0xB9, 0xE2, 0x98, 0x5D, 0xF2, 0x4F, 0x5C, + 0xC3, 0x27, 0x2A, 0x67, 0x7D, 0x43, 0xF6, 0x36, 0x76, 0xD4, + 0x2C, 0x7E, 0x16, 0x80, 0xCB, 0xF1, 0x07, 0xDC, 0xB9, 0xF5, + 0xF3, 0x56, 0xBD, 0xF0, 0xFC, 0x00, 0x78, 0x00, 0x56, 0xB4, + 0x3B, 0x02, 0x01, 0x02 +}; +static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096); + +#endif /* USE_CERT_BUFFERS_4096 */ + #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) /* ./certs/ecc-client-key.der, ECC */ diff --git a/source/libwolfssl/crl.h b/source/libwolfssl/crl.h index 3ea9e62e..170f78eb 100644 --- a/source/libwolfssl/crl.h +++ b/source/libwolfssl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/error-ssl.h b/source/libwolfssl/error-ssl.h index 1e321e69..a691c093 100644 --- a/source/libwolfssl/error-ssl.h +++ b/source/libwolfssl/error-ssl.h @@ -1,6 +1,6 @@ /* error-ssl.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -57,7 +57,7 @@ enum wolfSSL_ErrorCodes { DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */ WANT_READ = -323, /* want read, call again */ NOT_READY_ERROR = -324, /* handshake layer not ready */ - + IPADDR_MISMATCH = -325, /* peer ip address mismatch */ VERSION_ERROR = -326, /* record layer version error */ WANT_WRITE = -327, /* want write, call again */ BUFFER_ERROR = -328, /* malformed buffer input */ @@ -105,11 +105,11 @@ enum wolfSSL_ErrorCodes { OUT_OF_ORDER_E = -373, /* out of order message */ BAD_KEA_TYPE_E = -374, /* bad KEA type found */ SANITY_CIPHER_E = -375, /* sanity check on cipher error */ - RECV_OVERFLOW_E = -376, /* RXCB returned more than rqed */ + RECV_OVERFLOW_E = -376, /* RXCB returned more than read */ GEN_COOKIE_E = -377, /* Generate Cookie Error */ NO_PEER_VERIFY = -378, /* Need peer cert verify Error */ FWRITE_ERROR = -379, /* fwrite problem */ - CACHE_MATCH_ERROR = -380, /* chache hdr match error */ + CACHE_MATCH_ERROR = -380, /* Cache hdr match error */ UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */ UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */ KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */ @@ -165,6 +165,9 @@ enum wolfSSL_ErrorCodes { TCA_ABSENT_ERROR = -434, /* TLSX TCA ID no response */ TSIP_MAC_DIGSZ_E = -435, /* Invalid MAC size for TSIP */ CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */ + SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */ + TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */ + /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* begin negotiation parameter errors */ diff --git a/source/libwolfssl/internal.h b/source/libwolfssl/internal.h index 5722e181..58bb5482 100644 --- a/source/libwolfssl/internal.h +++ b/source/libwolfssl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -105,6 +105,12 @@ #ifdef HAVE_CURVE25519 #include #endif +#ifdef HAVE_ED448 + #include +#endif +#ifdef HAVE_CURVE448 + #include +#endif #include #include @@ -344,14 +350,6 @@ #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 #endif #endif - #if defined(HAVE_BLAKE2) && defined(HAVE_AES_CBC) - #ifdef WOLFSSL_AES_128 - #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - #endif - #ifdef WOLFSSL_AES_256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - #endif - #endif #endif #endif @@ -456,9 +454,6 @@ #if !defined(NO_SHA) #define BUILD_TLS_RSA_WITH_HC_128_SHA #endif - #if defined(HAVE_BLAKE2) - #define BUILD_TLS_RSA_WITH_HC_128_B2B256 - #endif #endif #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) @@ -524,7 +519,8 @@ #endif #endif - #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && !defined(NO_TLS) #if !defined(NO_AES) #if !defined(NO_SHA) && defined(HAVE_AES_CBC) #if !defined(NO_RSA) @@ -544,8 +540,9 @@ #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA #endif @@ -571,8 +568,9 @@ #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) @@ -588,8 +586,9 @@ #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) @@ -629,15 +628,20 @@ #if !defined(NO_RC4) #if !defined(NO_SHA) #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #ifndef WOLFSSL_AEAD_ONLY + #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) - #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) + #ifndef WOLFSSL_AEAD_ONLY + #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #endif #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA @@ -653,8 +657,9 @@ #endif #endif - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) @@ -664,8 +669,9 @@ #endif #if defined(HAVE_NULL_CIPHER) #if !defined(NO_SHA) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA #endif #endif @@ -680,8 +686,9 @@ #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) #if !defined(NO_OLD_POLY1305) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 #endif #if !defined(NO_RSA) && defined(HAVE_ECC) @@ -693,7 +700,8 @@ #endif /* NO_OLD_POLY1305 */ #if !defined(NO_PSK) #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - #if defined(HAVE_ECC) || defined(HAVE_ED25519) + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + defined(HAVE_ED448) #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 #endif #ifndef NO_DH @@ -736,12 +744,13 @@ #endif #endif -#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \ - !defined(NO_AES) +#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \ + && !defined(NO_TLS) && !defined(NO_AES) #ifdef HAVE_AESGCM #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 #endif #ifndef NO_RSA @@ -749,8 +758,9 @@ #endif #endif #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 #endif #ifndef NO_RSA @@ -759,8 +769,9 @@ #endif #endif #if defined(HAVE_AESCCM) && !defined(NO_SHA256) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 @@ -773,9 +784,10 @@ #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) - #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ - defined(HAVE_ED25519)) + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) + #if defined(HAVE_ECC) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448)) #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 #endif #ifndef NO_RSA @@ -879,8 +891,7 @@ #endif #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ - defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ - defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) + defined(BUILD_TLS_RSA_WITH_HC_128_MD5) #define BUILD_HC128 #endif @@ -991,11 +1002,6 @@ enum { TLS_RSA_WITH_RABBIT_SHA = 0xFD, WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ - /* wolfSSL extension - Blake2b 256 */ - TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, - TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, - TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ - /* wolfSSL extension - NTRU */ TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, @@ -1143,7 +1149,7 @@ enum { /* set maximum DH key size allowed */ #ifndef WOLFSSL_MAX_DHKEY_BITS #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) - #define WOLFSSL_MAX_DHKEY_BITS 8192 + #define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2) #else #define WOLFSSL_MAX_DHKEY_BITS 4096 #endif @@ -1170,6 +1176,17 @@ enum { #define MAX_EARLY_DATA_SZ 4096 #endif +#ifndef WOLFSSL_MAX_RSA_BITS + #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) + #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2) + #else + #define WOLFSSL_MAX_RSA_BITS 4096 + #endif +#endif +#if (WOLFSSL_MAX_RSA_BITS % 8) + #error RSA maximum bit size must be multiple of 8 +#endif + enum Misc { CIPHER_BYTE = 0x00, /* Default ciphers */ ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ @@ -1212,9 +1229,9 @@ enum Misc { SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, /* pre RSA and all master */ #if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192) + (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) #ifndef NO_PSK - ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */ + ENCRYPT_LEN = (FP_MAX_BITS / 2 / 8) + MAX_PSK_ID_LEN + 2, #else ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ #endif @@ -1342,11 +1359,13 @@ enum Misc { #endif #ifdef HAVE_SELFTEST + #ifndef WOLFSSL_AES_KEY_SIZE_ENUM #define WOLFSSL_AES_KEY_SIZE_ENUM AES_IV_SIZE = 16, AES_128_KEY_SIZE = 16, AES_192_KEY_SIZE = 24, AES_256_KEY_SIZE = 32, + #endif #endif MAX_IV_SZ = AES_BLOCK_SIZE, @@ -1410,9 +1429,11 @@ enum Misc { MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ #ifndef NO_RSA - MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */ + MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */ #elif defined(HAVE_ECC) MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */ +#elif defined(HAVE_ED448) + MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */ #elif defined(HAVE_ED25519) MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */ #else @@ -1431,7 +1452,9 @@ enum Misc { MIN_PSK_BINDERS_LEN= 33, /* min length of binders */ MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */ +#ifndef MAX_WOLFSSL_FILE_SIZE MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */ +#endif MAX_X509_SIZE = 2048, /* max static x509 buffer size */ CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ @@ -1666,6 +1689,9 @@ WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); #ifndef NO_CERTS WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); +#ifdef OPENSSL_EXTRA +WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc); +#endif #endif WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); @@ -1811,13 +1837,16 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); #endif /* WOLFSSL_DTLS_EXPORT_TYPES */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#define MAX_DESCRIPTION_SZ 255 +#endif /* wolfSSL Cipher type just points back to SSL */ struct WOLFSSL_CIPHER { byte cipherSuite0; byte cipherSuite; WOLFSSL* ssl; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - char description[MAX_CIPHERNAME_SZ]; + char description[MAX_DESCRIPTION_SZ]; unsigned long offset; unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */ int bits; @@ -1882,7 +1911,7 @@ struct CRL_Entry { byte* signature; word32 signatureSz; word32 signatureOID; -#if !defined(NO_SKID) && defined(CRL_SKID_READY) +#if !defined(NO_SKID) && !defined(NO_ASN) byte extAuthKeyIdSet; byte extAuthKeyId[KEYID_SIZE]; #endif @@ -1952,6 +1981,9 @@ struct WOLFSSL_CERT_MANAGER { #endif char* ocspOverrideURL; /* use this responder */ void* ocspIOCtx; /* I/O callback CTX */ +#ifndef NO_WOLFSSL_CM_VERIFY + VerifyCallback verifyCallback; /* Verify callback */ +#endif CallbackCACache caCacheCallback; /* CA cache addition callback */ CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ @@ -1968,7 +2000,7 @@ struct WOLFSSL_CERT_MANAGER { #ifndef NO_RSA short minRsaKeySz; /* minimum allowed RSA key size */ #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum allowed ECC key size */ #endif }; @@ -1978,6 +2010,42 @@ WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); +WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff, + long sz, int format, int err_val); + + +#ifndef NO_CERTS +#if !defined NOCERTS &&\ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) +typedef struct ProcPeerCertArgs { + buffer* certs; +#ifdef WOLFSSL_TLS13 + buffer* exts; /* extensions */ +#endif + DecodedCert* dCert; + word32 idx; + word32 begin; + int totalCerts; /* number of certs in certs buffer */ + int count; + int certIdx; + int lastErr; +#ifdef WOLFSSL_TLS13 + byte ctxSz; +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + char untrustedDepth; +#endif + word16 fatal:1; + word16 verifyErr:1; + word16 dCertInit:1; +#ifdef WOLFSSL_TRUST_PEER_CERT + word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */ +#endif +} ProcPeerCertArgs; +WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, + int ret, ProcPeerCertArgs* args); +#endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ +#endif /* !defined NO_CERTS */ /* wolfSSL Sock Addr */ struct WOLFSSL_SOCKADDR { @@ -2602,6 +2670,7 @@ struct WOLFSSL_CTX { byte noTicketTls13:1; /* Server won't create new Ticket */ byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ #endif + byte mutualAuth:1; /* Mutual authentication required */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) byte postHandshakeAuth:1; /* Post-handshake auth supported. */ #endif @@ -2626,6 +2695,9 @@ struct WOLFSSL_CTX { #endif #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) byte dtlsSctp; /* DTLS-over-SCTP mode */ +#endif +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) word16 dtlsMtuSz; /* DTLS MTU size */ #endif #ifndef NO_DH @@ -2635,7 +2707,7 @@ struct WOLFSSL_CTX { #ifndef NO_RSA short minRsaKeySz; /* minimum RSA key size */ #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ #endif #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) @@ -2661,14 +2733,18 @@ struct WOLFSSL_CTX { #endif #endif /* WOLFSSL_DTLS */ VerifyCallback verifyCallback; /* cert verification callback */ +#ifdef OPENSSL_ALL + CertVerifyCallback verifyCertCb; + void* verifyCertCbArg; +#endif /* OPENSSL_ALL */ word32 timeout; /* session timeout */ -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448) word32 ecdhCurveOID; /* curve Ecc_Sum */ #endif #ifdef HAVE_ECC word16 eccTempKeySz; /* in octets 20 - 66 */ #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) word32 pkCurveOID; /* curve Ecc_Sum */ #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -2702,7 +2778,7 @@ struct WOLFSSL_CTX { void* userPRFArg; /* passed to prf callback */ #endif #ifdef HAVE_EX_DATA - void* ex_data[MAX_EX_DATA]; + WOLFSSL_CRYPTO_EX_DATA ex_data; #endif #if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) CallbackALPNSelect alpnSelect; @@ -2710,7 +2786,7 @@ struct WOLFSSL_CTX { #endif #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_HAPROXY))) + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) )) CallbackSniRecv sniRecvCb; void* sniRecvCbArg; #endif @@ -2770,6 +2846,18 @@ struct WOLFSSL_CTX { /* User X25519 SharedSecret Callback handler */ CallbackX25519SharedSecret X25519SharedSecretCb; #endif + #ifdef HAVE_ED448 + /* User Ed448Sign Callback handler */ + CallbackEd448Sign Ed448SignCb; + /* User Ed448Verify Callback handler */ + CallbackEd448Verify Ed448VerifyCb; + #endif + #ifdef HAVE_CURVE448 + /* User X448 KeyGen Callback Handler */ + CallbackX448KeyGen X448KeyGenCb; + /* User X448 SharedSecret Callback handler */ + CallbackX448SharedSecret X448SharedSecretCb; + #endif #endif /* HAVE_ECC */ #ifndef NO_DH CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ @@ -2871,7 +2959,8 @@ enum SignatureAlgorithm { ecc_dsa_sa_algo = 3, rsa_pss_sa_algo = 8, ed25519_sa_algo = 9, - rsa_pss_pss_algo = 10 + rsa_pss_pss_algo = 10, + ed448_sa_algo = 11 }; #define PSS_RSAE_TO_PSS_PSS(macAlgo) \ @@ -3036,6 +3125,9 @@ struct WOLFSSL_SESSION { byte masterSecret[SECRET_LEN]; /* stored secret */ word16 haveEMS; /* ext master secret flag */ #ifdef SESSION_CERTS +#ifdef OPENSSL_EXTRA + WOLFSSL_X509* peer; /* peer cert */ +#endif WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ #ifdef WOLFSSL_ALT_CERT_CHAINS WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ @@ -3083,7 +3175,7 @@ struct WOLFSSL_SESSION { byte isAlloced; #endif #ifdef HAVE_EX_DATA - void* ex_data[MAX_EX_DATA]; + WOLFSSL_CRYPTO_EX_DATA ex_data; #endif }; @@ -3210,6 +3302,9 @@ typedef struct Buffers { #ifdef HAVE_ED25519 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */ #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED448 + buffer peerEd448Key; /* for Ed448 Verify Callbacks */ + #endif /* HAVE_ED448 */ #ifndef NO_RSA buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ #endif /* NO_RSA */ @@ -3331,6 +3426,7 @@ typedef struct Options { #endif word16 keepResources:1; /* Keep resources after handshake */ word16 useClientOrder:1; /* Use client's cipher order */ + word16 mutualAuth:1; /* Mutual authentication is rquired */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) word16 postHandshakeAuth:1;/* Client send post_handshake_auth * extension */ @@ -3344,8 +3440,9 @@ typedef struct Options { #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) word16 sentChangeCipher:1; /* Change Cipher Spec sent */ #endif -#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ - !defined(NO_ED25519_CLIENT_AUTH) +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ + ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ + (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH))) word16 cacheMessages:1; /* Cache messages for sign/verify */ #endif #ifndef NO_DH @@ -3361,6 +3458,8 @@ typedef struct Options { #ifdef HAVE_ENCRYPT_THEN_MAC word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ word16 encThenMac:1; /* Doing Encrypt-Then-MAC */ + word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */ + word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */ #endif /* need full byte values for this section */ @@ -3388,7 +3487,7 @@ typedef struct Options { #ifndef NO_RSA short minRsaKeySz; /* minimum RSA key size */ #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -3453,6 +3552,7 @@ typedef struct Arrays { #define STACK_TYPE_NULL 8 #define STACK_TYPE_X509_NAME 9 #define STACK_TYPE_CONF_VALUE 10 +#define STACK_TYPE_X509_INFO 11 struct WOLFSSL_STACK { unsigned long num; /* number of nodes in stack @@ -3460,6 +3560,7 @@ struct WOLFSSL_STACK { #if defined(OPENSSL_ALL) wolf_sk_compare_cb comp; #endif + union { WOLFSSL_X509* x509; WOLFSSL_X509_NAME* name; @@ -3472,7 +3573,7 @@ struct WOLFSSL_STACK { WOLFSSL_CONF_VALUE* conf; void* generic; char* string; - WOLFSSL_GENERAL_NAME* gn; + WOLFSSL_GENERAL_NAME* gn; } data; void* heap; /* memory heap hint */ WOLFSSL_STACK* next; @@ -3536,7 +3637,7 @@ struct WOLFSSL_X509 { buffer pubKey; int pubKeyOID; DNS_entry* altNamesNext; /* hint for retrieval */ -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) word32 pkCurveOID; #endif /* HAVE_ECC */ #ifndef NO_CERTS @@ -3555,7 +3656,7 @@ struct WOLFSSL_X509 { #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef HAVE_EX_DATA - void* ex_data[MAX_EX_DATA]; + WOLFSSL_CRYPTO_EX_DATA ex_data; #endif byte* authKeyId; byte* subjKeyId; @@ -3600,10 +3701,11 @@ struct WOLFSSL_X509 { #endif WOLFSSL_X509_NAME issuer; WOLFSSL_X509_NAME subject; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) WOLFSSL_X509_ALGOR algor; WOLFSSL_X509_PUBKEY key; #endif + byte issuerSet:1; }; @@ -3699,7 +3801,8 @@ typedef struct HS_Hashes { #ifdef WOLFSSL_SHA512 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ #endif -#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) +#if (defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) byte* messages; /* handshake messages */ int length; /* length of handshake messages' data */ int prevLen; /* length of messages but last */ @@ -3879,10 +3982,10 @@ struct WOLFSSL { byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; byte peerNtruKeyPresent; #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) int eccVerifyRes; #endif -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) word32 ecdhCurveOID; /* curve Ecc_Sum */ ecc_key* eccTempKey; /* private ECDHE key */ byte eccTempKeyPresent; /* also holds type */ @@ -3894,7 +3997,7 @@ struct WOLFSSL { word16 eccTempKeySz; /* in octets 20 - 66 */ byte peerEccDsaKeyPresent; #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE448) word32 pkCurveOID; /* curve Ecc_Sum */ #endif #ifdef HAVE_ED25519 @@ -3905,6 +4008,14 @@ struct WOLFSSL { curve25519_key* peerX25519Key; byte peerX25519KeyPresent; #endif +#ifdef HAVE_ED448 + ed448_key* peerEd448Key; + byte peerEd448KeyPresent; +#endif +#ifdef HAVE_CURVE448 + curve448_key* peerX448Key; + byte peerX448KeyPresent; +#endif #ifdef HAVE_LIBZ z_stream c_stream; /* compression stream */ z_stream d_stream; /* decompression stream */ @@ -3924,9 +4035,9 @@ struct WOLFSSL { #ifdef WOLFSSL_SESSION_EXPORT wc_dtls_export dtls_export; /* export function for session */ #endif -#ifdef WOLFSSL_SCTP +#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU) word16 dtlsMtuSz; -#endif /* WOLFSSL_SCTP */ +#endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */ #ifdef WOLFSSL_MULTICAST void* mcastHwCbCtx; /* Multicast highwater callback ctx */ #endif /* WOLFSSL_MULTICAST */ @@ -3964,7 +4075,7 @@ struct WOLFSSL { #endif byte keepCert; /* keep certificate after handshake */ #if defined(HAVE_EX_DATA) || defined(FORTRESS) - void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ + WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */ #endif int devId; /* async device id to use */ #ifdef HAVE_ONE_TIME_AUTH @@ -4046,6 +4157,14 @@ struct WOLFSSL { void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ #endif + #ifdef HAVE_ED448 + void* Ed448SignCtx; /* ED448 Sign Callback Context */ + void* Ed448VerifyCtx; /* ED448 Verify Callback Context */ + #endif + #ifdef HAVE_CURVE448 + void* X448KeyGenCtx; /* X448 KeyGen Callback Context */ + void* X448SharedSecretCtx; /* X448 Pms Callback Context */ + #endif #endif /* HAVE_ECC */ #ifndef NO_DH void* DhAgreeCtx; /* DH Pms Callback Context */ @@ -4064,6 +4183,10 @@ struct WOLFSSL { #ifdef HAVE_SECRET_CALLBACK SessionSecretCb sessionSecretCb; void* sessionSecretCtx; + #ifdef WOLFSSL_TLS13 + Tls13SecretCb tls13SecretCb; + void* tls13SecretCtx; + #endif #endif /* HAVE_SECRET_CALLBACK */ #ifdef WOLFSSL_JNI void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ @@ -4075,17 +4198,18 @@ struct WOLFSSL { #ifdef OPENSSL_ALL long verifyCallbackResult; #endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ + WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ +#endif }; -WOLFSSL_LOCAL -int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); -WOLFSSL_LOCAL -int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); -WOLFSSL_LOCAL -void FreeSSL(WOLFSSL*, void* heap); -WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ - +WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr); +WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); +WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); +WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap); +WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ #ifndef NO_CERTS @@ -4185,12 +4309,23 @@ enum ProvisionSide { }; -static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; -static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; +static const byte client[SIZEOF_SENDER+1] = { 0x43, 0x4C, 0x4E, 0x54, 0x00 }; /* CLNT */ +static const byte server[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* SRVR */ static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; +#ifdef OPENSSL_EXTRA +typedef struct { + int name_len; + const char *name; + int nid; +} WOLF_EC_NIST_NAME; +extern const WOLF_EC_NIST_NAME kNistCurves[]; +/* This is the longest and shortest curve name in the kNistCurves list */ +#define kNistCurves_MIN_NAME_LEN 5 +#define kNistCurves_MAX_NAME_LEN 7 +#endif /* internal functions */ WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); @@ -4242,6 +4377,14 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey); +WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); +#endif + +WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, + int *initTmpRng); + #ifndef NO_CERTS #ifndef NO_RSA #ifdef WC_RSA_PSS @@ -4282,6 +4425,14 @@ WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key, buffer* keyBufInfo); #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED448 + WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl); + WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo); + WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in, + word32 inSz, const byte* msg, word32 msgSz, ed448_key* key, + buffer* keyBufInfo); + #endif /* HAVE_ED448 */ #ifdef WOLFSSL_TRUST_PEER_CERT @@ -4367,18 +4518,44 @@ WOLFSSL_LOCAL word32 LowResTimer(void); WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); #endif +#ifndef MAX_CIPHER_NAME +#define MAX_CIPHER_NAME 50 +#endif + +#ifdef WOLFSSL_NAMES_STATIC +typedef char cipher_name[MAX_CIPHER_NAME]; +#else +typedef const char* cipher_name; +#endif + typedef struct CipherSuiteInfo { - const char* name; + cipher_name name; #ifndef NO_ERROR_STRINGS - const char* name_iana; + cipher_name name_iana; #endif byte cipherSuite0; byte cipherSuite; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + byte minor; + byte major; +#endif } CipherSuiteInfo; WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +/* used in wolfSSL_sk_CIPHER_description */ +#define MAX_SEGMENTS 5 +#define MAX_SEGMENT_SZ 20 +WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*); +WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor); +WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL int SetCipherBits(const char* enc); +#endif WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); @@ -4393,6 +4570,15 @@ enum encrypt_side { WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); +/* Set*Internal and Set*External functions */ +WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa); +WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa); +#ifndef HAVE_USER_RSA +WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa); +WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa); +#endif +WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); +WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); #ifndef NO_DH WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, @@ -4406,6 +4592,7 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); #ifdef HAVE_ECC WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer); + WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum); #endif WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); diff --git a/source/libwolfssl/libwolfssl.a b/source/libwolfssl/libwolfssl.a index ace38aaf..4a444fdb 100644 Binary files a/source/libwolfssl/libwolfssl.a and b/source/libwolfssl/libwolfssl.a differ diff --git a/source/libwolfssl/ocsp.h b/source/libwolfssl/ocsp.h index fd0e49d4..e5c3a12f 100644 --- a/source/libwolfssl/ocsp.h +++ b/source/libwolfssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/aes.h b/source/libwolfssl/openssl/aes.h index 31cc7d26..283aa9a5 100644 --- a/source/libwolfssl/openssl/aes.h +++ b/source/libwolfssl/openssl/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/asn1.h b/source/libwolfssl/openssl/asn1.h index 2627fc77..d57efbee 100644 --- a/source/libwolfssl/openssl/asn1.h +++ b/source/libwolfssl/openssl/asn1.h @@ -1,6 +1,6 @@ /* asn1.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -66,6 +66,7 @@ #define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff #define ASN1_TIME_set wolfSSL_ASN1_TIME_set +#define V_ASN1_OBJECT 6 #define V_ASN1_UTCTIME 23 #define V_ASN1_GENERALIZEDTIME 24 @@ -78,7 +79,74 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*); -#define BN_to_ASN1_INTEGER wolfSSL_BN_to_ASN1_INTEGER +WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value); + +#ifdef OPENSSL_ALL +/* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally + * we don't use this. Some projects use OpenSSL to implement ASN1 types and + * this section is only to provide those projects with ASN1 functionality. */ +typedef struct { + size_t offset; /* Offset of this field in structure */ + byte type; /* The type of the member as defined in + * WOLFSSL_ASN1_TYPES */ +} WOLFSSL_ASN1_TEMPLATE; + +typedef struct { + byte type; /* One of the ASN_Tags types */ + const WOLFSSL_ASN1_TEMPLATE *members; /* If SEQUENCE or CHOICE this + * contains the contents */ + size_t mcount; /* Number of members if SEQUENCE + * or CHOICE */ + size_t size; /* Structure size */ +} WOLFSSL_ASN1_ITEM; + +typedef enum { + WOLFSSL_X509_ALGOR_ASN1 = 0, + WOLFSSL_ASN1_BIT_STRING_ASN1, +} WOLFSSL_ASN1_TYPES; + +#define ASN1_SEQUENCE(type) \ + static const type __##type##_dummy_struct;\ + static const WOLFSSL_ASN1_TEMPLATE type##_member_data[] + +#define ASN1_SIMPLE(type, member, member_type) \ + { (char*)&__##type##_dummy_struct.member - (char*)&__##type##_dummy_struct, \ + WOLFSSL_##member_type##_ASN1 } + +#define ASN1_SEQUENCE_END(type) \ + ; \ + const WOLFSSL_ASN1_ITEM type##_template_data = { \ + ASN_SEQUENCE, \ + type##_member_data, \ + sizeof(type##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \ + sizeof(type) \ + }; + +WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *tpl); +WOLFSSL_API void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *tpl); +WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest, + const WOLFSSL_ASN1_ITEM *tpl); + +/* Need function declaration otherwise compiler complains */ +#define IMPLEMENT_ASN1_FUNCTIONS(type) \ + type *type##_new(void); \ + type *type##_new(void){ \ + return (type*)wolfSSL_ASN1_item_new(&type##_template_data); \ + } \ + void type##_free(type *t); \ + void type##_free(type *t){ \ + wolfSSL_ASN1_item_free(t, &type##_template_data); \ + } \ + int i2d_##type(type *src, byte **dest); \ + int i2d_##type(type *src, byte **dest) \ + { \ + return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\ + } + +#endif /* OPENSSL_ALL */ + +#define BN_to_ASN1_INTEGER wolfSSL_BN_to_ASN1_INTEGER +#define ASN1_TYPE_set wolfSSL_ASN1_TYPE_set #endif /* WOLFSSL_ASN1_H_ */ diff --git a/source/libwolfssl/openssl/asn1t.h b/source/libwolfssl/openssl/asn1t.h new file mode 100644 index 00000000..006b0329 --- /dev/null +++ b/source/libwolfssl/openssl/asn1t.h @@ -0,0 +1,30 @@ +/* asn1t.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* asn1t.h for openssl */ + +#ifndef WOLFSSL_ASN1T_H_ +#define WOLFSSL_ASN1T_H_ + +#include +#include + +#endif /* WOLFSSL_ASN1T_H_ */ diff --git a/source/libwolfssl/openssl/bio.h b/source/libwolfssl/openssl/bio.h index 4194a114..969403c6 100644 --- a/source/libwolfssl/openssl/bio.h +++ b/source/libwolfssl/openssl/bio.h @@ -1,6 +1,6 @@ /* bio.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,8 +52,8 @@ #define BIO_s_bio wolfSSL_BIO_s_bio #define BIO_s_socket wolfSSL_BIO_s_socket #define BIO_set_fd wolfSSL_BIO_set_fd +#define BIO_set_close wolfSSL_BIO_set_close #define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request - #define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size #define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair @@ -68,13 +68,16 @@ #define BIO_gets wolfSSL_BIO_gets #define BIO_puts wolfSSL_BIO_puts +#define BIO_should_retry wolfSSL_BIO_should_retry + #define BIO_TYPE_FILE WOLFSSL_BIO_FILE #define BIO_TYPE_BIO WOLFSSL_BIO_BIO #define BIO_TYPE_MEM WOLFSSL_BIO_MEMORY #define BIO_TYPE_BASE64 WOLFSSL_BIO_BASE64 -#define BIO_printf wolfSSL_BIO_printf -#define BIO_dump wolfSSL_BIO_dump +#define BIO_vprintf wolfSSL_BIO_vprintf +#define BIO_printf wolfSSL_BIO_printf +#define BIO_dump wolfSSL_BIO_dump /* BIO info callback */ #define BIO_CB_FREE WOLFSSL_BIO_CB_FREE @@ -97,6 +100,10 @@ #define BIO_get_shutdown wolfSSL_BIO_get_shutdown #define BIO_set_shutdown wolfSSL_BIO_set_shutdown +#define BIO_clear_flags wolfSSL_BIO_clear_flags +#define BIO_set_ex_data wolfSSL_BIO_set_ex_data +#define BIO_get_ex_data wolfSSL_BIO_get_ex_data + /* helper to set specific retry/read flags */ #define BIO_set_retry_read(bio)\ wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ) diff --git a/source/libwolfssl/openssl/bn.h b/source/libwolfssl/openssl/bn.h index 93a63191..fdfb4c98 100644 --- a/source/libwolfssl/openssl/bn.h +++ b/source/libwolfssl/openssl/bn.h @@ -1,6 +1,6 @@ /* bn.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,6 +48,7 @@ typedef struct WOLFSSL_BIGNUM { } WOLFSSL_BIGNUM; +#define BN_ULONG WOLFSSL_BN_ULONG #define WOLFSSL_BN_ULONG mp_digit typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; @@ -63,6 +64,7 @@ WOLFSSL_API void wolfSSL_BN_init(WOLFSSL_BIGNUM *); #endif WOLFSSL_API void wolfSSL_BN_free(WOLFSSL_BIGNUM*); WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*); +WOLFSSL_API void wolfSSL_BN_clear(WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, @@ -83,6 +85,7 @@ WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*); @@ -108,11 +111,15 @@ WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int); +WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int); WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); WOLFSSL_API unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_mod_add(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, + WOLFSSL_BN_CTX *ctx); WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*); @@ -139,6 +146,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_init wolfSSL_BN_init #define BN_free wolfSSL_BN_free #define BN_clear_free wolfSSL_BN_clear_free +#define BN_clear wolfSSL_BN_clear #define BN_num_bytes wolfSSL_BN_num_bytes #define BN_num_bits wolfSSL_BN_num_bits @@ -147,6 +155,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_is_one wolfSSL_BN_is_one #define BN_is_odd wolfSSL_BN_is_odd #define BN_is_negative wolfSSL_BN_is_negative +#define BN_is_word wolfSSL_BN_is_word #define BN_cmp wolfSSL_BN_cmp @@ -179,8 +188,10 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_lshift wolfSSL_BN_lshift #define BN_add_word wolfSSL_BN_add_word #define BN_add wolfSSL_BN_add +#define BN_mod_add wolfSSL_BN_mod_add #define BN_set_word wolfSSL_BN_set_word #define BN_set_bit wolfSSL_BN_set_bit +#define BN_clear_bit wolfSSL_BN_clear_bit #define BN_is_prime_ex wolfSSL_BN_is_prime_ex @@ -193,6 +204,8 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_mod_inverse wolfSSL_BN_mod_inverse +#define BN_set_flags(x1, x2) + #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L #define BN_get_rfc2409_prime_768 wolfSSL_DH_768_prime #define BN_get_rfc2409_prime_1024 wolfSSL_DH_1024_prime diff --git a/source/libwolfssl/openssl/buffer.h b/source/libwolfssl/openssl/buffer.h index 3c1329bf..d74e31ed 100644 --- a/source/libwolfssl/openssl/buffer.h +++ b/source/libwolfssl/openssl/buffer.h @@ -1,6 +1,6 @@ /* buffer.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,10 +40,6 @@ WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf); #define BUF_MEM_grow wolfSSL_BUF_MEM_grow #define BUF_MEM_free wolfSSL_BUF_MEM_free -/* error codes */ -#define ERR_R_MALLOC_FAILURE MEMORY_E - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libwolfssl/openssl/conf.h b/source/libwolfssl/openssl/conf.h index 12a20c8c..373239ff 100644 --- a/source/libwolfssl/openssl/conf.h +++ b/source/libwolfssl/openssl/conf.h @@ -1,6 +1,6 @@ /* conf.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/crypto.h b/source/libwolfssl/openssl/crypto.h index 7d463585..8c27b594 100644 --- a/source/libwolfssl/openssl/crypto.h +++ b/source/libwolfssl/openssl/crypto.h @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,6 +35,7 @@ WOLFSSL_API const char* wolfSSLeay_version(int type); WOLFSSL_API unsigned long wolfSSLeay(void); +WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void); #ifdef OPENSSL_EXTRA WOLFSSL_API void wolfSSL_OPENSSL_free(void*); @@ -45,10 +46,13 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); #define SSLeay_version wolfSSLeay_version #define SSLeay wolfSSLeay +#define OpenSSL_version_num wolfSSL_OpenSSL_version_num -#define OpenSSL_version wolfSSLeay_version - -#define SSLEAY_VERSION 0x0090600fL +#ifdef WOLFSSL_QT + #define SSLEAY_VERSION 0x10001000L +#else + #define SSLEAY_VERSION 0x0090600fL +#endif #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION #define CRYPTO_lock wc_LockMutex_ex @@ -58,6 +62,12 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); #define OPENSSL_free wolfSSL_OPENSSL_free #define OPENSSL_malloc wolfSSL_OPENSSL_malloc +#ifdef WOLFSSL_QT + #define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L + #define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L + #define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +#endif + #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions diff --git a/source/libwolfssl/openssl/des.h b/source/libwolfssl/openssl/des.h index 7f04bd58..4e5953dc 100644 --- a/source/libwolfssl/openssl/des.h +++ b/source/libwolfssl/openssl/des.h @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -84,6 +84,7 @@ WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input, WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock*); WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock*, WOLFSSL_DES_cblock*, WOLFSSL_DES_key_schedule*, int); +WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock*); typedef WOLFSSL_DES_cblock DES_cblock; @@ -103,6 +104,7 @@ typedef WOLFSSL_DES_LONG DES_LONG; #define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt #define DES_ede3_cbc_encrypt wolfSSL_DES_ede3_cbc_encrypt #define DES_cbc_cksum wolfSSL_DES_cbc_cksum +#define DES_check_key_parity wolfSSL_DES_check_key_parity #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libwolfssl/openssl/dh.h b/source/libwolfssl/openssl/dh.h index 6d8a3497..5483bd2c 100644 --- a/source/libwolfssl/openssl/dh.h +++ b/source/libwolfssl/openssl/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,13 +25,19 @@ #ifndef WOLFSSL_DH_H_ #define WOLFSSL_DH_H_ -#include #include #ifdef __cplusplus extern "C" { #endif +#ifndef WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_DH WOLFSSL_DH; +#define WOLFSSL_DH_TYPE_DEFINED +#endif + +typedef WOLFSSL_DH DH; + struct WOLFSSL_DH { WOLFSSL_BIGNUM* p; WOLFSSL_BIGNUM* g; @@ -47,22 +53,28 @@ struct WOLFSSL_DH { int length; }; - +WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh, + const unsigned char **pp, long length); +WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out); WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); -WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*); +WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*); +WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes); WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*); WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*); WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* pub, WOLFSSL_DH*); +WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz); WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); -typedef WOLFSSL_DH DH; - #define DH_new wolfSSL_DH_new #define DH_free wolfSSL_DH_free +#define d2i_DHparams wolfSSL_d2i_DHparams +#define i2d_DHparams wolfSSL_i2d_DHparams +#define DH_check wolfSSL_DH_check + #define DH_size wolfSSL_DH_size #define DH_generate_key wolfSSL_DH_generate_key #define DH_compute_key wolfSSL_DH_compute_key @@ -71,6 +83,16 @@ typedef WOLFSSL_DH DH; #endif #define DH_bits(x) (BN_num_bits(x->p)) +#define DH_GENERATOR_2 2 +#define DH_CHECK_P_NOT_PRIME 0x01 +#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +#define DH_NOT_SUITABLE_GENERATOR 0x08 + +/* Temporary values for wolfSSL_DH_Check*/ +#define DH_CHECK_INVALID_Q_VALUE 0x10 +#define DH_CHECK_Q_NOT_PRIME 0x11 +/* end temp */ + /* for pre 1.1.0 */ #define get_rfc2409_prime_768 wolfSSL_DH_768_prime #define get_rfc2409_prime_1024 wolfSSL_DH_1024_prime diff --git a/source/libwolfssl/openssl/dsa.h b/source/libwolfssl/openssl/dsa.h index 7a2d0806..1de35fdf 100644 --- a/source/libwolfssl/openssl/dsa.h +++ b/source/libwolfssl/openssl/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,6 +31,11 @@ extern "C" { #endif +typedef struct WOLFSSL_DSA_SIG { + WOLFSSL_BIGNUM *r; + WOLFSSL_BIGNUM *s; +} WOLFSSL_DSA_SIG; + #ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */ typedef struct WOLFSSL_DSA WOLFSSL_DSA; #define WOLFSSL_DSA_TYPE_DEFINED @@ -65,6 +70,9 @@ WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits, WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz); +WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA*, const unsigned char*, + int sz, int opt); + WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa); @@ -72,13 +80,31 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck); +WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void); +WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig); +WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, + int outLen, WOLFSSL_DSA* dsa); +WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, + WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa); + +#define WOLFSSL_DSA_LOAD_PRIVATE 1 +#define WOLFSSL_DSA_LOAD_PUBLIC 2 + #define DSA_new wolfSSL_DSA_new #define DSA_free wolfSSL_DSA_free +#define DSA_LoadDer wolfSSL_DSA_LoadDer #define DSA_generate_key wolfSSL_DSA_generate_key #define DSA_generate_parameters wolfSSL_DSA_generate_parameters #define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex +#define DSA_SIG_new wolfSSL_DSA_SIG_new +#define DSA_SIG_free wolfSSL_DSA_SIG_free +#define DSA_do_sign wolfSSL_DSA_do_sign_ex +#define DSA_do_verify wolfSSL_DSA_do_verify_ex + + +#define DSA_SIG WOLFSSL_DSA_SIG #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libwolfssl/openssl/ec.h b/source/libwolfssl/openssl/ec.h index 17fd0c89..94ca2917 100644 --- a/source/libwolfssl/openssl/ec.h +++ b/source/libwolfssl/openssl/ec.h @@ -1,6 +1,6 @@ /* ec.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,29 +37,35 @@ enum { POINT_CONVERSION_UNCOMPRESSED = 4, #ifdef HAVE_ECC - /* Use ecc_curve_type enum values for NID */ - NID_X9_62_prime192v1 = ECC_SECP192R1, - NID_X9_62_prime256v1 = ECC_SECP256R1, - NID_secp112r1 = ECC_SECP112R1, - NID_secp112r2 = ECC_SECP112R2, - NID_secp128r1 = ECC_SECP128R1, - NID_secp128r2 = ECC_SECP128R2, - NID_secp160r1 = ECC_SECP160R1, - NID_secp160r2 = ECC_SECP160R2, - NID_secp224r1 = ECC_SECP224R1, - NID_secp384r1 = ECC_SECP384R1, - NID_secp521r1 = ECC_SECP521R1, - NID_secp160k1 = ECC_SECP160K1, - NID_secp192k1 = ECC_SECP192K1, - NID_secp224k1 = ECC_SECP224K1, - NID_secp256k1 = ECC_SECP256K1, - NID_brainpoolP160r1 = ECC_BRAINPOOLP160R1, - NID_brainpoolP192r1 = ECC_BRAINPOOLP192R1, - NID_brainpoolP224r1 = ECC_BRAINPOOLP224R1, - NID_brainpoolP256r1 = ECC_BRAINPOOLP256R1, - NID_brainpoolP320r1 = ECC_BRAINPOOLP320R1, - NID_brainpoolP384r1 = ECC_BRAINPOOLP384R1, - NID_brainpoolP512r1 = ECC_BRAINPOOLP512R1, + /* Use OpenSSL NIDs. NIDs can be mapped to ecc_curve_id enum values by + calling NIDToEccEnum() in ssl.c */ + NID_X9_62_prime192v1 = 409, + NID_X9_62_prime192v2 = 410, + NID_X9_62_prime192v3 = 411, + NID_X9_62_prime239v1 = 412, + NID_X9_62_prime239v2 = 413, + NID_X9_62_prime239v3 = 414, + NID_X9_62_prime256v1 = 415, + NID_secp112r1 = 704, + NID_secp112r2 = 705, + NID_secp128r1 = 706, + NID_secp128r2 = 707, + NID_secp160r1 = 709, + NID_secp160r2 = 710, + NID_secp224r1 = 713, + NID_secp384r1 = 715, + NID_secp521r1 = 716, + NID_secp160k1 = 708, + NID_secp192k1 = 711, + NID_secp224k1 = 712, + NID_secp256k1 = 714, + NID_brainpoolP160r1 = 921, + NID_brainpoolP192r1 = 923, + NID_brainpoolP224r1 = 925, + NID_brainpoolP256r1 = 927, + NID_brainpoolP320r1 = 929, + NID_brainpoolP384r1 = 931, + NID_brainpoolP512r1 = 933, #endif OPENSSL_EC_NAMED_CURVE = 0x001 @@ -69,12 +75,17 @@ enum { typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; +typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE; +/* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */ +typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD; #define WOLFSSL_EC_TYPE_DEFINED #endif typedef WOLFSSL_EC_KEY EC_KEY; typedef WOLFSSL_EC_GROUP EC_GROUP; +typedef WOLFSSL_EC_GROUP EC_METHOD; typedef WOLFSSL_EC_POINT EC_POINT; +typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve; struct WOLFSSL_EC_POINT { WOLFSSL_BIGNUM *X; @@ -100,12 +111,24 @@ struct WOLFSSL_EC_KEY { void* internal; /* our ECC Key */ char inSet; /* internal set from external ? */ char exSet; /* external set from internal ? */ + char form; /* Either POINT_CONVERSION_UNCOMPRESSED or + * POINT_CONVERSION_COMPRESSED */ }; +struct WOLFSSL_EC_BUILTIN_CURVE { + int nid; + const char *comment; +}; #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1 #define WOLFSSL_EC_KEY_LOAD_PUBLIC 2 +WOLFSSL_API +size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r,size_t nitems); + +WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src); + WOLFSSL_API int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, const WOLFSSL_EC_POINT *p, @@ -114,6 +137,25 @@ WOLFSSL_API int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p); WOLFSSL_API +size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *p, + char form, + byte *buf, size_t len, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group, + WOLFSSL_EC_POINT *p, const unsigned char *buf, + size_t len, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out); +WOLFSSL_API +void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form); +WOLFSSL_API +WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *p, + char form, + WOLFSSL_BIGNUM *in, WOLFSSL_BN_CTX *ctx); + +WOLFSSL_API int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* der, int derSz); WOLFSSL_API @@ -144,6 +186,10 @@ void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag); WOLFSSL_API int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub); +WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key); +WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, + int digestSz, unsigned char *sig, + unsigned int *sigSz, WOLFSSL_EC_KEY *key); WOLFSSL_API void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag); WOLFSSL_API @@ -159,8 +205,15 @@ WOLFSSL_API int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx); WOLFSSL_API +int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group); +WOLFSSL_API void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group); WOLFSSL_API +const WOLFSSL_EC_METHOD* wolfSSL_EC_GROUP_method_of( + const WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth); +WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group); WOLFSSL_API int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, @@ -169,6 +222,12 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *y, WOLFSSL_BN_CTX *ctx); WOLFSSL_API +int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, + WOLFSSL_EC_POINT *point, + const WOLFSSL_BIGNUM *x, + const WOLFSSL_BIGNUM *y, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, @@ -179,6 +238,8 @@ WOLFSSL_API int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API int wolfSSL_EC_POINT_copy(WOLFSSL_EC_POINT *dest, + const WOLFSSL_EC_POINT *src); WOLFSSL_API void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point); WOLFSSL_API @@ -192,8 +253,13 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, WOLFSSL_BN_CTX* ctx); #endif +#ifndef HAVE_ECC +#define OPENSSL_NO_EC +#endif + #define EC_KEY_new wolfSSL_EC_KEY_new #define EC_KEY_free wolfSSL_EC_KEY_free +#define EC_KEY_dup wolfSSL_EC_KEY_dup #define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key #define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group #define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key @@ -204,6 +270,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag #define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key +#define ECDSA_size wolfSSL_ECDSA_size +#define ECDSA_sign wolfSSL_ECDSA_sign + #define EC_GROUP_free wolfSSL_EC_GROUP_free #define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag #define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name @@ -211,21 +280,39 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name #define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree #define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order +#define EC_GROUP_order_bits wolfSSL_EC_GROUP_order_bits +#define EC_GROUP_method_of wolfSSL_EC_GROUP_method_of + +#define EC_METHOD_get_field_type wolfSSL_EC_METHOD_get_field_type #define EC_POINT_new wolfSSL_EC_POINT_new #define EC_POINT_free wolfSSL_EC_POINT_free #define EC_POINT_get_affine_coordinates_GFp \ wolfSSL_EC_POINT_get_affine_coordinates_GFp +#define EC_POINT_set_affine_coordinates_GFp \ + wolfSSL_EC_POINT_set_affine_coordinates_GFp #define EC_POINT_mul wolfSSL_EC_POINT_mul #define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free #define EC_POINT_cmp wolfSSL_EC_POINT_cmp +#define EC_POINT_copy wolfSSL_EC_POINT_copy #define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity +#define EC_get_builtin_curves wolfSSL_EC_get_builtin_curves + +#define ECPoint_i2d wolfSSL_ECPoint_i2d +#define ECPoint_d2i wolfSSL_ECPoint_d2i +#define EC_POINT_point2oct wolfSSL_EC_POINT_point2oct +#define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point +#define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn +#define i2o_ECPublicKey wolfSSL_i2o_ECPublicKey +#define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form + #ifndef HAVE_SELFTEST #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex #endif #define EC_POINT_dump wolfSSL_EC_POINT_dump +#define EC_get_builtin_curves wolfSSL_EC_get_builtin_curves #define EC_curve_nid2nist wolfSSL_EC_curve_nid2nist diff --git a/source/libwolfssl/openssl/ec25519.h b/source/libwolfssl/openssl/ec25519.h index 17231a57..180eb8e8 100644 --- a/source/libwolfssl/openssl/ec25519.h +++ b/source/libwolfssl/openssl/ec25519.h @@ -1,6 +1,6 @@ /* ec25519.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/ec448.h b/source/libwolfssl/openssl/ec448.h new file mode 100644 index 00000000..fb3b9005 --- /dev/null +++ b/source/libwolfssl/openssl/ec448.h @@ -0,0 +1,44 @@ +/* ec448.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ec448.h */ + +#ifndef WOLFSSL_EC448_H_ +#define WOLFSSL_EC448_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_API +int wolfSSL_EC448_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz); + +WOLFSSL_API +int wolfSSL_EC448_shared_key(unsigned char *shared, unsigned int *sharedSz, + const unsigned char *priv, unsigned int privSz, + const unsigned char *pub, unsigned int pubSz); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/source/libwolfssl/openssl/ecdh.h b/source/libwolfssl/openssl/ecdh.h index 2a2b6517..2652fcc1 100644 --- a/source/libwolfssl/openssl/ecdh.h +++ b/source/libwolfssl/openssl/ecdh.h @@ -1,6 +1,6 @@ /* ecdh.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/ecdsa.h b/source/libwolfssl/openssl/ecdsa.h index a7dab1d6..8ed51b4c 100644 --- a/source/libwolfssl/openssl/ecdsa.h +++ b/source/libwolfssl/openssl/ecdsa.h @@ -1,6 +1,6 @@ /* ecdsa.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,6 +25,7 @@ #define WOLFSSL_ECDSA_H_ #include +#include #ifdef __cplusplus diff --git a/source/libwolfssl/openssl/ed25519.h b/source/libwolfssl/openssl/ed25519.h index ba435bd8..579c653f 100644 --- a/source/libwolfssl/openssl/ed25519.h +++ b/source/libwolfssl/openssl/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/ed448.h b/source/libwolfssl/openssl/ed448.h new file mode 100644 index 00000000..b9411e92 --- /dev/null +++ b/source/libwolfssl/openssl/ed448.h @@ -0,0 +1,47 @@ +/* ed448.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ed448.h */ + +#ifndef WOLFSSL_ED448_H_ +#define WOLFSSL_ED448_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_API +int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz); +WOLFSSL_API +int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz, + const unsigned char *priv, unsigned int privSz, + unsigned char *sig, unsigned int *sigSz); +WOLFSSL_API +int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz, + const unsigned char *pub, unsigned int pubSz, + const unsigned char *sig, unsigned int sigSz); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/source/libwolfssl/openssl/err.h b/source/libwolfssl/openssl/err.h index cf0d309c..57566dce 100644 --- a/source/libwolfssl/openssl/err.h +++ b/source/libwolfssl/openssl/err.h @@ -1,6 +1,6 @@ /* err.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,11 +22,34 @@ #ifndef WOLFSSL_OPENSSL_ERR_ #define WOLFSSL_OPENSSL_ERR_ -#include +#include /* err.h for openssl */ #define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings +#define ERR_load_CRYPTO_strings wolfSSL_ERR_load_crypto_strings #define ERR_peek_last_error wolfSSL_ERR_peek_last_error +/* fatal error */ +#define ERR_R_MALLOC_FAILURE MEMORY_E +#define ERR_R_PASSED_NULL_PARAMETER BAD_FUNC_ARG +#define ERR_R_DISABLED NOT_COMPILED_IN +#define ERR_R_PASSED_INVALID_ARGUMENT BAD_FUNC_ARG +#define RSA_R_UNKNOWN_PADDING_TYPE RSA_PAD_E +#define EC_R_BUFFER_TOO_SMALL BUFFER_E + +/* SSL function codes */ +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 1 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 2 +#define SSL_F_SSL_USE_PRIVATEKEY 3 +#define EC_F_EC_GFP_SIMPLE_POINT2OCT 4 + +/* reasons */ +#define ERR_R_SYS_LIB 1 +#define PKCS12_R_MAC_VERIFY_FAILURE 2 + +#define RSAerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__) +#define SSLerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__) +#define ECerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__) + #endif /* WOLFSSL_OPENSSL_ERR_ */ diff --git a/source/libwolfssl/openssl/evp.h b/source/libwolfssl/openssl/evp.h index 7bad6af1..35014965 100644 --- a/source/libwolfssl/openssl/evp.h +++ b/source/libwolfssl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,10 +43,12 @@ #include #endif #include +#include #include #include #include #include +#include #include #include @@ -65,7 +67,8 @@ typedef char WOLFSSL_EVP_CIPHER; #ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */ typedef char WOLFSSL_EVP_MD; -typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; +typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; +typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX; #define WOLFSSL_EVP_TYPE_DEFINED #endif @@ -78,6 +81,7 @@ typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO; #ifndef NO_MD5 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void); #endif +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void); @@ -85,6 +89,11 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void); + WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void); @@ -93,6 +102,28 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void); #endif +#ifndef NO_AES +#ifdef WOLFSSL_AES_CFB +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb1(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb1(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb8(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb8(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb8(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb128(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb128(void); +#endif +#ifdef WOLFSSL_AES_OFB +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ofb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ofb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ofb(void); +#endif +#ifdef WOLFSSL_AES_XTS +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_xts(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_xts(void); +#endif +#endif /* NO_AES */ #if !defined(NO_AES) && defined(HAVE_AESGCM) WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void); @@ -108,6 +139,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void); typedef union { @@ -131,23 +163,42 @@ typedef union { #ifdef WOLFSSL_RIPEMD WOLFSSL_RIPEMD_CTX ripemd; #endif + #ifndef WOLFSSL_NOSHA3_224 + WOLFSSL_SHA3_224_CTX sha3_224; + #endif + #ifndef WOLFSSL_NOSHA3_256 + WOLFSSL_SHA3_256_CTX sha3_256; + #endif + WOLFSSL_SHA3_384_CTX sha3_384; + #ifndef WOLFSSL_NOSHA3_512 + WOLFSSL_SHA3_512_CTX sha3_512; + #endif } WOLFSSL_Hasher; typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX; +typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX; -typedef struct WOLFSSL_EVP_MD_CTX { +struct WOLFSSL_EVP_MD_CTX { union { WOLFSSL_Hasher digest; + #ifndef NO_HMAC Hmac hmac; + #endif } hash; - unsigned char macType; + enum wc_HashType macType; WOLFSSL_EVP_PKEY_CTX *pctx; -} WOLFSSL_EVP_MD_CTX; +#ifndef NO_HMAC + unsigned int isHMAC; +#endif +}; typedef union { #ifndef NO_AES Aes aes; +#ifdef WOLFSSL_AES_XTS + XtsAes xts; +#endif #endif #ifndef NO_DES3 Des des; @@ -157,6 +208,9 @@ typedef union { #ifdef HAVE_IDEA Idea idea; #endif +#ifdef WOLFSSL_QT + int (*ctrl) (WOLFSSL_EVP_CIPHER_CTX *, int type, int arg, void *ptr); +#endif } WOLFSSL_Cipher; @@ -188,11 +242,26 @@ enum { NID_sha1 = 64, NID_sha224 = 65, NID_md2 = 77, + NID_md4 = 257, NID_md5 = 4, NID_hmac = 855, NID_dhKeyAgreement= 28, EVP_PKEY_DH = NID_dhKeyAgreement, - EVP_PKEY_HMAC = NID_hmac + EVP_PKEY_HMAC = NID_hmac, + AES_128_CFB1_TYPE = 24, + AES_192_CFB1_TYPE = 25, + AES_256_CFB1_TYPE = 26, + AES_128_CFB8_TYPE = 27, + AES_192_CFB8_TYPE = 28, + AES_256_CFB8_TYPE = 29, + AES_128_CFB128_TYPE = 30, + AES_192_CFB128_TYPE = 31, + AES_256_CFB128_TYPE = 32, + AES_128_OFB_TYPE = 33, + AES_192_OFB_TYPE = 34, + AES_256_OFB_TYPE = 35, + AES_128_XTS_TYPE = 36, + AES_256_XTS_TYPE = 37 }; enum { @@ -213,6 +282,10 @@ enum { NID_ecdsa_with_SHA512 = 796, NID_dsa_with_SHA224 = 802, NID_dsa_with_SHA256 = 803, + NID_sha3_224 = 1096, + NID_sha3_256 = 1097, + NID_sha3_384 = 1098, + NID_sha3_512 = 1099, }; enum { @@ -233,10 +306,29 @@ enum { NID_des_ede3_cbc= 44, NID_des_ede3_ecb= 33, NID_idea_cbc = 34, + NID_aes_128_cfb1= 650, + NID_aes_192_cfb1= 651, + NID_aes_256_cfb1= 652, + NID_aes_128_cfb8= 653, + NID_aes_192_cfb8= 654, + NID_aes_256_cfb8= 655, + NID_aes_128_cfb128 = 421, + NID_aes_192_cfb128 = 425, + NID_aes_256_cfb128 = 429, + NID_aes_128_ofb = 420, + NID_aes_192_ofb = 424, + NID_aes_256_ofb = 428, + NID_aes_128_xts = 913, + NID_aes_256_xts = 914 }; +#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC +#define NID_dhKeyAgreement EVP_PKEY_DH +#define NID_rsaEncryption EVP_PKEY_RSA +#define NID_dsa EVP_PKEY_DSA + #define WOLFSSL_EVP_BUF_SIZE 16 -typedef struct WOLFSSL_EVP_CIPHER_CTX { +struct WOLFSSL_EVP_CIPHER_CTX { int keyLen; /* user may set for variable */ int block_size; unsigned long flags; @@ -248,21 +340,31 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { #elif !defined(NO_DES3) /* working iv pointer into cipher */ ALIGN16 unsigned char iv[DES_BLOCK_SIZE]; +#elif defined(HAVE_IDEA) + /* working iv pointer into cipher */ + ALIGN16 unsigned char iv[IDEA_BLOCK_SIZE]; #endif WOLFSSL_Cipher cipher; ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE]; int bufUsed; ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE]; int lastUsed; -#if defined(HAVE_AESGCM) +#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA) || \ + defined(HAVE_AESGCM) || defined (WOLFSSL_AES_XTS) +#define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV int ivSz; +#ifdef HAVE_AESGCM + byte* gcmDecryptBuffer; + int gcmDecryptBufferLen; +#endif ALIGN16 unsigned char authTag[AES_BLOCK_SIZE]; int authTagSz; #endif -} WOLFSSL_EVP_CIPHER_CTX; +}; -struct WOLFSSL_EVP_PKEY_CTX { +struct WOLFSSL_EVP_PKEY_CTX { WOLFSSL_EVP_PKEY *pkey; + WOLFSSL_EVP_PKEY *peerKey; int op; /* operation */ int padding; int nbits; @@ -275,6 +377,7 @@ typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; #define EVP_PKEY_OP_SIGN (1 << 3) #define EVP_PKEY_OP_ENCRYPT (1 << 6) #define EVP_PKEY_OP_DECRYPT (1 << 7) +#define EVP_PKEY_OP_DERIVE (1 << 8) WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); @@ -293,6 +396,7 @@ WOLFSSL_API int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx); WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx); WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name); WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name); +WOLFSSL_API int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type); @@ -326,7 +430,7 @@ WOLFSSL_API int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen); -WOLFSSL_API int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out, +WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, unsigned int* outSz, const WOLFSSL_EVP_MD* evp, WOLFSSL_ENGINE* eng); @@ -394,26 +498,40 @@ WOLFSSL_API int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, int keylen); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx, int ivLen); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, + int ivLen); WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, unsigned char* dst, unsigned char* src, unsigned int len); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int); +WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key); +WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); +WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); +WOLFSSL_API WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key); +WOLFSSL_API WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key); WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, const unsigned char* key, int keylen); @@ -432,6 +550,10 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e); WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits); +WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer); +WOLFSSL_API int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen); @@ -441,6 +563,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *in, size_t inlen); WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey); @@ -486,6 +609,7 @@ WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); WOLFSSL_API int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_cleanup(void); WOLFSSL_API int wolfSSL_add_all_algorithms(void); +WOLFSSL_API int wolfSSL_OpenSSL_add_all_algorithms_conf(void); WOLFSSL_API int wolfSSL_OpenSSL_add_all_algorithms_noconf(void); WOLFSSL_API int wolfSSL_EVP_read_pw_string(char*, int, const char*, int); @@ -499,6 +623,10 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, int saltlen, int iter, const WOLFSSL_EVP_MD *digest, int keylen, unsigned char *out); + +WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, + int* pHash, int* pHashSz); + #define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER #define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE #define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE @@ -507,6 +635,7 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, #define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE #define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE #define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE +#define EVP_CIPH_XTS_MODE WOLFSSL_EVP_CIPH_XTS_MODE #define WOLFSSL_EVP_CIPH_MODE 0x0007 #define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0 @@ -517,7 +646,9 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, #define WOLFSSL_EVP_CIPH_CTR_MODE 0x5 #define WOLFSSL_EVP_CIPH_GCM_MODE 0x6 #define WOLFSSL_EVP_CIPH_CCM_MODE 0x7 +#define WOLFSSL_EVP_CIPH_XTS_MODE 0x10 #define WOLFSSL_EVP_CIPH_NO_PADDING 0x100 +#define EVP_CIPH_VARIABLE_LENGTH 0x200 #define WOLFSSL_EVP_CIPH_TYPE_INIT 0xff /* end OpenSSH compat */ @@ -534,6 +665,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_md5 wolfSSL_EVP_md5 #endif #define EVP_sha1 wolfSSL_EVP_sha1 +#define EVP_mdc2 wolfSSL_EVP_mdc2 #define EVP_dds1 wolfSSL_EVP_sha1 #define EVP_sha224 wolfSSL_EVP_sha224 #define EVP_sha256 wolfSSL_EVP_sha256 @@ -541,25 +673,44 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_sha512 wolfSSL_EVP_sha512 #define EVP_ripemd160 wolfSSL_EVP_ripemd160 -#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc -#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc -#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc -#define EVP_aes_128_gcm wolfSSL_EVP_aes_128_gcm -#define EVP_aes_192_gcm wolfSSL_EVP_aes_192_gcm -#define EVP_aes_256_gcm wolfSSL_EVP_aes_256_gcm -#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb -#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb -#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb -#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr -#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr -#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr -#define EVP_des_cbc wolfSSL_EVP_des_cbc -#define EVP_des_ecb wolfSSL_EVP_des_ecb -#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc -#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb -#define EVP_rc4 wolfSSL_EVP_rc4 -#define EVP_idea_cbc wolfSSL_EVP_idea_cbc -#define EVP_enc_null wolfSSL_EVP_enc_null +#define EVP_sha3_224 wolfSSL_EVP_sha3_224 +#define EVP_sha3_256 wolfSSL_EVP_sha3_256 +#define EVP_sha3_384 wolfSSL_EVP_sha3_384 +#define EVP_sha3_512 wolfSSL_EVP_sha3_512 + +#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc +#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc +#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc +#define EVP_aes_128_cfb1 wolfSSL_EVP_aes_128_cfb1 +#define EVP_aes_192_cfb1 wolfSSL_EVP_aes_192_cfb1 +#define EVP_aes_256_cfb1 wolfSSL_EVP_aes_256_cfb1 +#define EVP_aes_128_cfb8 wolfSSL_EVP_aes_128_cfb8 +#define EVP_aes_192_cfb8 wolfSSL_EVP_aes_192_cfb8 +#define EVP_aes_256_cfb8 wolfSSL_EVP_aes_256_cfb8 +#define EVP_aes_128_cfb128 wolfSSL_EVP_aes_128_cfb128 +#define EVP_aes_192_cfb128 wolfSSL_EVP_aes_192_cfb128 +#define EVP_aes_256_cfb128 wolfSSL_EVP_aes_256_cfb128 +#define EVP_aes_128_ofb wolfSSL_EVP_aes_128_ofb +#define EVP_aes_192_ofb wolfSSL_EVP_aes_192_ofb +#define EVP_aes_256_ofb wolfSSL_EVP_aes_256_ofb +#define EVP_aes_128_xts wolfSSL_EVP_aes_128_xts +#define EVP_aes_256_xts wolfSSL_EVP_aes_256_xts +#define EVP_aes_128_gcm wolfSSL_EVP_aes_128_gcm +#define EVP_aes_192_gcm wolfSSL_EVP_aes_192_gcm +#define EVP_aes_256_gcm wolfSSL_EVP_aes_256_gcm +#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb +#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb +#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb +#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr +#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr +#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr +#define EVP_des_cbc wolfSSL_EVP_des_cbc +#define EVP_des_ecb wolfSSL_EVP_des_ecb +#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc +#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb +#define EVP_rc4 wolfSSL_EVP_rc4 +#define EVP_idea_cbc wolfSSL_EVP_idea_cbc +#define EVP_enc_null wolfSSL_EVP_enc_null #define EVP_MD_size wolfSSL_EVP_MD_size #define EVP_MD_CTX_new wolfSSL_EVP_MD_CTX_new @@ -568,6 +719,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_MD_CTX_destroy wolfSSL_EVP_MD_CTX_free #define EVP_MD_CTX_init wolfSSL_EVP_MD_CTX_init #define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup +#define EVP_MD_CTX_reset wolfSSL_EVP_MD_CTX_cleanup #define EVP_MD_CTX_md wolfSSL_EVP_MD_CTX_md #define EVP_MD_CTX_type wolfSSL_EVP_MD_CTX_type #define EVP_MD_CTX_size wolfSSL_EVP_MD_CTX_size @@ -597,6 +749,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length #define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length #define EVP_CIPHER_CTX_mode wolfSSL_EVP_CIPHER_CTX_mode +#define EVP_CIPHER_CTX_cipher wolfSSL_EVP_CIPHER_CTX_cipher #define EVP_CIPHER_iv_length wolfSSL_EVP_CIPHER_iv_length #define EVP_CIPHER_key_length wolfSSL_EVP_Cipher_key_length @@ -620,6 +773,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_DecryptFinal_ex wolfSSL_EVP_CipherFinal #define EVP_CIPHER_CTX_free wolfSSL_EVP_CIPHER_CTX_free +#define EVP_CIPHER_CTX_reset wolfSSL_EVP_CIPHER_CTX_reset #define EVP_CIPHER_CTX_new wolfSSL_EVP_CIPHER_CTX_new #define EVP_get_cipherbynid wolfSSL_EVP_get_cipherbynid @@ -627,13 +781,22 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname #define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname +#define EVP_PKEY_assign wolfSSL_EVP_PKEY_assign #define EVP_PKEY_assign_RSA wolfSSL_EVP_PKEY_assign_RSA +#define EVP_PKEY_assign_DSA wolfSSL_EVP_PKEY_assign_DSA +#define EVP_PKEY_assign_DH wolfSSL_EVP_PKEY_assign_DH #define EVP_PKEY_assign_EC_KEY wolfSSL_EVP_PKEY_assign_EC_KEY #define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_set1_DSA wolfSSL_EVP_PKEY_set1_DSA +#define EVP_PKEY_get0_RSA wolfSSL_EVP_PKEY_get0_RSA #define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA -#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA #define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA +#define EVP_PKEY_set1_EC_KEY wolfSSL_EVP_PKEY_set1_EC_KEY #define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY +#define EVP_PKEY_set1_DH wolfSSL_EVP_PKEY_set1_DH +#define EVP_PKEY_get0_DH wolfSSL_EVP_PKEY_get0_DH +#define EVP_PKEY_get1_DH wolfSSL_EVP_PKEY_get1_DH +#define EVP_PKEY_get0_EC_KEY wolfSSL_EVP_PKEY_get0_EC_KEY #define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac #define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key #define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy @@ -648,11 +811,14 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding #define EVP_PKEY_CTX_new_id wolfSSL_EVP_PKEY_CTX_new_id #define EVP_PKEY_CTX_set_rsa_keygen_bits wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits +#define EVP_PKEY_derive_init wolfSSL_EVP_PKEY_derive_init +#define EVP_PKEY_derive_set_peer wolfSSL_EVP_PKEY_derive_set_peer +#define EVP_PKEY_derive wolfSSL_EVP_PKEY_derive #define EVP_PKEY_decrypt wolfSSL_EVP_PKEY_decrypt #define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init #define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt #define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init -#define EVP_PKEY_new wolfSSL_PKEY_new +#define EVP_PKEY_new wolfSSL_EVP_PKEY_new #define EVP_PKEY_free wolfSSL_EVP_PKEY_free #define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref #define EVP_PKEY_size wolfSSL_EVP_PKEY_size @@ -677,16 +843,28 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_clear_flags wolfSSL_EVP_CIPHER_CTX_clear_flags #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding #define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags +#define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv #define EVP_add_digest wolfSSL_EVP_add_digest #define EVP_add_cipher wolfSSL_EVP_add_cipher #define EVP_cleanup wolfSSL_EVP_cleanup #define EVP_read_pw_string wolfSSL_EVP_read_pw_string +#define EVP_rc2_cbc wolfSSL_EVP_rc2_cbc #define OpenSSL_add_all_digests() wolfSSL_EVP_init() #define OpenSSL_add_all_ciphers() wolfSSL_EVP_init() #define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms #define OpenSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf +#define OpenSSL_add_all_algorithms_conf wolfSSL_OpenSSL_add_all_algorithms_conf + #define wolfSSL_OPENSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf +#define wolfSSL_OPENSSL_add_all_algorithms_conf wolfSSL_OpenSSL_add_all_algorithms_conf + +/* provides older OpenSSL API compatibility */ +#define OPENSSL_add_all_algorithms OpenSSL_add_all_algorithms +#define OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms_noconf +#define OPENSSL_add_all_algorithms_conf OpenSSL_add_all_algorithms_conf + +#define NO_PADDING_BLOCK_SIZE 1 #define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1 #define PKCS5_PBKDF2_HMAC wolfSSL_PKCS5_PBKDF2_HMAC @@ -700,14 +878,26 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CTRL_AEAD_GET_TAG 0x10 #define EVP_CTRL_AEAD_SET_TAG 0x11 #define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +#define EVP_CTRL_GCM_IV_GEN 0x13 #define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN #define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG #define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED + +#define EVP_PKEY_print_private(arg1, arg2, arg3, arg4) #ifndef EVP_MAX_MD_SIZE #define EVP_MAX_MD_SIZE 64 /* sha512 */ #endif +#ifndef EVP_MAX_KEY_LENGTH +#define EVP_MAX_KEY_LENGTH 64 +#endif + +#ifndef EVP_MAX_IV_LENGTH +#define EVP_MAX_IV_LENGTH 16 +#endif + #ifndef EVP_MAX_BLOCK_LENGTH #define EVP_MAX_BLOCK_LENGTH 32 /* 2 * blocklen(AES)? */ /* They define this as 32. Using the same value here. */ @@ -717,6 +907,25 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_MAX_IV_LENGTH 16 #endif + +#define EVP_R_BAD_DECRYPT (-MIN_CODE_E + 100 + 1) +#define EVP_R_BN_DECODE_ERROR (-MIN_CODE_E + 100 + 2) +#define EVP_R_DECODE_ERROR (-MIN_CODE_E + 100 + 3) +#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4) + +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA 6 +#define EVP_PKEY_RSA2 19 +#define EVP_PKEY_DH 28 +#define EVP_CIPHER_mode WOLFSSL_CIPHER_mode +/* WOLFSSL_EVP_CIPHER is just the string name of the cipher */ +#define EVP_CIPHER_name(x) x +#define EVP_MD_CTX_reset wolfSSL_EVP_MD_CTX_cleanup +/* WOLFSSL_EVP_MD is just the string name of the digest */ +#define EVP_MD_name(x) x +#define EVP_CIPHER_nid wolfSSL_EVP_CIPHER_nid + + WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k); #ifdef __cplusplus diff --git a/source/libwolfssl/openssl/hmac.h b/source/libwolfssl/openssl/hmac.h index 5f0d2e37..0fc5b36f 100644 --- a/source/libwolfssl/openssl/hmac.h +++ b/source/libwolfssl/openssl/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -58,6 +58,7 @@ typedef struct WOLFSSL_HMAC_CTX { } WOLFSSL_HMAC_CTX; +WOLFSSL_API WOLFSSL_HMAC_CTX* wolfSSL_HMAC_CTX_new(void); WOLFSSL_API int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx); WOLFSSL_API int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src); @@ -71,18 +72,24 @@ WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, unsigned int* len); WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx); +WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx); +WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx); typedef struct WOLFSSL_HMAC_CTX HMAC_CTX; #define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g)) +#define HMAC_CTX_new wolfSSL_HMAC_CTX_new #define HMAC_CTX_init wolfSSL_HMAC_CTX_Init #define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy +#define HMAC_CTX_free wolfSSL_HMAC_CTX_free +#define HMAC_CTX_reset wolfSSL_HMAC_cleanup #define HMAC_Init_ex wolfSSL_HMAC_Init_ex #define HMAC_Init wolfSSL_HMAC_Init #define HMAC_Update wolfSSL_HMAC_Update #define HMAC_Final wolfSSL_HMAC_Final #define HMAC_cleanup wolfSSL_HMAC_cleanup +#define HMAC_size wolfSSL_HMAC_size #ifdef __cplusplus diff --git a/source/libwolfssl/openssl/md4.h b/source/libwolfssl/openssl/md4.h index 2a296f75..eb539eaa 100644 --- a/source/libwolfssl/openssl/md4.h +++ b/source/libwolfssl/openssl/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/md5.h b/source/libwolfssl/openssl/md5.h index 44721272..9534091e 100644 --- a/source/libwolfssl/openssl/md5.h +++ b/source/libwolfssl/openssl/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/obj_mac.h b/source/libwolfssl/openssl/obj_mac.h new file mode 100644 index 00000000..6d0f9004 --- /dev/null +++ b/source/libwolfssl/openssl/obj_mac.h @@ -0,0 +1,50 @@ +/* obj_mac.h + * + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* obj_mac.h for openSSL */ + +#ifndef WOLFSSL_OBJ_MAC_H_ +#define WOLFSSL_OBJ_MAC_H_ +#ifdef __cplusplus + extern "C" { +#endif + +#define NID_sect163k1 721 +#define NID_sect163r1 722 +#define NID_sect163r2 723 +#define NID_sect193r1 724 +#define NID_sect193r2 725 +#define NID_sect233k1 726 +#define NID_sect233r1 727 +#define NID_sect239k1 728 +#define NID_sect283k1 729 +#define NID_sect283r1 730 +#define NID_sect409k1 731 +#define NID_sect409r1 732 +#define NID_sect571k1 733 +#define NID_sect571r1 734 + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_OBJ_MAC_H_ */ + diff --git a/source/libwolfssl/openssl/objects.h b/source/libwolfssl/openssl/objects.h index e12443a4..49a6c9d9 100644 --- a/source/libwolfssl/openssl/objects.h +++ b/source/libwolfssl/openssl/objects.h @@ -1,6 +1,6 @@ /* objects.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,6 +38,7 @@ #define OBJ_obj2nid wolfSSL_OBJ_obj2nid #define OBJ_sn2nid wolfSSL_OBJ_sn2nid #define OBJ_nid2ln wolfSSL_OBJ_nid2ln +#define OBJ_ln2nid wolfSSL_OBJ_ln2nid #define OBJ_txt2nid wolfSSL_OBJ_txt2nid #define OBJ_txt2obj wolfSSL_OBJ_txt2obj #define OBJ_nid2obj wolfSSL_OBJ_nid2obj diff --git a/source/libwolfssl/openssl/ocsp.h b/source/libwolfssl/openssl/ocsp.h index 8689ede7..7e2e76f5 100644 --- a/source/libwolfssl/openssl/ocsp.h +++ b/source/libwolfssl/openssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/opensslv.h b/source/libwolfssl/openssl/opensslv.h index 4bc495ee..7f82800d 100644 --- a/source/libwolfssl/openssl/opensslv.h +++ b/source/libwolfssl/openssl/opensslv.h @@ -1,6 +1,6 @@ /* opensslv.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,10 +30,11 @@ /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100000L #elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENVPN) /* version number can be increased for Lighty after compatibility for ECDH is added */ - #define OPENSSL_VERSION_NUMBER 0x10001000L + #define OPENSSL_VERSION_NUMBER 0x10001040L #else #define OPENSSL_VERSION_NUMBER 0x0090810fL #endif diff --git a/source/libwolfssl/openssl/ossl_typ.h b/source/libwolfssl/openssl/ossl_typ.h index 65b00c72..6ed23a59 100644 --- a/source/libwolfssl/openssl/ossl_typ.h +++ b/source/libwolfssl/openssl/ossl_typ.h @@ -1,2 +1,32 @@ -/* ossl_typ.h for openssl */ +/* ossl_typ.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +/*! + \file wolfssl/openssl/ossl_typ.h +*/ + + +#ifndef WOLFSSL_OSSL_TYP_H_ +#define WOLFSSL_OSSL_TYP_H_ + +#include + +#endif /* !WOLFSSL_OSSL_TYP_H_ */ diff --git a/source/libwolfssl/openssl/pem.h b/source/libwolfssl/openssl/pem.h index 93295d3f..02a22a85 100644 --- a/source/libwolfssl/openssl/pem.h +++ b/source/libwolfssl/openssl/pem.h @@ -1,6 +1,6 @@ /* pem.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -91,6 +91,19 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, const EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb* cb, void* arg); + +WOLFSSL_API +WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_DSA** dsa, + pem_password_cb* cb,void *pass); + +WOLFSSL_API +WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa, + pem_password_cb* cb, void *pass); + +WOLFSSL_API +int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa); + WOLFSSL_API int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, @@ -112,6 +125,14 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, const EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb* cb, void* arg); +WOLFSSL_API +WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EC_KEY** ec, + pem_password_cb* cb, + void *pass); +WOLFSSL_API +int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec); + WOLFSSL_API int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key, const EVP_CIPHER* cipher, @@ -125,6 +146,11 @@ int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *key, pem_password_cb *cb, void *u); WOLFSSL_API int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *key); + +WOLFSSL_API +WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_EC_KEY** ec, + pem_password_cb* cb, void *pass); #endif /* NO_FILESYSTEM */ /* EVP_KEY */ @@ -205,11 +231,17 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); /* DSA */ #define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey #define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey +#define PEM_write_bio_DSA_PUBKEY wolfSSL_PEM_write_bio_DSA_PUBKEY #define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY +#define PEM_read_bio_DSAPrivateKey wolfSSL_PEM_read_bio_DSAPrivateKey +#define PEM_read_bio_DSA_PUBKEY wolfSSL_PEM_read_bio_DSA_PUBKEY /* ECC */ #define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey +#define PEM_write_bio_EC_PUBKEY wolfSSL_PEM_write_bio_EC_PUBKEY #define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY #define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey +#define PEM_read_bio_ECPrivateKey wolfSSL_PEM_read_bio_ECPrivateKey +#define PEM_read_bio_EC_PUBKEY wolfSSL_PEM_read_bio_EC_PUBKEY /* EVP_KEY */ #define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey #define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY diff --git a/source/libwolfssl/openssl/pkcs12.h b/source/libwolfssl/openssl/pkcs12.h index 7d028a5b..8a20f267 100644 --- a/source/libwolfssl/openssl/pkcs12.h +++ b/source/libwolfssl/openssl/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/pkcs7.h b/source/libwolfssl/openssl/pkcs7.h index 8938d07a..43cbd4da 100644 --- a/source/libwolfssl/openssl/pkcs7.h +++ b/source/libwolfssl/openssl/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/rand.h b/source/libwolfssl/openssl/rand.h index edf2f75f..27552c63 100644 --- a/source/libwolfssl/openssl/rand.h +++ b/source/libwolfssl/openssl/rand.h @@ -1,6 +1,6 @@ /* rand.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/rc4.h b/source/libwolfssl/openssl/rc4.h index 16a130da..3dec6f27 100644 --- a/source/libwolfssl/openssl/rc4.h +++ b/source/libwolfssl/openssl/rc4.h @@ -1,6 +1,6 @@ /* rc4.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/ripemd.h b/source/libwolfssl/openssl/ripemd.h index 8d7f4226..e159f8e8 100644 --- a/source/libwolfssl/openssl/ripemd.h +++ b/source/libwolfssl/openssl/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/openssl/rsa.h b/source/libwolfssl/openssl/rsa.h index 4e82b575..ef4d977d 100644 --- a/source/libwolfssl/openssl/rsa.h +++ b/source/libwolfssl/openssl/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,7 +26,8 @@ #define WOLFSSL_RSA_H_ #include - +#include +#include #ifdef __cplusplus extern "C" { @@ -38,32 +39,62 @@ #define RSA_PKCS1_PSS_PADDING 2 #define RSA_NO_PADDING 3 +/* Emulate OpenSSL flags */ +#define RSA_METHOD_FLAG_NO_CHECK (1 << 1) +#define RSA_FLAG_CACHE_PUBLIC (1 << 2) +#define RSA_FLAG_CACHE_PRIVATE (1 << 3) +#define RSA_FLAG_BLINDING (1 << 4) +#define RSA_FLAG_THREAD_SAFE (1 << 5) +#define RSA_FLAG_EXT_PKEY (1 << 6) +#define RSA_FLAG_NO_BLINDING (1 << 7) +#define RSA_FLAG_NO_CONSTTIME (1 << 8) + +/* Salt length same as digest length */ +#define RSA_PSS_SALTLEN_DIGEST -1 +/* Old max salt length */ +#define RSA_PSS_SALTLEN_MAX_SIGN -2 +/* Max salt length */ +#define RSA_PSS_SALTLEN_MAX -3 + +typedef struct WOLFSSL_RSA_METHOD { + int flags; + char *name; +} WOLFSSL_RSA_METHOD; + #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ -typedef struct WOLFSSL_RSA WOLFSSL_RSA; #define WOLFSSL_RSA_TYPE_DEFINED -#endif - -typedef WOLFSSL_RSA RSA; - -struct WOLFSSL_RSA { +typedef struct WOLFSSL_RSA { #ifdef WC_RSA_BLINDING WC_RNG* rng; /* for PrivateDecrypt blinding */ #endif - WOLFSSL_BIGNUM* n; - WOLFSSL_BIGNUM* e; - WOLFSSL_BIGNUM* d; - WOLFSSL_BIGNUM* p; - WOLFSSL_BIGNUM* q; - WOLFSSL_BIGNUM* dmp1; /* dP */ - WOLFSSL_BIGNUM* dmq1; /* dQ */ - WOLFSSL_BIGNUM* iqmp; /* u */ + WOLFSSL_BIGNUM* n; + WOLFSSL_BIGNUM* e; + WOLFSSL_BIGNUM* d; + WOLFSSL_BIGNUM* p; + WOLFSSL_BIGNUM* q; + WOLFSSL_BIGNUM* dmp1; /* dP */ + WOLFSSL_BIGNUM* dmq1; /* dQ */ + WOLFSSL_BIGNUM* iqmp; /* u */ void* heap; void* internal; /* our RSA */ char inSet; /* internal set from external ? */ char exSet; /* external set from internal ? */ char ownRng; /* flag for if the rng should be free'd */ -}; +#if defined(OPENSSL_EXTRA) + WOLFSSL_RSA_METHOD* meth; +#endif +#if defined(HAVE_EX_DATA) + WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */ +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + wolfSSL_Mutex refMutex; /* ref count mutex */ + int refCount; /* reference count */ +#endif +} WOLFSSL_RSA; +#endif +typedef WOLFSSL_RSA RSA; +typedef WOLFSSL_RSA_METHOD RSA_METHOD; WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void); WOLFSSL_API void wolfSSL_RSA_free(WOLFSSL_RSA*); @@ -95,8 +126,25 @@ WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*); WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz); WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt); -WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, - const WOLFSSL_BIGNUM **n, const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d); +WOLFSSL_API WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags); +WOLFSSL_API void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth); +WOLFSSL_API int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *rsa, void* p); +WOLFSSL_API int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth); +WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa); +WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void); + +WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n, + const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d); +WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e, + WOLFSSL_BIGNUM *d); +WOLFSSL_API int wolfSSL_RSA_flags(const WOLFSSL_RSA *r); +WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags); + +WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa); + +WOLFSSL_API void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx); +WOLFSSL_API int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data); + #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 @@ -117,6 +165,27 @@ WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, #define RSA_verify wolfSSL_RSA_verify #define RSA_public_decrypt wolfSSL_RSA_public_decrypt +#define RSA_meth_new wolfSSL_RSA_meth_new +#define RSA_meth_free wolfSSL_RSA_meth_free +#define RSA_meth_set_pub_enc wolfSSL_RSA_meth_set +#define RSA_meth_set_pub_dec wolfSSL_RSA_meth_set +#define RSA_meth_set_priv_enc wolfSSL_RSA_meth_set +#define RSA_meth_set_priv_dec wolfSSL_RSA_meth_set +#define RSA_meth_set_init wolfSSL_RSA_meth_set +#define RSA_meth_set_finish wolfSSL_RSA_meth_set +#define RSA_meth_set0_app_data wolfSSL_RSA_meth_set +#define RSA_get_default_method wolfSSL_RSA_get_default_method +#define RSA_get_method wolfSSL_RSA_get_method +#define RSA_set_method wolfSSL_RSA_set_method +#define RSA_get0_key wolfSSL_RSA_get0_key +#define RSA_set0_key wolfSSL_RSA_set0_key +#define RSA_flags wolfSSL_RSA_flags +#define RSA_set_flags wolfSSL_RSA_set_flags + +#define RSAPublicKey_dup wolfSSL_RSAPublicKey_dup +#define RSA_get_ex_data wolfSSL_RSA_get_ex_data +#define RSA_set_ex_data wolfSSL_RSA_set_ex_data + #define RSA_get0_key wolfSSL_RSA_get0_key #define RSA_F4 WOLFSSL_RSA_F4 diff --git a/source/libwolfssl/openssl/sha.h b/source/libwolfssl/openssl/sha.h index 5734b9dc..d589754b 100644 --- a/source/libwolfssl/openssl/sha.h +++ b/source/libwolfssl/openssl/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -77,8 +77,8 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; #ifdef WOLFSSL_SHA224 /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256 - * struct are 16 byte aligned. Any derefrence to those elements after casting to - * Sha224, is expected to also be 16 byte aligned addresses. */ + * struct are 16 byte aligned. Any dereference to those elements after casting + * to Sha224, is expected to also be 16 byte aligned addresses. */ typedef struct WOLFSSL_SHA224_CTX { /* big enough to hold wolfcrypt Sha224, but check on init */ ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; @@ -104,8 +104,8 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX; /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256 - * struct are 16 byte aligned. Any derefrence to those elements after casting to - * Sha256, is expected to also be 16 byte aligned addresses. */ + * struct are 16 byte aligned. Any dereference to those elements after casting + * to Sha256, is expected to also be 16 byte aligned addresses. */ typedef struct WOLFSSL_SHA256_CTX { /* big enough to hold wolfcrypt Sha256, but check on init */ ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; diff --git a/source/libwolfssl/openssl/sha3.h b/source/libwolfssl/openssl/sha3.h new file mode 100644 index 00000000..c3b405b4 --- /dev/null +++ b/source/libwolfssl/openssl/sha3.h @@ -0,0 +1,150 @@ +/* sha3.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* sha3.h for openssl */ + + +#ifndef WOLFSSL_SHA3_H_ +#define WOLFSSL_SHA3_H_ + +#include +#include + +#ifdef WOLFSSL_PREFIX +#include "prefix_sha.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha3 + * struct are 16 byte aligned. Any dereference to those elements after casting + * to Sha3 is expected to also be 16 byte aligned addresses. */ +struct WOLFSSL_SHA3_CTX { + /* big enough to hold wolfcrypt Sha3, but check on init */ + ALIGN16 void* holder[(424 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +}; + +#ifndef WOLFSSL_NOSHA3_224 +typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_224_CTX; + +WOLFSSL_API int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX*); +WOLFSSL_API int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX*, const void*, + unsigned long); +WOLFSSL_API int wolfSSL_SHA3_224_Final(unsigned char*, WOLFSSL_SHA3_224_CTX*); + +enum { + SHA3_224_DIGEST_LENGTH = 28 +}; + +typedef WOLFSSL_SHA3_224_CTX SHA3_224_CTX; + +#define SHA3_224_Init wolfSSL_SHA3_224_Init +#define SHA3_224_Update wolfSSL_SHA3_224_Update +#define SHA3_224_Final wolfSSL_SHA3_224_Final +#if defined(NO_OLD_WC_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + #define SHA3_224 wolfSSL_SHA3_224 +#endif +#endif /* WOLFSSL_NOSHA3_224 */ + + +#ifndef WOLFSSL_NOSHA3_256 +typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_256_CTX; + + +WOLFSSL_API int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX*); +WOLFSSL_API int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX*, const void*, + unsigned long); +WOLFSSL_API int wolfSSL_SHA3_256_Final(unsigned char*, WOLFSSL_SHA3_256_CTX*); + +enum { + SHA3_256_DIGEST_LENGTH = 32 +}; + + +typedef WOLFSSL_SHA3_256_CTX SHA3_256_CTX; + +#define SHA3_256_Init wolfSSL_SHA3_256_Init +#define SHA3_256_Update wolfSSL_SHA3_256_Update +#define SHA3_256_Final wolfSSL_SHA3_256_Final +#if defined(NO_OLD_WC_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + #define SHA3_256 wolfSSL_SHA3_256 +#endif +#endif /* WOLFSSL_NOSHA3_256 */ + + +typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_384_CTX; + +WOLFSSL_API int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX*); +WOLFSSL_API int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX*, const void*, + unsigned long); +WOLFSSL_API int wolfSSL_SHA3_384_Final(unsigned char*, WOLFSSL_SHA3_384_CTX*); + +enum { + SHA3_384_DIGEST_LENGTH = 48 +}; + +typedef WOLFSSL_SHA3_384_CTX SHA3_384_CTX; + +#define SHA3_384_Init wolfSSL_SHA3_384_Init +#define SHA3_384_Update wolfSSL_SHA3_384_Update +#define SHA3_384_Final wolfSSL_SHA3_384_Final +#if defined(NO_OLD_WC_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + #define SHA3_384 wolfSSL_SHA3_384 +#endif + + +#ifndef WOLFSSL_NOSHA3_512 + +typedef struct WOLFSSL_SHA3_CTX WOLFSSL_SHA3_512_CTX; + +WOLFSSL_API int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX*); +WOLFSSL_API int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX*, const void*, + unsigned long); +WOLFSSL_API int wolfSSL_SHA3_512_Final(unsigned char*, WOLFSSL_SHA3_512_CTX*); + +enum { + SHA3_512_DIGEST_LENGTH = 64 +}; + + +typedef WOLFSSL_SHA3_512_CTX SHA3_512_CTX; + +#define SHA3_512_Init wolfSSL_SHA3_512_Init +#define SHA3_512_Update wolfSSL_SHA3_512_Update +#define SHA3_512_Final wolfSSL_SHA3_512_Final +#if defined(NO_OLD_WC_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + #define SHA3_512 wolfSSL_SHA3_512 +#endif +#endif /* WOLFSSL_NOSHA3_512 */ + + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL_SHA3_H_ */ + diff --git a/source/libwolfssl/openssl/ssl.h b/source/libwolfssl/openssl/ssl.h index ad6bc11d..c1ed8f41 100644 --- a/source/libwolfssl/openssl/ssl.h +++ b/source/libwolfssl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,11 +35,21 @@ #include #endif /* OPENSSL_EXTRA_SSL_GUARD */ +#include #include +#include #ifdef OPENSSL_EXTRA #include #endif +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +#include +#include +#endif + +/* need MIN_CODE_E to determine wolfSSL error range */ +#include + /* all NID_* values are in asn.h */ #include @@ -89,6 +99,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER; typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT; typedef WOLFSSL_ASN1_STRING ASN1_STRING; typedef WOLFSSL_ASN1_TYPE ASN1_TYPE; +typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value; typedef WOLFSSL_BUF_MEM BUF_MEM; typedef WOLFSSL_GENERAL_NAMES GENERAL_NAMES; @@ -108,12 +119,18 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define EVP_CIPHER_INFO EncryptedInfo #define STACK_OF(x) WOLFSSL_STACK +#define OPENSSL_STACK WOLFSSL_STACK +#define _STACK OPENSSL_STACK -#define CRYPTO_free XFREE -#define CRYPTO_malloc XMALLOC +#define CONF_get1_default_config_file wolfSSL_CONF_get1_default_config_file +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +#define CRYPTO_free(xp) XFREE(xp, NULL, DYNAMIC_TYPE_TMP_BUFFER) +#define CRYPTO_malloc(sz) XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER) #define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new #define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup #define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free +#define CRYPTO_EX_DATA WOLFSSL_CRYPTO_EX_DATA /* depreciated */ #define CRYPTO_thread_id wolfSSL_thread_id @@ -132,6 +149,8 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define CRYPTO_dynlock_value WOLFSSL_dynlock_value #define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data +#define set_ex_data wolfSSL_CRYPTO_set_ex_data +#define get_ex_data wolfSSL_CRYPTO_get_ex_data /* this function was used to set the default malloc, free, and realloc */ #define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */ @@ -189,6 +208,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define TLSv1_3_method wolfTLSv1_3_method #define TLSv1_3_server_method wolfTLSv1_3_server_method #define TLSv1_3_client_method wolfTLSv1_3_client_method +#define TLS_method wolfSSLv23_method #define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1 @@ -199,13 +219,20 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define DTLSv1_server_method wolfDTLSv1_server_method #define DTLSv1_2_client_method wolfDTLSv1_2_client_method #define DTLSv1_2_server_method wolfDTLSv1_2_server_method + #define DTLS_method wolfDTLS_method #endif #ifndef NO_FILESYSTEM #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file +#ifdef WOLFSSL_APACHE_HTTPD + #define SSL_CTX_load_verify_locations(ctx,file,path) \ + wolfSSL_CTX_load_verify_locations_ex(ctx,file,path,\ + WOLFSSL_LOAD_FLAG_IGNORE_ERR) +#else #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations +#endif #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file @@ -216,6 +243,9 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #endif #define SSL_CTX_new(method) wolfSSL_CTX_new((WOLFSSL_METHOD*)(method)) +#ifdef OPENSSL_EXTRA +#define SSL_CTX_up_ref wolfSSL_CTX_up_ref +#endif #define SSL_new wolfSSL_new #define SSL_set_fd wolfSSL_set_fd #define SSL_get_fd wolfSSL_get_fd @@ -236,20 +266,31 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown #define SSL_get_error wolfSSL_get_error #define SSL_set_session wolfSSL_set_session -#define SSL_get_session wolfSSL_get_session +#define SSL_get_session(x) wolfSSL_get_session((WOLFSSL*) (x)) +#define SSL_SESSION_get0_peer wolfSSL_SESSION_get0_peer #define SSL_flush_sessions wolfSSL_flush_sessions /* assume unlimited temporarily */ #define SSL_CTX_get_session_cache_mode(ctx) 0 #define SSL_CTX_set_verify wolfSSL_CTX_set_verify +#define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback #define SSL_set_verify wolfSSL_set_verify #define SSL_set_verify_result wolfSSL_set_verify_result #define SSL_pending wolfSSL_pending #define SSL_load_error_strings wolfSSL_load_error_strings #define SSL_library_init wolfSSL_library_init +#define OpenSSL_add_ssl_algorithms wolfSSL_library_init #define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode #define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list +#define SSL_CTX_set_ciphersuites wolfSSL_CTX_set_cipher_list #define SSL_set_cipher_list wolfSSL_set_cipher_list +/* wolfSSL does not support security levels */ +#define SSL_CTX_set_security_level(...) +/* wolfSSL does not support exporting keying material */ +#define SSL_export_keying_material(...) 0 + +#define SSL_CTX_set1_groups_list wolfSSL_CTX_set1_groups_list +#define SSL_set1_groups_list wolfSSL_set1_groups_list #define SSL_set_ex_data wolfSSL_set_ex_data #define SSL_get_shutdown wolfSSL_get_shutdown @@ -260,6 +301,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_set_connect_state wolfSSL_set_connect_state #define SSL_set_accept_state wolfSSL_set_accept_state #define SSL_session_reused wolfSSL_session_reused +#define SSL_SESSION_dup wolfSSL_SESSION_dup #define SSL_SESSION_free wolfSSL_SESSION_free #define SSL_is_init_finished wolfSSL_is_init_finished @@ -272,7 +314,8 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name #define SSL_CIPHER_get_version wolfSSL_CIPHER_get_version #define SSL_CIPHER_get_id wolfSSL_CIPHER_get_id -#define SSL_CIPHER_get_rfc_name wolfSSL_CIPHER_get_rfc_name +#define SSL_CIPHER_get_rfc_name wolfSSL_CIPHER_get_name +#define SSL_CIPHER_standard_name wolfSSL_CIPHER_get_name #define SSL_get_cipher_by_value wolfSSL_get_cipher_by_value #define SSL_get1_session wolfSSL_get1_session @@ -283,6 +326,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + #define SSL_MODE_RELEASE_BUFFERS 0x00000010U #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define X509_get_ext wolfSSL_X509_get_ext #define X509_cmp wolfSSL_X509_cmp @@ -291,9 +335,13 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data #define X509_EXTENSION_new wolfSSL_X509_EXTENSION_new #define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free + #define X509_gmtime_adj wolfSSL_X509_gmtime_adj #endif #define DSA_dup_DH wolfSSL_DSA_dup_DH +/* wolfSSL does not support DSA as the cert public key */ +#define EVP_PKEY_get0_DSA(...) NULL +#define DSA_bits(...) 0 #define i2d_X509_bio wolfSSL_i2d_X509_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio @@ -301,11 +349,13 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 +#define PEM_read_bio_X509_CRL wolfSSL_PEM_read_bio_X509_CRL #define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX #define PEM_read_X509 wolfSSL_PEM_read_X509 #define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio #define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 #define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX +#define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio #define i2d_PrivateKey wolfSSL_i2d_PrivateKey #define i2d_X509_REQ wolfSSL_i2d_X509_REQ @@ -324,13 +374,12 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define X509_digest wolfSSL_X509_digest #define X509_get_ext_count wolfSSL_X509_get_ext_count #define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i -#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID #define X509_get_ext wolfSSL_X509_get_ext #define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID -#define X509_add_ext wolfSSL_X509_add_ext #define X509_get_issuer_name wolfSSL_X509_get_issuer_name #define X509_get_subject_name wolfSSL_X509_get_subject_name #define X509_get_pubkey wolfSSL_X509_get_pubkey +#define X509_get0_pubkey wolfSSL_X509_get_pubkey #define X509_get_notBefore wolfSSL_X509_get_notBefore #define X509_get_notAfter wolfSSL_X509_get_notAfter #define X509_get_serialNumber wolfSSL_X509_get_serialNumber @@ -399,9 +448,12 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define X509_NAME_free wolfSSL_X509_NAME_free #define X509_NAME_dup wolfSSL_X509_NAME_dup #define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID +#define X509_NAME_get_index_by_OBJ wolfSSL_X509_NAME_get_index_by_OBJ #define X509_NAME_cmp wolfSSL_X509_NAME_cmp +#define X509_NAME_ENTRY_new wolfSSL_X509_NAME_ENTRY_new #define X509_NAME_ENTRY_free wolfSSL_X509_NAME_ENTRY_free #define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID +#define X509_NAME_ENTRY_create_by_txt wolfSSL_X509_NAME_ENTRY_create_by_txt #define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry #define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt #define X509_NAME_add_entry_by_NID wolfSSL_X509_NAME_add_entry_by_NID @@ -453,12 +505,21 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init #define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup #define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error +#define X509_STORE_CTX_set_error_depth wolfSSL_X509_STORE_CTX_set_error_depth #define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data #define X509_STORE_CTX_set_ex_data wolfSSL_X509_STORE_CTX_set_ex_data #define X509_STORE_CTX_set_depth wolfSSL_X509_STORE_CTX_set_depth +#define X509_STORE_CTX_verify_cb WOLFSSL_X509_STORE_CTX_verify_cb #define X509_STORE_CTX_get0_current_issuer \ wolfSSL_X509_STORE_CTX_get0_current_issuer #define X509_STORE_CTX_get0_store wolfSSL_X509_STORE_CTX_get0_store +#define X509_STORE_CTX_get0_cert wolfSSL_X509_STORE_CTX_get0_cert + +#define X509_STORE_set_verify_cb(s, c) \ +wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c)) +#define X509_STORE_set_verify_cb_func(s, c) \ +wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c)) + #define X509_STORE_new wolfSSL_X509_STORE_new #define X509_STORE_free wolfSSL_X509_STORE_free @@ -493,7 +554,15 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY #define X509_get0_tbs_sigalg wolfSSL_X509_get0_tbs_sigalg #define X509_PUBKEY_get0_param wolfSSL_X509_PUBKEY_get0_param +#define X509_PUBKEY_get wolfSSL_X509_PUBKEY_get +#define X509_PUBKEY_set wolfSSL_X509_PUBKEY_set #define X509_ALGOR_get0 wolfSSL_X509_ALGOR_get0 +#define X509_ALGOR_set0 wolfSSL_X509_ALGOR_set0 + +#define X509_ALGOR_new wolfSSL_X509_ALGOR_new +#define X509_ALGOR_free wolfSSL_X509_ALGOR_free +#define X509_PUBKEY_new wolfSSL_X509_PUBKEY_new +#define X509_PUBKEY_free wolfSSL_X509_PUBKEY_free #define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num #define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value @@ -501,6 +570,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents #define X509_subject_name_hash wolfSSL_X509_subject_name_hash +#define X509_check_purpose(...) 0 + #define OCSP_parse_url wolfSSL_OCSP_parse_url #define MD4_Init wolfSSL_MD4_Init @@ -530,9 +601,12 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define BIO_f_ssl wolfSSL_BIO_f_ssl #define BIO_new_socket wolfSSL_BIO_new_socket #define SSL_set_bio wolfSSL_set_bio +#define BIO_set_ssl wolfSSL_BIO_set_ssl #define BIO_eof wolfSSL_BIO_eof #define BIO_set_ss wolfSSL_BIO_set_ss +#define BIO_f_md wolfSSL_BIO_f_md +#define BIO_get_md_ctx wolfSSL_BIO_get_md_ctx #define BIO_s_mem wolfSSL_BIO_s_mem #define BIO_f_base64 wolfSSL_BIO_f_base64 #define BIO_set_flags wolfSSL_BIO_set_flags @@ -559,10 +633,16 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method #define SSL_get_ex_new_index wolfSSL_get_ex_new_index +#define RSA_get_ex_new_index wolfSSL_get_ex_new_index +#define ASN1_BIT_STRING_new wolfSSL_ASN1_BIT_STRING_new +#define ASN1_BIT_STRING_free wolfSSL_ASN1_BIT_STRING_free +#define ASN1_BIT_STRING_get_bit wolfSSL_ASN1_BIT_STRING_get_bit +#define ASN1_BIT_STRING_set_bit wolfSSL_ASN1_BIT_STRING_set_bit -typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; +#define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free +#define ASN1_TIME_free wolfSSL_ASN1_TIME_free #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime @@ -599,7 +679,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_load_client_CA_file wolfSSL_load_client_CA_file -#define SSL_CTX_get_client_CA_list wolfSSL_SSL_CTX_get_client_CA_list +#define SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list #define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list #define SSL_CTX_set_client_cert_cb wolfSSL_CTX_set_client_cert_cb #define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store @@ -624,6 +704,10 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define RSA_generate_key wolfSSL_RSA_generate_key #define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback #define RSA_print wolfSSL_RSA_print +#define RSA_bits wolfSSL_RSA_size +#define RSA_up_ref wolfSSL_RSA_up_ref +#define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS +#define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS #define PEM_def_callback wolfSSL_PEM_def_callback @@ -674,6 +758,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SYS_F_IOCTLSOCKET WOLFSSL_SYS_IOCTLSOCKET #define SYS_F_LISTEN WOLFSSL_SYS_LISTEN +#define ERR_GET_LIB wolfSSL_ERR_GET_LIB #define ERR_GET_REASON wolfSSL_ERR_GET_REASON #define ERR_put_error wolfSSL_ERR_put_error @@ -686,6 +771,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data #define ERR_get_error wolfSSL_ERR_get_error #define ERR_print_errors_fp(file) wolfSSL_ERR_dump_errors_fp((file)) +#define ERR_print_errors_cb wolfSSL_ERR_print_errors_cb #define ERR_print_errors wolfSSL_ERR_print_errors #define ERR_clear_error wolfSSL_ERR_clear_error #define ERR_free_strings wolfSSL_ERR_free_strings @@ -696,8 +782,13 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define ERR_reason_error_string wolfSSL_ERR_reason_error_string #define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings -#define PEMerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_PEM,\ +#ifndef WOLFCRYPT_ONLY +#define PEMerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_PEM, \ (func), (reason), __FILE__, __LINE__) +#else +#define PEMerr(func, reason) WOLFSSL_ERROR_LINE((reason), \ + NULL, __LINE__, __FILE__, NULL) +#endif #define SSLv23_server_method wolfSSLv23_server_method #define SSL_CTX_set_options wolfSSL_CTX_set_options @@ -725,7 +816,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define BIO_prf wolfSSL_BIO_prf #define sk_num wolfSSL_sk_num +#define sk_ASN1_OBJECT_num wolfSSL_sk_num #define sk_value wolfSSL_sk_value +#define sk_ASN1_OBJECT_value wolfSSL_sk_value #define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio #define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp @@ -765,13 +858,14 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; /*#endif*/ #define CONF_modules_unload(a) +#define CONF_get1_default_config_file wolfSSL_CONF_get1_default_config_file #define SSL_get_hit wolfSSL_session_reused /* yassl had set the default to be 500 */ #define SSL_get_default_timeout(ctx) 500 -#define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (Timeval*)(timeleft)) +#define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (WOLFSSL_TIMEVAL*)(timeleft)) #define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration @@ -780,6 +874,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #endif #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate +#define SSL_CTX_add1_chain_cert wolfSSL_CTX_add1_chain_cert #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey #define BIO_read_filename wolfSSL_BIO_read_filename #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth @@ -790,10 +885,13 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_dup_CA_list wolfSSL_dup_CA_list +#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find + enum { GEN_DNS = 0x02, /* ASN_DNS_TYPE */ GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */ GEN_URI = 0x06, /* ASN_URI_TYPE */ + GEN_IPADD = 0x07, GEN_RID = 0x08, /* Registered ID, not supported */ }; @@ -816,7 +914,8 @@ enum { #define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free #define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX) #include #define SSL_CTRL_CHAIN 88 @@ -845,7 +944,7 @@ enum { #define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0) #define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \ (char *)(arg)) -#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */ #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh @@ -887,6 +986,7 @@ enum { #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 #define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TMP_ECDH 4 #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 @@ -896,8 +996,8 @@ enum { #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -#define SSL_CTRL_SET_TMP_DH 3 #define SSL_CTRL_EXTRA_CHAIN_CERT 14 +#define SSL_CTRL_OPTIONS 32 #define SSL_CTRL_SET_SESS_CACHE_SIZE 42 #define SSL_CTRL_GET_READ_AHEAD 40 @@ -907,9 +1007,11 @@ enum { #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +#define SSL_CTRL_GET_SESSION_REUSED 0 #define SSL_ctrl wolfSSL_ctrl #define SSL_CTX_ctrl wolfSSL_CTX_ctrl +#define SSL_CTX_callback_ctrl wolfSSL_CTX_callback_ctrl #define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ @@ -944,7 +1046,7 @@ enum { #define SSL_CTX_flush_sessions wolfSSL_flush_sessions #define SSL_CTX_add_session wolfSSL_CTX_add_session -#define SSL_version wolfSSL_version +#define SSL_version(x) wolfSSL_version ((WOLFSSL*) (x)) #define SSL_get_state wolfSSL_get_state #define SSL_state_string_long wolfSSL_state_string_long @@ -958,12 +1060,15 @@ enum { #define SSL_SESSION_get_id wolfSSL_SESSION_get_id #define SSL_SESSION_print wolfSSL_SESSION_print #define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free +#define sk_GENERAL_NAME_free wolfSSL_sk_GENERAL_NAME_free +#define sk_ASN1_OBJECT_pop_free wolfSSL_sk_ASN1_OBJECT_pop_free #define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free #define GENERAL_NAMES_free wolfSSL_GENERAL_NAMES_free #define AUTHORITY_INFO_ACCESS_free wolfSSL_AUTHORITY_INFO_ACCESS_free #define sk_ACCESS_DESCRIPTION_pop_free wolfSSL_sk_ACCESS_DESCRIPTION_pop_free -#define ACCESS_DESCRIPTION_free NULL +#define sk_ACCESS_DESCRIPTION_free wolfSSL_sk_ACCESS_DESCRIPTION_free +#define ACCESS_DESCRIPTION_free wolfSSL_ACCESS_DESCRIPTION_free #define SSL3_AL_FATAL 2 #define SSL_TLSEXT_ERR_OK 0 @@ -999,15 +1104,20 @@ enum { * PEM_read_bio_X509 is called and the return error is lost. * The error that needs to be detected is: SSL_NO_PEM_HEADER. */ -#define ERR_GET_LIB(l) (int)((((unsigned long)l) >> 24L) & 0xffL) #define ERR_GET_FUNC(l) (int)((((unsigned long)l) >> 12L) & 0xfffL) #define PEM_F_PEM_DEF_CALLBACK 100 -#define PEM_R_NO_START_LINE 108 -#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +/* Avoid wolfSSL error code range */ +#define PEM_R_NO_START_LINE (-MIN_CODE_E + 1) +#define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2) +#define PEM_R_BAD_PASSWORD_READ (-MIN_CODE_E + 3) +#define PEM_R_BAD_DECRYPT (-MIN_CODE_E + 4) + #define ERR_LIB_PEM 9 #define ERR_LIB_X509 10 +#define ERR_LIB_EVP 11 +#define ERR_LIB_ASN1 12 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ @@ -1073,11 +1183,15 @@ enum { #define SSL_set_alpn_protos wolfSSL_set_alpn_protos #define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated #define SSL_is_server wolfSSL_is_server -#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_ALL || HAVE_LIGHTY */ +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list +#define SSL_set1_curves_list wolfSSL_set1_curves_list +#endif + #ifdef OPENSSL_EXTRA #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA #define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password @@ -1086,10 +1200,6 @@ enum { #define SSL_get0_param wolfSSL_get0_param #define ERR_NUM_ERRORS 16 -#define EVP_PKEY_NONE NID_undef -#define EVP_PKEY_RSA 6 -#define EVP_PKEY_RSA2 19 -#define EVP_PKEY_DH 28 #define SN_pkcs9_emailAddress "Email" #define LN_pkcs9_emailAddress "emailAddress" #define NID_pkcs9_emailAddress 48 @@ -1110,6 +1220,15 @@ enum { #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) #define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) +#define X509_STORE_get0_objects wolfSSL_X509_STORE_get0_objects +#define sk_X509_OBJECT_num wolfSSL_sk_X509_OBJECT_num +#define sk_X509_OBJECT_value wolfSSL_sk_X509_OBJECT_value +#define sk_X509_OBJECT_delete wolfSSL_sk_X509_OBJECT_delete +#define X509_OBJECT_free wolfSSL_X509_OBJECT_free +#define X509_OBJECT_get_type(x) 0 + +#define OpenSSL_version(x) wolfSSL_lib_version() + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libwolfssl/openssl/stack.h b/source/libwolfssl/openssl/stack.h index 39404705..13e2c5d4 100644 --- a/source/libwolfssl/openssl/stack.h +++ b/source/libwolfssl/openssl/stack.h @@ -1,6 +1,6 @@ /* stack.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,19 +30,15 @@ typedef void (*wolfSSL_sk_freefunc)(void *); -WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK *); +WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc); WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *); WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data); WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *)); -WOLFSSL_API -void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk); +WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk); WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void); -WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); -WOLFSSL_API -int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher); -WOLFSSL_API -WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); +WOLFSSL_API int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher); +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_cipher(void); #define OPENSSL_sk_free wolfSSL_sk_free diff --git a/source/libwolfssl/openssl/tls1.h b/source/libwolfssl/openssl/tls1.h new file mode 100644 index 00000000..b73a8b0a --- /dev/null +++ b/source/libwolfssl/openssl/tls1.h @@ -0,0 +1,46 @@ +/* tls1.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_OPENSSL_TLS1_H_ +#define WOLFSSL_OPENSSL_TLS1_H_ + +#ifndef TLS1_VERSION +#define TLS1_VERSION 0x0301 +#endif + +#ifndef TLS1_1_VERSION +#define TLS1_1_VERSION 0x0302 +#endif + +#ifndef TLS1_2_VERSION +#define TLS1_2_VERSION 0x0303 +#endif + +#ifndef TLS1_3_VERSION +#define TLS1_3_VERSION 0x0304 +#endif + +#ifndef TLS_MAX_VERSION +#define TLS_MAX_VERSION TLS1_3_VERSION +#endif + +#endif /* WOLFSSL_OPENSSL_TLS1_H_ */ diff --git a/source/libwolfssl/openssl/x509.h b/source/libwolfssl/openssl/x509.h index df500aaa..483e77a3 100644 --- a/source/libwolfssl/openssl/x509.h +++ b/source/libwolfssl/openssl/x509.h @@ -1,7 +1,10 @@ /* x509.h for openssl */ #include +#include #include +#include +#include /* wolfSSL_X509_print_ex flags */ #define X509_FLAG_COMPAT (0UL) @@ -18,3 +21,6 @@ #define X509_FLAG_NO_AUX (1UL << 10) #define X509_FLAG_NO_ATTRIBUTES (1UL << 11) #define X509_FLAG_NO_IDS (1UL << 12) + +#define XN_FLAG_FN_SN 0 +#define XN_FLAG_SEP_CPLUS_SPC 2 diff --git a/source/libwolfssl/openssl/x509_vfy.h b/source/libwolfssl/openssl/x509_vfy.h index 54afb670..b94b97a0 100644 --- a/source/libwolfssl/openssl/x509_vfy.h +++ b/source/libwolfssl/openssl/x509_vfy.h @@ -1 +1,45 @@ -/* x509_vfy.h for openssl */ +/* x509_vfy.h + * + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* x509_vfy.h for openSSL */ + +#ifndef WOLFSSL_x509_vfy_H_ +#define WOLFSSL_x509_vfy_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose); +#endif + +#ifdef WOLFSSL_QT + #define X509_STORE_CTX_set_purpose wolfSSL_X509_STORE_CTX_set_purpose +#endif + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* WOLFSSL_x509_vfy_H_ */ diff --git a/source/libwolfssl/openssl/x509v3.h b/source/libwolfssl/openssl/x509v3.h index caa9c171..0de6b142 100644 --- a/source/libwolfssl/openssl/x509v3.h +++ b/source/libwolfssl/openssl/x509v3.h @@ -1,6 +1,6 @@ /* x509v3.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,8 +31,13 @@ extern "C" { #endif +#define X509_PURPOSE_SSL_CLIENT 0 +#define X509_PURPOSE_SSL_SERVER 1 + +#define NS_SSL_CLIENT 0 +#define NS_SSL_SERVER 1 + /* Forward reference */ -typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method; typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) ( @@ -53,6 +58,14 @@ struct WOLFSSL_v3_ext_method { X509V3_EXT_I2R i2r; }; +struct WOLFSSL_X509_EXTENSION { + WOLFSSL_ASN1_OBJECT *obj; + WOLFSSL_ASN1_BOOLEAN crit; + WOLFSSL_ASN1_STRING value; + WOLFSSL_v3_ext_method ext_method; + WOLFSSL_STACK* ext_sk; /* For extension specific data */ +}; + #define WOLFSSL_ASN1_BOOLEAN int #define GEN_OTHERNAME 0 #define GEN_EMAIL 1 @@ -68,14 +81,6 @@ struct WOLFSSL_v3_ext_method { #define X509V3_CTX WOLFSSL_X509V3_CTX -struct WOLFSSL_X509_EXTENSION { - WOLFSSL_ASN1_OBJECT *obj; - WOLFSSL_ASN1_BOOLEAN crit; - WOLFSSL_ASN1_STRING value; - WOLFSSL_v3_ext_method ext_method; - WOLFSSL_STACK* ext_sk; /* For extension specific data */ -}; - typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID; typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; @@ -98,7 +103,6 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, #define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING #define X509V3_EXT_get wolfSSL_X509V3_EXT_get #define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i -#define X509V3_EXT_print wolfSSL_X509V3_EXT_print #define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING #define X509V3_EXT_print wolfSSL_X509V3_EXT_print #define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid diff --git a/source/libwolfssl/sniffer.h b/source/libwolfssl/sniffer.h index 29cfc96e..abf76497 100644 --- a/source/libwolfssl/sniffer.h +++ b/source/libwolfssl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -98,13 +98,6 @@ enum { * information associated with the SSL session. */ -#if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) - #define WOLFSSL_PACK __attribute__ ((packed)) -#else - #define WOLFSSL_PACK -#endif - - typedef struct SSLInfo { unsigned char isValid; @@ -117,7 +110,7 @@ typedef struct SSLInfo /* cipher name, e.g., "TLS_RSA_..." */ unsigned char serverNameIndication[128]; unsigned int keySize; -} WOLFSSL_PACK SSLInfo; +} SSLInfo; WOLFSSL_API diff --git a/source/libwolfssl/sniffer_error.h b/source/libwolfssl/sniffer_error.h index a63e1d01..d4e83692 100644 --- a/source/libwolfssl/sniffer_error.h +++ b/source/libwolfssl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/ssl.h b/source/libwolfssl/ssl.h index e246accf..f5513e33 100644 --- a/source/libwolfssl/ssl.h +++ b/source/libwolfssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,6 +34,7 @@ #include #include #include +#include #ifdef HAVE_WOLF_EVENT #include @@ -42,16 +43,6 @@ /* used internally by wolfSSL while OpenSSL types aren't */ #include -#ifndef NO_FILESYSTEM - #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - #if MQX_USE_IO_OLD - #include - #else - #include - #endif - #endif -#endif - #ifdef WOLFSSL_PREFIX #include "prefix_ssl.h" #endif @@ -126,12 +117,14 @@ typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY; typedef struct WOLFSSL_X509_ALGOR WOLFSSL_X509_ALGOR; typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12; +typedef struct WOLFSSL_X509_INFO WOLFSSL_X509_INFO; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; typedef struct WOLFSSL_CRL WOLFSSL_CRL; +typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX; -typedef void *WOLFSSL_X509_STORE_CTX_verify_cb; /* verify callback */ +typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *); /* redeclare guard */ #define WOLFSSL_TYPES_DEFINED @@ -158,6 +151,9 @@ typedef struct WOLFSSL_DSA WOLFSSL_DSA; typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; +typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE; +/* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */ +typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD; #define WOLFSSL_EC_TYPE_DEFINED #endif @@ -176,14 +172,17 @@ typedef struct WOLFSSL_BIO WOLFSSL_BIO; typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE; -typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; +typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method; typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; +#ifndef WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */ typedef struct WOLFSSL_DH WOLFSSL_DH; +#define WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */ +#endif typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE; @@ -210,13 +209,6 @@ struct WOLFSSL_BASIC_CONSTRAINTS { #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME #define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME - -struct WOLFSSL_ASN1_TIME { - unsigned char data[CTC_DATE_SIZE]; /* date bytes */ - int length; - int type; -}; - struct WOLFSSL_ASN1_STRING { char strData[CTC_NAME_SIZE]; int length; @@ -228,10 +220,6 @@ struct WOLFSSL_ASN1_STRING { #define WOLFSSL_MAX_SNAME 40 -#if defined(HAVE_EX_DATA) || defined(FORTRESS) - #define MAX_EX_DATA 5 /* allow for five items of ex_data */ -#endif - #define WOLFSSL_ASN1_DYNAMIC 0x1 #define WOLFSSL_ASN1_DYNAMIC_DATA 0x2 @@ -282,7 +270,7 @@ struct WOLFSSL_ASN1_OBJECT { int grp; /* type of OID, i.e. oidCertPolicyType */ int nid; unsigned int objSz; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_APACHE_HTTPD) int ca; WOLFSSL_ASN1_INTEGER *pathlen; #endif @@ -341,10 +329,18 @@ struct WOLFSSL_EVP_PKEY { WOLFSSL_RSA* rsa; byte ownRsa; /* if struct owns RSA and should free it */ #endif + #ifndef NO_DSA + WOLFSSL_DSA* dsa; + byte ownDsa; /* if struct owns DSA and should free it */ + #endif #ifdef HAVE_ECC WOLFSSL_EC_KEY* ecc; byte ownEcc; /* if struct owns ECC and should free it */ #endif + #ifndef NO_DH + WOLFSSL_DH* dh; + byte ownDh; /* if struct owns DH and should free it */ + #endif WC_RNG rng; #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef HAVE_ECC @@ -352,9 +348,9 @@ struct WOLFSSL_EVP_PKEY { #endif }; typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO; - #ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */ typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; +typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX; typedef char WOLFSSL_EVP_MD; #define WOLFSSL_EVP_TYPE_DEFINED #endif @@ -374,16 +370,22 @@ struct WOLFSSL_X509_INFO { char *enc_data; int num; }; -typedef struct WOLFSSL_X509_INFO WOLFSSL_X509_INFO; #define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #define wolfSSL_SSL_MODE_RELEASE_BUFFERS 0x00000010U + #define wolfSSL_SSL_CTRL_SET_TMP_ECDH 4 +#endif + struct WOLFSSL_X509_ALGOR { WOLFSSL_ASN1_OBJECT* algorithm; + WOLFSSL_ASN1_TYPE* parameter; }; struct WOLFSSL_X509_PUBKEY { WOLFSSL_X509_ALGOR* algor; + WOLFSSL_EVP_PKEY* pkey; int pubKeyOID; }; @@ -395,7 +397,8 @@ enum BIO_TYPE { WOLFSSL_BIO_MEMORY = 4, WOLFSSL_BIO_BIO = 5, WOLFSSL_BIO_FILE = 6, - WOLFSSL_BIO_BASE64 = 7 + WOLFSSL_BIO_BASE64 = 7, + WOLFSSL_BIO_MD = 8 }; enum BIO_FLAGS { @@ -462,7 +465,7 @@ struct WOLFSSL_BIO { WOLFSSL_BIO* next; /* next in chain */ WOLFSSL_BIO* pair; /* BIO paired with */ void* heap; /* user heap hint */ - void* ptr; /* WOLFSSL, file descriptor or memory buffer */ + void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */ void* usrCtx; /* user set pointer */ char* infoArg; /* BIO callback argument */ wolf_bio_info_cb infoCb; /* BIO callback */ @@ -476,9 +479,11 @@ struct WOLFSSL_BIO { byte type; /* method type */ byte init:1; /* bio has been initialized */ byte shutdown:1; /* close flag */ +#ifdef HAVE_EX_DATA + WOLFSSL_CRYPTO_EX_DATA ex_data; +#endif }; - typedef struct WOLFSSL_COMP_METHOD { int type; /* stunnel dereference */ } WOLFSSL_COMP_METHOD; @@ -505,6 +510,12 @@ struct WOLFSSL_X509_STORE { int isDynamic; WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ #endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; +#endif +#ifdef HAVE_EX_DATA + WOLFSSL_CRYPTO_EX_DATA ex_data; +#endif #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) WOLFSSL_X509_CRL *crl; #endif @@ -555,7 +566,7 @@ typedef struct WOLFSSL_BUFFER_INFO { unsigned int length; } WOLFSSL_BUFFER_INFO; -typedef struct WOLFSSL_X509_STORE_CTX { +struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ #ifdef WOLFSSL_ASIO @@ -568,9 +579,9 @@ typedef struct WOLFSSL_X509_STORE_CTX { #endif char* domain; /* subject CN domain name */ #if defined(HAVE_EX_DATA) || defined(FORTRESS) - void* ex_data[MAX_EX_DATA]; /* external data */ + WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */ #endif -#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA) int depth; /* used in X509_STORE_CTX_*_depth */ #endif void* userCtx; /* user ctx */ @@ -580,7 +591,7 @@ typedef struct WOLFSSL_X509_STORE_CTX { int totalCerts; /* number of peer cert buffers */ WOLFSSL_BUFFER_INFO* certs; /* peer certs */ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ -} WOLFSSL_X509_STORE_CTX; +}; typedef char* WOLFSSL_STRING; @@ -617,6 +628,7 @@ enum AlertDescription { unrecognized_name = 112, /**< RFC 6066, section 3 */ bad_certificate_status_response = 113, /**< RFC 6066, section 8 */ unknown_psk_identity = 115, /**< RFC 4279, section 2 */ + certificate_required = 116, /**< RFC 8446, section 8.2 */ no_application_protocol = 120 }; @@ -631,11 +643,25 @@ enum AlertLevel { /* Maximum number of groups that can be set */ #define WOLFSSL_MAX_GROUP_COUNT 10 +#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13) +enum Tls13Secret { + CLIENT_EARLY_TRAFFIC_SECRET, + CLIENT_HANDSHAKE_TRAFFIC_SECRET, + SERVER_HANDSHAKE_TRAFFIC_SECRET, + CLIENT_TRAFFIC_SECRET, + SERVER_TRAFFIC_SECRET, + EARLY_EXPORTER_SECRET, + EXPORTER_SECRET +}; +#endif + + typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap); /* CTX Method EX Constructor Functions */ WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap); @@ -672,6 +698,7 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); /* CTX Method Constructor Functions */ WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); @@ -683,11 +710,11 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); #ifdef WOLFSSL_TLS13 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); #endif #ifdef WOLFSSL_DTLS @@ -745,8 +772,10 @@ WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl, #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) -WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int); -WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, + const char*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, + const char*, int); #endif @@ -765,13 +794,13 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*, const char*, unsigned int); -WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, - const char*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, + const char*, const char*); #ifdef WOLFSSL_TRUST_PEER_CERT WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); #endif -WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, - const char *file); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file( + WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, const char *file, int format); WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); @@ -779,9 +808,12 @@ WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, in WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); -WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); -WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int); -WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, + int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, + int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, + const char*); WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*, const char *file, int format); WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); @@ -799,13 +831,16 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); #endif /* !NO_FILESYSTEM && !NO_CERTS */ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); -WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); -WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX*); +#endif +WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_is_server(WOLFSSL*); WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*); -WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL*, int); WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL*, int); WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); @@ -822,11 +857,13 @@ WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); /* please see note at top of README if you get an error from connect */ -WOLFSSL_API int wolfSSL_connect(WOLFSSL*); -WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); -WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int); WOLFSSL_API int wolfSSL_accept(WOLFSSL*); +WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req); +WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req); #ifdef WOLFSSL_TLS13 WOLFSSL_API int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, unsigned int secretSz); @@ -839,6 +876,9 @@ WOLFSSL_API int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_request_certificate(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list); +WOLFSSL_API int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list); + WOLFSSL_API int wolfSSL_preferred_group(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count); @@ -855,28 +895,35 @@ WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*); WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*); #endif #endif -WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); -WOLFSSL_API void wolfSSL_free(WOLFSSL*); -WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags); WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags); WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int); WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); -WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*); WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); -WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX) WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t, WOLFSSL_BIO**, size_t); +WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const WOLFSSL_EVP_MD *Hash, int saltLen); +WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, + const unsigned char *EM, int saltLen); WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**); WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*, int, const unsigned char*); @@ -889,19 +936,16 @@ WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); #endif /* SESSION_INDEX */ -#if defined(SESSION_INDEX) && defined(SESSION_CERTS) +#if defined(SESSION_CERTS) WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session); +WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session); #endif /* SESSION_INDEX && SESSION_CERTS */ typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); -#ifdef OPENSSL_EXTRA typedef void (CallbackInfoState)(const WOLFSSL*, int, int); -typedef struct WOLFSSL_CRYPTO_EX_DATA { - WOLFSSL_STACK* data; -} WOLFSSL_CRYPTO_EX_DATA; - +#if defined(HAVE_EX_DATA) || defined(FORTRESS) typedef int (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr, WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out, @@ -916,20 +960,34 @@ WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg, WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int, VerifyCallback verify_callback); + +#ifdef OPENSSL_ALL +typedef int (*CertVerifyCallback)(WOLFSSL_X509_STORE_CTX* store, void* arg); +WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, + CertVerifyCallback cb, void* arg); +#endif + WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback); WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long); WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*); -WOLFSSL_API int wolfSSL_pending(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL*); WOLFSSL_API void wolfSSL_load_error_strings(void); WOLFSSL_API int wolfSSL_library_init(void); -WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long); +WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, + long); #ifdef HAVE_SECRET_CALLBACK -typedef int (*SessionSecretCb)(WOLFSSL* ssl, - void* secret, int* secretSz, void* ctx); -WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, void*); +typedef int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz, + void* ctx); +WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, + void*); +#ifdef WOLFSSL_TLS13 +typedef int (*Tls13SecretCb)(WOLFSSL* ssl, int id, const unsigned char* secret, + int secretSz, void* ctx); +WOLFSSL_API int wolfSSL_set_tls13_secret_cb(WOLFSSL*, Tls13SecretCb, void*); +#endif #endif /* HAVE_SECRET_CALLBACK */ /* session cache persistence */ @@ -957,7 +1015,8 @@ WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); #define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock /* The old names are deprecated. */ WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, Timeval* timeleft); +WOLFSSL_API int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, + WOLFSSL_TIMEVAL* timeleft); WOLFSSL_API void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, word32 duration_ms); WOLFSSL_API int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl); @@ -997,6 +1056,7 @@ WOLFSSL_API int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX*, CallbackMcastHighwater); WOLFSSL_API int wolfSSL_mcast_set_highwater_ctx(WOLFSSL*, void*); +WOLFSSL_API int wolfSSL_ERR_GET_LIB(unsigned long err); WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, @@ -1020,8 +1080,11 @@ typedef int WOLFSSL_LHASH; #endif WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap); +WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in); WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx); +WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); #if defined(HAVE_OCSP) #include "wolfssl/ocsp.h" @@ -1049,18 +1112,21 @@ WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value( WOLFSSL_STACK* sk, int i); WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk, - void f (WOLFSSL_GENERAL_NAME*)); + void (*f) (WOLFSSL_GENERAL_NAME*)); +WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES* name); WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_num(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_AUTHORITY_INFO_ACCESS_free( WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION)* sk); WOLFSSL_API WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value( WOLFSSL_STACK* sk, int idx); +WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk, - void f (WOLFSSL_ACCESS_DESCRIPTION*)); + void (*f) (WOLFSSL_ACCESS_DESCRIPTION*)); +WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access); WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free( WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, - void f (WOLFSSL_X509_EXTENSION*)); + void (*f) (WOLFSSL_X509_EXTENSION*)); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); @@ -1072,7 +1138,7 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop( WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free( WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, - void (*func)(WOLFSSL_ASN1_OBJECT*)); + void (*f)(WOLFSSL_ASN1_OBJECT*)); WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value( @@ -1087,6 +1153,7 @@ WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*, WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*); WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*); @@ -1097,7 +1164,6 @@ WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher); WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API char* wolfSSL_CIPHER_get_rfc_name(const WOLFSSL_CIPHER* cipher); WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value); WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session); WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); @@ -1106,7 +1172,8 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); /* what's ref count */ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL) +WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey); #endif @@ -1138,6 +1205,10 @@ WOLFSSL_API wolf_bio_info_cb wolfSSL_BIO_get_callback(WOLFSSL_BIO *bio); WOLFSSL_API void wolfSSL_BIO_set_callback_arg(WOLFSSL_BIO *bio, char *arg); WOLFSSL_API char* wolfSSL_BIO_get_callback_arg(const WOLFSSL_BIO *bio); +WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_md(void); +WOLFSSL_API int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, + WOLFSSL_EVP_MD_CTX **mdcp); + WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void); WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void); @@ -1147,6 +1218,9 @@ WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void); WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int); +WOLFSSL_API void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags); +WOLFSSL_API int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data); +WOLFSSL_API void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx); WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO*, long); WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p); @@ -1156,7 +1230,8 @@ WOLFSSL_API void wolfSSL_BIO_set_data(WOLFSSL_BIO*, void*); WOLFSSL_API void* wolfSSL_BIO_get_data(WOLFSSL_BIO*); WOLFSSL_API void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO*, int); WOLFSSL_API int wolfSSL_BIO_get_shutdown(WOLFSSL_BIO*); -WOLFSSL_API int wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO*); +WOLFSSL_API void wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_should_retry(WOLFSSL_BIO *bio); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int, const char*); WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD*); @@ -1167,12 +1242,13 @@ WOLFSSL_API int wolfSSL_BIO_meth_set_gets(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_ WOLFSSL_API int wolfSSL_BIO_meth_set_ctrl(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_ctrl_get_cb); WOLFSSL_API int wolfSSL_BIO_meth_set_create(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_create_cb); WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_destroy_cb); -WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len); WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); #ifndef NO_FILESYSTEM WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); #endif +WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); #ifndef NO_FILESYSTEM @@ -1197,6 +1273,7 @@ WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m); +WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio); WOLFSSL_API void wolfSSL_RAND_screen(void); WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); @@ -1231,6 +1308,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); +WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, unsigned char** out); #ifndef NO_RSA @@ -1239,9 +1318,15 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, unsigned long nmflags, unsigned long cflag); WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); -WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); -WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*); -WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, + char*, int); +#if defined(OPENSSL_EXTRA) && defined(XSNPRINTF) +WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int); +#endif +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( + WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( + WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); @@ -1263,8 +1348,8 @@ WOLFSSL_API int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t); WOLFSSL_API int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509* x509); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509* x509); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s); WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v); @@ -1325,6 +1410,7 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*); +WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*); @@ -1334,15 +1420,13 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio( WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, - unsigned char** in, long inSz); + const unsigned char** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, unsigned char** der); -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap); -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, @@ -1386,11 +1470,16 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGE WOLFSSL_BIGNUM *bn); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t, int, long); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void); +WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t); #endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); -WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list( +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( const WOLFSSL_CTX *s); +/* deprecated function name */ +#define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list + WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*, WOLF_STACK_OF(WOLFSSL_X509_NAME)*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list( @@ -1410,9 +1499,13 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer( WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store( WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert( + WOLFSSL_X509_STORE_CTX*); WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void); WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error( WOLFSSL_X509_STORE_CTX* ctx, int er); +void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx, + int depth); WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int); WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, @@ -1488,23 +1581,25 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char * WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); +WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void); WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ +/* These are bit-masks */ enum { WOLFSSL_OCSP_URL_OVERRIDE = 1, WOLFSSL_OCSP_NO_NONCE = 2, WOLFSSL_OCSP_CHECKALL = 4, WOLFSSL_CRL_CHECKALL = 1, - WOLFSSL_CRL_CHECK = 27, + WOLFSSL_CRL_CHECK = 2, }; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ defined(HAVE_WEBSERVER) -/* seperated out from other enums because of size */ +/* Separated out from other enums because of size */ enum { SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002, @@ -1516,7 +1611,6 @@ enum { SSL_OP_TLS_D5_BUG = 0x00000080, SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100, SSL_OP_TLS_ROLLBACK_BUG = 0x00000200, - SSL_OP_ALL = 0x00000400, SSL_OP_EPHEMERAL_RSA = 0x00000800, WOLFSSL_OP_NO_SSLv3 = 0x00001000, WOLFSSL_OP_NO_TLSv1 = 0x00002000, @@ -1537,6 +1631,18 @@ enum { SSL_OP_NO_COMPRESSION = 0x10000000, WOLFSSL_OP_NO_TLSv1_3 = 0x20000000, WOLFSSL_OP_NO_SSLv2 = 0x40000000, + SSL_OP_ALL = + (SSL_OP_MICROSOFT_SESS_ID_BUG + | SSL_OP_NETSCAPE_CHALLENGE_BUG + | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + | SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + | SSL_OP_MSIE_SSLV2_RSA_PADDING + | SSL_OP_SSLEAY_080_CLIENT_DH_BUG + | SSL_OP_TLS_D5_BUG + | SSL_OP_TLS_BLOCK_PADDING_BUG + | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | SSL_OP_TLS_ROLLBACK_BUG), }; /* for compatibility these must be macros */ @@ -1582,8 +1688,6 @@ enum { ASN1_GENERALIZEDTIME = 4, SSL_MAX_SSL_SESSION_ID_LENGTH = 32, - EVP_R_BAD_DECRYPT = 2, - SSL_ST_CONNECT = 0x1000, SSL_ST_ACCEPT = 0x2000, SSL_ST_MASK = 0x0FFF, @@ -1601,10 +1705,13 @@ enum { SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT), SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP), SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT), - SSL_CB_MODE_READ = 1, - SSL_CB_MODE_WRITE = 2, + SSL_CB_MODE_READ = 1, + SSL_CB_MODE_WRITE = 2, SSL_MODE_ENABLE_PARTIAL_WRITE = 2, + SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to block with blocking io + * and auto retry */ + SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */ BIO_FLAGS_BASE64_NO_NL = 1, BIO_CLOSE = 1, @@ -1686,6 +1793,8 @@ enum { WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); +WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int (*cb)(const char *str, + size_t len, void *u), void *u); #endif #endif WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio); @@ -1902,8 +2011,11 @@ WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, const unsigned char*, unsigned int); -WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl); +#endif #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_want(WOLFSSL*); @@ -1911,6 +2023,11 @@ WOLFSSL_API int wolfSSL_want(WOLFSSL*); WOLFSSL_API int wolfSSL_want_read(WOLFSSL*); WOLFSSL_API int wolfSSL_want_write(WOLFSSL*); +#if !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA) +#include /* var_arg */ +WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, + va_list args); +#endif WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...); WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char*, int); WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, @@ -1928,6 +2045,13 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_ WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk); WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i); +#if defined(HAVE_EX_DATA) || defined(FORTRESS) +WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, + int idx); +WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, + void *data); +#endif + /* stunnel 4.28 needs */ WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*); @@ -1946,6 +2070,7 @@ WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*); WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*); WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); + /* extra ends */ @@ -1953,12 +2078,12 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); /* call before SSL_connect, if verifying will add name check to date check and signature check */ -WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL*, const char*); /* need to call once to load library (session cache) */ -WOLFSSL_API int wolfSSL_Init(void); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); /* call when done to cleanup/free session cache mutex / resources */ -WOLFSSL_API int wolfSSL_Cleanup(void); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void); /* which library version do we have */ WOLFSSL_API const char* wolfSSL_lib_version(void); @@ -1970,10 +2095,10 @@ WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl); /* turn on wolfSSL data compression */ WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); -WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); WOLFSSL_API void wolfSSL_CTX_set_current_time_cb(WOLFSSL_CTX* ctx, - void (*cb)(const WOLFSSL* ssl, Timeval* out_clock)); + void (*cb)(const WOLFSSL* ssl, WOLFSSL_TIMEVAL* out_clock)); /* get wolfSSL peer X509_CHAIN */ WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl); @@ -1992,22 +2117,24 @@ WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx); WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); /* free X509 */ #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509)) -WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); /* get index cert in PEM */ WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, unsigned char* buf, int inLen, int* outLen); -WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s); +WOLFSSL_ABI WOLFSSL_API const unsigned char* wolfSSL_get_sessionID( + const WOLFSSL_SESSION* s); WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*); WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509*, int*); -WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509); -WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509); +WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); -WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); +WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int); WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len); @@ -2026,7 +2153,7 @@ WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif -WOLFSSL_API WOLFSSL_X509* +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( @@ -2168,8 +2295,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, /* SSL versions */ WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*, long, int); - WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, - int derSz); + WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, + const unsigned char* der, int derSz); WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*, @@ -2232,10 +2359,10 @@ enum { WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */ }; -WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*); -WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); -WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX*, int); +WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL*, int); WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void); WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void); @@ -2244,7 +2371,7 @@ WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); -/* moved to asn.c, old names kept for backwards compatability */ +/* moved to asn.c, old names kept for backwards compatibility */ #define wolfSSL_KeyPemToDer wc_KeyPemToDer #define wolfSSL_CertPemToDer wc_CertPemToDer #define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer @@ -2371,7 +2498,8 @@ typedef int (*CallbackEccSign)(WOLFSSL* ssl, unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); -WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign); +WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, + CallbackEccSign); WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl); @@ -2450,6 +2578,50 @@ WOLFSSL_API void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl); #endif +#ifdef HAVE_ED448 +struct ed448_key; +typedef int (*CallbackEd448Sign)(WOLFSSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, unsigned int* outSz, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX*, + CallbackEd448Sign); +WOLFSSL_API void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl); + +typedef int (*CallbackEd448Verify)(WOLFSSL* ssl, + const unsigned char* sig, unsigned int sigSz, + const unsigned char* msg, unsigned int msgSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX*, + CallbackEd448Verify); +WOLFSSL_API void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl); +#endif + +#ifdef HAVE_CURVE448 +struct curve448_key; + +typedef int (*CallbackX448KeyGen)(WOLFSSL* ssl, struct curve448_key* key, + unsigned int keySz, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX*, CallbackX448KeyGen); +WOLFSSL_API void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl); + +typedef int (*CallbackX448SharedSecret)(WOLFSSL* ssl, + struct curve448_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx); + /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */ +WOLFSSL_API void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX*, + CallbackX448SharedSecret); +WOLFSSL_API void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl); +#endif + #ifndef NO_RSA typedef int (*CallbackRsaSign)(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, @@ -2543,6 +2715,8 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*, int options); WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*); + WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, + VerifyCallback vc); WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*, const char*, int, int); WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER*, @@ -2573,7 +2747,9 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling( WOLFSSL_CERT_MANAGER* cm); - +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) +WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm); +#endif WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); @@ -2629,11 +2805,11 @@ WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl); /* async additions */ #define wolfSSL_UseAsync wolfSSL_SetDevId #define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId -WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId); -WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId); /* helpers to get device id and heap */ -WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX*, WOLFSSL*); WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl); /* TLS Extensions */ @@ -2646,10 +2822,10 @@ enum { WOLFSSL_SNI_HOST_NAME = 0 }; -WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, - const void* data, unsigned short size); -WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type, - const void* data, unsigned short size); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL*, unsigned char, + const void*, unsigned short); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX*, unsigned char, + const void*, unsigned short); #ifndef NO_WOLFSSL_SERVER @@ -2728,7 +2904,8 @@ typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, void *arg); #endif -WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, +WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, + char *protocol_name_list, unsigned int protocol_name_listSz, unsigned char options); @@ -2853,7 +3030,6 @@ enum { WOLFSSL_ECC_BRAINPOOLP384R1 = 27, WOLFSSL_ECC_BRAINPOOLP512R1 = 28, WOLFSSL_ECC_X25519 = 29, - /* Not implemented. */ WOLFSSL_ECC_X448 = 30, WOLFSSL_FFDHE_2048 = 256, @@ -3010,9 +3186,9 @@ typedef int (*TimeoutCallBack)(TimeoutInfo*); /* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack for diagnostics */ WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, - Timeval); + WOLFSSL_TIMEVAL); WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, - Timeval); + WOLFSSL_TIMEVAL); #endif /* WOLFSSL_CALLBACKS */ @@ -3038,6 +3214,11 @@ struct WOLFSSL_X509_NAME_ENTRY { int set; int size; }; + +WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name, + const WOLFSSL_ASN1_OBJECT *obj, + int idx); + #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -3063,11 +3244,13 @@ enum { }; /* Object functions */ -WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n); +WOLFSSL_API const char* wolfSSL_OBJ_nid2sn(int n); WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); +WOLFSSL_API int wolfSSL_OBJ_get_type(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); -WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); +WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n); +WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln); WOLFSSL_API int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a, const WOLFSSL_ASN1_OBJECT* b); WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn); @@ -3079,17 +3262,24 @@ WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT WOLFSSL_API void wolfSSL_OBJ_cleanup(void); WOLFSSL_API int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln); +#ifdef HAVE_ECC +WOLFSSL_LOCAL int NIDToEccEnum(int n); +#endif /* end of object functions */ WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); +WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void)); WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx); #ifndef NO_CERTS WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( WOLFSSL_X509_NAME_ENTRY** out, int nid, int type, const unsigned char* data, int dataSz); +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_txt( + WOLFSSL_X509_NAME_ENTRY **neIn, const char *txt, int format, + const unsigned char *data, int dataSz); WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set); WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, @@ -3101,7 +3291,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); -WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, int* idx); @@ -3120,7 +3311,7 @@ WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509, WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, - unsigned char* der, long derSz); + const unsigned char* der, long derSz); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl); #ifndef NO_RSA WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, @@ -3158,6 +3349,7 @@ WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); #if !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509** x509); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); @@ -3177,6 +3369,8 @@ WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, + WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio( @@ -3197,7 +3391,7 @@ WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher, struct WOLFSSL_ASN1_BIT_STRING { int length; int type; - char* data; + byte* data; long flags; }; @@ -3212,7 +3406,8 @@ struct WOLFSSL_ASN1_BIT_STRING { WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); -WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); +WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX*, WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); /* These are to be merged shortly */ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); @@ -3231,6 +3426,7 @@ WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509); #ifndef NO_FILESYSTEM WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c); #endif #endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ @@ -3246,9 +3442,6 @@ WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); || defined(OPENSSL_EXTRA) WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); -#ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int close_flag); -#endif WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u); @@ -3333,7 +3526,7 @@ WOLFSSL_API int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)*, WOLFSSL_X509_INFO*); WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*, - void f (WOLFSSL_X509_INFO*)); + void (*f) (WOLFSSL_X509_INFO*)); WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); typedef int (*wolf_sk_compare_cb)(const void* const *a, @@ -3350,14 +3543,22 @@ WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WO WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)*); WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)*, - void f (WOLFSSL_X509_NAME*)); + void (*f) (WOLFSSL_X509_NAME*)); WOLFSSL_API void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME) *); +WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s); + WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, unsigned long); +WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void); +WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*); WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( const WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit( + const WOLFSSL_ASN1_BIT_STRING*, int); +WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit( + WOLFSSL_ASN1_BIT_STRING*, int, int); WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); @@ -3365,9 +3566,11 @@ WOLFSSL_API int wolfSSL_version(WOLFSSL*); WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); -WOLFSSL_API void* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int); +WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int); -WOLFSSL_API void* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*); +WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*); + +WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int); WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); @@ -3403,7 +3606,7 @@ WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); -/* support for depricated old name */ +/* support for deprecated old name */ #define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state #ifndef NO_FILESYSTEM @@ -3416,10 +3619,20 @@ WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* + wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *); +WOLFSSL_API WOLFSSL_X509_OBJECT* + wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i); +WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a); -WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); +WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*)); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names); +WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names); +#endif /* OPENSSL_EXTRA && HAVE_ECC */ + #if defined(OPENSSL_ALL) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) @@ -3441,8 +3654,6 @@ WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef OPENSSL_EXTRA -WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names); - typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type, const void *buf, size_t len, WOLFSSL *ssl, void *arg); @@ -3532,8 +3743,6 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 * WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject); -WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x); - WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); #endif /* HAVE_OCSP */ @@ -3584,10 +3793,19 @@ WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t cou WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); +WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_X509_ALGOR_new(void); +WOLFSSL_API void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg); WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor); +WOLFSSL_API int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval); +WOLFSSL_API WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void); +WOLFSSL_API void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at); +WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_PUBKEY_new(void); +WOLFSSL_API void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x); WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509); -WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_X509_PUBKEY *pub); +WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, WOLFSSL_X509_ALGOR **pa, WOLFSSL_X509_PUBKEY *pub); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key); +WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key); WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); diff --git a/source/libwolfssl/test.h b/source/libwolfssl/test.h index 338f32da..f90654e0 100644 --- a/source/libwolfssl/test.h +++ b/source/libwolfssl/test.h @@ -38,6 +38,12 @@ #ifdef HAVE_CURVE25519 #include #endif /* HAVE_ECC */ + #ifdef HAVE_ED448 + #include + #endif /* HAVE_ED448 */ + #ifdef HAVE_CURVE448 + #include + #endif /* HAVE_ECC */ #endif /*HAVE_PK_CALLBACKS */ #ifdef USE_WINDOWS_API @@ -290,56 +296,70 @@ /* all certs relative to wolfSSL home directory now */ #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL) -#define caCertFile "certs/ca-cert.pem" -#define eccCertFile "certs/server-ecc.pem" -#define eccKeyFile "certs/ecc-key.pem" -#define eccRsaCertFile "certs/server-ecc-rsa.pem" -#define svrCertFile "certs/server-cert.pem" -#define svrKeyFile "certs/server-key.pem" -#define cliCertFile "certs/client-cert.pem" -#define cliCertDerFile "certs/client-cert.der" -#define cliKeyFile "certs/client-key.pem" -#define ntruCertFile "certs/ntru-cert.pem" -#define ntruKeyFile "certs/ntru-key.raw" -#define dhParamFile "certs/dh2048.pem" -#define cliEccKeyFile "certs/ecc-client-key.pem" -#define cliEccCertFile "certs/client-ecc-cert.pem" -#define caEccCertFile "certs/ca-ecc-cert.pem" -#define crlPemDir "certs/crl" -#define edCertFile "certs/ed25519/server-ed25519-cert.pem" -#define edKeyFile "certs/ed25519/server-ed25519-priv.pem" -#define cliEdCertFile "certs/ed25519/client-ed25519.pem" -#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem" -#define caEdCertFile "certs/ed25519/ca-ed25519.pem" +#define caCertFile "certs/ca-cert.pem" +#define eccCertFile "certs/server-ecc.pem" +#define eccKeyFile "certs/ecc-key.pem" +#define eccRsaCertFile "certs/server-ecc-rsa.pem" +#define svrCertFile "certs/server-cert.pem" +#define svrKeyFile "certs/server-key.pem" +#define cliCertFile "certs/client-cert.pem" +#define cliCertDerFile "certs/client-cert.der" +#define cliCertFileExt "certs/client-cert-ext.pem" +#define cliCertDerFileExt "certs/client-cert-ext.der" +#define cliKeyFile "certs/client-key.pem" +#define ntruCertFile "certs/ntru-cert.pem" +#define ntruKeyFile "certs/ntru-key.raw" +#define dhParamFile "certs/dh2048.pem" +#define cliEccKeyFile "certs/ecc-client-key.pem" +#define cliEccCertFile "certs/client-ecc-cert.pem" +#define caEccCertFile "certs/ca-ecc-cert.pem" +#define crlPemDir "certs/crl" +#define edCertFile "certs/ed25519/server-ed25519-cert.pem" +#define edKeyFile "certs/ed25519/server-ed25519-priv.pem" +#define cliEdCertFile "certs/ed25519/client-ed25519.pem" +#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem" +#define caEdCertFile "certs/ed25519/ca-ed25519.pem" +#define ed448CertFile "certs/ed448/server-ed448-cert.pem" +#define ed448KeyFile "certs/ed448/server-ed448-priv.pem" +#define cliEd448CertFile "certs/ed448/client-ed448.pem" +#define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem" +#define caEd448CertFile "certs/ed448/ca-ed448.pem" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ - #define wnrConfig "wnr-example.conf" + #define wnrConfig "wnr-example.conf" #endif #else -#define caCertFile "./certs/ca-cert.pem" -#define eccCertFile "./certs/server-ecc.pem" -#define eccKeyFile "./certs/ecc-key.pem" -#define eccRsaCertFile "./certs/server-ecc-rsa.pem" -#define svrCertFile "./certs/server-cert.pem" -#define svrKeyFile "./certs/server-key.pem" -#define cliCertFile "./certs/client-cert.pem" -#define cliCertDerFile "./certs/client-cert.der" -#define cliKeyFile "./certs/client-key.pem" -#define ntruCertFile "./certs/ntru-cert.pem" -#define ntruKeyFile "./certs/ntru-key.raw" -#define dhParamFile "./certs/dh2048.pem" -#define cliEccKeyFile "./certs/ecc-client-key.pem" -#define cliEccCertFile "./certs/client-ecc-cert.pem" -#define caEccCertFile "./certs/ca-ecc-cert.pem" -#define crlPemDir "./certs/crl" -#define edCertFile "./certs/ed25519/server-ed25519-cert.pem" -#define edKeyFile "./certs/ed25519/server-ed25519-priv.pem" -#define cliEdCertFile "./certs/ed25519/client-ed25519.pem" -#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem" -#define caEdCertFile "./certs/ed25519/ca-ed25519.pem" +#define caCertFile "./certs/ca-cert.pem" +#define eccCertFile "./certs/server-ecc.pem" +#define eccKeyFile "./certs/ecc-key.pem" +#define eccRsaCertFile "./certs/server-ecc-rsa.pem" +#define svrCertFile "./certs/server-cert.pem" +#define svrKeyFile "./certs/server-key.pem" +#define cliCertFile "./certs/client-cert.pem" +#define cliCertDerFile "./certs/client-cert.der" +#define cliCertFileExt "./certs/client-cert-ext.pem" +#define cliCertDerFileExt "./certs/client-cert-ext.der" +#define cliKeyFile "./certs/client-key.pem" +#define ntruCertFile "./certs/ntru-cert.pem" +#define ntruKeyFile "./certs/ntru-key.raw" +#define dhParamFile "./certs/dh2048.pem" +#define cliEccKeyFile "./certs/ecc-client-key.pem" +#define cliEccCertFile "./certs/client-ecc-cert.pem" +#define caEccCertFile "./certs/ca-ecc-cert.pem" +#define crlPemDir "./certs/crl" +#define edCertFile "./certs/ed25519/server-ed25519-cert.pem" +#define edKeyFile "./certs/ed25519/server-ed25519-priv.pem" +#define cliEdCertFile "./certs/ed25519/client-ed25519.pem" +#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem" +#define caEdCertFile "./certs/ed25519/ca-ed25519.pem" +#define ed448CertFile "./certs/ed448/server-ed448-cert.pem" +#define ed448KeyFile "./certs/ed448/server-ed448-priv.pem" +#define cliEd448CertFile "./certs/ed448/client-ed448.pem" +#define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem" +#define caEd448CertFile "./certs/ed448/ca-ed448.pem" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ - #define wnrConfig "./wnr-example.conf" + #define wnrConfig "./wnr-example.conf" #endif #endif @@ -478,6 +498,13 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) char c; char* cp; + /* Added sanity check becuase scan-build complains argv[myoptind] access + * results in a null pointer dereference. */ + if (argv == NULL) { + myoptarg = NULL; + return -1; + } + if (myoptind == 0) next = NULL; /* we're starting new/over */ @@ -485,8 +512,8 @@ static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) if (myoptind == 0) myoptind++; - if (myoptind >= argc || argv[myoptind][0] != '-' || - argv[myoptind][1] == '\0') { + if (myoptind >= argc || argv[myoptind] == NULL || + argv[myoptind][0] != '-' || argv[myoptind][1] == '\0') { myoptarg = NULL; if (myoptind < argc) myoptarg = argv[myoptind]; @@ -710,7 +737,8 @@ static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index) WOLFSSL_CIPHER* cipher; const char** words = client_showpeer_msg[lng_index]; -#if defined(HAVE_ECC) || !defined(NO_DH) +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \ + !defined(NO_DH) const char *name; #endif #ifndef NO_DH @@ -738,7 +766,8 @@ static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index) #else printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher)); #endif -#if defined(HAVE_ECC) || !defined(NO_DH) +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \ + !defined(NO_DH) if ((name = wolfSSL_get_curve_name(ssl)) != NULL) printf("%s %s\n", words[2], name); #endif @@ -1160,6 +1189,8 @@ static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, tcp_ready* ready = args->signal; ready->ready = 1; ready->port = port; +#else + (void)port; #endif *clientfd = *sockfd; @@ -1211,7 +1242,7 @@ static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, ready = args->signal; if (ready) { - srf = fopen(ready->srfName, "w"); + srf = XFOPEN(ready->srfName, "w"); if (srf) { /* let's write port sever is listening on to ready file @@ -1491,7 +1522,7 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response) *bufLen = 0; /* open file (read-only binary) */ - file = fopen(fname, "rb"); + file = XFOPEN(fname, "rb"); if (!file) { printf("Error loading %s\n", fname); return BAD_PATH_ERROR; @@ -1645,11 +1676,25 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response) #endif /* !NO_CERTS */ static int myVerifyFail = 0; + +/* The verify callback is called for every certificate only when + * --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and + * WOLFSSL_VERIFY_CB_ALL_CERTS. + * Normal cases of the verify callback only occur on certificate failures when the + * wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, myVerifyCb); is called +*/ + static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) { char buffer[WOLFSSL_MAX_ERROR_SZ]; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_X509* peer; +#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) + WOLFSSL_BIO* bio = NULL; + WOLFSSL_STACK* sk = NULL; + X509* x509 = NULL; + int i = 0; +#endif #endif (void)preverify; @@ -1681,6 +1726,24 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) subject); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); +#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) +/* avoid printing duplicate certs */ + if (store->depth == 1) { + /* retrieve x509 certs and display them on stdout */ + sk = wolfSSL_X509_STORE_GetCerts(store); + + for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { + x509 = wolfSSL_sk_X509_value(sk, i); + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + if (bio != NULL) { + wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE); + wolfSSL_X509_print(bio, x509); + wolfSSL_BIO_free(bio); + } + } + wolfSSL_sk_X509_free(sk); + } +#endif } else printf("\tPeer has no cert!\n"); @@ -1855,7 +1918,7 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type) int depth, res; XFILE file; for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) { - file = fopen(ntruKeyFile, "rb"); + file = XFOPEN(ntruKeyFile, "rb"); if (file != NULL) { fclose(file); return depth; @@ -1889,7 +1952,7 @@ static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf) int ret, i, used; void* status; unsigned char* myStack = NULL; - int stackSize = 1024*128; + int stackSize = 1024*152; pthread_attr_t myAttr; pthread_t threadId; @@ -2403,6 +2466,9 @@ typedef struct PkCbInfo { #ifdef HAVE_CURVE25519 curve25519_key curve; #endif + #ifdef HAVE_CURVE448 + curve448_key curve; + #endif } keyGen; #endif } PkCbInfo; @@ -2421,11 +2487,14 @@ static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz, int ret; WC_RNG rng; PkCbInfo* cbInfo = (PkCbInfo*)ctx; - ecc_key* new_key = key; + ecc_key* new_key; #ifdef TEST_PK_PRIVKEY byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES]; word32 qxLen = sizeof(qx), qyLen = sizeof(qy); + new_key = &cbInfo->keyGen.ecc; +#else + new_key = key; #endif (void)ssl; @@ -2779,6 +2848,167 @@ static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey } #endif /* HAVE_CURVE25519 */ +#ifdef HAVE_ED448 +static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) +{ + int ret; + word32 idx = 0; + ed448_key myKey; + byte* keyBuf = (byte*)key; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK 448 Sign: inSz %d, keySz %d\n", inSz, keySz); + +#ifdef TEST_PK_PRIVKEY + ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); + if (ret != 0) + return ret; +#endif + + ret = wc_ed448_init(&myKey); + if (ret == 0) { + ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey); + wc_ed448_free(&myKey); + } + +#ifdef TEST_PK_PRIVKEY + free(keyBuf); +#endif + + WOLFSSL_PKMSG("PK 448 Sign: ret %d, outSz %d\n", ret, *outSz); + + return ret; +} + + +static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, + const byte* msg, word32 msgSz, const byte* key, word32 keySz, + int* result, void* ctx) +{ + int ret; + ed448_key myKey; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK 448 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, + keySz); + + ret = wc_ed448_init(&myKey); + if (ret == 0) { + ret = wc_ed448_import_public(key, keySz, &myKey); + if (ret == 0) { + ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey); + } + wc_ed448_free(&myKey); + } + + WOLFSSL_PKMSG("PK 448 Verify: ret %d, result %d\n", ret, *result); + + return ret; +} +#endif /* HAVE_ED448 */ + +#ifdef HAVE_CURVE448 +static WC_INLINE int myX448KeyGen(WOLFSSL* ssl, curve448_key* key, + unsigned int keySz, void* ctx) +{ + int ret; + WC_RNG rng; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK 448 KeyGen: keySz %d\n", keySz); + + ret = wc_InitRng(&rng); + if (ret != 0) + return ret; + + ret = wc_curve448_make_key(&rng, keySz, key); + + wc_FreeRng(&rng); + + WOLFSSL_PKMSG("PK 448 KeyGen: ret %d\n", ret); + + return ret; +} + +static WC_INLINE int myX448SharedSecret(WOLFSSL* ssl, curve448_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx) +{ + int ret; + curve448_key* privKey = NULL; + curve448_key* pubKey = NULL; + curve448_key tmpKey; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK 448 PMS: side %s\n", + side == WOLFSSL_CLIENT_END ? "client" : "server"); + + ret = wc_curve448_init(&tmpKey); + if (ret != 0) { + return ret; + } + + /* for client: create and export public key */ + if (side == WOLFSSL_CLIENT_END) { + WC_RNG rng; + + privKey = &tmpKey; + pubKey = otherKey; + + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, privKey); + if (ret == 0) { + ret = wc_curve448_export_public_ex(privKey, pubKeyDer, + pubKeySz, EC448_LITTLE_ENDIAN); + } + wc_FreeRng(&rng); + } + } + + /* for server: import public key */ + else if (side == WOLFSSL_SERVER_END) { + privKey = otherKey; + pubKey = &tmpKey; + + ret = wc_curve448_import_public_ex(pubKeyDer, *pubKeySz, pubKey, + EC448_LITTLE_ENDIAN); + } + else { + ret = BAD_FUNC_ARG; + } + + /* generate shared secret and return it */ + if (ret == 0) { + ret = wc_curve448_shared_secret_ex(privKey, pubKey, out, outlen, + EC448_LITTLE_ENDIAN); + } + + wc_curve448_free(&tmpKey); + + WOLFSSL_PKMSG("PK 448 PMS: ret %d, pubKeySz %d, outLen %d\n", + ret, *pubKeySz, *outlen); + + return ret; +} +#endif /* HAVE_CURVE448 */ + #endif /* HAVE_ECC */ #ifndef NO_DH @@ -3205,6 +3435,14 @@ static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx) wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen); wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret); #endif + #ifdef HAVE_ED448 + wolfSSL_CTX_SetEd448SignCb(ctx, myEd448Sign); + wolfSSL_CTX_SetEd448VerifyCb(ctx, myEd448Verify); + #endif + #ifdef HAVE_CURVE448 + wolfSSL_CTX_SetX448KeyGenCb(ctx, myX448KeyGen); + wolfSSL_CTX_SetX448SharedSecretCb(ctx, myX448SharedSecret); + #endif #ifndef NO_RSA wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign); wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify); @@ -3238,6 +3476,14 @@ static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx) wolfSSL_SetX25519KeyGenCtx(ssl, myCtx); wolfSSL_SetX25519SharedSecretCtx(ssl, myCtx); #endif + #ifdef HAVE_ED448 + wolfSSL_SetEd448SignCtx(ssl, myCtx); + wolfSSL_SetEd448VerifyCtx(ssl, myCtx); + #endif + #ifdef HAVE_CURVE448 + wolfSSL_SetX448KeyGenCtx(ssl, myCtx); + wolfSSL_SetX448SharedSecretCtx(ssl, myCtx); + #endif #ifndef NO_RSA wolfSSL_SetRsaSignCtx(ssl, myCtx); wolfSSL_SetRsaVerifyCtx(ssl, myCtx); diff --git a/source/libwolfssl/version.h b/source/libwolfssl/version.h index 64aaed47..332cadfa 100644 --- a/source/libwolfssl/version.h +++ b/source/libwolfssl/version.h @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "4.2.0" -#define LIBWOLFSSL_VERSION_HEX 0x04002000 +#define LIBWOLFSSL_VERSION_STRING "4.4.0" +#define LIBWOLFSSL_VERSION_HEX 0x04004000 #ifdef __cplusplus } diff --git a/source/libwolfssl/wolfcrypt/aes.h b/source/libwolfssl/wolfcrypt/aes.h index e078ed84..7540ba4e 100644 --- a/source/libwolfssl/wolfcrypt/aes.h +++ b/source/libwolfssl/wolfcrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -94,6 +94,8 @@ extern "C" { #endif +#ifndef WOLFSSL_AES_KEY_SIZE_ENUM +#define WOLFSSL_AES_KEY_SIZE_ENUM /* these are required for FIPS and non-FIPS */ enum { AES_128_KEY_SIZE = 16, /* for 128 bit */ @@ -102,7 +104,7 @@ enum { AES_IV_SIZE = 16, /* always block size */ }; - +#endif /* avoid redefinition of structs */ #if !defined(HAVE_FIPS) || \ @@ -128,6 +130,15 @@ enum { CCM_NONCE_MAX_SZ = 13, CTR_SZ = 4, AES_IV_FIXED_SZ = 4, +#ifdef WOLFSSL_AES_CFB + AES_CFB_MODE = 1, +#endif +#ifdef WOLFSSL_AES_OFB + AES_OFB_MODE = 2, +#endif +#ifdef WOLFSSL_AES_XTS + AES_XTS_MODE = 3, +#endif #ifdef HAVE_PKCS11 AES_MAX_ID_LEN = 32, @@ -159,6 +170,9 @@ struct Aes { /* key-based fast multiplication table. */ ALIGN16 byte M0[256][AES_BLOCK_SIZE]; #endif /* GCM_TABLE */ +#ifdef HAVE_CAVIUM_OCTEON_SYNC + word32 y0; +#endif #endif /* HAVE_AESGCM */ #ifdef WOLFSSL_AESNI byte use_aesni; @@ -171,10 +185,11 @@ struct Aes { byte id[AES_MAX_ID_LEN]; int idLen; #endif -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) +#ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) word32 left; /* unused bytes left from last call */ #endif #ifdef WOLFSSL_XILINX_CRYPT @@ -197,6 +212,9 @@ struct Aes { (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */ +#ifdef HAVE_CAVIUM_OCTEON_SYNC + int keySet; +#endif #endif #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) @@ -259,12 +277,29 @@ WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, #ifdef WOLFSSL_AES_CFB WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); +WOLFSSL_API int wc_AesCfb1Encrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_AesCfb8Encrypt(Aes* aes, byte* out, + const byte* in, word32 sz); #ifdef HAVE_AES_DECRYPT WOLFSSL_API int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); +WOLFSSL_API int wc_AesCfb1Decrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_AesCfb8Decrypt(Aes* aes, byte* out, + const byte* in, word32 sz); #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_CFB */ +#ifdef WOLFSSL_AES_OFB +WOLFSSL_API int wc_AesOfbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#ifdef HAVE_AES_DECRYPT +WOLFSSL_API int wc_AesOfbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_OFB */ + #ifdef HAVE_AES_ECB WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); @@ -334,6 +369,7 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, word32 cSz, byte* s, word32 sSz); #endif /* HAVE_AESGCM */ #ifdef HAVE_AESCCM + WOLFSSL_LOCAL int wc_AesCcmCheckTagSize(int sz); WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz); WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, diff --git a/source/libwolfssl/wolfcrypt/arc4.h b/source/libwolfssl/wolfcrypt/arc4.h index e339365d..db39e26d 100644 --- a/source/libwolfssl/wolfcrypt/arc4.h +++ b/source/libwolfssl/wolfcrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/asn.h b/source/libwolfssl/wolfcrypt/asn.h index 93411be3..d1b0bdc6 100644 --- a/source/libwolfssl/wolfcrypt/asn.h +++ b/source/libwolfssl/wolfcrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -66,18 +66,21 @@ extern "C" { #endif +#ifndef EXTERNAL_SERIAL_SIZE + #define EXTERNAL_SERIAL_SIZE 32 +#endif + enum { ISSUER = 0, SUBJECT = 1, - EXTERNAL_SERIAL_SIZE = 32, - BEFORE = 0, AFTER = 1 }; /* ASN Tags */ enum ASN_Tags { + ASN_EOC = 0x00, ASN_BOOLEAN = 0x01, ASN_INTEGER = 0x02, ASN_BIT_STRING = 0x03, @@ -95,6 +98,7 @@ enum ASN_Tags { ASN_DNS_TYPE = 0x02, ASN_DIR_TYPE = 0x04, ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */ + ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */ ASN_GENERALIZED_TIME = 0x18, CRL_EXTENSIONS = 0xa0, ASN_EXTENSIONS = 0xa3, @@ -112,6 +116,7 @@ enum ASN_Tags { #define ASN_GENERALIZED_TIME_MAX 68 enum DN_Tags { + ASN_DN_NULL = 0x00, ASN_COMMON_NAME = 0x03, /* CN */ ASN_SUR_NAME = 0x04, /* SN */ ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ @@ -129,28 +134,50 @@ enum DN_Tags { ASN_DOMAIN_COMPONENT = 0x19 /* DC */ }; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +typedef struct WOLFSSL_ObjectInfo { + int nid; + int id; + word32 type; + const char* sName; + const char* lName; +} WOLFSSL_ObjectInfo; +extern const size_t wolfssl_object_info_sz; +extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; +#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */ + /* DN Tag Strings */ #define WOLFSSL_COMMON_NAME "/CN=" +#define WOLFSSL_LN_COMMON_NAME "/commonName=" #define WOLFSSL_SUR_NAME "/SN=" #define WOLFSSL_SERIAL_NUMBER "/serialNumber=" #define WOLFSSL_COUNTRY_NAME "/C=" +#define WOLFSSL_LN_COUNTRY_NAME "/countryName=" #define WOLFSSL_LOCALITY_NAME "/L=" +#define WOLFSSL_LN_LOCALITY_NAME "/localityName=" #define WOLFSSL_STATE_NAME "/ST=" +#define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName=" #define WOLFSSL_ORG_NAME "/O=" +#define WOLFSSL_LN_ORG_NAME "/organizationName=" #define WOLFSSL_ORGUNIT_NAME "/OU=" +#define WOLFSSL_LN_ORGUNIT_NAME "/organizationalUnitName=" #define WOLFSSL_DOMAIN_COMPONENT "/DC=" +#define WOLFSSL_LN_DOMAIN_COMPONENT "/domainComponent=" #define WOLFSSL_BUS_CAT "/businessCategory=" #define WOLFSSL_JOI_C "/jurisdictionC=" #define WOLFSSL_JOI_ST "/jurisdictionST=" #define WOLFSSL_EMAIL_ADDR "/emailAddress=" +#define WOLFSSL_USER_ID "/UID=" +#define WOLFSSL_DOMAIN_COMPONENT "/DC=" + #if defined(WOLFSSL_APACHE_HTTPD) /* otherName strings */ #define WOLFSSL_SN_MS_UPN "msUPN" - #define WOLFSSL_LN_MS_UPN "Microsoft Universal Principal Name" + #define WOLFSSL_LN_MS_UPN "Microsoft User Principal Name" #define WOLFSSL_MS_UPN_SUM 265 #define WOLFSSL_SN_DNS_SRV "id-on-dnsSRV" - #define WOLFSSL_LN_DNS_SRV "SRVName otherName form" + #define WOLFSSL_LN_DNS_SRV "SRVName" /* TLS features extension strings */ #define WOLFSSL_SN_TLS_FEATURE "tlsfeature" #define WOLFSSL_LN_TLS_FEATURE "TLS Feature" @@ -161,6 +188,7 @@ enum DN_Tags { enum { NID_undef = 0, + NID_netscape_cert_type = NID_undef, NID_des = 66, NID_des3 = 67, NID_sha256 = 672, @@ -191,7 +219,7 @@ enum NID_policy_constraints = 150, NID_inhibit_any_policy = 168, /* 2.5.29.54 */ NID_tlsfeature = 1020, /* id-pe 24 */ - NID_commonName = 0x03, /* matchs ASN_COMMON_NAME in asn.h */ + NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */ NID_surname = 0x04, /* SN */ @@ -201,10 +229,15 @@ enum NID_stateOrProvinceName = 0x08, /* ST */ NID_organizationName = 0x0a, /* O */ NID_organizationalUnitName = 0x0b, /* OU */ - NID_domainComponent = 0x19, /* matchs ASN_DOMAIN_COMPONENT in asn.h */ + NID_jurisdictionCountryName = 0xc, + NID_jurisdictionStateOrProvinceName = 0xd, + NID_businessCategory = ASN_BUS_CAT, + NID_domainComponent = ASN_DOMAIN_COMPONENT, NID_emailAddress = 0x30, /* emailAddress */ NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */ - NID_ms_upn = 265 /* 1.3.6.1.4.1.311.20.2.3 */ + NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */ + + NID_X9_62_prime_field = 406 /* 1.2.840.10045.1.1 */ }; enum ECC_TYPES @@ -231,9 +264,10 @@ enum ECC_TYPES #endif /* WOLFSSL_CERT_PIV */ -#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01" -#define ASN_JOI_C 0x3 -#define ASN_JOI_ST 0x2 +#define ASN_JOI_PREFIX_SZ 10 +#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01" +#define ASN_JOI_C 0x3 +#define ASN_JOI_ST 0x2 #ifndef WC_ASN_NAME_MAX #ifdef OPENSSL_EXTRA @@ -264,6 +298,8 @@ enum Misc_ASN { MAX_ENCODED_SIG_SZ = 512, #elif defined(HAVE_ECC) MAX_ENCODED_SIG_SZ = 140, +#elif defined(HAVE_CURVE448) + MAX_ENCODED_SIG_SZ = 114, #else MAX_ENCODED_SIG_SZ = 64, #endif @@ -279,6 +315,7 @@ enum Misc_ASN { MAX_ENCODED_DIG_ASN_SZ= 9, /* enum(bit or octet) + length(4) */ MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */ MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ + MAX_DSA_INT_SZ = 261, /* DSA raw sz 2048 for bits + tag + len(4) */ MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ @@ -289,6 +326,8 @@ enum Misc_ASN { /* Maximum DER digest size */ MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum DER digest ASN header size */ + /* Max X509 header length indicates the max length + 2 ('\n', '\0') */ + MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */ #ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_REQ /* Max encoded cert req attributes length */ @@ -307,7 +346,7 @@ enum Misc_ASN { MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ #endif #ifdef WOLFSSL_CERT_EXT - MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ + MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) + CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage @@ -316,6 +355,7 @@ enum Misc_ASN { MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, #endif + MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/ MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ @@ -339,7 +379,8 @@ enum Misc_ASN { PKCS5_SALT_SZ = 8, - PEM_LINE_LEN = 80, /* PEM line max + fudge */ + PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */ + PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */ }; @@ -363,6 +404,7 @@ enum Oid_Types { oidCompressType = 16, oidCertNameType = 17, oidTlsExtType = 18, + oidCrlExtType = 19, oidIgnoreType }; @@ -412,10 +454,11 @@ enum Key_Sum { RSAk = 645, NTRUk = 274, ECDSAk = 518, - ED25519k = 256 + ED25519k = 256, + ED448k = 257, + DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ }; - #if !defined(NO_AES) || defined(HAVE_PKCS7) enum KeyWrap_Sum { #ifdef WOLFSSL_AES_128 @@ -477,7 +520,8 @@ enum Extensions_Sum { POLICY_MAP_OID = 147, POLICY_CONST_OID = 150, ISSUE_ALT_NAMES_OID = 132, - TLS_FEATURE_OID = 92 /* id-pe 24 */ + TLS_FEATURE_OID = 92, /* id-pe 24 */ + NETSCAPE_CT_OID = 753 /* 2.16.840.1.113730.1.1 */ }; enum CertificatePolicy_Sum { @@ -515,7 +559,7 @@ enum VerifyType { VERIFY_CRL = 2, VERIFY_OCSP = 3, VERIFY_NAME = 4, - VERIFY_SKIP_DATE = 5 + VERIFY_SKIP_DATE = 5, }; #ifdef WOLFSSL_CERT_EXT @@ -614,7 +658,7 @@ struct DecodedName { int dcLen[DOMAIN_COMPONENT_MAX]; int dcNum; int dcMode; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* hold the location / order with which each of the DN tags was found * * example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on. @@ -657,7 +701,7 @@ struct SignatureCtx { byte* out; byte* plain; #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) int verify; #endif union { @@ -669,6 +713,9 @@ struct SignatureCtx { #endif #ifdef HAVE_ED25519 struct ed25519_key* ed25519; + #endif + #ifdef HAVE_ED448 + struct ed448_key* ed448; #endif void* ptr; } key; @@ -786,6 +833,10 @@ struct DecodedCert { word32 extensionsIdx; /* if want to go back and parse later */ const byte* extAuthInfo; /* Authority Information Access URI */ int extAuthInfoSz; /* length of the URI */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */ + int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */ +#endif const byte* extCrlInfo; /* CRL Distribution Points */ int extCrlInfoSz; /* length of the URI */ byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ @@ -807,7 +858,7 @@ struct DecodedCert { word32 extSubjKeyIdSz; #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) word32 pkCurveOID; /* Public Key's curve OID */ #endif /* HAVE_ECC */ const byte* beforeDate; @@ -818,7 +869,7 @@ struct DecodedCert { const byte* issuerRaw; /* pointer to issuer inside source */ int issuerRawLen; #endif -#ifndef IGNORE_NAME_CONSTRAINT +#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) const byte* subjectRaw; /* pointer to subject inside source */ int subjectRawLen; #endif @@ -880,7 +931,12 @@ struct DecodedCert { #ifndef NO_CERTS SignatureCtx sigCtx; #endif +#ifdef WOLFSSL_RENESAS_TSIP byte* tsip_encRsaKeyIdx; +#endif + + int badDate; + int criticalExt; /* Option Bits */ byte subjectCNStored : 1; /* have we saved a copy we own */ @@ -900,7 +956,7 @@ struct DecodedCert { byte extSubjAltNameSet : 1; byte inhibitAnyOidSet : 1; byte selfSigned : 1; /* Indicates subject and issuer are same */ -#ifdef WOLFSSL_SEP +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) byte extCertPolicySet : 1; #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -916,7 +972,7 @@ struct DecodedCert { byte extKeyUsageCrit : 1; byte extExtKeyUsageCrit : 1; #endif /* OPENSSL_EXTRA */ -#ifdef WOLFSSL_SEP +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) byte extCertPolicyCrit : 1; #endif @@ -1074,7 +1130,7 @@ WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx); -WOLFSSL_LOCAL char* GetSigName(int oid); +WOLFSSL_LOCAL const char* GetSigName(int oid); WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len, @@ -1083,6 +1139,8 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check); +WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len, @@ -1111,18 +1169,27 @@ WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag, WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_DH) \ + || defined(WOLFSSL_OPENSSH) +WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz); +WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz); +WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); +#endif +WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output); WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, - int maxSnSz); + word32 outputSz, int maxSnSz); WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, byte* serial, int* serialSz, word32 maxIdx); WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); +WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); +WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*); #ifdef HAVE_ECC /* ASN sig helpers */ @@ -1131,6 +1198,9 @@ WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s); #endif +#if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +WOLFSSL_API int EccEnumToNID(int n); +#endif WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId); WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); @@ -1162,7 +1232,8 @@ enum cert_enums { RSA_KEY = 10, NTRU_KEY = 11, ECC_KEY = 12, - ED25519_KEY = 13 + ED25519_KEY = 13, + ED448_KEY = 14 }; #endif /* WOLFSSL_CERT_GEN */ @@ -1221,6 +1292,8 @@ struct CertStatus { byte thisDateFormat; byte nextDateFormat; #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + WOLFSSL_ASN1_TIME thisDateParsed; + WOLFSSL_ASN1_TIME nextDateParsed; byte* thisDateAsn; byte* nextDateAsn; #endif @@ -1331,7 +1404,7 @@ struct DecodedCRL { word32 sigLength; /* length of signature */ word32 signatureOID; /* sum of algorithm object id */ byte* signature; /* pointer into raw source, not owned */ - byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */ + byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */ byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ byte lastDate[MAX_DATE_SIZE]; /* last date updated */ byte nextDate[MAX_DATE_SIZE]; /* next update date */ @@ -1340,6 +1413,10 @@ struct DecodedCRL { RevokedCert* certs; /* revoked cert list */ int totalCerts; /* number on list */ void* heap; +#ifndef NO_SKID + byte extAuthKeyIdSet; + byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */ +#endif }; WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap); @@ -1377,6 +1454,7 @@ enum PBESTypes { PBE_SHA1_DES = 2, PBE_SHA1_DES3 = 3, PBE_AES256_CBC = 4, + PBE_AES128_CBC = 5, PBE_SHA1_RC4_128_SUM = 657, PBE_SHA1_DES3_SUM = 659, diff --git a/source/libwolfssl/wolfcrypt/asn_public.h b/source/libwolfssl/wolfcrypt/asn_public.h index a466abc0..ba5da63a 100644 --- a/source/libwolfssl/wolfcrypt/asn_public.h +++ b/source/libwolfssl/wolfcrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,6 +41,10 @@ typedef struct ed25519_key ed25519_key; #define WC_ED25519KEY_TYPE_DEFINED #endif +#ifndef WC_ED448KEY_TYPE_DEFINED + typedef struct ed448_key ed448_key; + #define WC_ED448KEY_TYPE_DEFINED +#endif #ifndef WC_RSAKEY_TYPE_DEFINED typedef struct RsaKey RsaKey; #define WC_RSAKEY_TYPE_DEFINED @@ -76,6 +80,8 @@ enum Ecc_Sum { ECC_X25519_OID = 365, ECC_ED25519_OID = 256, ECC_BRAINPOOLP320R1_OID = 106, + ECC_X448_OID = 362, + ECC_ED448_OID = 257, ECC_SECP384R1_OID = 210, ECC_BRAINPOOLP384R1_OID = 108, ECC_BRAINPOOLP512R1_OID = 110, @@ -103,6 +109,7 @@ enum CertType { TRUSTED_PEER_TYPE, EDDSA_PRIVATEKEY_TYPE, ED25519_TYPE, + ED448_TYPE, PKCS12_TYPE, PKCS8_PRIVATEKEY_TYPE, PKCS8_ENC_PRIVATEKEY_TYPE, @@ -126,7 +133,8 @@ enum Ctc_SigType { CTC_SHA384wECDSA = 525, CTC_SHA512wRSA = 657, CTC_SHA512wECDSA = 526, - CTC_ED25519 = 256 + CTC_ED25519 = 256, + CTC_ED448 = 257 }; enum Ctc_Encoding { @@ -146,7 +154,8 @@ enum Ctc_Misc { CTC_NAME_SIZE = WC_CTC_NAME_SIZE, CTC_DATE_SIZE = 32, CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ - CTC_SERIAL_SIZE = 16, + CTC_SERIAL_SIZE = 20, + CTC_GEN_SERIAL_SZ = 16, #ifdef WOLFSSL_CERT_EXT /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum * We support only hash */ @@ -166,6 +175,12 @@ typedef struct DerBuffer { int dynType; /* DYNAMIC_TYPE_* */ } DerBuffer; +typedef struct WOLFSSL_ASN1_TIME { + unsigned char data[CTC_DATE_SIZE]; /* date bytes */ + int length; + int type; +} WOLFSSL_ASN1_TIME; + enum { IV_SZ = 32, /* max iv sz */ NAME_SZ = 80, /* max one line */ @@ -521,6 +536,24 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); #endif #endif +#ifdef HAVE_ED448 + /* private key helpers */ + WOLFSSL_API int wc_Ed448PrivateKeyDecode(const byte*, word32*, + ed448_key*, word32); + WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output, + word32 inLen); + WOLFSSL_API int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output, + word32 inLen); + + /* public key helper */ + WOLFSSL_API int wc_Ed448PublicKeyDecode(const byte*, word32*, + ed448_key*, word32); + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + WOLFSSL_API int wc_Ed448PublicKeyToDer(ed448_key*, byte* output, + word32 inLen, int with_AlgCurve); + #endif +#endif + /* DER encode signature */ WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID); diff --git a/source/libwolfssl/wolfcrypt/blake2-impl.h b/source/libwolfssl/wolfcrypt/blake2-impl.h index 1286261d..3be93e12 100644 --- a/source/libwolfssl/wolfcrypt/blake2-impl.h +++ b/source/libwolfssl/wolfcrypt/blake2-impl.h @@ -12,7 +12,7 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/blake2-int.h b/source/libwolfssl/wolfcrypt/blake2-int.h index 9da822b6..d9af81eb 100644 --- a/source/libwolfssl/wolfcrypt/blake2-int.h +++ b/source/libwolfssl/wolfcrypt/blake2-int.h @@ -12,7 +12,7 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/blake2.h b/source/libwolfssl/wolfcrypt/blake2.h index 57494be9..52e2ccf4 100644 --- a/source/libwolfssl/wolfcrypt/blake2.h +++ b/source/libwolfssl/wolfcrypt/blake2.h @@ -1,6 +1,6 @@ /* blake2.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/camellia.h b/source/libwolfssl/wolfcrypt/camellia.h index 454c2ca7..445dde48 100644 --- a/source/libwolfssl/wolfcrypt/camellia.h +++ b/source/libwolfssl/wolfcrypt/camellia.h @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/chacha.h b/source/libwolfssl/wolfcrypt/chacha.h index 569859ee..ddc0dcfc 100644 --- a/source/libwolfssl/wolfcrypt/chacha.h +++ b/source/libwolfssl/wolfcrypt/chacha.h @@ -1,6 +1,6 @@ /* chacha.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -57,6 +57,7 @@ enum { typedef struct ChaCha { word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */ + word32 left; /* number of bytes leftover */ #ifdef HAVE_INTEL_AVX1 /* vpshufd reads 16 bytes but we only use bottom 4. */ byte extra[12]; diff --git a/source/libwolfssl/wolfcrypt/chacha20_poly1305.h b/source/libwolfssl/wolfcrypt/chacha20_poly1305.h index 097af8ff..f176b9e6 100644 --- a/source/libwolfssl/wolfcrypt/chacha20_poly1305.h +++ b/source/libwolfssl/wolfcrypt/chacha20_poly1305.h @@ -1,6 +1,6 @@ /* chacha20_poly1305.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,6 +33,8 @@ #define WOLF_CRYPT_CHACHA20_POLY1305_H #include +#include +#include #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) @@ -45,18 +47,40 @@ #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16 enum { - CHACHA20_POLY_1305_ENC_TYPE = 8 /* cipher unique type */ + CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */ + + /* AEAD Cipher Direction */ + CHACHA20_POLY1305_AEAD_DECRYPT = 0, + CHACHA20_POLY1305_AEAD_ENCRYPT = 1, + + /* AEAD State */ + CHACHA20_POLY1305_STATE_INIT = 0, + CHACHA20_POLY1305_STATE_READY = 1, + CHACHA20_POLY1305_STATE_AAD = 2, + CHACHA20_POLY1305_STATE_DATA = 3, }; - /* - * The IV for this implementation is 96 bits to give the most flexibility. - * - * Some protocols may have unique per-invocation inputs that are not - * 96-bit in length. For example, IPsec may specify a 64-bit nonce. In - * such a case, it is up to the protocol document to define how to - * transform the protocol nonce into a 96-bit nonce, for example by - * concatenating a constant value. - */ +typedef struct ChaChaPoly_Aead { + ChaCha chacha; + Poly1305 poly; + + word32 aadLen; + word32 dataLen; + + byte state; + byte isEncrypt:1; +} ChaChaPoly_Aead; + + +/* + * The IV for this implementation is 96 bits to give the most flexibility. + * + * Some protocols may have unique per-invocation inputs that are not + * 96-bit in length. For example, IPsec may specify a 64-bit nonce. In + * such a case, it is up to the protocol document to define how to + * transform the protocol nonce into a 96-bit nonce, for example by + * concatenating a constant value. + */ WOLFSSL_API int wc_ChaCha20Poly1305_Encrypt( @@ -76,6 +100,27 @@ int wc_ChaCha20Poly1305_Decrypt( const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte* outPlaintext); +WOLFSSL_API +int wc_ChaCha20Poly1305_CheckTag( + const byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], + const byte authTagChk[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); + + + +/* Implementation of AEAD, which includes support for adding + data, then final calculation of authentication tag */ +WOLFSSL_API int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead, + const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], + int isEncrypt); +WOLFSSL_API int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead, + const byte* inAAD, word32 inAADLen); +WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead, + const byte* inData, byte* outData, word32 dataLen); +WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead, + byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libwolfssl/wolfcrypt/cmac.h b/source/libwolfssl/wolfcrypt/cmac.h index 05335cbf..f9936c0d 100644 --- a/source/libwolfssl/wolfcrypt/cmac.h +++ b/source/libwolfssl/wolfcrypt/cmac.h @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/coding.h b/source/libwolfssl/wolfcrypt/coding.h index 0c4711cb..886b5ba3 100644 --- a/source/libwolfssl/wolfcrypt/coding.h +++ b/source/libwolfssl/wolfcrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/compress.h b/source/libwolfssl/wolfcrypt/compress.h index 1ab2a2f0..9695c729 100644 --- a/source/libwolfssl/wolfcrypt/compress.h +++ b/source/libwolfssl/wolfcrypt/compress.h @@ -1,6 +1,6 @@ /* compress.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/cpuid.h b/source/libwolfssl/wolfcrypt/cpuid.h index 8c09b47f..7dc46555 100644 --- a/source/libwolfssl/wolfcrypt/cpuid.h +++ b/source/libwolfssl/wolfcrypt/cpuid.h @@ -1,6 +1,6 @@ /* cpuid.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,6 +41,7 @@ #define CPUID_BMI2 0x0010 /* MULX, RORX */ #define CPUID_AESNI 0x0020 #define CPUID_ADX 0x0040 /* ADCX, ADOX */ + #define CPUID_MOVBE 0x0080 /* Move and byte swap */ #define IS_INTEL_AVX1(f) ((f) & CPUID_AVX1) #define IS_INTEL_AVX2(f) ((f) & CPUID_AVX2) @@ -49,6 +50,7 @@ #define IS_INTEL_BMI2(f) ((f) & CPUID_BMI2) #define IS_INTEL_AESNI(f) ((f) & CPUID_AESNI) #define IS_INTEL_ADX(f) ((f) & CPUID_ADX) + #define IS_INTEL_MOVBE(f) ((f) & CPUID_MOVBE) void cpuid_set_flags(void); word32 cpuid_get_flags(void); diff --git a/source/libwolfssl/wolfcrypt/cryptocb.h b/source/libwolfssl/wolfcrypt/cryptocb.h index 5d029855..5a1f3b79 100644 --- a/source/libwolfssl/wolfcrypt/cryptocb.h +++ b/source/libwolfssl/wolfcrypt/cryptocb.h @@ -1,6 +1,6 @@ /* cryptocb.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/curve25519.h b/source/libwolfssl/wolfcrypt/curve25519.h index 70d163cd..91fb4184 100644 --- a/source/libwolfssl/wolfcrypt/curve25519.h +++ b/source/libwolfssl/wolfcrypt/curve25519.h @@ -1,6 +1,6 @@ /* curve25519.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -44,15 +44,21 @@ #define CURVE25519_KEYSIZE 32 +#ifdef WOLFSSL_NAMES_STATIC +typedef char curve25519_str[12]; +#else +typedef const char* curve25519_str; +#endif + /* curve25519 set type */ typedef struct { - int size; /* The size of the curve in octets */ - const char* name; /* name of this curve */ + int size; /* The size of the curve in octets */ + curve25519_str name; /* name of this curve */ } curve25519_set_type; /* ECC point, the internal structure is Little endian - * the mathematical functions used the endianess */ + * the mathematical functions used the endianness */ typedef struct { byte point[CURVE25519_KEYSIZE]; #ifdef FREESCALE_LTC_ECC diff --git a/source/libwolfssl/wolfcrypt/curve448.h b/source/libwolfssl/wolfcrypt/curve448.h new file mode 100644 index 00000000..7455ee0e --- /dev/null +++ b/source/libwolfssl/wolfcrypt/curve448.h @@ -0,0 +1,139 @@ +/* curve448.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Implemented to: RFC 7748 */ + + +#ifndef WOLF_CRYPT_CURVE448_H +#define WOLF_CRYPT_CURVE448_H + +#include + +#ifdef HAVE_CURVE448 + +#include +#include + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +#define CURVE448_KEY_SIZE 56 +#define CURVE448_PUB_KEY_SIZE 56 + + +/* A CURVE448 Key */ +typedef struct curve448_key { + byte p[CURVE448_PUB_KEY_SIZE]; /* public key */ + byte k[CURVE448_KEY_SIZE]; /* private key */ + +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif +} curve448_key; + +enum { + EC448_LITTLE_ENDIAN = 0, + EC448_BIG_ENDIAN = 1 +}; + +WOLFSSL_API +int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key); + +WOLFSSL_API +int wc_curve448_shared_secret(curve448_key* private_key, + curve448_key* public_key, + byte* out, word32* outlen); + +WOLFSSL_API +int wc_curve448_shared_secret_ex(curve448_key* private_key, + curve448_key* public_key, + byte* out, word32* outlen, int endian); + +WOLFSSL_API +int wc_curve448_init(curve448_key* key); + +WOLFSSL_API +void wc_curve448_free(curve448_key* key); + + +/* raw key helpers */ +WOLFSSL_API +int wc_curve448_import_private(const byte* priv, word32 privSz, + curve448_key* key); +WOLFSSL_API +int wc_curve448_import_private_ex(const byte* priv, word32 privSz, + curve448_key* key, int endian); + +WOLFSSL_API +int wc_curve448_import_private_raw(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve448_key* key); +WOLFSSL_API +int wc_curve448_import_private_raw_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve448_key* key, int endian); +WOLFSSL_API +int wc_curve448_export_private_raw(curve448_key* key, byte* out, + word32* outLen); +WOLFSSL_API +int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out, + word32* outLen, int endian); + +WOLFSSL_API +int wc_curve448_import_public(const byte* in, word32 inLen, + curve448_key* key); +WOLFSSL_API +int wc_curve448_import_public_ex(const byte* in, word32 inLen, + curve448_key* key, int endian); +WOLFSSL_API +int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian); + +WOLFSSL_API +int wc_curve448_export_public(curve448_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_curve448_export_public_ex(curve448_key* key, byte* out, + word32* outLen, int endian); + +WOLFSSL_API +int wc_curve448_export_key_raw(curve448_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); +WOLFSSL_API +int wc_curve448_export_key_raw_ex(curve448_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz, + int endian); +/* size helper */ +WOLFSSL_API +int wc_curve448_size(curve448_key* key); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_CURVE448 */ +#endif /* WOLF_CRYPT_CURVE448_H */ + diff --git a/source/libwolfssl/wolfcrypt/des3.h b/source/libwolfssl/wolfcrypt/des3.h index f30f5968..6b4ac501 100644 --- a/source/libwolfssl/wolfcrypt/des3.h +++ b/source/libwolfssl/wolfcrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -99,7 +99,7 @@ struct Des3 { word32 key[3][DES_KS_SIZE]; word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */ -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES) +#ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif #if defined(WOLF_CRYPTO_CB) || \ diff --git a/source/libwolfssl/wolfcrypt/dh.h b/source/libwolfssl/wolfcrypt/dh.h index 07e16155..e6cc852d 100644 --- a/source/libwolfssl/wolfcrypt/dh.h +++ b/source/libwolfssl/wolfcrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59,6 +59,10 @@ typedef struct DhParams { /* Diffie-Hellman Key */ struct DhKey { mp_int p, g, q; /* group parameters */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) + mp_int pub; + mp_int priv; +#endif void* heap; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; @@ -102,6 +106,10 @@ WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g word32 gSz); WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz, + const byte* pub_key, word32 pubSz); +#endif WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz, int trusted, WC_RNG* rng); diff --git a/source/libwolfssl/wolfcrypt/dsa.h b/source/libwolfssl/wolfcrypt/dsa.h index fe62e653..868a4871 100644 --- a/source/libwolfssl/wolfcrypt/dsa.h +++ b/source/libwolfssl/wolfcrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,6 +52,11 @@ enum { DSA_PRIVATE = 1 }; +enum { + DSA_HALF_SIZE = 20, /* r and s size */ + DSA_SIG_SIZE = 40 /* signature size */ +}; + /* DSA */ typedef struct DsaKey { mp_int p, q, g, y, x; @@ -71,6 +76,9 @@ WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32); WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen); +WOLFSSL_API int wc_SetDsaPublicKey(byte* output, DsaKey* key, + int outLen, int with_header); +WOLFSSL_API int wc_DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen); #ifdef WOLFSSL_KEY_GEN WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa); diff --git a/source/libwolfssl/wolfcrypt/ecc.h b/source/libwolfssl/wolfcrypt/ecc.h index 0848c93b..0a2cc953 100644 --- a/source/libwolfssl/wolfcrypt/ecc.h +++ b/source/libwolfssl/wolfcrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -196,7 +196,7 @@ typedef enum ecc_curve_id { #ifdef HAVE_CURVE25519 ECC_X25519, #endif -#ifdef HAVE_X448 +#ifdef HAVE_CURVE448 ECC_X448, #endif @@ -214,8 +214,17 @@ typedef byte ecc_oid_t; if any element > 127 then MSB 0x80 indicates additional byte */ #endif + +#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API) + /* MSC does something different with the pointers to the arrays than GCC, + * and it causes the FIPS checksum to fail. In the case of windows builds, + * store everything as arrays instead of pointers to strings. */ + + #define WOLFSSL_ECC_CURVE_STATIC +#endif + /* ECC set type defined a GF(p) curve */ -#ifndef USE_WINDOWS_API +#ifndef WOLFSSL_ECC_CURVE_STATIC typedef struct ecc_set_type { int size; /* The size of the curve in octets */ int id; /* id of this curve */ @@ -232,10 +241,6 @@ typedef struct ecc_set_type { int cofactor; } ecc_set_type; #else -/* MSC does something different with the pointers to the arrays than GCC, - * and it causes the FIPS checksum to fail. In the case of windows builds, - * store everything as arrays instead of pointers to strings. */ - #define MAX_ECC_NAME 16 #define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1) /* The values are stored as text strings. */ @@ -322,7 +327,7 @@ typedef struct alt_fp_int { #endif -/* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) => +/* A point on an ECC curve, stored in Jacobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpreted as affine */ typedef struct { #ifndef ALT_ECC_SIZE @@ -391,6 +396,10 @@ struct ecc_key { ecc_context_t ctx; #endif +#ifdef WOLFSSL_ECDSA_SET_K + mp_int *sign_k; +#endif + #ifdef WOLFSSL_SMALL_STACK_CACHE mp_int* t1; mp_int* t2; @@ -400,11 +409,20 @@ struct ecc_key { mp_int* z; #endif #endif + +#ifdef WOLFSSL_DSP + remote_handle64 handle; +#endif }; +WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void*); +WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key*); + + /* ECC predefined curve sets */ extern const ecc_set_type ecc_sets[]; +extern const size_t ecc_sets_count; WOLFSSL_API const char* wc_ecc_get_name(int curve_id); @@ -422,6 +440,7 @@ ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* C, mp_int* a, mp_int* modulus, void* heap); ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit); +ECC_API int ecc_map_ex(ecc_point*, mp_int*, mp_digit, int ct); ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, mp_int* a, mp_int* modulus, mp_digit mp); ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, @@ -431,15 +450,16 @@ ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, WOLFSSL_API int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); -WOLFSSL_API -int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, - int curve_id); +WOLFSSL_ABI WOLFSSL_API +int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id); WOLFSSL_API int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); WOLFSSL_API int wc_ecc_check_key(ecc_key* key); WOLFSSL_API int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime); +WOLFSSL_API +int wc_ecc_get_generator(ecc_point* ecp, int curve_idx); #ifdef HAVE_ECC_DHE WOLFSSL_API @@ -461,12 +481,16 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, #endif /* HAVE_ECC_DHE */ #ifdef HAVE_ECC_SIGN -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, WC_RNG* rng, ecc_key* key); WOLFSSL_API int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, ecc_key* key, mp_int *r, mp_int *s); +#ifdef WOLFSSL_ECDSA_SET_K +WOLFSSL_API +int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key); +#endif #endif /* HAVE_ECC_SIGN */ #ifdef HAVE_ECC_VERIFY @@ -480,7 +504,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, WOLFSSL_API int wc_ecc_init(ecc_key* key); -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); #ifdef HAVE_PKCS11 WOLFSSL_API @@ -491,7 +515,7 @@ int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, WOLFSSL_LOCAL void wc_ecc_free_curve(const ecc_set_type* curve, void* heap); #endif -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_free(ecc_key* key); WOLFSSL_API int wc_ecc_set_flags(ecc_key* key, word32 flags); @@ -565,7 +589,7 @@ int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed); #endif /* HAVE_ECC_KEY_EXPORT */ #ifdef HAVE_ECC_KEY_IMPORT -WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key); WOLFSSL_API int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, @@ -611,15 +635,23 @@ int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen, #endif /* HAVE_ECC_KEY_EXPORT */ #ifdef HAVE_ECC_KEY_EXPORT - +WOLFSSL_API +int wc_ecc_export_point_der_ex(const int curve_idx, ecc_point* point, byte* out, + word32* outLen, int compressed); WOLFSSL_API int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, word32* outLen); +WOLFSSL_LOCAL +int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point, + byte* out, word32* outLen); #endif /* HAVE_ECC_KEY_EXPORT */ #ifdef HAVE_ECC_KEY_IMPORT WOLFSSL_API +int wc_ecc_import_point_der_ex(byte* in, word32 inLen, const int curve_idx, + ecc_point* point, int shortKeySize); +WOLFSSL_API int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point); #endif /* HAVE_ECC_KEY_IMPORT */ @@ -711,6 +743,16 @@ WOLFSSL_API int wc_ecc_curve_cache_init(void); WOLFSSL_API void wc_ecc_curve_cache_free(void); #endif +WOLFSSL_API +int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order); + +#ifdef WOLFSSL_DSP +WOLFSSL_API +int wc_ecc_set_handle(ecc_key* key, remote_handle64 handle); +WOLFSSL_LOCAL +int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashLen, mp_int* pX, + mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libwolfssl/wolfcrypt/ed25519.h b/source/libwolfssl/wolfcrypt/ed25519.h index 0e00368e..d16e1c89 100644 --- a/source/libwolfssl/wolfcrypt/ed25519.h +++ b/source/libwolfssl/wolfcrypt/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -148,6 +148,7 @@ int wc_ed25519_export_key(ed25519_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); +WOLFSSL_API int wc_ed25519_check_key(ed25519_key* key); /* size helper */ @@ -166,4 +167,3 @@ int wc_ed25519_sig_size(ed25519_key* key); #endif /* HAVE_ED25519 */ #endif /* WOLF_CRYPT_ED25519_H */ - diff --git a/source/libwolfssl/wolfcrypt/ed448.h b/source/libwolfssl/wolfcrypt/ed448.h new file mode 100644 index 00000000..d90d99a4 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/ed448.h @@ -0,0 +1,160 @@ +/* ed448.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/ed448.h +*/ + + +#ifndef WOLF_CRYPT_ED448_H +#define WOLF_CRYPT_ED448_H + +#include + +#ifdef HAVE_ED448 + +#include +#include +#include +#include + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +/* info about EdDSA curve specifically ed448, defined as an elliptic curve + * over GF(p) + * + * 56 key size + * "ED448" curve name + * "2^448-2^224-1" prime number + * "-39081" value of d + * "SHAKE256" hash function + */ + +#define ED448_KEY_SIZE 57 /* private key only */ +#define ED448_SIG_SIZE 114 /* two elements */ + +#define ED448_PUB_KEY_SIZE 57 /* compressed */ +/* both private and public key */ +#define ED448_PRV_KEY_SIZE (ED448_PUB_KEY_SIZE+ED448_KEY_SIZE) + + +enum { + Ed448 = 0, + Ed448ph = 1, +}; + +#ifndef WC_ED448KEY_TYPE_DEFINED + typedef struct ed448_key ed448_key; + #define WC_ED448KEY_TYPE_DEFINED +#endif + +/* An ED448 Key */ +struct ed448_key { + byte p[ED448_PUB_KEY_SIZE]; /* compressed public key */ + byte k[ED448_PRV_KEY_SIZE]; /* private key : 56 secret -- 56 public */ +#ifdef FREESCALE_LTC_ECC + /* uncompressed point coordinates */ + byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */ + byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ +#endif + word16 pubKeySet:1; +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif +}; + + +WOLFSSL_API +int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey, + word32 pubKeySz); +WOLFSSL_API +int wc_ed448_make_key(WC_RNG* rng, int keysize, ed448_key* key); +WOLFSSL_API +int wc_ed448_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, + ed448_key* key, const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed448ph_sign_hash(const byte* hash, word32 hashLen, byte* out, + word32 *outLen, ed448_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed448ph_sign_msg(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed448_key* key, const byte* context, + byte contextLen); +WOLFSSL_API +int wc_ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* stat, ed448_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed448ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash, + word32 hashLen, int* stat, ed448_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed448ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* stat, ed448_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed448_init(ed448_key* key); +WOLFSSL_API +void wc_ed448_free(ed448_key* key); +WOLFSSL_API +int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key); +WOLFSSL_API +int wc_ed448_import_private_only(const byte* priv, word32 privSz, + ed448_key* key); +WOLFSSL_API +int wc_ed448_import_private_key(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, ed448_key* key); +WOLFSSL_API +int wc_ed448_export_public(ed448_key*, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed448_export_key(ed448_key* key, byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); + +WOLFSSL_API +int wc_ed448_check_key(ed448_key* key); + +/* size helper */ +WOLFSSL_API +int wc_ed448_size(ed448_key* key); +WOLFSSL_API +int wc_ed448_priv_size(ed448_key* key); +WOLFSSL_API +int wc_ed448_pub_size(ed448_key* key); +WOLFSSL_API +int wc_ed448_sig_size(ed448_key* key); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_ED448 */ +#endif /* WOLF_CRYPT_ED448_H */ diff --git a/source/libwolfssl/wolfcrypt/error-crypt.h b/source/libwolfssl/wolfcrypt/error-crypt.h index 525141bf..ab6fc97f 100644 --- a/source/libwolfssl/wolfcrypt/error-crypt.h +++ b/source/libwolfssl/wolfcrypt/error-crypt.h @@ -1,6 +1,6 @@ /* error-crypt.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -199,7 +199,7 @@ enum { WC_HW_E = -248, /* Error with hardware crypto use */ WC_HW_WAIT_E = -249, /* Hardware waiting on resource */ - PSS_SALTLEN_E = -250, /* PSS length of salt is to long for hash */ + PSS_SALTLEN_E = -250, /* PSS length of salt is too long for hash */ PRIME_GEN_E = -251, /* Failure finding a prime. */ BER_INDEF_E = -252, /* Cannot decode indefinite length BER. */ RSA_OUT_OF_RANGE_E = -253, /* Ciphertext to decrypt out of range. */ @@ -224,10 +224,13 @@ enum { PKCS7_NO_SIGNER_E = -269, /* No signer in PKCS#7 signed data msg */ WC_PKCS7_WANT_READ_E= -270, /* PKCS7 operations wants more input */ - CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */ - PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */ + CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */ + PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */ + PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */ - WC_LAST_E = -272, /* Update this to indicate last error */ + ASN_SELF_SIGNED_E = -274, /* ASN self-signed certificate error */ + + WC_LAST_E = -274, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes diff --git a/source/libwolfssl/wolfcrypt/fe_448.h b/source/libwolfssl/wolfcrypt/fe_448.h new file mode 100644 index 00000000..19f6c907 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/fe_448.h @@ -0,0 +1,116 @@ +/* fe448_448.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_FE_448_H +#define WOLF_CRYPT_FE_448_H + +#include + +#if defined(HAVE_CURVE448) || defined(HAVE_ED448) + +#include + +#include + +#if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT) + #define CURVED448_128BIT +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* default to be faster but take more memory */ +#if !defined(CURVE448_SMALL) || !defined(ED448_SMALL) + +#if defined(CURVED448_128BIT) + typedef int64_t fe448; + #ifdef __SIZEOF_INT128__ + typedef __uint128_t uint128_t; + typedef __int128_t int128_t; + #else + typedef unsigned long uint128_t __attribute__ ((mode(TI))); + typedef long int128_t __attribute__ ((mode(TI))); + #endif +#else + typedef int32_t fe448; +#endif + +WOLFSSL_LOCAL void fe448_init(void); +WOLFSSL_LOCAL int curve448(byte* r, const byte* n, const byte* a); + +#if !defined(CURVED448_128BIT) +WOLFSSL_LOCAL void fe448_reduce(fe448*); +#else +#define fe448_reduce(a) +#endif +WOLFSSL_LOCAL void fe448_neg(fe448*,const fe448*); +WOLFSSL_LOCAL void fe448_add(fe448*, const fe448*, const fe448*); +WOLFSSL_LOCAL void fe448_sub(fe448*, const fe448*, const fe448*); +WOLFSSL_LOCAL void fe448_mul(fe448*,const fe448*,const fe448*); +WOLFSSL_LOCAL void fe448_sqr(fe448*, const fe448*); +WOLFSSL_LOCAL void fe448_mul39081(fe448*, const fe448*); +WOLFSSL_LOCAL void fe448_invert(fe448*, const fe448*); + +WOLFSSL_LOCAL void fe448_0(fe448*); +WOLFSSL_LOCAL void fe448_1(fe448*); +WOLFSSL_LOCAL void fe448_copy(fe448*, const fe448*); +WOLFSSL_LOCAL int fe448_isnonzero(const fe448*); +WOLFSSL_LOCAL int fe448_isnegative(const fe448*); + +WOLFSSL_LOCAL void fe448_from_bytes(fe448*,const unsigned char *); +WOLFSSL_LOCAL void fe448_to_bytes(unsigned char *, const fe448*); + +WOLFSSL_LOCAL void fe448_cmov(fe448*,const fe448*, int); +WOLFSSL_LOCAL void fe448_pow_2_446_222_1(fe448*,const fe448*); + +#else + +WOLFSSL_LOCAL void fe448_init(void); +WOLFSSL_LOCAL int curve448(byte* r, const byte* n, const byte* a); + +#define fe448_reduce(a) +WOLFSSL_LOCAL void fe448_neg(uint8_t*,const uint8_t*); +WOLFSSL_LOCAL void fe448_add(uint8_t*, const uint8_t*, const uint8_t*); +WOLFSSL_LOCAL void fe448_sub(uint8_t*, const uint8_t*, const uint8_t*); +WOLFSSL_LOCAL void fe448_mul(uint8_t*,const uint8_t*,const uint8_t*); +WOLFSSL_LOCAL void fe448_sqr(uint8_t*, const uint8_t*); +WOLFSSL_LOCAL void fe448_mul39081(uint8_t*, const uint8_t*); +WOLFSSL_LOCAL void fe448_invert(uint8_t*, const uint8_t*); + +WOLFSSL_LOCAL void fe448_copy(uint8_t*, const uint8_t*); +WOLFSSL_LOCAL int fe448_isnonzero(const uint8_t*); + +WOLFSSL_LOCAL void fe448_norm(byte *a); + +WOLFSSL_LOCAL void fe448_cmov(uint8_t*,const uint8_t*, int); +WOLFSSL_LOCAL void fe448_pow_2_446_222_1(uint8_t*,const uint8_t*); + +#endif /* !CURVE448_SMALL || !ED448_SMALL */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_CURVE448 || HAVE_ED448 */ + +#endif /* WOLF_CRYPT_FE_448_H */ diff --git a/source/libwolfssl/wolfcrypt/fe_operations.h b/source/libwolfssl/wolfcrypt/fe_operations.h index 1d4624ec..243b3b90 100644 --- a/source/libwolfssl/wolfcrypt/fe_operations.h +++ b/source/libwolfssl/wolfcrypt/fe_operations.h @@ -1,6 +1,6 @@ /* fe_operations.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/fips_test.h b/source/libwolfssl/wolfcrypt/fips_test.h index 06e467a3..6de943f2 100644 --- a/source/libwolfssl/wolfcrypt/fips_test.h +++ b/source/libwolfssl/wolfcrypt/fips_test.h @@ -1,6 +1,6 @@ /* fips_test.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/ge_448.h b/source/libwolfssl/wolfcrypt/ge_448.h new file mode 100644 index 00000000..56f08d25 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/ge_448.h @@ -0,0 +1,86 @@ +/* ge_448.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_GE_448_H +#define WOLF_CRYPT_GE_448_H + +#include + +#ifdef HAVE_ED448 + +#include + +/* +ge448 means group element. + +Here the group is the set of pairs (x,y) of field elements (see fe.h) +satisfying -x^2 + y^2 = 1 + d x^2y^2 +where d = -39081. + +Representations: + ge448_p2 (projective) : (X:Y:Z) satisfying x=X/Z, y=Y/Z + ge448_precomp (affine): (x,y) +*/ + +#ifdef ED448_SMALL + typedef byte ge448; + #define GE448_WORDS 56 +#elif defined(CURVED448_128BIT) + typedef int64_t ge448; + #define GE448_WORDS 8 +#else + typedef int32_t ge448; + #define GE448_WORDS 16 +#endif + +typedef struct { + ge448 X[GE448_WORDS]; + ge448 Y[GE448_WORDS]; + ge448 Z[GE448_WORDS]; +} ge448_p2; + + +WOLFSSL_LOCAL int ge448_compress_key(byte*, const byte*, const byte*); +WOLFSSL_LOCAL int ge448_from_bytes_negate_vartime(ge448_p2 *, + const unsigned char *); + +WOLFSSL_LOCAL int ge448_double_scalarmult_vartime(ge448_p2 *, + const unsigned char *, + const ge448_p2 *, + const unsigned char *); +WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2 *, const unsigned char *); +WOLFSSL_LOCAL void sc448_reduce(byte*); +WOLFSSL_LOCAL void sc448_muladd(byte*, const byte*, const byte*, const byte*); +WOLFSSL_LOCAL void ge448_to_bytes(unsigned char *, const ge448_p2 *); + + +#ifndef ED448_SMALL +typedef struct { + ge448 x[GE448_WORDS]; + ge448 y[GE448_WORDS]; +} ge448_precomp; + +#endif /* !ED448_SMALL */ + +#endif /* HAVE_ED448 */ + +#endif /* WOLF_CRYPT_GE_448_H */ diff --git a/source/libwolfssl/wolfcrypt/ge_operations.h b/source/libwolfssl/wolfcrypt/ge_operations.h index 53d40fef..25af8085 100644 --- a/source/libwolfssl/wolfcrypt/ge_operations.h +++ b/source/libwolfssl/wolfcrypt/ge_operations.h @@ -1,6 +1,6 @@ /* ge_operations.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/hash.h b/source/libwolfssl/wolfcrypt/hash.h index e26dadb4..32c60b3f 100644 --- a/source/libwolfssl/wolfcrypt/hash.h +++ b/source/libwolfssl/wolfcrypt/hash.h @@ -1,6 +1,6 @@ /* hash.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -158,6 +158,8 @@ WOLFSSL_API int wc_Hash(enum wc_HashType hash_type, byte* hash, word32 hash_len); /* generic hash operation wrappers */ +WOLFSSL_API int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, + void* heap, int devId); WOLFSSL_API int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type); WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, word32 dataSz); @@ -208,6 +210,9 @@ WOLFSSL_API int wc_Sha3_224Hash(const byte*, word32, byte*); WOLFSSL_API int wc_Sha3_256Hash(const byte*, word32, byte*); WOLFSSL_API int wc_Sha3_384Hash(const byte*, word32, byte*); WOLFSSL_API int wc_Sha3_512Hash(const byte*, word32, byte*); +#ifdef WOLFSSL_SHAKE256 +WOLFSSL_API int wc_Shake256Hash(const byte*, word32, byte*, word32); +#endif #endif /* WOLFSSL_SHA3 */ enum max_prf { diff --git a/source/libwolfssl/wolfcrypt/hc128.h b/source/libwolfssl/wolfcrypt/hc128.h index 6dff6e7c..bf4b90c5 100644 --- a/source/libwolfssl/wolfcrypt/hc128.h +++ b/source/libwolfssl/wolfcrypt/hc128.h @@ -1,6 +1,6 @@ /* hc128.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/hmac.h b/source/libwolfssl/wolfcrypt/hmac.h index 19fd2838..5f66ee68 100644 --- a/source/libwolfssl/wolfcrypt/hmac.h +++ b/source/libwolfssl/wolfcrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -84,12 +84,6 @@ enum { #ifndef WOLFSSL_SHA384 WC_SHA384 = WC_HASH_TYPE_SHA384, #endif -#ifndef HAVE_BLAKE2B - BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B, -#endif -#ifndef HAVE_BLAKE2S - BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S, -#endif #ifndef WOLFSSL_SHA224 WC_SHA224 = WC_HASH_TYPE_SHA224, #endif @@ -107,9 +101,9 @@ enum { /* Select the largest available hash for the buffer size. */ #define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE -#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && !defined(HAVE_BLAKE2) && \ - !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && defined(WOLFSSL_SHA224) && \ - defined(NO_SHA) && defined(NO_MD5) +#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && \ + !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && \ + defined(WOLFSSL_SHA224) && defined(NO_SHA) && defined(NO_MD5) #error "You have to have some kind of hash if you want to use HMAC." #endif @@ -134,9 +128,6 @@ typedef union { #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; #endif -#ifdef HAVE_BLAKE2 - Blake2b blake2b; -#endif #ifdef WOLFSSL_SHA3 wc_Sha3 sha3; #endif diff --git a/source/libwolfssl/wolfcrypt/idea.h b/source/libwolfssl/wolfcrypt/idea.h index b8c196aa..c3710202 100644 --- a/source/libwolfssl/wolfcrypt/idea.h +++ b/source/libwolfssl/wolfcrypt/idea.h @@ -1,6 +1,6 @@ /* idea.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/integer.h b/source/libwolfssl/wolfcrypt/integer.h index 77c8df3a..2bb80b44 100644 --- a/source/libwolfssl/wolfcrypt/integer.h +++ b/source/libwolfssl/wolfcrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -229,6 +229,9 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat); #define mp_isodd(a) \ (((a)->used > 0 && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO) #define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO) +#define mp_isword(a, w) \ + ((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \ + ? MP_YES : MP_NO) /* number of primes */ #ifdef MP_8BIT @@ -325,6 +328,7 @@ MP_API int mp_dr_is_modulus(mp_int *a); MP_API int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int); MP_API int mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y); +#define mp_exptmod_nct(G,X,P,Y) mp_exptmod_fast(G,X,P,Y,0) MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho); int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho); MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho); diff --git a/source/libwolfssl/wolfcrypt/logging.h b/source/libwolfssl/wolfcrypt/logging.h index 2e7aebee..de9439a4 100644 --- a/source/libwolfssl/wolfcrypt/logging.h +++ b/source/libwolfssl/wolfcrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -93,6 +93,7 @@ typedef void (*wolfSSL_Logging_cb)(const int logLevel, const char *const logMessage); WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); +WOLFSSL_API wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void); /* turn logging on, only if compiled in */ WOLFSSL_API int wolfSSL_Debugging_ON(void); @@ -114,7 +115,9 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API int wc_SetLoggingHeap(void* h); WOLFSSL_API int wc_ERR_remove_state(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); + WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); + WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str, + size_t len, void *u), void *u); #endif #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ @@ -148,6 +151,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API void WOLFSSL_LEAVE(const char* msg, int ret); #define WOLFSSL_STUB(m) \ WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented)) + WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void); WOLFSSL_API void WOLFSSL_MSG(const char* msg); WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length); @@ -157,6 +161,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); #define WOLFSSL_ENTER(m) #define WOLFSSL_LEAVE(m, r) #define WOLFSSL_STUB(m) + #define WOLFSSL_IS_DEBUG_ON() 0 #define WOLFSSL_MSG(m) #define WOLFSSL_BUFFER(b, l) @@ -166,7 +171,8 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) - #if (defined(OPENSSL_EXTRA) && !defined(_WIN32)) || defined(DEBUG_WOLFSSL_VERBOSE) + #if (!defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && !defined(_WIN32))\ + || defined(DEBUG_WOLFSSL_VERBOSE) WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, const char* file, void* ctx); #define WOLFSSL_ERROR(x) \ diff --git a/source/libwolfssl/wolfcrypt/md2.h b/source/libwolfssl/wolfcrypt/md2.h index 42b85e88..ba13076b 100644 --- a/source/libwolfssl/wolfcrypt/md2.h +++ b/source/libwolfssl/wolfcrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/md4.h b/source/libwolfssl/wolfcrypt/md4.h index 821689cd..52fbbd60 100644 --- a/source/libwolfssl/wolfcrypt/md4.h +++ b/source/libwolfssl/wolfcrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/md5.h b/source/libwolfssl/wolfcrypt/md5.h index f4a8857a..5eb867b2 100644 --- a/source/libwolfssl/wolfcrypt/md5.h +++ b/source/libwolfssl/wolfcrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/mem_track.h b/source/libwolfssl/wolfcrypt/mem_track.h index 97547973..d33e90e6 100644 --- a/source/libwolfssl/wolfcrypt/mem_track.h +++ b/source/libwolfssl/wolfcrypt/mem_track.h @@ -1,6 +1,6 @@ /* mem_track.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/memory.h b/source/libwolfssl/wolfcrypt/memory.h index 52883513..8ffeb9d2 100644 --- a/source/libwolfssl/wolfcrypt/memory.h +++ b/source/libwolfssl/wolfcrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -110,7 +110,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, #elif defined (OPENSSL_EXTRA) /* extra storage in structs for multiple attributes and order */ #ifndef LARGEST_MEM_BUCKET - #define LARGEST_MEM_BUCKET 25536 + #define LARGEST_MEM_BUCKET 25600 #endif #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ LARGEST_MEM_BUCKET @@ -166,8 +166,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, word32 totalFr; /* total frees for lifetime */ word32 totalUse; /* total amount of memory used in blocks */ word32 avaIO; /* available IO specific pools */ - word32 maxHa; /* max number of concurent handshakes allowed */ - word32 maxIO; /* max number of concurent IO connections allowed */ + word32 maxHa; /* max number of concurrent handshakes allowed */ + word32 maxIO; /* max number of concurrent IO connections allowed */ word32 blockSz[WOLFMEM_MAX_BUCKETS]; /* block sizes in stacks */ word32 avaBlock[WOLFMEM_MAX_BUCKETS];/* ava block sizes */ word32 usedBlock[WOLFMEM_MAX_BUCKETS]; @@ -178,7 +178,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, typedef struct WOLFSSL_HEAP { wc_Memory* ava[WOLFMEM_MAX_BUCKETS]; wc_Memory* io; /* list of buffers to use for IO */ - word32 maxHa; /* max concurent handshakes */ + word32 maxHa; /* max concurrent handshakes */ word32 curHa; word32 maxIO; /* max concurrent IO connections */ word32 curIO; diff --git a/source/libwolfssl/wolfcrypt/misc.h b/source/libwolfssl/wolfcrypt/misc.h index 659715bc..6bca8e99 100644 --- a/source/libwolfssl/wolfcrypt/misc.h +++ b/source/libwolfssl/wolfcrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -98,6 +98,8 @@ WOLFSSL_LOCAL int ctMaskIntGTE(int a, int b); WOLFSSL_LOCAL byte ctMaskLT(int a, int b); WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); WOLFSSL_LOCAL byte ctMaskEq(int a, int b); +WOLFSSL_LOCAL word16 ctMask16GT(int a, int b); +WOLFSSL_LOCAL word16 ctMask16LT(int a, int b); WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b); WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b); WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); diff --git a/source/libwolfssl/wolfcrypt/mpi_class.h b/source/libwolfssl/wolfcrypt/mpi_class.h index 30f0a9fc..ae2fa830 100644 --- a/source/libwolfssl/wolfcrypt/mpi_class.h +++ b/source/libwolfssl/wolfcrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/mpi_superclass.h b/source/libwolfssl/wolfcrypt/mpi_superclass.h index 73472684..186ac750 100644 --- a/source/libwolfssl/wolfcrypt/mpi_superclass.h +++ b/source/libwolfssl/wolfcrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/pkcs11.h b/source/libwolfssl/wolfcrypt/pkcs11.h index 0e5e7b21..93e1af18 100644 --- a/source/libwolfssl/wolfcrypt/pkcs11.h +++ b/source/libwolfssl/wolfcrypt/pkcs11.h @@ -1,6 +1,6 @@ /* pkcs11.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/pkcs12.h b/source/libwolfssl/wolfcrypt/pkcs12.h index 1244fc39..a9ab05f1 100644 --- a/source/libwolfssl/wolfcrypt/pkcs12.h +++ b/source/libwolfssl/wolfcrypt/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/pkcs7.h b/source/libwolfssl/wolfcrypt/pkcs7.h index cd385261..a9846b84 100644 --- a/source/libwolfssl/wolfcrypt/pkcs7.h +++ b/source/libwolfssl/wolfcrypt/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -220,6 +220,14 @@ typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* out, word32 outSz, int keyWrapAlgo, int type, int dir); +#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) +/* RSA sign raw digest callback, user builds DigestInfo */ +typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest, + word32 digestSz, byte* out, word32 outSz, + byte* privateKey, word32 privateKeySz, + int devId, int hashOID); +#endif + /* Public Structure Warning: * Existing members must not be changed to maintain backwards compatibility! */ @@ -318,6 +326,14 @@ struct PKCS7 { word32 signatureSz; word32 plainDigestSz; word32 pkcs7DigestSz; + +#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) + CallbackRsaSignRawDigest rsaSignRawDigestCb; +#endif + + /* used by DecodeEnvelopedData with multiple encrypted contents */ + byte* cachedEncryptedContent; + word32 cachedEncryptedContentSz; /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; @@ -439,6 +455,11 @@ WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb, WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK wrapCEKCb); +#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) +WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, + CallbackRsaSignRawDigest cb); +#endif + /* CMS/PKCS#7 EnvelopedData */ WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz); diff --git a/source/libwolfssl/wolfcrypt/poly1305.h b/source/libwolfssl/wolfcrypt/poly1305.h index 6ef6e58b..304a0900 100644 --- a/source/libwolfssl/wolfcrypt/poly1305.h +++ b/source/libwolfssl/wolfcrypt/poly1305.h @@ -1,6 +1,6 @@ /* poly1305.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -112,6 +112,10 @@ WOLFSSL_API int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key, word32 kySz); WOLFSSL_API int wc_Poly1305Update(Poly1305* poly1305, const byte*, word32); WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag); + +/* AEAD Functions */ +WOLFSSL_API int wc_Poly1305_Pad(Poly1305* ctx, word32 lenToPad); +WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 dataSz); WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, byte* input, word32 sz, byte* tag, word32 tagSz); @@ -124,4 +128,3 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m, #endif /* HAVE_POLY1305 */ #endif /* WOLF_CRYPT_POLY1305_H */ - diff --git a/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 433066af..0e342db3 100644 --- a/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1,6 +1,6 @@ /* esp32-crypt.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index 4c61269e..cdb84c13 100644 --- a/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -1,6 +1,6 @@ /* renesas-tsip-crypt.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -42,7 +42,7 @@ typedef enum { tsip_Key_RSA1024 = 4, tsip_Key_RSA2048 = 5, tsip_Key_tls_Rsa2048 = 6, - UNKNOW = -1, + tsip_Key_unknown = -1, } wolfssl_TSIP_KEY_IV; enum { diff --git a/source/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h b/source/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h index b0e970ad..36c923b4 100644 --- a/source/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h +++ b/source/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h @@ -1,6 +1,6 @@ /* afalg_hash.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h b/source/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h index eb0c6392..38c1466c 100644 --- a/source/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h +++ b/source/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h @@ -1,6 +1,6 @@ /* wc_afalg.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/arm/cryptoCell.h b/source/libwolfssl/wolfcrypt/port/arm/cryptoCell.h index 1dd1a334..ae6b021f 100644 --- a/source/libwolfssl/wolfcrypt/port/arm/cryptoCell.h +++ b/source/libwolfssl/wolfcrypt/port/arm/cryptoCell.h @@ -1,6 +1,6 @@ /* cryptoCell.h * - * Copyright (C) 2019 wolfSSL Inc. + * Copyright (C) 2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -78,7 +78,7 @@ extern "C" { CRYS_RSAUserPrivKey_t privKey; CRYS_RSAUserPubKey_t pubKey; } rsa_context_t; -CRYS_RSA_HASH_OpMode_t cc310_hashModeRSA(enum wc_HashType hash_type); +CRYS_RSA_HASH_OpMode_t cc310_hashModeRSA(enum wc_HashType hash_type, int isHashed); #endif #ifdef HAVE_ECC diff --git a/source/libwolfssl/wolfcrypt/port/atmel/atmel.h b/source/libwolfssl/wolfcrypt/port/atmel/atmel.h index 4075c910..6f3e3d50 100644 --- a/source/libwolfssl/wolfcrypt/port/atmel/atmel.h +++ b/source/libwolfssl/wolfcrypt/port/atmel/atmel.h @@ -1,6 +1,6 @@ /* atmel.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/caam/caam_driver.h b/source/libwolfssl/wolfcrypt/port/caam/caam_driver.h index 5e493127..cac1742c 100644 --- a/source/libwolfssl/wolfcrypt/port/caam/caam_driver.h +++ b/source/libwolfssl/wolfcrypt/port/caam/caam_driver.h @@ -1,6 +1,6 @@ /* caam_driver.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -142,7 +142,7 @@ #define CAAM_IRSR0 CAAM_BASE + 0x100C #define CAAM_IRJAR0 CAAM_BASE + 0x101C -/* Ouput Job Ring Registers */ +/* Output Job Ring Registers */ #define CAAM_ORBAR0 CAAM_BASE + 0x1024 #define CAAM_ORSR0 CAAM_BASE + 0x102C #define CAAM_ORJAR0 CAAM_BASE + 0x103C @@ -165,7 +165,7 @@ #define CAAM_FIFOO_LS CAAM_BASE + 0x87F4 /* input FIFO is 16 entries deep with each entry having two 4 byte registers - All data writin to it from IP bus should be in big endian format */ + All data written to it from IP bus should be in big endian format */ #define CAAM_FIFOI_LS CAAM_BASE + 0x87E0 /* offset of 4 with range 0 .. 13 */ @@ -180,7 +180,7 @@ static unsigned int wc_rng_start[] = { CAAM_OP | CAAM_CLASS1 | CAAM_RNG | 0x00000004, /* Instantiate RNG handle 0 with TRNG */ CAAM_JUMP | 0x02000001, /* wait for Class1 RNG and jump to next cmd */ CAAM_LOAD | 0x00880004, /* Load to clear written register */ - 0x00000001, /* reset done interupt */ + 0x00000001, /* reset done interrupt */ CAAM_OP | CAAM_CLASS1 | CAAM_RNG | 0x00001000 /* Generate secure keys */ }; diff --git a/source/libwolfssl/wolfcrypt/port/caam/wolfcaam.h b/source/libwolfssl/wolfcrypt/port/caam/wolfcaam.h index 3e2ffdd0..159fec52 100644 --- a/source/libwolfssl/wolfcrypt/port/caam/wolfcaam.h +++ b/source/libwolfssl/wolfcrypt/port/caam/wolfcaam.h @@ -1,6 +1,6 @@ /* wolfcaam.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/source/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h index 2a611f0d..bf2b0d8d 100644 --- a/source/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h +++ b/source/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h @@ -1,6 +1,6 @@ /* wolfcaam_sha.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h b/source/libwolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h new file mode 100644 index 00000000..f7914b8e --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h @@ -0,0 +1,31 @@ +/* cavium_octeon_sync.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef _CAVIUM_OCTEON_SYNC_H_ +#define _CAVIUM_OCTEON_SYNC_H_ + +#ifdef HAVE_CAVIUM_OCTEON_SYNC + +WOLFSSL_API int wc_CryptoCb_InitOcteon(void); +WOLFSSL_API void wc_CryptoCb_CleanupOcteon(int* id); + +#endif /* HAVE_CAVIUM_OCTEON_SYNC */ +#endif /* _CAVIUM_OCTEON_SYNC_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h b/source/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h index c6369c04..849f5ce9 100644 --- a/source/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h +++ b/source/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h @@ -1,6 +1,6 @@ /* wc_devcrypto.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h b/source/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h index 974d2b50..8eb9421f 100644 --- a/source/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h +++ b/source/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h @@ -1,6 +1,6 @@ /* quickassist_sync.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. (formerly known as CyaSSL) * @@ -24,206 +24,30 @@ #ifdef HAVE_INTEL_QA_SYNC -#include "cpa.h" -#include "cpa_cy_im.h" -#include "cpa_cy_sym.h" -#include "cpa_cy_rsa.h" -#include "cpa_cy_ln.h" -#include "cpa_cy_ecdh.h" -#include "cpa_cy_ecdsa.h" -#include "cpa_cy_dh.h" -#include "cpa_cy_drbg.h" -#include "cpa_cy_nrbg.h" -#include "cpa_cy_prime.h" +WOLFSSL_API int wc_CryptoCb_InitIntelQa(void); +WOLFSSL_API void wc_CryptoCb_CleanupIntelQa(int* id); -/* User space utils */ -#include -#include -#include -#include - - -#if 0 - /* Optional feature for partial QAT hashing support */ - /* This will process updates through hardware instead of caching them */ - #define QAT_HASH_ENABLE_PARTIAL -#endif -#ifdef QAT_HASH_ENABLE_PARTIAL - #define MAX_QAT_HASH_BUFFERS 2 -#endif - -/* Detect QAT driver version */ -#if defined(CPA_CY_API_VERSION_NUM_MAJOR) && CPA_CY_API_VERSION_NUM_MAJOR > 1 - #define QAT_V2 -#endif - -#ifdef QAT_V2 - /* quickassist/utilities/libusdm_drv/qae_mem.h */ - /* Provides user-space API's for accessing NUMA allocated memory through usdm_drv */ - #include "qae_mem.h" -#include "linux/include/qae_mem_utils.h" -#endif - -#ifdef QAT_USE_POLLING_THREAD - #include -#endif -#ifdef QA_DEMO_MAIN - #include -#endif - - -/* Tunable parameters */ -#ifndef QAT_PROCESS_NAME - #define QAT_PROCESS_NAME "SSL" -#endif -#ifndef QAT_LIMIT_DEV_ACCESS - #define QAT_LIMIT_DEV_ACCESS CPA_FALSE -#endif -#ifndef QAT_MAX_DEVICES - #define QAT_MAX_DEVICES (1) /* maximum number of QAT cards */ -#endif - -#ifndef QAT_RETRY_LIMIT - #define QAT_RETRY_LIMIT (100) -#endif -#ifndef QAT_POLL_RESP_QUOTA - #define QAT_POLL_RESP_QUOTA (0) /* all pending */ -#endif - -#if !defined(NO_AES) || !defined(NO_DES3) - #define QAT_ENABLE_CRYPTO -#endif - - -/* Pre-declarations */ -struct IntelQaDev; -struct wc_CryptoInfo; -struct WC_BIGINT; -struct WC_RNG; - - -#if defined(QAT_ENABLE_HASH) || defined(QAT_ENABLE_CRYPTO) -/* symmetric context */ -typedef struct IntelQaSymCtx { - CpaCySymOpData opData; - CpaCySymSessionCtx symCtxSrc; - CpaCySymSessionCtx symCtx; - word32 symCtxSize; - - /* flags */ - word32 isOpen:1; - word32 isCopy:1; -} IntelQaSymCtx; -#endif - -typedef void (*IntelQaFreeFunc)(struct IntelQaDev*); - - -/* QuickAssist device */ -typedef struct IntelQaDev { - CpaInstanceHandle handle; - int devId; - void* heap; - - /* callback return info */ - int ret; - byte* out; - union { - word32* outLenPtr; - word32 outLen; - }; - - /* operations */ - IntelQaFreeFunc freeFunc; - union { - #ifdef QAT_ENABLE_CRYPTO - struct { - IntelQaSymCtx ctx; - CpaBufferList bufferList; - CpaFlatBuffer flatBuffer; - byte* authTag; - word32 authTagSz; - } cipher; - #endif - } op; - -#ifdef QAT_USE_POLLING_THREAD - pthread_t pollingThread; - byte pollingCy; -#endif -} IntelQaDev; - - -/* Interface */ -WOLFSSL_LOCAL int IntelQaHardwareStart(const char*, int); -WOLFSSL_LOCAL void IntelQaHardwareStop(void); -WOLFSSL_LOCAL int IntelQaInit(void*); -WOLFSSL_LOCAL void IntelQaDeInit(int); -WOLFSSL_LOCAL int IntelQaNumInstances(void); -WOLFSSL_LOCAL int IntelQaOpen(IntelQaDev*, int); -WOLFSSL_LOCAL void IntelQaClose(IntelQaDev*); -WOLFSSL_LOCAL int IntelQaDevCopy(IntelQaDev*, IntelQaDev*); -WOLFSSL_LOCAL int IntelQaPoll(IntelQaDev*); -WOLFSSL_LOCAL int IntelQaGetCyInstanceCount(void); - -#ifndef NO_AES - #ifdef HAVE_AES_CBC - WOLFSSL_LOCAL int IntelQaSymAesCbcEncrypt(IntelQaDev*, byte*, - const byte*, word32, const byte*, word32, const byte*, word32); - #ifdef HAVE_AES_DECRYPT - WOLFSSL_LOCAL int IntelQaSymAesCbcDecrypt(IntelQaDev*, byte*, - const byte*, word32, const byte*, word32, const byte*, word32); - #endif /* HAVE_AES_DECRYPT */ - #endif /* HAVE_AES_CBC */ - - #ifdef HAVE_AESGCM - WOLFSSL_LOCAL int IntelQaSymAesGcmEncrypt(IntelQaDev*, byte*, - const byte*, word32, const byte*, word32, const byte*, word32, - byte*, word32, const byte*, word32); - #ifdef HAVE_AES_DECRYPT - WOLFSSL_LOCAL int IntelQaSymAesGcmDecrypt(IntelQaDev*, byte*, - const byte*, word32, const byte*, word32, const byte*, word32, - const byte*, word32, const byte*, word32); - #endif /* HAVE_AES_DECRYPT */ - #endif /* HAVE_AESGCM */ -#endif /* !NO_AES */ - -#ifndef NO_DES3 - WOLFSSL_LOCAL int IntelQaSymDes3CbcEncrypt(IntelQaDev*, byte*, - const byte*, word32, const byte*, word32, const byte* iv, word32); - WOLFSSL_LOCAL int IntelQaSymDes3CbcDecrypt(IntelQaDev* dev, byte*, - const byte*, word32, const byte*, word32, const byte* iv, word32); -#endif /*! NO_DES3 */ - -#ifdef WOLF_CRYPTO_CB - WOLFSSL_LOCAL int IntelQaSymSync_CryptoDevCb(int, struct wc_CryptoInfo*, - void*); -#endif /* WOLF_CRYPTO_CB */ - - -#ifdef WOLFSSL_TRACK_MEMORY - WOLFSSL_API int InitMemoryTracker(void); - WOLFSSL_API void ShowMemoryTracker(void); -#endif - - -WOLFSSL_API void* IntelQaMalloc(size_t size, void* heap, int type +WOLFSSL_API void* wc_CryptoCb_IntelQaMalloc(size_t size, + void* heap, int type #ifdef WOLFSSL_DEBUG_MEMORY , const char* func, unsigned int line #endif ); -WOLFSSL_API void IntelQaFree(void *ptr, void* heap, int type +WOLFSSL_API void wc_CryptoCb_IntelQaFree(void *ptr, + void* heap, int type #ifdef WOLFSSL_DEBUG_MEMORY , const char* func, unsigned int line #endif ); -WOLFSSL_API void* IntelQaRealloc(void *ptr, size_t size, void* heap, int type +WOLFSSL_API void* wc_CryptoCb_IntelQaRealloc(void *ptr, + size_t size, void* heap, int type #ifdef WOLFSSL_DEBUG_MEMORY , const char* func, unsigned int line #endif ); + #endif /* HAVE_INTEL_QA_SYNC */ #endif /* _INTEL_QUICKASSIST_SYNC_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/nrf51.h b/source/libwolfssl/wolfcrypt/port/nrf51.h index 705d9c34..9c82099d 100644 --- a/source/libwolfssl/wolfcrypt/port/nrf51.h +++ b/source/libwolfssl/wolfcrypt/port/nrf51.h @@ -1,6 +1,6 @@ /* nrf51.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h b/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h index 1bf7e2bc..3612bda8 100644 --- a/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h +++ b/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -1,6 +1,6 @@ /* ksdk_port.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,6 +25,8 @@ #include #ifdef USE_FAST_MATH #include +#elif defined WOLFSSL_SP_MATH + #include #else #include #endif @@ -44,6 +46,10 @@ int ksdk_port_init(void); int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c); int wolfcrypt_mp_invmod(mp_int *a, mp_int *b, mp_int *c); int wolfcrypt_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y); + + /* Exported mp_mulmod function */ + int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d); + #endif /* FREESCALE_LTC_TFM */ #if defined(FREESCALE_LTC_ECC) diff --git a/source/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/source/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h index c1ba8423..1e1277ad 100644 --- a/source/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h +++ b/source/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -1,6 +1,6 @@ /* pic32mz-crypt.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/st/stm32.h b/source/libwolfssl/wolfcrypt/port/st/stm32.h index 56ec0267..655fe75a 100644 --- a/source/libwolfssl/wolfcrypt/port/st/stm32.h +++ b/source/libwolfssl/wolfcrypt/port/st/stm32.h @@ -1,6 +1,6 @@ /* stm32.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,8 +25,13 @@ /* Generic STM32 Hashing and Crypto Functions */ /* Supports CubeMX HAL or Standard Peripheral Library */ +#include #include +#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) + #include + #include +#endif #ifdef STM32_HASH @@ -104,7 +109,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #define STM32_HAL_V2 #endif - /* Thee datatype for STM32 CubeMX HAL Crypt calls */ + /* The datatype for STM32 CubeMX HAL Crypt calls */ #ifdef STM32_HAL_V2 #define STM_CRYPT_TYPE uint32_t #else @@ -114,18 +119,24 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, /* CRYPT_AES_GCM starts the IV with 2 */ #define STM32_GCM_IV_START 2 - #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - struct Aes; - #ifdef WOLFSSL_STM32_CUBEMX - int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp); - #else /* STD_PERI_LIB */ - int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit, - CRYP_KeyInitTypeDef* keyInit); - #endif /* WOLFSSL_STM32_CUBEMX */ - #endif /* WOLFSSL_AES_DIRECT || HAVE_AESGCM || HAVE_AESCCM */ + struct Aes; + #ifdef WOLFSSL_STM32_CUBEMX + int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp); + #else /* STD_PERI_LIB */ + int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit, + CRYP_KeyInitTypeDef* keyInit); + #endif /* WOLFSSL_STM32_CUBEMX */ #endif /* !NO_AES */ #endif /* STM32_CRYPTO */ +#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) +int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, + word32 hashlen, int* res, ecc_key* key); + +int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng, + ecc_key* key, mp_int *r, mp_int *s); +#endif + #endif /* _WOLFPORT_STM32_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/st/stsafe.h b/source/libwolfssl/wolfcrypt/port/st/stsafe.h index 32c4effa..16cd8f24 100644 --- a/source/libwolfssl/wolfcrypt/port/st/stsafe.h +++ b/source/libwolfssl/wolfcrypt/port/st/stsafe.h @@ -1,6 +1,6 @@ /* stsafe.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,10 +23,17 @@ #define _WOLFPORT_STSAFE_H_ #include -#include #include #include +#ifdef WOLF_CRYPTO_CB +#include +#endif + +#if !defined(WOLFCRYPT_ONLY) && defined(HAVE_PK_CALLBACKS) +#include +#endif + #ifdef WOLFSSL_STSAFEA100 /* The wolf STSAFE interface layer */ @@ -46,7 +53,7 @@ WOLFSSL_API int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate, word32* pRawCertificateLen); -#ifdef HAVE_PK_CALLBACKS +#if !defined(WOLFCRYPT_ONLY) && defined(HAVE_PK_CALLBACKS) WOLFSSL_API int SSL_STSAFE_CreateKeyCb(WOLFSSL* ssl, ecc_key* key, word32 keySz, int ecc_curve, void* ctx); WOLFSSL_API int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl, @@ -72,8 +79,6 @@ WOLFSSL_API int SSL_STSAFE_SetupPkCallbackCtx(WOLFSSL* ssl, void* user_ctx); #ifdef WOLF_CRYPTO_CB -#include - /* Device ID that's unique and valid (not INVALID_DEVID -2) */ #define WOLF_STSAFE_DEVID 0x53545341; /* STSA */ diff --git a/source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h b/source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h index 83802e6d..a66bb61c 100644 --- a/source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h +++ b/source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h @@ -1,6 +1,6 @@ /* port/ti/ti_ccm.c * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/ti/ti-hash.h b/source/libwolfssl/wolfcrypt/port/ti/ti-hash.h index 4730f719..8efdc5c0 100644 --- a/source/libwolfssl/wolfcrypt/port/ti/ti-hash.h +++ b/source/libwolfssl/wolfcrypt/port/ti/ti-hash.h @@ -1,6 +1,6 @@ /* port/ti/ti-hash.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h b/source/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h index 0de69bb3..47b46242 100644 --- a/source/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h +++ b/source/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h @@ -1,6 +1,6 @@ /* xil-sha3.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/pwdbased.h b/source/libwolfssl/wolfcrypt/pwdbased.h index e1d18b31..6eb4a0f0 100644 --- a/source/libwolfssl/wolfcrypt/pwdbased.h +++ b/source/libwolfssl/wolfcrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -46,6 +46,9 @@ WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int typeH); +WOLFSSL_API int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, + const byte* salt, int sLen, int iterations, int kLen, + int typeH, void* heap, int devId); WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int typeH); @@ -60,6 +63,9 @@ WOLFSSL_API int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen, WOLFSSL_API int wc_scrypt(byte* output, const byte* passwd, int passLen, const byte* salt, int saltLen, int cost, int blockSize, int parallel, int dkLen); +WOLFSSL_API int wc_scrypt_ex(byte* output, const byte* passwd, int passLen, + const byte* salt, int saltLen, word32 iterations, + int blockSize, int parallel, int dkLen); #endif diff --git a/source/libwolfssl/wolfcrypt/rabbit.h b/source/libwolfssl/wolfcrypt/rabbit.h index 15badf90..c4d4475b 100644 --- a/source/libwolfssl/wolfcrypt/rabbit.h +++ b/source/libwolfssl/wolfcrypt/rabbit.h @@ -1,6 +1,6 @@ /* rabbit.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/random.h b/source/libwolfssl/wolfcrypt/random.h index a100f7a0..12cbee6b 100644 --- a/source/libwolfssl/wolfcrypt/random.h +++ b/source/libwolfssl/wolfcrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -199,13 +199,18 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); WOLFSSL_API int wc_FreeNetRandom(void); #endif /* HAVE_WNR */ + +WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte*, word32, void*); +WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG*); + + #ifndef WC_NO_RNG WOLFSSL_API int wc_InitRng(WC_RNG*); WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId); WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz); WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz, void* heap, int devId); -WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); +WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); WOLFSSL_API int wc_FreeRng(WC_RNG*); #else diff --git a/source/libwolfssl/wolfcrypt/ripemd.h b/source/libwolfssl/wolfcrypt/ripemd.h index 08cb5134..6ea81651 100644 --- a/source/libwolfssl/wolfcrypt/ripemd.h +++ b/source/libwolfssl/wolfcrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/rsa.h b/source/libwolfssl/wolfcrypt/rsa.h index 0b367ab2..4a91e158 100644 --- a/source/libwolfssl/wolfcrypt/rsa.h +++ b/source/libwolfssl/wolfcrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -130,6 +130,11 @@ enum { RSA_PSS_PAD_TERM = 0xBC, #endif + RSA_PSS_SALT_LEN_DEFAULT = -1, +#ifdef WOLFSSL_PSS_SALT_LEN_DISCOVER + RSA_PSS_SALT_LEN_DISCOVER = -2, +#endif + #ifdef HAVE_PKCS11 RSA_MAX_ID_LEN = 32, #endif @@ -233,6 +238,8 @@ WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); +WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, int pad_type); WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, enum wc_HashType hash, int mgf, RsaKey* key); @@ -273,9 +280,8 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32); WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, word32 eSz, RsaKey* key); -#ifdef WOLFSSL_KEY_GEN - WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); -#endif +WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); + #ifdef WC_RSA_BLINDING WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); @@ -345,6 +351,15 @@ WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); int nlen, int* isPrime); #endif +WOLFSSL_LOCAL int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, + word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType, + enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen, + int saltLen, int bits, void* heap); +WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, + byte padValue, int padType, enum wc_HashType hType, + int mgf, byte* optLabel, word32 labelLen, int saltLen, + int bits, void* heap); + #endif /* HAVE_USER_RSA */ #ifdef __cplusplus diff --git a/source/libwolfssl/wolfcrypt/selftest.h b/source/libwolfssl/wolfcrypt/selftest.h index c9dd11d4..91aa0349 100644 --- a/source/libwolfssl/wolfcrypt/selftest.h +++ b/source/libwolfssl/wolfcrypt/selftest.h @@ -1,6 +1,6 @@ /* selftest.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/settings.h b/source/libwolfssl/wolfcrypt/settings.h index b12cd55e..3502f016 100644 --- a/source/libwolfssl/wolfcrypt/settings.h +++ b/source/libwolfssl/wolfcrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,6 +31,13 @@ extern "C" { #endif +/* This flag allows wolfSSL to include options.h instead of having client + * projects do it themselves. This should *NEVER* be defined when building + * wolfSSL as it can cause hard to debug problems. */ +#ifdef EXTERNAL_OPTS_OPENVPN +#include +#endif + /* Uncomment next line if using IPHONE */ /* #define IPHONE */ @@ -79,6 +86,9 @@ /* Uncomment next line if building wolfSSL for LSR */ /* #define WOLFSSL_LSR */ +/* Uncomment next line if building for Freescale Classic MQX version 5.0 */ +/* #define FREESCALE_MQX_5_0 */ + /* Uncomment next line if building for Freescale Classic MQX version 4.0 */ /* #define FREESCALE_MQX_4_0 */ @@ -140,7 +150,7 @@ /* Uncomment next line if building for VxWorks */ /* #define WOLFSSL_VXWORKS */ -/* Uncomment next line if building for Nordic nRF5x platofrm */ +/* Uncomment next line if building for Nordic nRF5x platform */ /* #define WOLFSSL_NRF5x */ /* Uncomment next line to enable deprecated less secure static DH suites */ @@ -282,6 +292,10 @@ #endif #endif +#if defined(WOLFSSL_RENESAS_RA6M3G) + /* settings in user_settings.h */ +#endif + #if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */ #define WOLFSSL_LWIP #define NO_WRITEV @@ -451,6 +465,7 @@ #define NO_MAIN_DRIVER #define NO_DEV_RANDOM #define NO_WRITEV + #define HAVE_STRINGS_H #endif @@ -528,7 +543,8 @@ #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) - #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN) + #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \ + || defined(HAVE_ALPN) #define XSTRTOK strtok_r #endif #endif @@ -678,14 +694,21 @@ extern void uITRON4_free(void *p) ; #ifdef FREERTOS #include "FreeRTOS.h" - /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */ #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ !defined(WOLFSSL_STATIC_MEMORY) #define XMALLOC(s, h, type) pvPortMalloc((s)) #define XFREE(p, h, type) vPortFree((p)) #endif - #if defined(HAVE_ED25519) || defined(WOLFSSL_ESPIDF) - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + /* FreeRTOS pvPortRealloc() implementation can be found here: + https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ + #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || defined(HAVE_ED448) + #if defined(WOLFSSL_ESPIDF) + /*In IDF, realloc(p, n) is equivalent to + heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */ + #define XREALLOC(p, n, h, t) realloc((p), (n)) + #else + #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n)) + #endif #endif #ifndef NO_WRITEV #define NO_WRITEV @@ -794,7 +817,23 @@ extern void uITRON4_free(void *p) ; #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC)) #define XFREE(p, h, type) (rtp_free(p)) - #define XREALLOC(p, n, h, t) realloc((p), (n)) + #define XREALLOC(p, n, h, t) (rtp_realloc((p), (n))) + + #if (WINMSP3) + #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) + #else + #sslpro: settings.h - please implement XSTRNCASECMP - needed for HAVE_ECC + #endif + + #define WOLFSSL_HAVE_MAX + #define WOLFSSL_HAVE_MIN + + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define WC_RSA_BLINDING + #define ECC_TIMING_RESISTANT + + #define HAVE_ECC #endif /* EBSNET */ @@ -845,7 +884,9 @@ extern void uITRON4_free(void *p) ; #define XMALLOC(s, h, type) pvPortMalloc((s)) #define XFREE(p, h, type) vPortFree((p)) #endif - #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) + /* FreeRTOS pvPortRealloc() implementation can be found here: + https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ + #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || defined(HAVE_ED448) #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n)) #endif #endif @@ -859,6 +900,11 @@ extern void uITRON4_free(void *p) ; #define TFM_TIMING_RESISTANT #endif +#ifdef FREESCALE_MQX_5_0 + /* use normal Freescale MQX port, but with minor changes for 5.0 */ + #define FREESCALE_MQX +#endif + #ifdef FREESCALE_MQX_4_0 /* use normal Freescale MQX port, but with minor changes for 4.0 */ #define FREESCALE_MQX @@ -869,7 +915,8 @@ extern void uITRON4_free(void *p) ; #include "mqx.h" #ifndef NO_FILESYSTEM #include "mfs.h" - #if MQX_USE_IO_OLD + #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \ + defined(FREESCALE_MQX_5_0) #include "fio.h" #define NO_STDIO_FILESYSTEM #else @@ -886,13 +933,23 @@ extern void uITRON4_free(void *p) ; #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));} /* Note: MQX has no realloc, using fastmath above */ #endif + #ifdef USE_FAST_MATH + /* Undef first to avoid re-definition if user_settings.h defines */ + #undef TFM_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + #endif #endif #ifdef FREESCALE_KSDK_MQX #define FREESCALE_COMMON #include #ifndef NO_FILESYSTEM - #if MQX_USE_IO_OLD + #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \ + defined(FREESCALE_MQX_5_0) #include #else #include @@ -1230,7 +1287,7 @@ extern void uITRON4_free(void *p) ; /* disable fall-back case, malloc, realloc and free are unavailable */ #define WOLFSSL_NO_MALLOC - /* file sytem has not been ported since it is a seperate product. */ + /* file system has not been ported since it is a separate product. */ #define NO_FILESYSTEM @@ -1591,12 +1648,6 @@ extern void uITRON4_free(void *p) ; #define XGEN_ALIGN #endif -#ifdef HAVE_CRL - /* not widely supported yet */ - #undef NO_SKID - #define NO_SKID -#endif - #ifdef __INTEL_COMPILER #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */ @@ -1639,7 +1690,7 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ECC */ -/* Curve255519 Configs */ +/* Curve25519 Configs */ #ifdef HAVE_CURVE25519 /* By default enable shared secret, key export and import */ #ifndef NO_CURVE25519_SHARED_SECRET @@ -1656,7 +1707,7 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_CURVE25519 */ -/* Ed255519 Configs */ +/* Ed25519 Configs */ #ifdef HAVE_ED25519 /* By default enable sign, verify, key export and import */ #ifndef NO_ED25519_SIGN @@ -1677,6 +1728,44 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ED25519 */ +/* Curve448 Configs */ +#ifdef HAVE_CURVE448 + /* By default enable shared secret, key export and import */ + #ifndef NO_CURVE448_SHARED_SECRET + #undef HAVE_CURVE448_SHARED_SECRET + #define HAVE_CURVE448_SHARED_SECRET + #endif + #ifndef NO_CURVE448_KEY_EXPORT + #undef HAVE_CURVE448_KEY_EXPORT + #define HAVE_CURVE448_KEY_EXPORT + #endif + #ifndef NO_CURVE448_KEY_IMPORT + #undef HAVE_CURVE448_KEY_IMPORT + #define HAVE_CURVE448_KEY_IMPORT + #endif +#endif /* HAVE_CURVE448 */ + +/* Ed448 Configs */ +#ifdef HAVE_ED448 + /* By default enable sign, verify, key export and import */ + #ifndef NO_ED448_SIGN + #undef HAVE_ED448_SIGN + #define HAVE_ED448_SIGN + #endif + #ifndef NO_ED448_VERIFY + #undef HAVE_ED448_VERIFY + #define HAVE_ED448_VERIFY + #endif + #ifndef NO_ED448_KEY_EXPORT + #undef HAVE_ED448_KEY_EXPORT + #define HAVE_ED448_KEY_EXPORT + #endif + #ifndef NO_ED448_KEY_IMPORT + #undef HAVE_ED448_KEY_IMPORT + #define HAVE_ED448_KEY_IMPORT + #endif +#endif /* HAVE_ED448 */ + /* AES Config */ #ifndef NO_AES /* By default enable all AES key sizes, decryption and CBC */ @@ -1947,8 +2036,8 @@ extern void uITRON4_free(void *p) ; #endif #endif -#if defined(WOLFSSL_NGINX) - #define SSL_CTRL_SET_TLSEXT_HOSTNAME +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #endif @@ -1958,6 +2047,12 @@ extern void uITRON4_free(void *p) ; #define ED25519_SMALL #endif +/* both CURVE and ED small math should be enabled */ +#ifdef CURVED448_SMALL + #define CURVE448_SMALL + #define ED448_SMALL +#endif + #ifndef WOLFSSL_ALERT_COUNT_MAX #define WOLFSSL_ALERT_COUNT_MAX 5 @@ -1993,8 +2088,8 @@ extern void uITRON4_free(void *p) ; #endif /* OPENSSL_EXTRA */ /* support for converting DER to PEM */ -#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || \ - defined(OPENSSL_EXTRA) +#if (defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_NO_DER_TO_PEM)) || \ + defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) #undef WOLFSSL_DER_TO_PEM #define WOLFSSL_DER_TO_PEM #endif @@ -2056,7 +2151,7 @@ extern void uITRON4_free(void *p) ; #endif #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(HAVE_CURVE25519) && \ - defined(WC_NO_RNG) && defined(WC_NO_RSA_OAEP) + !defined(HAVE_CURVE448) && defined(WC_NO_RNG) && defined(WC_NO_RSA_OAEP) #undef WOLFSSL_NO_CONST_CMP #define WOLFSSL_NO_CONST_CMP #endif @@ -2077,6 +2172,31 @@ extern void uITRON4_free(void *p) ; #error TLS 1.3 requires the Signature Algorithms extension to be enabled #endif +#ifndef NO_WOLFSSL_BASE64_DECODE + #define WOLFSSL_BASE64_DECODE +#endif + +#if defined(HAVE_EX_DATA) || defined(FORTRESS) + #define MAX_EX_DATA 5 /* allow for five items of ex_data */ +#endif + +#ifdef NO_WOLFSSL_SMALL_STACK + #undef WOLFSSL_SMALL_STACK +#endif + +/* The client session cache requires time for timeout */ +#if defined(NO_ASN_TIME) && !defined(NO_SESSION_CACHE) + #define NO_SESSION_CACHE +#endif + +/* Use static ECC structs for Position Independant Code (PIC) */ +#if defined(__IAR_SYSTEMS_ICC__) && defined(__ROPI__) + #define WOLFSSL_ECC_CURVE_STATIC + #define WOLFSSL_NAMES_STATIC + #define WOLFSSL_NO_CONSTCHARCONST +#endif + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libwolfssl/wolfcrypt/sha.h b/source/libwolfssl/wolfcrypt/sha.h index 24999a54..8e7138c6 100644 --- a/source/libwolfssl/wolfcrypt/sha.h +++ b/source/libwolfssl/wolfcrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/sha256.h b/source/libwolfssl/wolfcrypt/sha256.h index 4784c788..1d03bf47 100644 --- a/source/libwolfssl/wolfcrypt/sha256.h +++ b/source/libwolfssl/wolfcrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -132,7 +132,7 @@ enum { struct wc_Sha256 { #ifdef FREESCALE_LTC_SHA ltc_hash_ctx_t ctx; -#elif defined(STM32_HASH) +#elif defined(STM32_HASH_SHA2) STM32_HASH_Context stmCtx; #else /* alignment on digest and buffer speeds up ARMv8 crypto operations */ diff --git a/source/libwolfssl/wolfcrypt/sha3.h b/source/libwolfssl/wolfcrypt/sha3.h index 864071dd..8ff7952b 100644 --- a/source/libwolfssl/wolfcrypt/sha3.h +++ b/source/libwolfssl/wolfcrypt/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -114,6 +114,8 @@ struct Sha3 { #endif +typedef wc_Sha3 wc_Shake; + WOLFSSL_API int wc_InitSha3_224(wc_Sha3*, void*, int); WOLFSSL_API int wc_Sha3_224_Update(wc_Sha3*, const byte*, word32); @@ -143,6 +145,12 @@ WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3*); WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3*, byte*); WOLFSSL_API int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst); +WOLFSSL_API int wc_InitShake256(wc_Shake*, void*, int); +WOLFSSL_API int wc_Shake256_Update(wc_Shake*, const byte*, word32); +WOLFSSL_API int wc_Shake256_Final(wc_Shake*, byte*, word32); +WOLFSSL_API void wc_Shake256_Free(wc_Shake*); +WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); + #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) WOLFSSL_API int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags); WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags); diff --git a/source/libwolfssl/wolfcrypt/sha512.h b/source/libwolfssl/wolfcrypt/sha512.h index 0fba6816..475b8f45 100644 --- a/source/libwolfssl/wolfcrypt/sha512.h +++ b/source/libwolfssl/wolfcrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/signature.h b/source/libwolfssl/wolfcrypt/signature.h index 0f5fed45..f1f53887 100644 --- a/source/libwolfssl/wolfcrypt/signature.h +++ b/source/libwolfssl/wolfcrypt/signature.h @@ -1,6 +1,6 @@ /* signature.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -62,12 +62,23 @@ WOLFSSL_API int wc_SignatureGenerateHash( const byte* hash_data, word32 hash_len, byte* sig, word32 *sig_len, const void* key, word32 key_len, WC_RNG* rng); +WOLFSSL_API int wc_SignatureGenerateHash_ex( + enum wc_HashType hash_type, enum wc_SignatureType sig_type, + const byte* hash_data, word32 hash_len, + byte* sig, word32 *sig_len, + const void* key, word32 key_len, WC_RNG* rng, int verify); WOLFSSL_API int wc_SignatureGenerate( enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, byte* sig, word32 *sig_len, const void* key, word32 key_len, WC_RNG* rng); +WOLFSSL_API int wc_SignatureGenerate_ex( + enum wc_HashType hash_type, enum wc_SignatureType sig_type, + const byte* data, word32 data_len, + byte* sig, word32 *sig_len, + const void* key, word32 key_len, + WC_RNG* rng, int verify); #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libwolfssl/wolfcrypt/sp.h b/source/libwolfssl/wolfcrypt/sp.h index cd8b68cb..69e5bcc3 100644 --- a/source/libwolfssl/wolfcrypt/sp.h +++ b/source/libwolfssl/wolfcrypt/sp.h @@ -1,6 +1,6 @@ /* sp.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -62,6 +62,12 @@ WOLFSSL_LOCAL int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm, mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim, mp_int* mm, byte* out, word32* outLen); +WOLFSSL_LOCAL int sp_RsaPublic_4096(const byte* in, word32 inLen, + mp_int* em, mp_int* mm, byte* out, word32* outLen); +WOLFSSL_LOCAL int sp_RsaPrivate_4096(const byte* in, word32 inLen, + mp_int* dm, mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim, + mp_int* mm, byte* out, word32* outLen); + #endif /* WOLFSSL_HAVE_SP_RSA */ #if defined(WOLFSSL_HAVE_SP_DH) || defined(WOLFSSL_HAVE_SP_RSA) @@ -74,6 +80,8 @@ WOLFSSL_LOCAL int sp_ModExp_2048(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res); WOLFSSL_LOCAL int sp_ModExp_3072(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res); +WOLFSSL_LOCAL int sp_ModExp_4096(mp_int* base, mp_int* exp, mp_int* mod, + mp_int* res); #endif @@ -83,6 +91,8 @@ WOLFSSL_LOCAL int sp_DhExp_2048(mp_int* base, const byte* exp, word32 expLen, mp_int* mod, byte* out, word32* outLen); WOLFSSL_LOCAL int sp_DhExp_3072(mp_int* base, const byte* exp, word32 expLen, mp_int* mod, byte* out, word32* outLen); +WOLFSSL_LOCAL int sp_DhExp_4096(mp_int* base, const byte* exp, word32 expLen, + mp_int* mod, byte* out, word32* outLen); #endif /* WOLFSSL_HAVE_SP_DH */ @@ -96,7 +106,7 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap); int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out, word32* outlen, void* heap); int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv, - mp_int* rm, mp_int* sm, void* heap); + mp_int* rm, mp_int* sm, mp_int* km, void* heap); int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); int sp_ecc_is_point_256(mp_int* pX, mp_int* pY); @@ -109,6 +119,28 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ); int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym); + +int sp_ecc_mulmod_384(mp_int* km, ecc_point* gm, ecc_point* rm, int map, + void* heap); +int sp_ecc_mulmod_base_384(mp_int* km, ecc_point* rm, int map, void* heap); + +int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap); +int sp_ecc_secret_gen_384(mp_int* priv, ecc_point* pub, byte* out, + word32* outlen, void* heap); +int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv, + mp_int* rm, mp_int* sm, mp_int* km, void* heap); +int sp_ecc_verify_384(const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY, + mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); +int sp_ecc_is_point_384(mp_int* pX, mp_int* pY); +int sp_ecc_check_key_384(mp_int* pX, mp_int* pY, mp_int* privm, void* heap); +int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, + mp_int* qX, mp_int* qY, mp_int* qZ, + mp_int* rX, mp_int* rY, mp_int* rZ); +int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, + mp_int* rX, mp_int* rY, mp_int* rZ); +int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ); +int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym); + #endif /*ifdef WOLFSSL_HAVE_SP_ECC */ diff --git a/source/libwolfssl/wolfcrypt/sp_int.h b/source/libwolfssl/wolfcrypt/sp_int.h index a5666f9b..a728d9f0 100644 --- a/source/libwolfssl/wolfcrypt/sp_int.h +++ b/source/libwolfssl/wolfcrypt/sp_int.h @@ -1,6 +1,6 @@ /* sp_int.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -56,7 +56,13 @@ #endif #endif -#ifndef WOLFSSL_SP_ASM +#ifdef WOLFSSL_DSP_BUILD + typedef int32 sp_digit; + typedef uint32 sp_int_digit; + typedef uint64 sp_int_word; + #undef SP_WORD_SIZE + #define SP_WORD_SIZE 32 +#elif !defined(WOLFSSL_SP_ASM) #if SP_WORD_SIZE == 32 typedef int32_t sp_digit; typedef uint32_t sp_int_digit; @@ -96,27 +102,37 @@ #endif #endif +#define SP_MASK (sp_digit)(-1) + #ifdef WOLFSSL_SP_MATH #include #if !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) #if !defined(NO_PWDBASED) && defined(WOLFSSL_SHA512) #define SP_INT_DIGITS ((512 + SP_WORD_SIZE) / SP_WORD_SIZE) + #elif defined(WOLFSSL_SP_384) + #define SP_INT_DIGITS ((384 + SP_WORD_SIZE) / SP_WORD_SIZE) #else #define SP_INT_DIGITS ((256 + SP_WORD_SIZE) / SP_WORD_SIZE) #endif -#elif defined(WOLFSSL_SP_NO_3072) - #if defined(WOLFSSL_HAVE_SP_DH) && defined(WOLFSSL_KEY_GEN) - #define SP_INT_DIGITS ((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) +#elif defined(WOLFSSL_SP_4096) + #if defined(WOLFSSL_HAVE_SP_DH) + #define SP_INT_DIGITS ((8192 + SP_WORD_SIZE) / SP_WORD_SIZE) #else - #define SP_INT_DIGITS ((2048 + SP_WORD_SIZE) / SP_WORD_SIZE) + #define SP_INT_DIGITS ((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) #endif -#else - #if defined(WOLFSSL_HAVE_SP_DH) && defined(WOLFSSL_KEY_GEN) +#elif !defined(WOLFSSL_SP_NO_3072) + #if defined(WOLFSSL_HAVE_SP_DH) #define SP_INT_DIGITS ((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) #else #define SP_INT_DIGITS ((3072 + SP_WORD_SIZE) / SP_WORD_SIZE) #endif +#else + #if defined(WOLFSSL_HAVE_SP_DH) + #define SP_INT_DIGITS ((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) + #else + #define SP_INT_DIGITS ((2048 + SP_WORD_SIZE) / SP_WORD_SIZE) + #endif #endif #define sp_isodd(a) ((a)->used != 0 && ((a)->dp[0] & 1)) @@ -144,8 +160,8 @@ typedef struct sp_int { #endif } sp_int; -typedef sp_int mp_int; -typedef sp_digit mp_digit; +typedef sp_int mp_int; +typedef sp_int_digit mp_digit; #include @@ -155,7 +171,7 @@ MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d, sp_int* e, sp_int* f); MP_API void sp_clear(sp_int* a); MP_API int sp_unsigned_bin_size(sp_int* a); -MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz); +MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz); MP_API int sp_read_radix(sp_int* a, const char* in, int radix); MP_API int sp_cmp(sp_int* a, sp_int* b); MP_API int sp_count_bits(sp_int* a); @@ -177,9 +193,11 @@ MP_API int sp_lshd(sp_int* a, int s); MP_API int sp_add(sp_int* a, sp_int* b, sp_int* r); MP_API int sp_set_int(sp_int* a, unsigned long b); MP_API int sp_tohex(sp_int* a, char* str); +MP_API int sp_set_bit(sp_int* a, int i); MP_API int sp_2expt(sp_int* a, int e); MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap); MP_API int sp_mul(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r); MP_API int sp_gcd(sp_int* a, sp_int* b, sp_int* r); MP_API int sp_invmod(sp_int* a, sp_int* m, sp_int* r); MP_API int sp_lcm(sp_int* a, sp_int* b, sp_int* r); @@ -187,6 +205,11 @@ MP_API int sp_exptmod(sp_int* b, sp_int* e, sp_int* m, sp_int* r); MP_API int sp_prime_is_prime(mp_int* a, int t, int* result); MP_API int sp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); MP_API int sp_exch(sp_int* a, sp_int* b); +MP_API int sp_get_digit_count(sp_int *a); +MP_API int sp_init_copy (sp_int * a, sp_int * b); +MP_API void sp_rshb(sp_int* a, int n, sp_int* r); +MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r); + #define MP_OKAY 0 #define MP_NO 0 @@ -202,6 +225,7 @@ MP_API int sp_exch(sp_int* a, sp_int* b); #define MP_VAL -3 #define DIGIT_BIT SP_WORD_SIZE +#define MP_MASK SP_MASK #define CheckFastMathSettings() 1 @@ -239,16 +263,23 @@ MP_API int sp_exch(sp_int* a, sp_int* b); #define mp_add sp_add #define mp_set_int sp_set_int #define mp_tohex sp_tohex +#define mp_set_bit sp_set_bit #define mp_2expt sp_2expt #define mp_rand_prime sp_rand_prime #define mp_mul sp_mul +#define mp_mulmod sp_mulmod #define mp_gcd sp_gcd #define mp_invmod sp_invmod #define mp_lcm sp_lcm #define mp_exptmod sp_exptmod +#define mp_exptmod_nct sp_exptmod #define mp_prime_is_prime sp_prime_is_prime #define mp_prime_is_prime_ex sp_prime_is_prime_ex #define mp_exch sp_exch +#define get_digit_count sp_get_digit_count +#define mp_init_copy sp_init_copy +#define mp_rshb(A,x) sp_rshb(A,x,A) +#define mp_mul_d sp_mul_d #endif diff --git a/source/libwolfssl/wolfcrypt/srp.h b/source/libwolfssl/wolfcrypt/srp.h index 531ff111..a03645cc 100644 --- a/source/libwolfssl/wolfcrypt/srp.h +++ b/source/libwolfssl/wolfcrypt/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/tfm.h b/source/libwolfssl/wolfcrypt/tfm.h index 1ce1b091..f7b390a4 100644 --- a/source/libwolfssl/wolfcrypt/tfm.h +++ b/source/libwolfssl/wolfcrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -258,6 +258,11 @@ #ifndef FP_MAX_BITS #define FP_MAX_BITS 4096 #endif +#ifdef WOLFSSL_OPENSSH + /* OpenSSH uses some BIG primes so we need to accommodate for that */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 16384 +#endif #define FP_MAX_SIZE (FP_MAX_BITS+(8*DIGIT_BIT)) /* will this lib work? */ @@ -414,13 +419,16 @@ MP_API void fp_clear(fp_int *a); /* uses ForceZero to clear sensitive memory */ MP_API void fp_forcezero (fp_int * a); MP_API void fp_free(fp_int* a); -/* zero/even/odd ? */ +/* zero/one/even/odd/neg/word ? */ #define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO) #define fp_isone(a) \ ((((a)->used == 1) && ((a)->dp[0] == 1)) ? FP_YES : FP_NO) #define fp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO) #define fp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO) #define fp_isneg(a) (((a)->sign != 0) ? FP_YES : FP_NO) +#define fp_isword(a, w) \ + ((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \ + ? FP_YES : FP_NO) /* set to a small digit */ void fp_set(fp_int *a, fp_digit b); @@ -527,6 +535,7 @@ int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c); /* c = 1/a (mod b) */ int fp_invmod(fp_int *a, fp_int *b, fp_int *c); +int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp); /* c = (a, b) */ /*int fp_gcd(fp_int *a, fp_int *b, fp_int *c);*/ @@ -548,6 +557,7 @@ int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); /* d = a**b (mod c) */ int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); int fp_exptmod_ex(fp_int *a, fp_int *b, int minDigits, fp_int *c, fp_int *d); +int fp_exptmod_nct(fp_int *a, fp_int *b, fp_int *c, fp_int *d); #ifdef WC_RSA_NONBLOCK @@ -700,10 +710,11 @@ int fp_sqr_comba64(fp_int *a, fp_int *b); #define MP_MASK FP_MASK /* Prototypes */ -#define mp_zero(a) fp_zero(a) -#define mp_isone(a) fp_isone(a) -#define mp_iseven(a) fp_iseven(a) -#define mp_isneg(a) fp_isneg(a) +#define mp_zero(a) fp_zero(a) +#define mp_isone(a) fp_isone(a) +#define mp_iseven(a) fp_iseven(a) +#define mp_isneg(a) fp_isneg(a) +#define mp_isword(a, w) fp_isword(a, w) #define MP_RADIX_BIN 2 #define MP_RADIX_OCT 8 @@ -734,9 +745,11 @@ MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c); MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c); +MP_API int mp_invmod_mont_ct(mp_int *a, mp_int *b, mp_int *c, fp_digit mp); MP_API int mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y); MP_API int mp_exptmod_ex (mp_int * g, mp_int * x, int minDigits, mp_int * p, mp_int * y); +MP_API int mp_exptmod_nct (mp_int * g, mp_int * x, mp_int * p, mp_int * y); MP_API int mp_mul_2d(mp_int *a, int b, mp_int *c); MP_API int mp_2expt(mp_int* a, int b); diff --git a/source/libwolfssl/wolfcrypt/types.h b/source/libwolfssl/wolfcrypt/types.h index 9b349b57..7d45cccb 100644 --- a/source/libwolfssl/wolfcrypt/types.h +++ b/source/libwolfssl/wolfcrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,6 +34,20 @@ #endif + #define WOLFSSL_ABI + /* Tag for all the APIs that are a part of the fixed ABI. */ + + /* + * This struct is used multiple time by other structs and + * needs to be defined somwhere that all structs can import + * (with minimal depencencies). + */ + #if defined(HAVE_EX_DATA) || defined(FORTRESS) + typedef struct WOLFSSL_CRYPTO_EX_DATA { + void* ex_data[MAX_EX_DATA]; + } WOLFSSL_CRYPTO_EX_DATA; + #endif + #if defined(WORDS_BIGENDIAN) #define BIG_ENDIAN_ORDER #endif @@ -57,12 +71,30 @@ #endif - /* try to set SIZEOF_LONG or LONG_LONG if user didn't */ - #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) + /* constant pointer to a constant char */ + #ifdef WOLFSSL_NO_CONSTCHARCONST + typedef const char* wcchar; + #else + typedef const char* const wcchar; + #endif + + + /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */ + #if defined(_MSC_VER) || defined(HAVE_LIMITS_H) + #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) + #include + #if defined(ULONG_MAX) && (ULONG_MAX == 0xffffffffUL) + #define SIZEOF_LONG 4 + #endif + #if defined(ULLONG_MAX) && (ULLONG_MAX == 0xffffffffffffffffULL) + #define SIZEOF_LONG_LONG 8 + #endif + #endif + #elif !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) #if (defined(__alpha__) || defined(__ia64__) || \ defined(_ARCH_PPC64) || defined(__mips64) || \ - defined(__x86_64__) || \ + defined(__x86_64__) || defined(__s390x__ ) || \ ((defined(sun) || defined(__sun)) && \ (defined(LP64) || defined(_LP64)))) /* long should be 64bit */ @@ -100,7 +132,7 @@ /* These platforms have 64-bit CPU registers. */ #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \ - defined(__aarch64__) || defined(__sparc64__) || \ + defined(__aarch64__) || defined(__sparc64__) || defined(__s390x__ ) || \ (defined(__riscv_xlen) && (__riscv_xlen == 64)) typedef word64 wolfssl_word; #define WC_64BIT_CPU @@ -224,6 +256,7 @@ #define USE_WINDOWS_API #endif + #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */ /* idea to add global alloc override by Moises Guimaraes */ /* default to libc stuff */ @@ -237,19 +270,29 @@ defined(HAVE_INTEL_QA_SYNC) #ifndef HAVE_INTEL_QA_SYNC #include + #undef USE_WOLFSSL_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t), __func__, __LINE__) + #define XFREE(p, h, t) IntelQaFree((p), (h), (t), __func__, __LINE__) + #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__) + #else + #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t)) + #define XFREE(p, h, t) IntelQaFree((p), (h), (t)) + #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t)) + #endif /* WOLFSSL_DEBUG_MEMORY */ #else #include + #undef USE_WOLFSSL_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) wc_CryptoCb_IntelQaMalloc((s), (h), (t), __func__, __LINE__) + #define XFREE(p, h, t) wc_CryptoCb_IntelQaFree((p), (h), (t), __func__, __LINE__) + #define XREALLOC(p, n, h, t) wc_CryptoCb_IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__) + #else + #define XMALLOC(s, h, t) wc_CryptoCb_IntelQaMalloc((s), (h), (t)) + #define XFREE(p, h, t) wc_CryptoCb_IntelQaFree((p), (h), (t)) + #define XREALLOC(p, n, h, t) wc_CryptoCb_IntelQaRealloc((p), (n), (h), (t)) + #endif /* WOLFSSL_DEBUG_MEMORY */ #endif - #undef USE_WOLFSSL_MEMORY - #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t), __func__, __LINE__) - #define XFREE(p, h, t) IntelQaFree((p), (h), (t), __func__, __LINE__) - #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__) - #else - #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t)) - #define XFREE(p, h, t) IntelQaFree((p), (h), (t)) - #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t)) - #endif /* WOLFSSL_DEBUG_MEMORY */ #elif defined(XMALLOC_USER) /* prototypes for user heap override functions */ #include /* for size_t */ @@ -455,11 +498,14 @@ Windows 10, snprintf is no longer identical to _snprintf. The snprintf function behavior is now C99 standard compliant. */ + #include #define XSNPRINTF snprintf #else /* 4996 warning to use MS extensions e.g., _sprintf_s instead of _snprintf */ + #if !defined(__MINGW32__) #pragma warning(disable: 4996) + #endif static WC_INLINE int xsnprintf(char *buffer, size_t bufsize, const char *format, ...) { @@ -476,10 +522,13 @@ } #define XSNPRINTF xsnprintf #endif /* (_MSC_VER >= 1900) */ - #endif /* _MSC_VER || __CYGWIN__ || __MINGW32__ */ + #else + #define XSNPRINTF snprintf + #endif /* _MSC_VER */ #endif /* USE_WINDOWS_API */ - #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN) + #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \ + || defined(HAVE_ALPN) /* use only Thread Safe version of strtok */ #if defined(USE_WOLF_STRTOK) #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) @@ -620,6 +669,8 @@ DYNAMIC_TYPE_HASH_TMP = 88, DYNAMIC_TYPE_BLOB = 89, DYNAMIC_TYPE_NAME_ENTRY = 90, + DYNAMIC_TYPE_CURVE448 = 91, + DYNAMIC_TYPE_ED448 = 92, DYNAMIC_TYPE_SNIFFER_SERVER = 1000, DYNAMIC_TYPE_SNIFFER_SESSION = 1001, DYNAMIC_TYPE_SNIFFER_PB = 1002, @@ -862,7 +913,8 @@ #endif - #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \ + defined(__GNUC__) #define WOLFSSL_PACK __attribute__ ((packed)) #else #define WOLFSSL_PACK diff --git a/source/libwolfssl/wolfcrypt/visibility.h b/source/libwolfssl/wolfcrypt/visibility.h index 07ba2f1b..8ed57fb9 100644 --- a/source/libwolfssl/wolfcrypt/visibility.h +++ b/source/libwolfssl/wolfcrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/wc_encrypt.h b/source/libwolfssl/wolfcrypt/wc_encrypt.h index 8da7add0..2c8cdda1 100644 --- a/source/libwolfssl/wolfcrypt/wc_encrypt.h +++ b/source/libwolfssl/wolfcrypt/wc_encrypt.h @@ -1,6 +1,6 @@ /* wc_encrypt.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -90,7 +90,7 @@ WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, #ifndef NO_PWDBASED WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz, byte* salt, int saltSz, int iterations, int id, byte* input, int length, - int version, byte* cbcIv, int enc); + int version, byte* cbcIv, int enc, int shaOid); #endif #ifdef __cplusplus diff --git a/source/libwolfssl/wolfcrypt/wc_pkcs11.h b/source/libwolfssl/wolfcrypt/wc_pkcs11.h index cdb48178..fc147d9f 100644 --- a/source/libwolfssl/wolfcrypt/wc_pkcs11.h +++ b/source/libwolfssl/wolfcrypt/wc_pkcs11.h @@ -1,6 +1,6 @@ /* wc_pkcs11.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/wc_port.h b/source/libwolfssl/wolfcrypt/wc_port.h index 39cbfbc9..66bdb80d 100644 --- a/source/libwolfssl/wolfcrypt/wc_port.h +++ b/source/libwolfssl/wolfcrypt/wc_port.h @@ -1,6 +1,6 @@ /* wc_port.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -42,6 +42,20 @@ #endif #endif + +/* GENERIC INCLUDE SECTION */ +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #include + #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \ + defined(FREESCALE_MQX_5_0) + #include + #else + #include + #endif +#endif + + +/* THREADING/MUTEX SECTION */ #ifdef USE_WINDOWS_API #ifdef WOLFSSL_GAME_BUILD #include "system/xtl.h" @@ -229,8 +243,9 @@ #endif /* USE_WINDOWS_API */ #endif /* SINGLE_THREADED */ -/* Enable crypt HW mutex for Freescale MMCAU or PIC32MZ */ -#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) +/* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */ +#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \ + defined(STM32_CRYPTO) #ifndef WOLFSSL_CRYPT_HW_MUTEX #define WOLFSSL_CRYPT_HW_MUTEX 1 #endif @@ -273,6 +288,8 @@ WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb); WOLFSSL_API int wolfCrypt_Init(void); WOLFSSL_API int wolfCrypt_Cleanup(void); + +/* FILESYSTEM SECTION */ /* filesystem abstraction layer, used by ssl.c */ #ifndef NO_FILESYSTEM @@ -280,9 +297,12 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #include "vfapi.h" #include "vfile.h" + int ebsnet_fseek(int a, long b, int c); /* Not prototyped in vfile.h per + * EBSnet feedback */ + #define XFILE int #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0); - #define XFSEEK vf_lseek + #define XFSEEK ebsnet_fseek #define XFTELL vf_tell #define XREWIND vf_rewind #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT) @@ -464,6 +484,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif /* !NO_FILESYSTEM */ + +/* MIN/MAX MACRO SECTION */ /* Windows API defines its own min() macro. */ #if defined(USE_WINDOWS_API) #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE) @@ -474,6 +496,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif /* max */ #endif /* USE_WINDOWS_API */ + +/* TIME SECTION */ /* Time functions */ #ifndef NO_ASN_TIME #if defined(USER_TIME) @@ -503,7 +527,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #define NEED_TMP_TIME -#elif defined(WOLFSSL_XILINX) && defined(FREERTOS) +#elif defined(WOLFSSL_XILINX) #define USER_TIME #include @@ -712,6 +736,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #endif /* NO_ASN_TIME */ + #ifndef WOLFSSL_LEANPSK char* mystrnstr(const char* s1, const char* s2, unsigned int n); #endif @@ -721,7 +746,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); will use dynamic buffer if not big enough */ #endif -#ifdef HAVE_CAVIUM_OCTEON +#ifdef HAVE_CAVIUM_OCTEON_SYNC /* By default, the OCTEON's global variables are all thread local. This * tag allows them to be shared between threads. */ #include "cvmx-platform.h" @@ -730,10 +755,26 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define WOLFSSL_GLOBAL #endif +#ifdef WOLFSSL_DSP + #include "wolfssl_dsp.h" + + /* callbacks for setting handle */ + typedef int (*wolfSSL_DSP_Handle_cb)(remote_handle64 *handle, int finished, + void *ctx); + WOLFSSL_API int wolfSSL_GetHandleCbSet(); + WOLFSSL_API int wolfSSL_SetHandleCb(wolfSSL_DSP_Handle_cb in); + WOLFSSL_LOCAL int wolfSSL_InitHandle(); + WOLFSSL_LOCAL void wolfSSL_CleanupHandle(); +#endif + +#ifdef WOLFSSL_SCE + #ifndef WOLFSSL_SCE_GSCE_HANDLE + #define WOLFSSL_SCE_GSCE_HANDLE g_sce + #endif +#endif #ifdef __cplusplus } /* extern "C" */ #endif #endif /* WOLF_CRYPT_PORT_H */ - diff --git a/source/libwolfssl/wolfcrypt/wolfevent.h b/source/libwolfssl/wolfcrypt/wolfevent.h index ed03a820..dee5dcaa 100644 --- a/source/libwolfssl/wolfcrypt/wolfevent.h +++ b/source/libwolfssl/wolfcrypt/wolfevent.h @@ -1,6 +1,6 @@ /* wolfevent.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/source/libwolfssl/wolfcrypt/wolfmath.h b/source/libwolfssl/wolfcrypt/wolfmath.h index 1db3223c..43b73c44 100644 --- a/source/libwolfssl/wolfcrypt/wolfmath.h +++ b/source/libwolfssl/wolfcrypt/wolfmath.h @@ -1,6 +1,6 @@ /* wolfmath.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -54,6 +54,7 @@ MP_API int get_digit_count(mp_int* a); MP_API mp_digit get_digit(mp_int* a, int n); MP_API int get_rand_digit(WC_RNG* rng, mp_digit* d); +WOLFSSL_API int mp_cond_copy(mp_int* a, int copy, mp_int* b); WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng); enum { diff --git a/source/libwolfssl/wolfio.h b/source/libwolfssl/wolfio.h index 12bf8323..a8c42f29 100644 --- a/source/libwolfssl/wolfio.h +++ b/source/libwolfssl/wolfio.h @@ -1,6 +1,6 @@ /* io.h * - * Copyright (C) 2006-2019 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -82,6 +82,12 @@ #include "FreeRTOS_Sockets.h" #elif defined(WOLFSSL_IAR_ARM) /* nothing */ + #elif defined(HAVE_NETX_BSD) + #ifdef NETX_DUO + #include "nxd_bsd.h" + #else + #include "nx_bsd.h" + #endif #elif defined(WOLFSSL_VXWORKS) #include #include @@ -120,6 +126,9 @@ #include #elif defined(WOLFSSL_ZEPHYR) #include + #elif defined(HAVE_NETX) + #include "nx_api.h" + #include "errno.h" #elif !defined(WOLFSSL_NO_SOCK) #include #include @@ -149,6 +158,11 @@ #endif #endif #endif + + #if defined(WOLFSSL_RENESAS_RA6M3G) /* Uses FREERTOS_TCP */ + #include + #endif + #endif /* USE_WINDOWS_API */ #ifdef __sun @@ -234,6 +248,14 @@ #define SOCKET_EPIPE EPIPE #define SOCKET_ECONNREFUSED SOCKET_ERROR #define SOCKET_ECONNABORTED SOCKET_ERROR +#elif defined(HAVE_NETX) + #define SOCKET_EWOULDBLOCK NX_NOT_CONNECTED + #define SOCKET_EAGAIN NX_NOT_CONNECTED + #define SOCKET_ECONNRESET NX_NOT_CONNECTED + #define SOCKET_EINTR NX_NOT_CONNECTED + #define SOCKET_EPIPE NX_NOT_CONNECTED + #define SOCKET_ECONNREFUSED NX_NOT_CONNECTED + #define SOCKET_ECONNABORTED NX_NOT_CONNECTED #else #define SOCKET_EWOULDBLOCK EWOULDBLOCK #define SOCKET_EAGAIN EAGAIN @@ -282,8 +304,14 @@ #ifdef USE_WINDOWS_API typedef unsigned int SOCKET_T; + #ifndef SOCKET_INVALID + #define SOCKET_INVALID INVALID_SOCKET + #endif #else typedef int SOCKET_T; + #ifndef SOCKET_INVALID + #define SOCKET_INVALID -1 + #endif #endif #ifndef WOLFSSL_NO_SOCK @@ -307,11 +335,7 @@ #endif /* HAVE_SOCKADDR */ /* use gethostbyname for c99 */ - #ifdef WOLF_C99 - #undef HAVE_GETADDRINFO - #endif - - #ifdef HAVE_GETADDRINFO + #if defined(HAVE_GETADDRINFO) && !defined(WOLF_C99) typedef struct addrinfo ADDRINFO; #endif #endif /* WOLFSSL_NO_SOCK */