mirror of
https://github.com/Fledge68/WiiFlow_Lite.git
synced 2024-12-24 02:41:55 +01:00
Add proxy support, fix timeouts & update wolfSSL
This commit is contained in:
parent
144e7669ed
commit
a80d629859
File diff suppressed because it is too large
Load Diff
@ -167,6 +167,8 @@ enum wolfSSL_ErrorCodes {
|
||||
CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */
|
||||
SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */
|
||||
TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */
|
||||
DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
|
||||
NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
|
||||
|
||||
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
||||
|
||||
|
@ -72,6 +72,9 @@
|
||||
#ifndef NO_SHA256
|
||||
#include <libwolfssl/wolfcrypt/sha256.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHA384)
|
||||
#include <libwolfssl/wolfcrypt/sha512.h>
|
||||
#endif
|
||||
#ifdef HAVE_OCSP
|
||||
#include <libwolfssl/ocsp.h>
|
||||
#endif
|
||||
@ -183,8 +186,10 @@
|
||||
/* do nothing */
|
||||
#else
|
||||
#ifndef SINGLE_THREADED
|
||||
#define WOLFSSL_PTHREADS
|
||||
#include <pthread.h>
|
||||
#ifndef WOLFSSL_USER_MUTEX
|
||||
#define WOLFSSL_PTHREADS
|
||||
#include <pthread.h>
|
||||
#endif
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
|
||||
#include <unistd.h> /* for close of BIO */
|
||||
@ -858,11 +863,13 @@
|
||||
|
||||
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
|
||||
defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
|
||||
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
|
||||
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
|
||||
defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
|
||||
defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
|
||||
defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
|
||||
defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
|
||||
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
|
||||
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
|
||||
defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
|
||||
defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \
|
||||
@ -906,7 +913,7 @@
|
||||
#define BUILD_DES3
|
||||
#endif
|
||||
|
||||
#if defined(NO_AES) || defined(NO_AES_DECRYPT)
|
||||
#if defined(NO_AES) || !defined(HAVE_AES_DECRYPT)
|
||||
#define AES_BLOCK_SIZE 16
|
||||
#undef BUILD_AES
|
||||
#else
|
||||
@ -1165,7 +1172,8 @@ enum {
|
||||
#ifndef MAX_PSK_ID_LEN
|
||||
/* max psk identity/hint supported */
|
||||
#if defined(WOLFSSL_TLS13)
|
||||
#define MAX_PSK_ID_LEN 256
|
||||
/* OpenSSL has a 1472 byte sessiont ticket */
|
||||
#define MAX_PSK_ID_LEN 1536
|
||||
#else
|
||||
#define MAX_PSK_ID_LEN 128
|
||||
#endif
|
||||
@ -1207,19 +1215,6 @@ enum Misc {
|
||||
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
|
||||
TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
|
||||
TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
|
||||
#ifdef WOLFSSL_TLS13_DRAFT
|
||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
|
||||
#elif defined(WOLFSSL_TLS13_DRAFT_22)
|
||||
TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */
|
||||
#elif defined(WOLFSSL_TLS13_DRAFT_23)
|
||||
TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */
|
||||
#elif defined(WOLFSSL_TLS13_DRAFT_26)
|
||||
TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */
|
||||
#else
|
||||
TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */
|
||||
#endif
|
||||
#endif
|
||||
OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
|
||||
INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
|
||||
NO_COMPRESSION = 0,
|
||||
@ -1355,10 +1350,21 @@ enum Misc {
|
||||
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
|
||||
MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
|
||||
#else
|
||||
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
|
||||
#if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
|
||||
#if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48
|
||||
MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE,
|
||||
#elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32
|
||||
MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE,
|
||||
#else
|
||||
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
|
||||
#endif
|
||||
#else
|
||||
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SELFTEST
|
||||
#if defined(HAVE_SELFTEST) && \
|
||||
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
|
||||
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
|
||||
#define WOLFSSL_AES_KEY_SIZE_ENUM
|
||||
AES_IV_SIZE = 16,
|
||||
@ -1502,7 +1508,7 @@ enum Misc {
|
||||
|
||||
/* number of items in the signature algo list */
|
||||
#ifndef WOLFSSL_MAX_SIGALGO
|
||||
#define WOLFSSL_MAX_SIGALGO 32
|
||||
#define WOLFSSL_MAX_SIGALGO 36
|
||||
#endif
|
||||
|
||||
|
||||
@ -1590,6 +1596,7 @@ enum states {
|
||||
SERVER_HELLO_COMPLETE,
|
||||
SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
|
||||
SERVER_CERT_COMPLETE,
|
||||
SERVER_CERT_VERIFY_COMPLETE,
|
||||
SERVER_KEYEXCHANGE_COMPLETE,
|
||||
SERVER_HELLODONE_COMPLETE,
|
||||
SERVER_CHANGECIPHERSPEC_COMPLETE,
|
||||
@ -1657,6 +1664,10 @@ WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
|
||||
/* for sniffer */
|
||||
WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 size, word32 totalSz, int sniff);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 size, word32 totalSz, int sniff);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
|
||||
/* TLS v1.3 needs these */
|
||||
WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
|
||||
@ -1688,16 +1699,15 @@ WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
|
||||
WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN);
|
||||
WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
|
||||
WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* output, int sz);
|
||||
WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
|
||||
int ivSz);
|
||||
WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
|
||||
#endif
|
||||
@ -1840,11 +1850,10 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#define MAX_DESCRIPTION_SZ 255
|
||||
#endif
|
||||
/* wolfSSL Cipher type just points back to SSL */
|
||||
struct WOLFSSL_CIPHER {
|
||||
byte cipherSuite0;
|
||||
byte cipherSuite;
|
||||
WOLFSSL* ssl;
|
||||
const WOLFSSL* ssl;
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
char description[MAX_DESCRIPTION_SZ];
|
||||
unsigned long offset;
|
||||
@ -2015,8 +2024,7 @@ WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
#if !defined NOCERTS &&\
|
||||
(!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
|
||||
#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
|
||||
typedef struct ProcPeerCertArgs {
|
||||
buffer* certs;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
@ -2132,8 +2140,10 @@ typedef struct Keys {
|
||||
byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
|
||||
#endif
|
||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||
byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
|
||||
byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
|
||||
|
||||
tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret;
|
||||
tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret;
|
||||
|
||||
#endif
|
||||
} Keys;
|
||||
|
||||
@ -2151,13 +2161,14 @@ typedef enum {
|
||||
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
|
||||
TLSX_EC_POINT_FORMATS = 0x000b,
|
||||
#if !defined(WOLFSSL_NO_SIGALG)
|
||||
TLSX_SIGNATURE_ALGORITHMS = 0x000d,
|
||||
TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */
|
||||
#endif
|
||||
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
|
||||
TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
|
||||
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
||||
TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
|
||||
#endif
|
||||
TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */
|
||||
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
|
||||
TLSX_SESSION_TICKET = 0x0023,
|
||||
#ifdef WOLFSSL_TLS13
|
||||
@ -2175,12 +2186,8 @@ typedef enum {
|
||||
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||
TLSX_POST_HANDSHAKE_AUTH = 0x0031,
|
||||
#endif
|
||||
#if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22)
|
||||
TLSX_KEY_SHARE = 0x0028,
|
||||
#else
|
||||
TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
|
||||
TLSX_KEY_SHARE = 0x0033,
|
||||
#endif
|
||||
#endif
|
||||
TLSX_RENEGOTIATION_INFO = 0xff01
|
||||
} TLSX_Type;
|
||||
@ -2522,7 +2529,6 @@ WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
|
||||
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
/* Ticket nonce - for deriving PSK.
|
||||
* Length allowed to be: 1..255. Only support 4 bytes.
|
||||
*/
|
||||
@ -2530,7 +2536,6 @@ typedef struct TicketNonce {
|
||||
byte len;
|
||||
byte data[MAX_TICKET_NONCE_SZ];
|
||||
} TicketNonce;
|
||||
#endif
|
||||
|
||||
/* The PreSharedKey extension information - entry in a linked list. */
|
||||
typedef struct PreSharedKey {
|
||||
@ -2586,6 +2591,13 @@ enum DeriveKeyType {
|
||||
update_traffic_key
|
||||
};
|
||||
|
||||
WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store);
|
||||
WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret);
|
||||
WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key);
|
||||
|
||||
/* The key update request values for KeyUpdate message. */
|
||||
enum KeyUpdateRequest {
|
||||
update_not_requested,
|
||||
@ -2602,6 +2614,14 @@ enum SetCBIO {
|
||||
};
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_STATIC_EPHEMERAL
|
||||
typedef struct {
|
||||
int keyAlgo;
|
||||
DerBuffer* key;
|
||||
} StaticKeyExchangeInfo_t;
|
||||
#endif
|
||||
|
||||
|
||||
/* wolfSSL context type */
|
||||
struct WOLFSSL_CTX {
|
||||
WOLFSSL_METHOD* method;
|
||||
@ -2710,9 +2730,7 @@ struct WOLFSSL_CTX {
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
|
||||
short minEccKeySz; /* minimum ECC key size */
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||
unsigned long mask; /* store SSL_OP_ flags */
|
||||
#endif
|
||||
#ifdef OPENSSL_EXTRA
|
||||
byte sessionCtx[ID_LEN]; /* app session context ID */
|
||||
word32 disabledCurves; /* curves disabled by user */
|
||||
@ -2755,6 +2773,7 @@ struct WOLFSSL_CTX {
|
||||
wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
|
||||
wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
|
||||
#endif
|
||||
void* psk_ctx;
|
||||
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
||||
#endif /* HAVE_SESSION_TICKET || !NO_PSK */
|
||||
#ifdef WOLFSSL_TLS13
|
||||
@ -2771,7 +2790,7 @@ struct WOLFSSL_CTX {
|
||||
pem_password_cb* passwd_cb;
|
||||
void* passwd_userdata;
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
|
||||
WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
|
||||
WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
|
||||
byte readAhead;
|
||||
@ -2876,16 +2895,19 @@ struct WOLFSSL_CTX {
|
||||
#endif /* NO_RSA */
|
||||
#endif /* HAVE_PK_CALLBACKS */
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
WOLF_EVENT_QUEUE event_queue;
|
||||
WOLF_EVENT_QUEUE event_queue;
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
#ifdef HAVE_EXT_CACHE
|
||||
WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*);
|
||||
int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
|
||||
void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
|
||||
WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*);
|
||||
int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
|
||||
void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256)
|
||||
Srp* srp; /* TLS Secure Remote Password Protocol*/
|
||||
byte* srp_password;
|
||||
Srp* srp; /* TLS Secure Remote Password Protocol*/
|
||||
byte* srp_password;
|
||||
#endif
|
||||
#ifdef WOLFSSL_STATIC_EPHEMERAL
|
||||
StaticKeyExchangeInfo_t staticKE;
|
||||
#endif
|
||||
};
|
||||
|
||||
@ -2950,7 +2972,6 @@ enum KeyExchangeAlgorithm {
|
||||
ecc_static_diffie_hellman_kea /* for verify suite only */
|
||||
};
|
||||
|
||||
|
||||
/* Supported Authentication Schemes */
|
||||
enum SignatureAlgorithm {
|
||||
anonymous_sa_algo = 0,
|
||||
@ -3009,6 +3030,13 @@ enum CipherType { aead };
|
||||
#define CIPHER_NONCE
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
|
||||
enum CipherSrc {
|
||||
KEYS_NOT_SET = 0,
|
||||
KEYS, /* keys from ssl->keys are loaded */
|
||||
SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */
|
||||
};
|
||||
#endif
|
||||
|
||||
/* cipher for now */
|
||||
typedef struct Ciphers {
|
||||
@ -3048,6 +3076,10 @@ typedef struct Ciphers {
|
||||
#endif
|
||||
byte state;
|
||||
byte setup; /* have we set it up flag for detection */
|
||||
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
|
||||
enum CipherSrc src; /* DTLS uses this to determine which keys
|
||||
* are currently loaded */
|
||||
#endif
|
||||
} Ciphers;
|
||||
|
||||
|
||||
@ -3149,6 +3181,8 @@ struct WOLFSSL_SESSION {
|
||||
#ifdef OPENSSL_EXTRA
|
||||
byte sessionCtxSz; /* sessionCtx length */
|
||||
byte sessionCtx[ID_LEN]; /* app specific context id */
|
||||
wolfSSL_Mutex refMutex; /* ref count mutex */
|
||||
int refCount; /* reference count */
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
word16 namedGroup;
|
||||
@ -3157,9 +3191,7 @@ struct WOLFSSL_SESSION {
|
||||
#ifdef WOLFSSL_TLS13
|
||||
word32 ticketSeen; /* Time ticket seen (ms) */
|
||||
word32 ticketAdd; /* Added by client */
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
TicketNonce ticketNonce; /* Nonce used to derive PSK */
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
word32 maxEarlyDataSz;
|
||||
@ -3171,7 +3203,7 @@ struct WOLFSSL_SESSION {
|
||||
byte staticTicket[SESSION_TICKET_LEN];
|
||||
byte isDynamic;
|
||||
#endif
|
||||
#ifdef HAVE_EXT_CACHE
|
||||
#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA)
|
||||
byte isAlloced;
|
||||
#endif
|
||||
#ifdef HAVE_EX_DATA
|
||||
@ -3185,7 +3217,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
|
||||
WOLFSSL_LOCAL
|
||||
int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
|
||||
|
||||
typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int);
|
||||
typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
|
||||
|
||||
#ifndef NO_CLIENT_CACHE
|
||||
WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
|
||||
@ -3346,8 +3378,9 @@ typedef struct Options {
|
||||
wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
|
||||
wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
|
||||
#endif
|
||||
void* psk_ctx;
|
||||
#endif /* NO_PSK */
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
|
||||
unsigned long mask; /* store SSL_OP_ flags */
|
||||
#endif
|
||||
|
||||
@ -3587,15 +3620,15 @@ struct WOLFSSL_X509_NAME {
|
||||
char staticName[ASN_NAME_MAX];
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(NO_ASN)
|
||||
DecodedName fullName;
|
||||
WOLFSSL_X509_NAME_ENTRY cnEntry;
|
||||
WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
|
||||
int entrySz; /* number of entries */
|
||||
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
|
||||
WOLFSSL_X509* x509; /* x509 that struct belongs to */
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||
byte raw[ASN_NAME_MAX];
|
||||
int rawLen;
|
||||
#endif
|
||||
void* heap;
|
||||
};
|
||||
|
||||
#ifndef EXTERNAL_SERIAL_SIZE
|
||||
@ -3741,6 +3774,7 @@ typedef struct DtlsMsg {
|
||||
byte* msg;
|
||||
DtlsFrag* fragList;
|
||||
word32 fragSz; /* Length of fragments received */
|
||||
word16 epoch; /* Epoch that this message belongs to */
|
||||
word32 seq; /* Handshake sequence number */
|
||||
word32 sz; /* Length of whole message */
|
||||
byte type;
|
||||
@ -3810,6 +3844,20 @@ typedef struct HS_Hashes {
|
||||
} HS_Hashes;
|
||||
|
||||
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
/* Persistable BuildMessage arguments */
|
||||
typedef struct BuildMsgArgs {
|
||||
word32 digestSz;
|
||||
word32 sz;
|
||||
word32 pad;
|
||||
word32 idx;
|
||||
word32 headerSz;
|
||||
word16 size;
|
||||
word32 ivSz; /* TLSv1.1 IV */
|
||||
byte* iv;
|
||||
} BuildMsgArgs;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#define MAX_ASYNC_ARGS 18
|
||||
typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
|
||||
@ -3818,6 +3866,7 @@ typedef struct HS_Hashes {
|
||||
WC_ASYNC_DEV* dev;
|
||||
FreeArgsCb freeArgs; /* function pointer to cleanup args */
|
||||
word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
|
||||
BuildMsgArgs buildArgs; /* holder for current BuildMessage args */
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -3971,11 +4020,9 @@ struct WOLFSSL {
|
||||
#endif
|
||||
word16 pssAlgo;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
#if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
|
||||
word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
|
||||
byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
|
||||
* offer */
|
||||
#endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
|
||||
#endif
|
||||
#ifdef HAVE_NTRU
|
||||
word16 peerNtruKeyLen;
|
||||
@ -4202,6 +4249,9 @@ struct WOLFSSL {
|
||||
WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
|
||||
WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
|
||||
#endif
|
||||
#ifdef WOLFSSL_STATIC_EPHEMERAL
|
||||
StaticKeyExchangeInfo_t staticKE;
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
@ -4221,10 +4271,8 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
|
||||
int type, WOLFSSL* ssl, int userChain,
|
||||
WOLFSSL_CRL* crl, int verify);
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
|
||||
WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
|
||||
size_t domainNameLen);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
@ -4333,12 +4381,8 @@ WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
|
||||
WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||
WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
|
||||
#else
|
||||
WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
|
||||
#endif
|
||||
#endif
|
||||
WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
||||
@ -4464,7 +4508,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
|
||||
WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
|
||||
#ifndef WOLFSSL_AEAD_ONLY
|
||||
WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
|
||||
word32 sz, int padSz, int content, int verify);
|
||||
word32 sz, int padSz, int content, int verify, int epochOrder);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -4486,24 +4530,30 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
|
||||
WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
|
||||
WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
|
||||
WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
|
||||
WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
|
||||
WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte,
|
||||
word32, word32, void*);
|
||||
WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
|
||||
WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,
|
||||
WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32);
|
||||
WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32,
|
||||
byte, word32, word32, void*);
|
||||
WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
|
||||
|
||||
WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32);
|
||||
WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType);
|
||||
WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
|
||||
WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head);
|
||||
WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
|
||||
#endif /* WOLFSSL_DTLS */
|
||||
|
||||
#ifndef NO_TLS
|
||||
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
|
||||
WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order);
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* NO_TLS */
|
||||
WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out);
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
|
||||
WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
|
||||
@ -4511,8 +4561,8 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
|
||||
WOLFSSL_LOCAL word32 LowResTimer(void);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
|
||||
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
|
||||
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*);
|
||||
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
|
||||
WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
|
||||
WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
|
||||
WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
|
||||
@ -4598,9 +4648,13 @@ WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
|
||||
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
|
||||
|
||||
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
|
||||
const byte* input, int inSz, int type, int hashOutput,
|
||||
int sizeOnly, int asyncOkay);
|
||||
int sizeOnly, int asyncOkay, int epochOrder);
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
||||
|
Binary file not shown.
@ -107,7 +107,7 @@ typedef enum {
|
||||
} WOLFSSL_ASN1_TYPES;
|
||||
|
||||
#define ASN1_SEQUENCE(type) \
|
||||
static const type __##type##_dummy_struct;\
|
||||
static type __##type##_dummy_struct;\
|
||||
static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
|
||||
|
||||
#define ASN1_SIMPLE(type, member, member_type) \
|
||||
|
@ -33,11 +33,11 @@
|
||||
#endif
|
||||
|
||||
|
||||
#define BIO_FLAG_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
|
||||
#define BIO_FLAG_READ WOLFSSL_BIO_FLAG_READ
|
||||
#define BIO_FLAG_WRITE WOLFSSL_BIO_FLAG_WRITE
|
||||
#define BIO_FLAG_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL
|
||||
#define BIO_FLAG_RETRY WOLFSSL_BIO_FLAG_RETRY
|
||||
#define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
|
||||
#define BIO_FLAGS_READ WOLFSSL_BIO_FLAG_READ
|
||||
#define BIO_FLAGS_WRITE WOLFSSL_BIO_FLAG_WRITE
|
||||
#define BIO_FLAGS_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL
|
||||
#define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
|
||||
|
||||
#define BIO_new_fp wolfSSL_BIO_new_fp
|
||||
#define BIO_new_file wolfSSL_BIO_new_file
|
||||
|
@ -80,6 +80,8 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
|
||||
unsigned char* sig,
|
||||
WOLFSSL_DSA* dsa, int *dsacheck);
|
||||
|
||||
WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
|
||||
|
||||
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
|
||||
WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
|
||||
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
|
||||
|
@ -148,12 +148,21 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
|
||||
WOLFSSL_API
|
||||
int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
|
||||
WOLFSSL_API
|
||||
WOLFSSL_EC_KEY *wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY **key, const unsigned char **in,
|
||||
long len);
|
||||
WOLFSSL_API
|
||||
int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
|
||||
WOLFSSL_API
|
||||
void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form);
|
||||
WOLFSSL_API
|
||||
WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
|
||||
const WOLFSSL_EC_POINT *p,
|
||||
char form,
|
||||
WOLFSSL_BIGNUM *in, WOLFSSL_BN_CTX *ctx);
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EC_POINT_is_on_curve(const WOLFSSL_EC_GROUP *group,
|
||||
const WOLFSSL_EC_POINT *point,
|
||||
WOLFSSL_BN_CTX *ctx);
|
||||
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
|
||||
@ -198,6 +207,8 @@ WOLFSSL_API
|
||||
int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
|
||||
WOLFSSL_BN_CTX *ctx);
|
||||
WOLFSSL_API
|
||||
WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_dup(const WOLFSSL_EC_GROUP *src);
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
|
||||
@ -228,11 +239,18 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
|
||||
const WOLFSSL_BIGNUM *y,
|
||||
WOLFSSL_BN_CTX *ctx);
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
|
||||
const WOLFSSL_EC_POINT *p1,
|
||||
const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx);
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
|
||||
const WOLFSSL_BIGNUM *n,
|
||||
const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
|
||||
WOLFSSL_BN_CTX *ctx);
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *a,
|
||||
WOLFSSL_BN_CTX *ctx);
|
||||
WOLFSSL_API
|
||||
void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
|
||||
@ -277,6 +295,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
|
||||
#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
|
||||
#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name
|
||||
#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp
|
||||
#define EC_GROUP_dup wolfSSL_EC_GROUP_dup
|
||||
#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name
|
||||
#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree
|
||||
#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
|
||||
@ -291,7 +310,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
|
||||
wolfSSL_EC_POINT_get_affine_coordinates_GFp
|
||||
#define EC_POINT_set_affine_coordinates_GFp \
|
||||
wolfSSL_EC_POINT_set_affine_coordinates_GFp
|
||||
#define EC_POINT_add wolfSSL_EC_POINT_add
|
||||
#define EC_POINT_mul wolfSSL_EC_POINT_mul
|
||||
#define EC_POINT_invert wolfSSL_EC_POINT_invert
|
||||
#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
|
||||
#define EC_POINT_cmp wolfSSL_EC_POINT_cmp
|
||||
#define EC_POINT_copy wolfSSL_EC_POINT_copy
|
||||
@ -304,7 +325,11 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
|
||||
#define EC_POINT_point2oct wolfSSL_EC_POINT_point2oct
|
||||
#define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point
|
||||
#define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn
|
||||
#define EC_POINT_is_on_curve wolfSSL_EC_POINT_is_on_curve
|
||||
#define i2o_ECPublicKey wolfSSL_i2o_ECPublicKey
|
||||
#define i2d_EC_PUBKEY wolfSSL_i2o_ECPublicKey
|
||||
#define d2i_ECPrivateKey wolfSSL_d2i_ECPrivateKey
|
||||
#define i2d_ECPrivateKey wolfSSL_i2d_ECPrivateKey
|
||||
#define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form
|
||||
|
||||
#ifndef HAVE_SELFTEST
|
||||
|
@ -356,10 +356,10 @@ struct WOLFSSL_EVP_CIPHER_CTX {
|
||||
#ifdef HAVE_AESGCM
|
||||
byte* gcmDecryptBuffer;
|
||||
int gcmDecryptBufferLen;
|
||||
#endif
|
||||
ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
|
||||
int authTagSz;
|
||||
#endif
|
||||
#endif
|
||||
};
|
||||
|
||||
struct WOLFSSL_EVP_PKEY_CTX {
|
||||
@ -521,6 +521,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
|
||||
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key);
|
||||
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key);
|
||||
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
|
||||
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey);
|
||||
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
|
||||
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
|
||||
WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);
|
||||
|
@ -72,6 +72,7 @@ WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx,
|
||||
WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
|
||||
unsigned int* len);
|
||||
WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx);
|
||||
WOLFSSL_API void wolfSSL_HMAC_CTX_cleanup(WOLFSSL_HMAC_CTX* ctx);
|
||||
WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx);
|
||||
WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx);
|
||||
|
||||
@ -83,6 +84,7 @@ typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
|
||||
#define HMAC_CTX_init wolfSSL_HMAC_CTX_Init
|
||||
#define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy
|
||||
#define HMAC_CTX_free wolfSSL_HMAC_CTX_free
|
||||
#define HMAC_CTX_cleanup wolfSSL_HMAC_CTX_cleanup
|
||||
#define HMAC_CTX_reset wolfSSL_HMAC_cleanup
|
||||
#define HMAC_Init_ex wolfSSL_HMAC_Init_ex
|
||||
#define HMAC_Init wolfSSL_HMAC_Init
|
||||
|
@ -79,6 +79,7 @@ typedef WOLFSSL_X509_NAME X509_NAME;
|
||||
typedef WOLFSSL_X509_INFO X509_INFO;
|
||||
typedef WOLFSSL_X509_CHAIN X509_CHAIN;
|
||||
|
||||
/* STACK_OF(ASN1_OBJECT) */
|
||||
typedef WOLFSSL_STACK EXTENDED_KEY_USAGE;
|
||||
|
||||
|
||||
@ -151,6 +152,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data
|
||||
#define set_ex_data wolfSSL_CRYPTO_set_ex_data
|
||||
#define get_ex_data wolfSSL_CRYPTO_get_ex_data
|
||||
#define CRYPTO_memcmp wolfSSL_CRYPTO_memcmp
|
||||
|
||||
/* this function was used to set the default malloc, free, and realloc */
|
||||
#define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */
|
||||
@ -174,14 +176,15 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
|
||||
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
|
||||
#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio
|
||||
#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey
|
||||
#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free
|
||||
#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp
|
||||
|
||||
#define i2d_PUBKEY wolfSSL_i2d_PUBKEY
|
||||
#define d2i_PUBKEY wolfSSL_d2i_PUBKEY
|
||||
#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio
|
||||
#define d2i_PrivateKey wolfSSL_d2i_PrivateKey
|
||||
#define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey
|
||||
#define i2d_PrivateKey wolfSSL_i2d_PrivateKey
|
||||
#define SSL_use_PrivateKey wolfSSL_use_PrivateKey
|
||||
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
|
||||
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
|
||||
@ -301,6 +304,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define SSL_set_connect_state wolfSSL_set_connect_state
|
||||
#define SSL_set_accept_state wolfSSL_set_accept_state
|
||||
#define SSL_session_reused wolfSSL_session_reused
|
||||
#define SSL_SESSION_up_ref wolfSSL_SESSION_up_ref
|
||||
#define SSL_SESSION_dup wolfSSL_SESSION_dup
|
||||
#define SSL_SESSION_free wolfSSL_SESSION_free
|
||||
#define SSL_is_init_finished wolfSSL_is_init_finished
|
||||
@ -340,8 +344,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
|
||||
#define DSA_dup_DH wolfSSL_DSA_dup_DH
|
||||
/* wolfSSL does not support DSA as the cert public key */
|
||||
#define EVP_PKEY_get0_DSA(...) NULL
|
||||
#define DSA_bits(...) 0
|
||||
#define EVP_PKEY_get0_DSA wolfSSL_EVP_PKEY_get0_DSA
|
||||
#define DSA_bits wolfSSL_DSA_bits
|
||||
|
||||
#define i2d_X509_bio wolfSSL_i2d_X509_bio
|
||||
#define d2i_X509_bio wolfSSL_d2i_X509_bio
|
||||
@ -374,14 +378,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define X509_digest wolfSSL_X509_digest
|
||||
#define X509_get_ext_count wolfSSL_X509_get_ext_count
|
||||
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
|
||||
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
|
||||
#define X509_get_ext wolfSSL_X509_get_ext
|
||||
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
|
||||
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
|
||||
#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
|
||||
#define X509_get_subject_name wolfSSL_X509_get_subject_name
|
||||
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
|
||||
#define X509_get_pubkey wolfSSL_X509_get_pubkey
|
||||
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
|
||||
#define X509_get_notBefore wolfSSL_X509_get_notBefore
|
||||
#define X509_get0_notBefore wolfSSL_X509_get_notBefore
|
||||
#define X509_get_notAfter wolfSSL_X509_get_notAfter
|
||||
#define X509_get0_notAfter wolfSSL_X509_get_notAfter
|
||||
#define X509_get_serialNumber wolfSSL_X509_get_serialNumber
|
||||
#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
|
||||
#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index
|
||||
@ -407,9 +416,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define X509_check_private_key wolfSSL_X509_check_private_key
|
||||
#define X509_check_ca wolfSSL_X509_check_ca
|
||||
#define X509_check_host wolfSSL_X509_check_host
|
||||
#define X509_check_ip_asc wolfSSL_X509_check_ip_asc
|
||||
#define X509_email_free wolfSSL_X509_email_free
|
||||
#define X509_check_issued wolfSSL_X509_check_issued
|
||||
#define X509_dup wolfSSL_X509_dup
|
||||
#define X509_add_ext wolfSSL_X509_add_ext
|
||||
|
||||
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
|
||||
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
|
||||
@ -422,7 +433,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define sk_X509_push wolfSSL_sk_X509_push
|
||||
#define sk_X509_pop wolfSSL_sk_X509_pop
|
||||
#define sk_X509_pop_free wolfSSL_sk_X509_pop_free
|
||||
#define sk_X509_dup wolfSSL_sk_X509_dup
|
||||
#define sk_X509_dup wolfSSL_sk_dup
|
||||
#define sk_X509_free wolfSSL_sk_X509_free
|
||||
|
||||
#define sk_X509_EXTENSION_num wolfSSL_sk_X509_EXTENSION_num
|
||||
@ -430,7 +441,6 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null
|
||||
#define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free
|
||||
#define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push
|
||||
#define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free
|
||||
|
||||
#define X509_INFO_new wolfSSL_X509_INFO_new
|
||||
#define X509_INFO_free wolfSSL_X509_INFO_free
|
||||
@ -444,6 +454,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free
|
||||
|
||||
#define i2d_X509_NAME wolfSSL_i2d_X509_NAME
|
||||
#define d2i_X509_NAME wolfSSL_d2i_X509_NAME
|
||||
#define X509_NAME_new wolfSSL_X509_NAME_new
|
||||
#define X509_NAME_free wolfSSL_X509_NAME_free
|
||||
#define X509_NAME_dup wolfSSL_X509_NAME_dup
|
||||
@ -568,7 +579,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
|
||||
|
||||
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
|
||||
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
|
||||
|
||||
#define X509_check_purpose(...) 0
|
||||
|
||||
@ -661,6 +671,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
|
||||
|
||||
#define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT
|
||||
#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT
|
||||
|
||||
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
|
||||
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
|
||||
@ -850,7 +861,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
/*#if OPENSSL_API_COMPAT < 0x10100000L*/
|
||||
#define CONF_modules_free()
|
||||
#define ENGINE_cleanup()
|
||||
#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup
|
||||
#define SSL_CTX_need_tmp_RSA(ctx) 0
|
||||
#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
|
||||
#define SSL_need_tmp_RSA(ssl) 0
|
||||
@ -887,14 +897,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
|
||||
#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find
|
||||
|
||||
enum {
|
||||
GEN_DNS = 0x02, /* ASN_DNS_TYPE */
|
||||
GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */
|
||||
GEN_URI = 0x06, /* ASN_URI_TYPE */
|
||||
GEN_IPADD = 0x07,
|
||||
GEN_RID = 0x08, /* Registered ID, not supported */
|
||||
};
|
||||
|
||||
#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
|
||||
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
|
||||
|
||||
@ -910,7 +912,7 @@ enum {
|
||||
#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero
|
||||
#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */
|
||||
#define sk_SSL_CIPHER_dup wolfSSL_sk_SSL_CIPHER_dup
|
||||
#define sk_SSL_CIPHER_dup wolfSSL_sk_dup
|
||||
#define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free
|
||||
#define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find
|
||||
|
||||
@ -919,7 +921,6 @@ enum {
|
||||
#include <libwolfssl/openssl/pem.h>
|
||||
|
||||
#define SSL_CTRL_CHAIN 88
|
||||
#define GEN_IPADD 7
|
||||
#define ERR_LIB_SSL 20
|
||||
#define SSL_R_SHORT_READ 10
|
||||
#define ERR_R_PEM_LIB 9
|
||||
@ -959,6 +960,7 @@ enum {
|
||||
#define SSL_num_renegotiations wolfSSL_num_renegotiations
|
||||
#define SSL_renegotiate wolfSSL_Rehandshake
|
||||
#define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support
|
||||
#define SSL_renegotiate_pending wolfSSL_SSL_renegotiate_pending
|
||||
#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg
|
||||
#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type
|
||||
#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts
|
||||
@ -1227,7 +1229,7 @@ enum {
|
||||
#define X509_OBJECT_free wolfSSL_X509_OBJECT_free
|
||||
#define X509_OBJECT_get_type(x) 0
|
||||
|
||||
#define OpenSSL_version(x) wolfSSL_lib_version()
|
||||
#define OpenSSL_version(x) wolfSSL_OpenSSL_version()
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
@ -28,6 +28,8 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include <libwolfssl/openssl/conf.h>
|
||||
|
||||
typedef void (*wolfSSL_sk_freefunc)(void *);
|
||||
|
||||
WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);
|
||||
|
@ -40,6 +40,7 @@
|
||||
/* Forward reference */
|
||||
|
||||
typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
|
||||
typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
|
||||
typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
|
||||
struct WOLFSSL_v3_ext_method *method,
|
||||
void *ext, STACK_OF(CONF_VALUE) *extlist);
|
||||
@ -53,6 +54,7 @@ struct WOLFSSL_v3_ext_method {
|
||||
int ext_flags;
|
||||
void *usr_data;
|
||||
X509V3_EXT_D2I d2i;
|
||||
X509V3_EXT_I2D i2d;
|
||||
X509V3_EXT_I2V i2v;
|
||||
X509V3_EXT_I2S i2s;
|
||||
X509V3_EXT_I2R i2r;
|
||||
@ -61,7 +63,7 @@ struct WOLFSSL_v3_ext_method {
|
||||
struct WOLFSSL_X509_EXTENSION {
|
||||
WOLFSSL_ASN1_OBJECT *obj;
|
||||
WOLFSSL_ASN1_BOOLEAN crit;
|
||||
WOLFSSL_ASN1_STRING value;
|
||||
ASN1_OCTET_STRING value; /* DER format of extension */
|
||||
WOLFSSL_v3_ext_method ext_method;
|
||||
WOLFSSL_STACK* ext_sk; /* For extension specific data */
|
||||
};
|
||||
@ -86,7 +88,9 @@ typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
|
||||
typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
|
||||
typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;
|
||||
|
||||
WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
|
||||
WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc);
|
||||
WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void);
|
||||
WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id);
|
||||
WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
|
||||
WOLFSSL_X509_EXTENSION* ex);
|
||||
|
@ -49,12 +49,49 @@ SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port,
|
||||
const char* keyFile, int typeK,
|
||||
const char* password, char* error);
|
||||
|
||||
WOLFSSL_API
|
||||
SSL_SNIFFER_API int ssl_SetPrivateKeyBuffer(const char* address, int port,
|
||||
const char* keyBuf, int keySz,
|
||||
int typeK, const char* password,
|
||||
char* error);
|
||||
|
||||
|
||||
WOLFSSL_API
|
||||
SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name,
|
||||
const char* address, int port,
|
||||
const char* keyFile, int typeK,
|
||||
const char* password, char* error);
|
||||
|
||||
WOLFSSL_API
|
||||
SSL_SNIFFER_API int ssl_SetNamedPrivateKeyBuffer(const char* name,
|
||||
const char* address, int port,
|
||||
const char* keyBuf, int keySz,
|
||||
int typeK, const char* password,
|
||||
char* error);
|
||||
|
||||
WOLFSSL_API
|
||||
SSL_SNIFFER_API int ssl_SetEphemeralKey(const char* address, int port,
|
||||
const char* keyFile, int typeKey,
|
||||
const char* password, char* error);
|
||||
|
||||
WOLFSSL_API
|
||||
SSL_SNIFFER_API int ssl_SetEphemeralKeyBuffer(const char* address, int port,
|
||||
const char* keyBuf, int keySz, int typeKey,
|
||||
const char* password, char* error);
|
||||
|
||||
|
||||
WOLFSSL_API
|
||||
SSL_SNIFFER_API int ssl_SetNamedEphemeralKey(const char* name,
|
||||
const char* address, int port,
|
||||
const char* keyFile, int typeKey,
|
||||
const char* password, char* error);
|
||||
|
||||
WOLFSSL_API
|
||||
SSL_SNIFFER_API int ssl_SetNamedEphemeralKeyBuffer(const char* name,
|
||||
const char* address, int port,
|
||||
const char* keyBuf, int keySz, int typeKey,
|
||||
const char* password, char* error);
|
||||
|
||||
WOLFSSL_API
|
||||
SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
|
||||
unsigned char** data, char* error);
|
||||
|
@ -130,6 +130,7 @@
|
||||
#define NO_DATA_DEST_STR 91
|
||||
#define STORE_DATA_FAIL_STR 92
|
||||
#define CHAIN_INPUT_STR 93
|
||||
#define GOT_ENC_EXT_STR 94
|
||||
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
|
||||
|
||||
|
||||
|
@ -274,7 +274,8 @@ struct WOLFSSL_ASN1_OBJECT {
|
||||
int ca;
|
||||
WOLFSSL_ASN1_INTEGER *pathlen;
|
||||
#endif
|
||||
unsigned char dynamic; /* if 1 then obj was dynamically created, 0 otherwise */
|
||||
unsigned char dynamic; /* Use WOLFSSL_ASN1_DYNAMIC and WOLFSSL_ASN1_DYNAMIC_DATA
|
||||
* to determine what needs to be freed. */
|
||||
|
||||
#if defined(WOLFSSL_APACHE_HTTPD)
|
||||
WOLFSSL_GENERAL_NAME* gn;
|
||||
@ -506,7 +507,7 @@ struct WOLFSSL_X509_STORE {
|
||||
int cache; /* stunnel dereference */
|
||||
WOLFSSL_CERT_MANAGER* cm;
|
||||
WOLFSSL_X509_LOOKUP lookup;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
int isDynamic;
|
||||
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
|
||||
#endif
|
||||
@ -516,15 +517,15 @@ struct WOLFSSL_X509_STORE {
|
||||
#ifdef HAVE_EX_DATA
|
||||
WOLFSSL_CRYPTO_EX_DATA ex_data;
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
|
||||
WOLFSSL_X509_CRL *crl;
|
||||
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL)
|
||||
WOLFSSL_X509_CRL *crl; /* points to cm->crl */
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#define WOLFSSL_NO_WILDCARDS 0x4
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
#define WOLFSSL_USE_CHECK_TIME 0x2
|
||||
#define WOLFSSL_NO_CHECK_TIME 0x200000
|
||||
#define WOLFSSL_NO_WILDCARDS 0x4
|
||||
#define WOLFSSL_HOST_NAME_MAX 256
|
||||
#define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
|
||||
struct WOLFSSL_X509_VERIFY_PARAM {
|
||||
@ -534,7 +535,7 @@ struct WOLFSSL_X509_VERIFY_PARAM {
|
||||
unsigned int hostFlags;
|
||||
char ipasc[WOLFSSL_MAX_IPSTR];
|
||||
};
|
||||
#endif
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
typedef struct WOLFSSL_ALERT {
|
||||
int code;
|
||||
@ -709,11 +710,11 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
|
||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
|
||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
|
||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
|
||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
|
||||
#endif
|
||||
|
||||
@ -861,7 +862,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*);
|
||||
WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
|
||||
WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
|
||||
WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
|
||||
WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
|
||||
WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req);
|
||||
WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
@ -891,10 +892,12 @@ WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
|
||||
unsigned int sz);
|
||||
WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
|
||||
WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*);
|
||||
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*);
|
||||
#endif
|
||||
#endif
|
||||
WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
|
||||
int sz, int* outSz);
|
||||
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
|
||||
int* outSz);
|
||||
#endif /* WOLFSSL_EARLY_DATA */
|
||||
#endif /* WOLFSSL_TLS13 */
|
||||
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
|
||||
WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*);
|
||||
WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
|
||||
@ -918,9 +921,11 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
|
||||
WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
|
||||
WOLFSSL_BIO**, size_t);
|
||||
|
||||
WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM,
|
||||
WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa,
|
||||
unsigned char *EM,
|
||||
const unsigned char *mHash,
|
||||
const WOLFSSL_EVP_MD *Hash, int saltLen);
|
||||
const WOLFSSL_EVP_MD *hashAlg,
|
||||
int saltLen);
|
||||
WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
|
||||
const WOLFSSL_EVP_MD *hashAlg,
|
||||
const unsigned char *EM, int saltLen);
|
||||
@ -1082,6 +1087,7 @@ typedef int WOLFSSL_LHASH;
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
|
||||
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
|
||||
WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk);
|
||||
WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
|
||||
WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
|
||||
@ -1102,12 +1108,13 @@ typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
|
||||
WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
||||
WOLFSSL_X509* x509);
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_dup(WOLFSSL_STACK* sk);
|
||||
WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
|
||||
WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void);
|
||||
WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn);
|
||||
WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk,
|
||||
WOLFSSL_GENERAL_NAME* gn);
|
||||
WOLFSSL_API WOLFSSL_GENERAL_NAMES* wolfSSL_GENERAL_NAMES_dup(
|
||||
WOLFSSL_GENERAL_NAMES* gns);
|
||||
WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
|
||||
WOLFSSL_GENERAL_NAME* gn);
|
||||
WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(
|
||||
WOLFSSL_STACK* sk, int i);
|
||||
WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk);
|
||||
@ -1129,6 +1136,7 @@ WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
|
||||
void (*f) (WOLFSSL_X509_EXTENSION*));
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
|
||||
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
|
||||
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj);
|
||||
WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void);
|
||||
WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
|
||||
@ -1153,11 +1161,13 @@ WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
|
||||
WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
|
||||
WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
|
||||
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
|
||||
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
|
||||
WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
|
||||
WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
|
||||
|
||||
WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*);
|
||||
WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
|
||||
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
|
||||
WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int);
|
||||
@ -1312,6 +1322,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
|
||||
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
|
||||
WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
|
||||
unsigned char** out);
|
||||
WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
|
||||
unsigned char **in, long length);
|
||||
#ifndef NO_RSA
|
||||
WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset);
|
||||
#endif
|
||||
@ -1325,8 +1337,10 @@ WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int);
|
||||
#endif
|
||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
|
||||
WOLFSSL_X509*);
|
||||
WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
|
||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
|
||||
WOLFSSL_X509*);
|
||||
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
|
||||
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
|
||||
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
|
||||
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
|
||||
@ -1365,6 +1379,7 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID(
|
||||
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*);
|
||||
|
||||
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void);
|
||||
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1);
|
||||
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
|
||||
WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1);
|
||||
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len);
|
||||
@ -1421,11 +1436,12 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
|
||||
WOLFSSL_EVP_PKEY** out);
|
||||
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
|
||||
const unsigned char** in, long inSz);
|
||||
WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
|
||||
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
|
||||
WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
|
||||
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key,
|
||||
unsigned char** in, long inSz);
|
||||
WOLFSSL_API int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key,
|
||||
WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key,
|
||||
unsigned char** der);
|
||||
WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
@ -1571,6 +1587,7 @@ WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
|
||||
WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
|
||||
WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
|
||||
WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
|
||||
WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
|
||||
WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
|
||||
WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
|
||||
WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
|
||||
@ -1597,8 +1614,6 @@ enum {
|
||||
WOLFSSL_CRL_CHECK = 2,
|
||||
};
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||
defined(HAVE_WEBSERVER)
|
||||
/* Separated out from other enums because of size */
|
||||
enum {
|
||||
SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
|
||||
@ -1645,6 +1660,8 @@ enum {
|
||||
| SSL_OP_TLS_ROLLBACK_BUG),
|
||||
};
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||
defined(HAVE_WEBSERVER)
|
||||
/* for compatibility these must be macros */
|
||||
#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2
|
||||
#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3
|
||||
@ -1950,6 +1967,11 @@ enum { /* ssl Constants */
|
||||
WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*,
|
||||
wc_psk_server_tls13_callback);
|
||||
#endif
|
||||
WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL*, void*);
|
||||
|
||||
WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX*);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX*, void*);
|
||||
|
||||
#define PSK_TYPES_DEFINED
|
||||
#endif /* NO_PSK */
|
||||
@ -1992,10 +2014,9 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
|
||||
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
|
||||
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY)
|
||||
WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
#endif
|
||||
WOLFSSL_API void wolfSSL_ERR_free_strings(void);
|
||||
WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
|
||||
WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
|
||||
@ -2045,7 +2066,8 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_
|
||||
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
|
||||
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
|
||||
|
||||
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
|
||||
#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
|
||||
(defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
|
||||
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
|
||||
int idx);
|
||||
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
|
||||
@ -2087,6 +2109,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
|
||||
|
||||
/* which library version do we have */
|
||||
WOLFSSL_API const char* wolfSSL_lib_version(void);
|
||||
WOLFSSL_API const char* wolfSSL_OpenSSL_version(void);
|
||||
/* which library version do we have in hex */
|
||||
WOLFSSL_API word32 wolfSSL_lib_version_hex(void);
|
||||
|
||||
@ -2134,6 +2157,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
|
||||
WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
|
||||
|
||||
WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
|
||||
WOLFSSL_API int wolfSSL_X509_add_altname_ex(WOLFSSL_X509*, const char*, word32, int);
|
||||
WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int);
|
||||
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
|
||||
@ -2424,6 +2448,7 @@ WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx);
|
||||
WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl);
|
||||
|
||||
WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
|
||||
WOLFSSL_API const unsigned char* wolfSSL_GetDtlsMacSecret(WOLFSSL*, int, int);
|
||||
WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
|
||||
WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
|
||||
WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
|
||||
@ -2527,7 +2552,7 @@ struct DhKey;
|
||||
typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key,
|
||||
const unsigned char* priv, unsigned int privSz,
|
||||
const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz,
|
||||
unsigned char* out, unsigned int* outlen,
|
||||
unsigned char* out, word32* outlen,
|
||||
void* ctx);
|
||||
WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree);
|
||||
WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx);
|
||||
@ -2625,7 +2650,7 @@ WOLFSSL_API void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl);
|
||||
#ifndef NO_RSA
|
||||
typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
|
||||
const unsigned char* in, unsigned int inSz,
|
||||
unsigned char* out, unsigned int* outSz,
|
||||
unsigned char* out, word32* outSz,
|
||||
const unsigned char* keyDer, unsigned int keySz,
|
||||
void* ctx);
|
||||
WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
|
||||
@ -2670,7 +2695,7 @@ WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
|
||||
/* RSA Public Encrypt cb */
|
||||
typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
|
||||
const unsigned char* in, unsigned int inSz,
|
||||
unsigned char* out, unsigned int* outSz,
|
||||
unsigned char* out, word32* outSz,
|
||||
const unsigned char* keyDer, unsigned int keySz,
|
||||
void* ctx);
|
||||
WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
|
||||
@ -3031,6 +3056,7 @@ enum {
|
||||
WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
|
||||
WOLFSSL_ECC_X25519 = 29,
|
||||
WOLFSSL_ECC_X448 = 30,
|
||||
WOLFSSL_ECC_MAX = 30,
|
||||
|
||||
WOLFSSL_FFDHE_2048 = 256,
|
||||
WOLFSSL_FFDHE_3072 = 257,
|
||||
@ -3208,7 +3234,6 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
|
||||
#include <libwolfssl/openssl/asn1.h>
|
||||
struct WOLFSSL_X509_NAME_ENTRY {
|
||||
WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */
|
||||
WOLFSSL_ASN1_STRING data;
|
||||
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
|
||||
int nid; /* i.e. ASN_COMMON_NAME */
|
||||
int set;
|
||||
@ -3219,11 +3244,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
|
||||
const WOLFSSL_ASN1_OBJECT *obj,
|
||||
int idx);
|
||||
|
||||
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
|
||||
enum {
|
||||
WOLFSSL_SYS_ACCEPT = 0,
|
||||
WOLFSSL_SYS_BIND,
|
||||
@ -3293,12 +3315,23 @@ WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
|
||||
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
|
||||
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
|
||||
WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*);
|
||||
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
|
||||
#endif /* !NO_CERTS */
|
||||
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
|
||||
int nid, int* c, int* idx);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert);
|
||||
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos);
|
||||
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
|
||||
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
|
||||
void *data);
|
||||
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
|
||||
WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
|
||||
char* value);
|
||||
@ -3335,7 +3368,7 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
|
||||
|
||||
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext);
|
||||
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext);
|
||||
#endif /* NO_CERTS */
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
|
||||
|
||||
@ -3343,8 +3376,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
|
||||
unsigned char* out, int outSz);
|
||||
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
|
||||
|
||||
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
|
||||
WOLFSSL_X509_STORE* str);
|
||||
WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
|
||||
@ -3353,20 +3384,27 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s
|
||||
#endif
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
|
||||
WOLFSSL_X509** x509);
|
||||
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
|
||||
WOLFSSL_X509_STORE* str);
|
||||
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
|
||||
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
|
||||
unsigned char *out, size_t outlen);
|
||||
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
|
||||
unsigned char* out, size_t outSz);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
|
||||
WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
|
||||
|
||||
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
|
||||
unsigned char *out, size_t outlen);
|
||||
WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**);
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
|
||||
|
||||
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
|
||||
unsigned char* out, size_t outSz);
|
||||
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
|
||||
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
|
||||
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
|
||||
@ -3385,9 +3423,12 @@ WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header,
|
||||
WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
|
||||
unsigned char* data, long* len,
|
||||
pem_password_cb* callback, void* ctx);
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
|
||||
|
||||
/*lighttp compatibility */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
struct WOLFSSL_ASN1_BIT_STRING {
|
||||
int length;
|
||||
int type;
|
||||
@ -3395,6 +3436,11 @@ struct WOLFSSL_ASN1_BIT_STRING {
|
||||
long flags;
|
||||
};
|
||||
|
||||
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
|
||||
#if defined(OPENSSL_EXTRA) \
|
||||
|| defined(OPENSSL_ALL) \
|
||||
@ -3402,7 +3448,8 @@ struct WOLFSSL_ASN1_BIT_STRING {
|
||||
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|
||||
|| defined(HAVE_STUNNEL) \
|
||||
|| defined(WOLFSSL_NGINX) \
|
||||
|| defined(WOLFSSL_HAPROXY)
|
||||
|| defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
|
||||
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
|
||||
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
|
||||
@ -3414,7 +3461,6 @@ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
|
||||
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
|
||||
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
|
||||
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
|
||||
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
|
||||
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
|
||||
WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
|
||||
WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
|
||||
@ -3468,12 +3514,8 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(OPENSSL_ALL) \
|
||||
|| defined(HAVE_STUNNEL) \
|
||||
|| defined(WOLFSSL_NGINX) \
|
||||
|| defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA) \
|
||||
|| defined(HAVE_LIGHTY)
|
||||
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|
||||
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||
|
||||
#include <libwolfssl/openssl/crypto.h>
|
||||
|
||||
@ -3485,6 +3527,8 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const ch
|
||||
|
||||
WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
|
||||
|
||||
WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size);
|
||||
|
||||
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn);
|
||||
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn);
|
||||
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn);
|
||||
@ -3550,7 +3594,9 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
|
||||
|
||||
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
|
||||
unsigned long);
|
||||
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void);
|
||||
WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*);
|
||||
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
|
||||
@ -3559,6 +3605,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
|
||||
const WOLFSSL_ASN1_BIT_STRING*, int);
|
||||
WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
|
||||
WOLFSSL_ASN1_BIT_STRING*, int, int);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|
||||
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
|
||||
|
||||
@ -3571,17 +3621,22 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, in
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
|
||||
|
||||
WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int);
|
||||
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
|
||||
|
||||
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|
||||
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||
|
||||
WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
|
||||
CRYPTO_free_func*);
|
||||
|
||||
WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
|
||||
|
||||
|
||||
WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*,
|
||||
unsigned int*);
|
||||
|
||||
@ -3624,10 +3679,13 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
|
||||
WOLFSSL_API WOLFSSL_X509_OBJECT*
|
||||
wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i);
|
||||
WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a);
|
||||
|
||||
WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
|
||||
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
#include <libwolfssl/openssl/stack.h>
|
||||
WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
|
||||
WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names);
|
||||
WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names);
|
||||
@ -3688,14 +3746,17 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
|
||||
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
|
||||
void *data);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
|
||||
WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
|
||||
void *b, void *c);
|
||||
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
|
||||
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
|
||||
void *data);
|
||||
WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
|
||||
const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
|
||||
|
||||
@ -3715,8 +3776,6 @@ WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*);
|
||||
#ifndef NO_SESSION_CACHE
|
||||
WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s);
|
||||
#endif
|
||||
WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
|
||||
size_t chklen, unsigned int flags, char **peername);
|
||||
|
||||
WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
|
||||
const WOLFSSL_ASN1_INTEGER *a);
|
||||
@ -3745,13 +3804,13 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
|
||||
|
||||
WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
|
||||
WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
|
||||
#endif /* HAVE_OCSP */
|
||||
#endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
|
||||
WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
|
||||
WOLFSSL_X509 *cert);
|
||||
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
|
||||
OPENSSL_EXTRA || HAVE_LIGHTY*/
|
||||
OPENSSL_EXTRA || HAVE_LIGHTY */
|
||||
|
||||
WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
|
||||
const unsigned char **data, unsigned int *len);
|
||||
@ -3782,8 +3841,14 @@ WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
|
||||
WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
|
||||
unsigned *len);
|
||||
|
||||
#ifndef NO_ASN
|
||||
WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
|
||||
size_t chklen, unsigned int flags, char **peername);
|
||||
WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
|
||||
unsigned int flags);
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
|
||||
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
|
||||
@ -3808,6 +3873,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key);
|
||||
WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key);
|
||||
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
|
||||
WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
|
||||
WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
|
||||
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
|
||||
WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
|
||||
WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
|
||||
@ -3815,8 +3881,6 @@ WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509
|
||||
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
|
||||
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find(
|
||||
WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind);
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_sk_SSL_CIPHER_dup(
|
||||
WOLF_STACK_OF(WOLFSSL_CIPHER)* in);
|
||||
WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
|
||||
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
|
||||
WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk);
|
||||
@ -3843,10 +3907,9 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
|
||||
WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
|
||||
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
|
||||
WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
|
||||
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
|
||||
|
||||
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
#ifdef HAVE_PK_CALLBACKS
|
||||
WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl);
|
||||
@ -3858,6 +3921,15 @@ WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int);
|
||||
WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int);
|
||||
#endif
|
||||
|
||||
/* This feature is used to set a fixed ephemeral key and is for testing only */
|
||||
/* Currently allows ECDHE and DHE only */
|
||||
#ifdef WOLFSSL_STATIC_EPHEMERAL
|
||||
WOLFSSL_API int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
|
||||
const char* key, unsigned int keySz, int format);
|
||||
WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
|
||||
const char* key, unsigned int keySz, int format);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
@ -55,6 +55,7 @@
|
||||
#endif
|
||||
#define SOCKET_T SOCKET
|
||||
#define SNPRINTF _snprintf
|
||||
#define XSLEEP_MS(t) Sleep(t)
|
||||
#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
|
||||
#include <string.h>
|
||||
#include "rl_net.h"
|
||||
@ -69,9 +70,9 @@
|
||||
return(ret) ;
|
||||
}
|
||||
#if defined(HAVE_KEIL_RTX)
|
||||
#define sleep(t) os_dly_wait(t/1000+1);
|
||||
#define XSLEEP_MS(t) os_dly_wait(t)
|
||||
#elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2)
|
||||
#define sleep(t) osDelay(t/1000+1);
|
||||
#define XSLEEP_MS(t) osDelay(t)
|
||||
#endif
|
||||
#elif defined(WOLFSSL_TIRTOS)
|
||||
#include <string.h>
|
||||
@ -88,6 +89,7 @@
|
||||
char **h_addr_list; /* list of addresses from name server */
|
||||
};
|
||||
#define SOCKET_T int
|
||||
#define XSLEEP_MS(t) Task_sleep(t/1000)
|
||||
#elif defined(WOLFSSL_VXWORKS)
|
||||
#include <hostLib.h>
|
||||
#include <sockLib.h>
|
||||
@ -148,8 +150,19 @@
|
||||
#include <signal.h> /* ignore SIGPIPE */
|
||||
#endif
|
||||
#define SNPRINTF snprintf
|
||||
|
||||
#define XSELECT_WAIT(x,y) do { \
|
||||
struct timeval tv = {(x),(y)}; \
|
||||
select(0, NULL, NULL, NULL, &tv); \
|
||||
} while (0)
|
||||
#define XSLEEP_US(u) XSELECT_WAIT(0,u)
|
||||
#define XSLEEP_MS(m) XSELECT_WAIT(0,(m)*1000)
|
||||
#endif /* USE_WINDOWS_API */
|
||||
|
||||
#ifndef XSLEEP_MS
|
||||
#define XSLEEP_MS(t) sleep(t/1000)
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <libwolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
@ -409,6 +422,7 @@ typedef struct callback_functions {
|
||||
ssl_callback ssl_ready;
|
||||
ssl_callback on_result;
|
||||
WOLFSSL_CTX* ctx;
|
||||
unsigned char isSharedCtx:1;
|
||||
} callback_functions;
|
||||
|
||||
typedef struct func_args {
|
||||
@ -1302,7 +1316,7 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
|
||||
(void)key_max_len;
|
||||
|
||||
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
|
||||
strncpy(identity, kIdentityStr, id_max_len);
|
||||
XSTRNCPY(identity, kIdentityStr, id_max_len);
|
||||
|
||||
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
|
||||
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
|
||||
@ -1336,7 +1350,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
|
||||
(void)key_max_len;
|
||||
|
||||
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
|
||||
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
|
||||
if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
|
||||
return 0;
|
||||
|
||||
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
|
||||
@ -1370,13 +1384,14 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
|
||||
{
|
||||
int i;
|
||||
int b = 0x01;
|
||||
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
|
||||
|
||||
(void)ssl;
|
||||
(void)hint;
|
||||
(void)key_max_len;
|
||||
|
||||
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
|
||||
strncpy(identity, kIdentityStr, id_max_len);
|
||||
XSTRNCPY(identity, kIdentityStr, id_max_len);
|
||||
|
||||
for (i = 0; i < 32; i++, b += 0x22) {
|
||||
if (b >= 0x100)
|
||||
@ -1384,7 +1399,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
|
||||
key[i] = b;
|
||||
}
|
||||
|
||||
*ciphersuite = "TLS13-AES128-GCM-SHA256";
|
||||
*ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
|
||||
|
||||
return 32; /* length of key in octets or 0 for error */
|
||||
}
|
||||
@ -1396,12 +1411,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
|
||||
{
|
||||
int i;
|
||||
int b = 0x01;
|
||||
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
|
||||
|
||||
(void)ssl;
|
||||
(void)key_max_len;
|
||||
|
||||
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
|
||||
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
|
||||
if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
|
||||
return 0;
|
||||
|
||||
for (i = 0; i < 32; i++, b += 0x22) {
|
||||
@ -1410,12 +1426,12 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
|
||||
key[i] = b;
|
||||
}
|
||||
|
||||
*ciphersuite = "TLS13-AES128-GCM-SHA256";
|
||||
*ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
|
||||
|
||||
return 32; /* length of key in octets or 0 for error */
|
||||
}
|
||||
|
||||
#endif /* NO_PSK */
|
||||
#endif /* !NO_PSK */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_USER_CURRTIME)
|
||||
@ -1675,7 +1691,13 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
|
||||
#endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
static int myVerifyFail = 0;
|
||||
enum {
|
||||
VERIFY_OVERRIDE_ERROR,
|
||||
VERIFY_FORCE_FAIL,
|
||||
VERIFY_USE_PREVERFIY,
|
||||
VERIFY_OVERRIDE_DATE_ERR,
|
||||
};
|
||||
static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
|
||||
|
||||
/* The verify callback is called for every certificate only when
|
||||
* --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and
|
||||
@ -1727,7 +1749,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
||||
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
|
||||
/* avoid printing duplicate certs */
|
||||
/* avoid printing duplicate certs */
|
||||
if (store->depth == 1) {
|
||||
/* retrieve x509 certs and display them on stdout */
|
||||
sk = wolfSSL_X509_STORE_GetCerts(store);
|
||||
@ -1762,37 +1784,24 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
||||
printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain);
|
||||
|
||||
/* Testing forced fail case by return zero */
|
||||
if (myVerifyFail) {
|
||||
if (myVerifyAction == VERIFY_FORCE_FAIL) {
|
||||
return 0; /* test failure case */
|
||||
}
|
||||
|
||||
if (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR &&
|
||||
(store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E)) {
|
||||
printf("Overriding cert date error as example for bad clock testing\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* If error indicate we are overriding it for testing purposes */
|
||||
if (store->error != 0) {
|
||||
if (store->error != 0 && myVerifyAction == VERIFY_OVERRIDE_ERROR) {
|
||||
printf("\tAllowing failed certificate check, testing only "
|
||||
"(shouldn't do this in production)\n");
|
||||
}
|
||||
|
||||
/* A non-zero return code indicates failure override */
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
||||
{
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
(void)preverify;
|
||||
|
||||
printf("In verification callback, error = %d, %s\n", store->error,
|
||||
wolfSSL_ERR_error_string(store->error, buffer));
|
||||
printf("Subject's domain name is %s\n", store->domain);
|
||||
|
||||
if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
|
||||
printf("Overriding cert date error as example for bad clock testing\n");
|
||||
return 1;
|
||||
}
|
||||
printf("Cert error is not date error, not overriding\n");
|
||||
|
||||
return 0;
|
||||
return (myVerifyAction == VERIFY_OVERRIDE_ERROR) ? 1 : preverify;
|
||||
}
|
||||
|
||||
|
||||
@ -1952,7 +1961,7 @@ static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
|
||||
int ret, i, used;
|
||||
void* status;
|
||||
unsigned char* myStack = NULL;
|
||||
int stackSize = 1024*152;
|
||||
int stackSize = 1024*176;
|
||||
pthread_attr_t myAttr;
|
||||
pthread_t threadId;
|
||||
|
||||
@ -2664,6 +2673,13 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \
|
||||
!defined(HAVE_SELFTEST)
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl));
|
||||
}
|
||||
#endif
|
||||
|
||||
/* generate shared secret and return it */
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
|
||||
@ -2873,7 +2889,7 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
|
||||
if (ret == 0) {
|
||||
ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey);
|
||||
ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0);
|
||||
wc_ed448_free(&myKey);
|
||||
}
|
||||
|
||||
@ -2905,7 +2921,8 @@ static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
|
||||
if (ret == 0) {
|
||||
ret = wc_ed448_import_public(key, keySz, &myKey);
|
||||
if (ret == 0) {
|
||||
ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey);
|
||||
ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey,
|
||||
NULL, 0);
|
||||
}
|
||||
wc_ed448_free(&myKey);
|
||||
}
|
||||
@ -3605,15 +3622,16 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
|
||||
int enc, byte* ticket, int inLen, int* outLen,
|
||||
void* userCtx)
|
||||
{
|
||||
(void)ssl;
|
||||
(void)userCtx;
|
||||
|
||||
int ret;
|
||||
word16 sLen = XHTONS(inLen);
|
||||
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
|
||||
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
|
||||
byte* tmp = aad;
|
||||
|
||||
(void)ssl;
|
||||
(void)userCtx;
|
||||
|
||||
/* encrypt */
|
||||
if (enc) {
|
||||
XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
|
||||
|
||||
@ -3634,8 +3652,9 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
|
||||
mac);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
*outLen = inLen; /* no padding in this mode */
|
||||
} else {
|
||||
/* decrypt */
|
||||
}
|
||||
/* decrypt */
|
||||
else {
|
||||
|
||||
/* see if we know this key */
|
||||
if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
|
||||
@ -3662,7 +3681,7 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
|
||||
return WOLFSSL_TICKET_RET_OK;
|
||||
}
|
||||
|
||||
#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
|
||||
#endif /* HAVE_SESSION_TICKET && HAVE_CHACHA && HAVE_POLY1305 */
|
||||
|
||||
static WC_INLINE word16 GetRandomPort(void)
|
||||
{
|
||||
|
@ -28,8 +28,8 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define LIBWOLFSSL_VERSION_STRING "4.4.0"
|
||||
#define LIBWOLFSSL_VERSION_HEX 0x04004000
|
||||
#define LIBWOLFSSL_VERSION_STRING "4.5.0"
|
||||
#define LIBWOLFSSL_VERSION_HEX 0x04005000
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -22,8 +22,15 @@
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/aes.h
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interfaces to the Advanced Encryption Standard (AES)
|
||||
for encrypting and decrypting data. AES is the standard known for a symmetric
|
||||
block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
|
||||
192-bits, and 256-bits of key sizes.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_AES_H
|
||||
#define WOLF_CRYPT_AES_H
|
||||
|
||||
|
@ -23,6 +23,14 @@
|
||||
\file wolfssl/wolfcrypt/asn.h
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
|
||||
ASN.1 is a standard interface description language for defining data structures
|
||||
that can be serialized and deserialized in a cross-platform way.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_ASN_H
|
||||
#define WOLF_CRYPT_ASN_H
|
||||
|
||||
@ -233,6 +241,7 @@ enum
|
||||
NID_jurisdictionStateOrProvinceName = 0xd,
|
||||
NID_businessCategory = ASN_BUS_CAT,
|
||||
NID_domainComponent = ASN_DOMAIN_COMPONENT,
|
||||
NID_userId = 458,
|
||||
NID_emailAddress = 0x30, /* emailAddress */
|
||||
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
|
||||
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
|
||||
@ -341,7 +350,8 @@ enum Misc_ASN {
|
||||
#endif
|
||||
/* Max total extensions, id + len + others */
|
||||
#endif
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
MAX_OID_SZ = 32, /* Max DER length of OID*/
|
||||
MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
|
||||
#endif
|
||||
@ -356,7 +366,7 @@ enum Misc_ASN {
|
||||
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
|
||||
#endif
|
||||
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
|
||||
MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */
|
||||
MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */
|
||||
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
|
||||
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
|
||||
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
|
||||
@ -371,6 +381,8 @@ enum Misc_ASN {
|
||||
TRAILING_ZERO = 1, /* Used for size of zero pad */
|
||||
ASN_TAG_SZ = 1, /* single byte ASN.1 tag */
|
||||
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
|
||||
MAX_X509_VERSION = 3, /* Max X509 version allowed */
|
||||
MIN_X509_VERSION = 0, /* Min X509 version allowed */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
|
||||
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
||||
defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
|
||||
@ -609,64 +621,6 @@ struct Base_entry {
|
||||
byte type; /* Name base type (DNS or RFC822) */
|
||||
};
|
||||
|
||||
#define DOMAIN_COMPONENT_MAX 10
|
||||
#define DN_NAMES_MAX 9
|
||||
|
||||
struct DecodedName {
|
||||
char* fullName;
|
||||
int fullNameLen;
|
||||
int entryCount;
|
||||
int cnIdx;
|
||||
int cnLen;
|
||||
int cnNid;
|
||||
int snIdx;
|
||||
int snLen;
|
||||
int snNid;
|
||||
int cIdx;
|
||||
int cLen;
|
||||
int cNid;
|
||||
int lIdx;
|
||||
int lLen;
|
||||
int lNid;
|
||||
int stIdx;
|
||||
int stLen;
|
||||
int stNid;
|
||||
int oIdx;
|
||||
int oLen;
|
||||
int oNid;
|
||||
int ouIdx;
|
||||
int ouLen;
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
int bcIdx;
|
||||
int bcLen;
|
||||
int jcIdx;
|
||||
int jcLen;
|
||||
int jsIdx;
|
||||
int jsLen;
|
||||
#endif
|
||||
int ouNid;
|
||||
int emailIdx;
|
||||
int emailLen;
|
||||
int emailNid;
|
||||
int uidIdx;
|
||||
int uidLen;
|
||||
int uidNid;
|
||||
int serialIdx;
|
||||
int serialLen;
|
||||
int serialNid;
|
||||
int dcIdx[DOMAIN_COMPONENT_MAX];
|
||||
int dcLen[DOMAIN_COMPONENT_MAX];
|
||||
int dcNum;
|
||||
int dcMode;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
/* hold the location / order with which each of the DN tags was found
|
||||
*
|
||||
* example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
|
||||
*/
|
||||
int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
|
||||
int locSz;
|
||||
#endif
|
||||
};
|
||||
|
||||
enum SignatureState {
|
||||
SIG_STATE_BEGIN,
|
||||
@ -784,7 +738,6 @@ struct CertSignCtx {
|
||||
#endif
|
||||
|
||||
typedef struct DecodedCert DecodedCert;
|
||||
typedef struct DecodedName DecodedName;
|
||||
typedef struct Signer Signer;
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
typedef struct TrustedPeerCert TrustedPeerCert;
|
||||
@ -911,8 +864,9 @@ struct DecodedCert {
|
||||
int subjectEmailLen;
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
DecodedName issuerName;
|
||||
DecodedName subjectName;
|
||||
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
|
||||
void* issuerName;
|
||||
void* subjectName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#ifdef WOLFSSL_SEP
|
||||
int deviceTypeSz;
|
||||
@ -1052,6 +1006,7 @@ struct TrustedPeerCert {
|
||||
#endif
|
||||
|
||||
WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
|
||||
WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
|
||||
|
||||
WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
|
||||
word32* derSz);
|
||||
@ -1118,12 +1073,14 @@ WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len);
|
||||
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
|
||||
wolfssl_tm* certTime, int* idx);
|
||||
WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
|
||||
WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
|
||||
WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
|
||||
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
|
||||
|
||||
/* ASN.1 helper functions */
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
|
||||
WOLFSSL_LOCAL byte GetCertNameId(int idx);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
|
||||
word32 maxIdx);
|
||||
|
@ -23,6 +23,11 @@
|
||||
\file wolfssl/wolfcrypt/asn_public.h
|
||||
*/
|
||||
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library defines the interface APIs for X509 certificates.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_ASN_PUBLIC_H
|
||||
#define WOLF_CRYPT_ASN_PUBLIC_H
|
||||
|
||||
|
@ -18,7 +18,12 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library contains implementation for the ChaCha20 stream cipher.
|
||||
|
||||
*/
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/chacha.h
|
||||
*/
|
||||
@ -35,9 +40,21 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
Initialization vector starts at 13 with zero being the index origin of a matrix.
|
||||
Block counter is located at index 12.
|
||||
0 1 2 3
|
||||
4 5 6 7
|
||||
8 9 10 11
|
||||
12 13 14 15
|
||||
*/
|
||||
#define CHACHA_MATRIX_CNT_IV 12
|
||||
|
||||
/* Size of the IV */
|
||||
#define CHACHA_IV_WORDS 3
|
||||
#define CHACHA_IV_BYTES (CHACHA_IV_WORDS * sizeof(word32))
|
||||
|
||||
/* Size of IV in bytes*/
|
||||
#define CHACHA_IV_BYTES 12
|
||||
|
||||
/* Size of ChaCha chunks */
|
||||
#define CHACHA_CHUNK_WORDS 16
|
||||
@ -57,10 +74,13 @@ enum {
|
||||
|
||||
typedef struct ChaCha {
|
||||
word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */
|
||||
word32 left; /* number of bytes leftover */
|
||||
#ifdef HAVE_INTEL_AVX1
|
||||
/* vpshufd reads 16 bytes but we only use bottom 4. */
|
||||
byte extra[12];
|
||||
#endif
|
||||
word32 left; /* number of bytes leftover */
|
||||
#ifdef USE_INTEL_CHACHA_SPEEDUP
|
||||
word32 over[CHACHA_CHUNK_WORDS];
|
||||
#endif
|
||||
} ChaCha;
|
||||
|
||||
|
@ -18,12 +18,14 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library contains implementation for the ChaCha20 stream cipher and
|
||||
the Poly1305 authenticator, both as as combined-mode,
|
||||
or Authenticated Encryption with Additional Data (AEAD) algorithm.
|
||||
|
||||
/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20
|
||||
* and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10):
|
||||
* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10
|
||||
*/
|
||||
*/
|
||||
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/chacha20_poly1305.h
|
||||
@ -45,6 +47,7 @@
|
||||
#define CHACHA20_POLY1305_AEAD_KEYSIZE 32
|
||||
#define CHACHA20_POLY1305_AEAD_IV_SIZE 12
|
||||
#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
|
||||
#define CHACHA20_POLY1305_MAX 4294967295U
|
||||
|
||||
enum {
|
||||
CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */
|
||||
|
@ -6,7 +6,7 @@
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
|
@ -86,6 +86,10 @@ enum {
|
||||
EC25519_BIG_ENDIAN=1
|
||||
};
|
||||
|
||||
WOLFSSL_API
|
||||
int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
|
||||
const byte* priv);
|
||||
|
||||
WOLFSSL_API
|
||||
int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);
|
||||
|
||||
|
@ -45,11 +45,19 @@
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <libwolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
/* Optional support extended DH public / private keys */
|
||||
#if !defined(WOLFSSL_DH_EXTRA) && (defined(WOLFSSL_QT) || \
|
||||
defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
|
||||
defined(WOLFSSL_STATIC_EPHEMERAL))
|
||||
#define WOLFSSL_DH_EXTRA
|
||||
#endif
|
||||
|
||||
typedef struct DhParams {
|
||||
#ifdef HAVE_FFDHE_Q
|
||||
#ifdef HAVE_FFDHE_Q
|
||||
const byte* q;
|
||||
word32 q_len;
|
||||
#endif /* HAVE_FFDHE_Q */
|
||||
#endif /* HAVE_FFDHE_Q */
|
||||
const byte* p;
|
||||
word32 p_len;
|
||||
const byte* g;
|
||||
@ -58,8 +66,8 @@ typedef struct DhParams {
|
||||
|
||||
/* Diffie-Hellman Key */
|
||||
struct DhKey {
|
||||
mp_int p, g, q; /* group parameters */
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
|
||||
mp_int p, g, q; /* group parameters */
|
||||
#ifdef WOLFSSL_DH_EXTRA
|
||||
mp_int pub;
|
||||
mp_int priv;
|
||||
#endif
|
||||
@ -101,15 +109,20 @@ WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
|
||||
word32 pubSz);
|
||||
|
||||
WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
|
||||
word32);
|
||||
word32); /* wc_DhKeyDecode is in asn.c */
|
||||
|
||||
WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
|
||||
word32 gSz);
|
||||
WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz,
|
||||
const byte* g, word32 gSz, const byte* q, word32 qSz);
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
|
||||
WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz,
|
||||
const byte* pub_key, word32 pubSz);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DH_EXTRA
|
||||
WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
|
||||
const byte* pub, word32 pubSz);
|
||||
WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
|
||||
byte* pub, word32* pPubSz);
|
||||
#endif /* WOLFSSL_DH_EXTRA */
|
||||
|
||||
WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
|
||||
const byte* g, word32 gSz, const byte* q, word32 qSz,
|
||||
int trusted, WC_RNG* rng);
|
||||
@ -136,4 +149,3 @@ WOLFSSL_API int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
|
||||
|
||||
#endif /* NO_DH */
|
||||
#endif /* WOLF_CRYPT_DH_H */
|
||||
|
||||
|
@ -50,7 +50,7 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ATECC508A
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
|
||||
#include <libwolfssl/wolfcrypt/port/atmel/atmel.h>
|
||||
#endif /* WOLFSSL_ATECC508A */
|
||||
|
||||
@ -58,6 +58,11 @@
|
||||
#include <libwolfssl/wolfcrypt/port/arm/cryptoCell.h>
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_HAVE_SP_ECC
|
||||
#include <libwolfssl/wolfcrypt/sp_int.h>
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
@ -127,7 +132,7 @@ enum {
|
||||
ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
|
||||
|
||||
/* max crypto hardware size */
|
||||
#ifdef WOLFSSL_ATECC508A
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
|
||||
ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
|
||||
ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
|
||||
#elif defined(PLUTON_CRYPTO_ECC)
|
||||
@ -278,14 +283,15 @@ typedef struct ecc_set_type {
|
||||
* mp_ints for the components of the point. With ALT_ECC_SIZE, the components
|
||||
* of the point are pointers that are set to each of a three item array of
|
||||
* alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
|
||||
* structure, the alt_fp_int will only have 528 bits. A size value was added
|
||||
* in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
|
||||
* functions fp_zero() and fp_copy() use the size parameter. An int needs to
|
||||
* be initialized before using it instead of just fp_zeroing it, the init will
|
||||
* call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the
|
||||
* number of bits used in the alternate FP_INT.
|
||||
* structure, the alt_fp_int will only have 512 bits for ECC 256-bit and
|
||||
* 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well,
|
||||
* and is set by mp_init() and alt_fp_init(). The functions fp_zero() and
|
||||
* fp_copy() use the size parameter. An int needs to be initialized before
|
||||
* using it instead of just fp_zeroing it, the init will call zero. The
|
||||
* FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but
|
||||
* can be set to change the number of bits used in the alternate FP_INT.
|
||||
*
|
||||
* Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
|
||||
* The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH.
|
||||
*/
|
||||
|
||||
#ifndef USE_FAST_MATH
|
||||
@ -294,19 +300,18 @@ typedef struct ecc_set_type {
|
||||
|
||||
/* determine max bits required for ECC math */
|
||||
#ifndef FP_MAX_BITS_ECC
|
||||
/* check alignment */
|
||||
#if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0
|
||||
/* max bits is double */
|
||||
#define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2)
|
||||
#else
|
||||
/* max bits is doubled, plus one digit of fudge */
|
||||
#define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT)
|
||||
#endif
|
||||
#else
|
||||
/* verify alignment */
|
||||
#if FP_MAX_BITS_ECC % CHAR_BIT
|
||||
#error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
|
||||
#endif
|
||||
/* max bits rounded up by 8 then doubled */
|
||||
/* (ROUND8(MAX_ECC_BITS) * 2) */
|
||||
#define FP_MAX_BITS_ECC (2 * \
|
||||
((MAX_ECC_BITS + DIGIT_BIT - 1) / DIGIT_BIT) * DIGIT_BIT)
|
||||
|
||||
/* Note: For ECC verify only FP_MAX_BITS_ECC can be reduced to:
|
||||
ROUND8(MAX_ECC_BITS) + ROUND8(DIGIT_BIT) */
|
||||
#endif
|
||||
|
||||
/* verify alignment */
|
||||
#if FP_MAX_BITS_ECC % CHAR_BIT
|
||||
#error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
|
||||
#endif
|
||||
|
||||
/* determine buffer size */
|
||||
@ -353,6 +358,19 @@ enum {
|
||||
#endif
|
||||
};
|
||||
|
||||
/* ECC non-blocking */
|
||||
#ifdef WC_ECC_NONBLOCK
|
||||
typedef struct ecc_nb_ctx {
|
||||
#if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)
|
||||
sp_ecc_ctx_t sp_ctx;
|
||||
#else
|
||||
/* build configuration not supported */
|
||||
#error ECC non-blocking only supports SP (--enable-sp=nonblock)
|
||||
#endif
|
||||
} ecc_nb_ctx_t;
|
||||
#endif /* WC_ECC_NONBLOCK */
|
||||
|
||||
|
||||
/* An ECC Key */
|
||||
struct ecc_key {
|
||||
int type; /* Public or Private */
|
||||
@ -369,7 +387,7 @@ struct ecc_key {
|
||||
void* heap; /* heap hint */
|
||||
ecc_point pubkey; /* public key */
|
||||
mp_int k; /* private key */
|
||||
#ifdef WOLFSSL_ATECC508A
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
|
||||
int slot; /* Key Slot Number (-1 unknown) */
|
||||
byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
|
||||
#endif
|
||||
@ -413,6 +431,12 @@ struct ecc_key {
|
||||
#ifdef WOLFSSL_DSP
|
||||
remote_handle64 handle;
|
||||
#endif
|
||||
#ifdef ECC_TIMING_RESISTANT
|
||||
WC_RNG* rng;
|
||||
#endif
|
||||
#ifdef WC_ECC_NONBLOCK
|
||||
ecc_nb_ctx_t* nb_ctx;
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
@ -427,7 +451,7 @@ extern const size_t ecc_sets_count;
|
||||
WOLFSSL_API
|
||||
const char* wc_ecc_get_name(int curve_id);
|
||||
|
||||
#ifndef WOLFSSL_ATECC508A
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
|
||||
|
||||
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
|
||||
#define ECC_API WOLFSSL_API
|
||||
@ -455,6 +479,8 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id);
|
||||
WOLFSSL_API
|
||||
int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
|
||||
WOLFSSL_API
|
||||
int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng);
|
||||
WOLFSSL_API
|
||||
int wc_ecc_check_key(ecc_key* key);
|
||||
WOLFSSL_API
|
||||
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
|
||||
@ -472,7 +498,8 @@ WOLFSSL_API
|
||||
int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
|
||||
byte* out, word32 *outlen);
|
||||
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
|
||||
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
|
||||
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret
|
||||
#else
|
||||
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
|
||||
@ -521,6 +548,12 @@ WOLFSSL_API
|
||||
int wc_ecc_set_flags(ecc_key* key, word32 flags);
|
||||
WOLFSSL_API
|
||||
void wc_ecc_fp_free(void);
|
||||
WOLFSSL_LOCAL
|
||||
void wc_ecc_fp_init(void);
|
||||
#ifdef ECC_TIMING_RESISTANT
|
||||
WOLFSSL_API
|
||||
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
|
||||
#endif
|
||||
|
||||
WOLFSSL_API
|
||||
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
|
||||
@ -568,14 +601,20 @@ WOLFSSL_API
|
||||
int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
|
||||
WOLFSSL_API
|
||||
int wc_ecc_point_is_at_infinity(ecc_point *p);
|
||||
WOLFSSL_API
|
||||
int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx);
|
||||
|
||||
#ifndef WOLFSSL_ATECC508A
|
||||
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
|
||||
WOLFSSL_API
|
||||
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
|
||||
mp_int* a, mp_int* modulus, int map);
|
||||
WOLFSSL_LOCAL
|
||||
int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
|
||||
mp_int* a, mp_int* modulus, int map, void* heap);
|
||||
WOLFSSL_LOCAL
|
||||
int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
|
||||
void* heap);
|
||||
#endif /* !WOLFSSL_ATECC508A */
|
||||
|
||||
|
||||
@ -754,6 +793,10 @@ int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashL
|
||||
mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
|
||||
#endif
|
||||
|
||||
#ifdef WC_ECC_NONBLOCK
|
||||
WOLFSSL_API int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
@ -22,6 +22,11 @@
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/error-crypt.h
|
||||
*/
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library defines error codes and contians routines for setting and examining
|
||||
the error status.
|
||||
*/
|
||||
|
||||
#ifndef WOLF_CRYPT_ERROR_H
|
||||
#define WOLF_CRYPT_ERROR_H
|
||||
@ -227,10 +232,10 @@ enum {
|
||||
CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */
|
||||
PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */
|
||||
PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */
|
||||
CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
|
||||
ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
|
||||
|
||||
ASN_SELF_SIGNED_E = -274, /* ASN self-signed certificate error */
|
||||
|
||||
WC_LAST_E = -274, /* Update this to indicate last error */
|
||||
WC_LAST_E = -275, /* Update this to indicate last error */
|
||||
MIN_CODE_E = -300 /* errors -101 - -299 */
|
||||
|
||||
/* add new companion error id strings for any new error codes
|
||||
|
@ -40,7 +40,7 @@
|
||||
#endif
|
||||
|
||||
/* default to be faster but take more memory */
|
||||
#if !defined(CURVE448_SMALL) || !defined(ED448_SMALL)
|
||||
#if !defined(CURVE448_SMALL) && !defined(ED448_SMALL)
|
||||
|
||||
#if defined(CURVED448_128BIT)
|
||||
typedef int64_t fe448;
|
||||
|
@ -79,7 +79,7 @@ Bounds on each t[i] vary depending on context.
|
||||
#if !defined(FREESCALE_LTC_ECC)
|
||||
WOLFSSL_LOCAL void fe_init(void);
|
||||
|
||||
WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p);
|
||||
WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p);
|
||||
#endif
|
||||
|
||||
/* default to be faster but take more memory */
|
||||
|
@ -131,11 +131,11 @@ typedef union {
|
||||
#ifdef WOLFSSL_SHA3
|
||||
wc_Sha3 sha3;
|
||||
#endif
|
||||
} Hash;
|
||||
} wc_Hmac_Hash;
|
||||
|
||||
/* Hmac digest */
|
||||
struct Hmac {
|
||||
Hash hash;
|
||||
wc_Hmac_Hash hash;
|
||||
word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
|
||||
word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)];
|
||||
word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];
|
||||
|
@ -318,6 +318,7 @@ MP_API int mp_is_bit_set (mp_int * a, mp_digit b);
|
||||
MP_API int mp_mod (mp_int * a, mp_int * b, mp_int * c);
|
||||
MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
|
||||
MP_API int mp_div_2(mp_int * a, mp_int * b);
|
||||
MP_API int mp_div_2_mod_ct (mp_int* a, mp_int* b, mp_int* c);
|
||||
MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c);
|
||||
int s_mp_add (mp_int * a, mp_int * b, mp_int * c);
|
||||
int s_mp_sub (mp_int * a, mp_int * b, mp_int * c);
|
||||
@ -332,6 +333,7 @@ MP_API int mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y);
|
||||
MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho);
|
||||
int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
|
||||
MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
|
||||
#define mp_montgomery_reduce_ex(x, n, rho, ct) mp_montgomery_reduce (x, n, rho)
|
||||
MP_API void mp_dr_setup(mp_int *a, mp_digit *d);
|
||||
MP_API int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k);
|
||||
MP_API int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
|
||||
@ -355,6 +357,8 @@ MP_API int mp_sqr (mp_int * a, mp_int * b);
|
||||
MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
|
||||
MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
|
||||
MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
|
||||
MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
|
||||
MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
|
||||
MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
|
||||
MP_API int mp_2expt (mp_int * a, int b);
|
||||
MP_API int mp_set_bit (mp_int * a, int b);
|
||||
|
@ -110,7 +110,11 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
|
||||
#elif defined (OPENSSL_EXTRA)
|
||||
/* extra storage in structs for multiple attributes and order */
|
||||
#ifndef LARGEST_MEM_BUCKET
|
||||
#define LARGEST_MEM_BUCKET 25600
|
||||
#ifdef WOLFSSL_TLS13
|
||||
#define LARGEST_MEM_BUCKET 30400
|
||||
#else
|
||||
#define LARGEST_MEM_BUCKET 25600
|
||||
#endif
|
||||
#endif
|
||||
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\
|
||||
LARGEST_MEM_BUCKET
|
||||
|
@ -18,9 +18,13 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This module implements the arithmetic-shift right, left, byte swapping, XOR,
|
||||
masking and clearing memory logic.
|
||||
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_MISC_H
|
||||
#define WOLF_CRYPT_MISC_H
|
||||
|
||||
|
@ -6,7 +6,7 @@
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
|
@ -154,8 +154,9 @@ enum Pkcs7_Misc {
|
||||
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
|
||||
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
|
||||
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
|
||||
(HAVE_FIPS_VERSION >= 2)) || defined(HAVE_SELFTEST)
|
||||
/* In the event of fips cert 3389 or CAVP selftest build, these enums are
|
||||
(HAVE_FIPS_VERSION >= 2)) || (defined(HAVE_SELFTEST) && \
|
||||
(!defined(HAVE_SELFTEST_VERSION) || HAVE_SELFTEST_VERSION < 2))
|
||||
/* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are
|
||||
* not in aes.h for use with pkcs7 so enumerate it here outside the fips
|
||||
* boundary */
|
||||
GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
|
||||
|
@ -119,9 +119,12 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 data
|
||||
WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
|
||||
byte* input, word32 sz, byte* tag, word32 tagSz);
|
||||
|
||||
void poly1305_block(Poly1305* ctx, const unsigned char *m);
|
||||
#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM)
|
||||
void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
|
||||
size_t bytes);
|
||||
void poly1305_block(Poly1305* ctx, const unsigned char *m);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
@ -35,6 +35,13 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define TSIP_SESSIONKEY_NONCE_SIZE 8
|
||||
|
||||
typedef enum {
|
||||
WOLFSSL_TSIP_NOERROR = 0,
|
||||
WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
|
||||
}wolfssl_tsip_error_number;
|
||||
|
||||
typedef enum {
|
||||
tsip_Key_SESSION = 1,
|
||||
tsip_Key_AES128 = 2,
|
||||
@ -52,6 +59,34 @@ enum {
|
||||
l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
|
||||
};
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint8_t *encrypted_provisioning_key;
|
||||
uint8_t *iv;
|
||||
uint8_t *encrypted_user_tls_key;
|
||||
uint32_t encrypted_user_tls_key_type;
|
||||
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
|
||||
} tsip_key_data;
|
||||
|
||||
void tsip_inform_user_keys_ex(
|
||||
byte* provisioning_key, /* key got from DLM server */
|
||||
byte* iv, /* iv used for public key */
|
||||
byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/
|
||||
word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */
|
||||
|
||||
int tsip_generateMasterSecretEx(
|
||||
byte cipherSuiteFirst,
|
||||
byte cipherSuite,
|
||||
const byte* pr, /* pre-master */
|
||||
const byte* cr, /* client random */
|
||||
const byte* sr, /* server random */
|
||||
byte* ms);
|
||||
|
||||
|
||||
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106)
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint8_t *encrypted_session_key;
|
||||
@ -60,45 +95,81 @@ typedef struct
|
||||
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
|
||||
} tsip_key_data;
|
||||
|
||||
struct WOLFSSL;
|
||||
|
||||
int tsip_Open( );
|
||||
void tsip_Close( );
|
||||
int tsip_hw_lock();
|
||||
void tsip_hw_unlock( void );
|
||||
int tsip_usable(const struct WOLFSSL *ssl);
|
||||
void tsip_inform_sflash_signedcacert(const byte *ps_flash,
|
||||
const byte *psigned_ca_cert, word32 len);
|
||||
void tsip_inform_cert_sign(const byte *sign);
|
||||
/* set / get key */
|
||||
void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv,
|
||||
byte *encrypted_user_tls_key);
|
||||
|
||||
byte tsip_rootCAverified( );
|
||||
byte tsip_checkCA(word32 cmIdx);
|
||||
int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len,
|
||||
word32 key_n_start, word32 key_n_len,
|
||||
word32 key_e_start, word32 key_e_len,
|
||||
word32 cm_row);
|
||||
int tsip_tls_CertVerify(const byte *cert, word32 certSz,
|
||||
const byte *signature, word32 sigSz,
|
||||
word32 key_n_start, word32 key_n_len,
|
||||
word32 key_e_start, word32 key_e_len,
|
||||
byte *tsip_encRsaKeyIdx);
|
||||
void tsip_inform_key_position(const word32 key_n_start, const word32 key_n_len,
|
||||
const word32 key_e_start, const word32 key_e_len);
|
||||
int tsip_generatePremasterSecret(byte *premaster, word32 preSz);
|
||||
int tsip_generateEncryptPreMasterSecret(struct WOLFSSL *ssl, byte *out,
|
||||
word32 *outSz);
|
||||
int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr,
|
||||
byte *ms);
|
||||
int tsip_generateSeesionKey(struct WOLFSSL *ssl);
|
||||
int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner,
|
||||
word32 innerSz, const byte *in, word32 sz, byte *digest,
|
||||
word32 verify);
|
||||
int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner,
|
||||
word32 innerSz, const byte *in, word32 sz, byte *digest,
|
||||
word32 verify);
|
||||
#endif
|
||||
|
||||
struct WOLFSSL;
|
||||
|
||||
int tsip_Open();
|
||||
|
||||
void tsip_Close();
|
||||
|
||||
int tsip_hw_lock();
|
||||
|
||||
void tsip_hw_unlock( void );
|
||||
|
||||
int tsip_usable(const struct WOLFSSL *ssl);
|
||||
|
||||
void tsip_inform_sflash_signedcacert(
|
||||
const byte* ps_flash,
|
||||
const byte* psigned_ca_cert,
|
||||
word32 len);
|
||||
void tsip_inform_cert_sign(const byte *sign);
|
||||
|
||||
byte tsip_rootCAverified();
|
||||
|
||||
byte tsip_checkCA(word32 cmIdx);
|
||||
|
||||
int tsip_tls_RootCertVerify(
|
||||
const byte* cert, word32 cert_len,
|
||||
word32 key_n_start, word32 key_n_len,
|
||||
word32 key_e_start, word32 key_e_len,
|
||||
word32 cm_row);
|
||||
|
||||
int tsip_tls_CertVerify(
|
||||
const byte* cert, word32 certSz,
|
||||
const byte* signature, word32 sigSz,
|
||||
word32 key_n_start, word32 key_n_len,
|
||||
word32 key_e_start, word32 key_e_len,
|
||||
byte* tsip_encRsaKeyIdx);
|
||||
|
||||
void tsip_inform_key_position(
|
||||
const word32 key_n_start,
|
||||
const word32 key_n_len,
|
||||
const word32 key_e_start,
|
||||
const word32 key_e_len);
|
||||
|
||||
int tsip_generatePremasterSecret(
|
||||
byte* premaster,
|
||||
word32 preSz);
|
||||
|
||||
int tsip_generateEncryptPreMasterSecret(
|
||||
struct WOLFSSL* ssl,
|
||||
byte* out,
|
||||
word32* outSz);
|
||||
|
||||
int tsip_generateSeesionKey(struct WOLFSSL *ssl);
|
||||
|
||||
int tsip_Sha256Hmac(
|
||||
const struct WOLFSSL *ssl,
|
||||
const byte* myInner,
|
||||
word32 innerSz,
|
||||
const byte* in,
|
||||
word32 sz,
|
||||
byte* digest,
|
||||
word32 verify);
|
||||
|
||||
int tsip_Sha1Hmac(
|
||||
const struct WOLFSSL *ssl,
|
||||
const byte* myInner,
|
||||
word32 innerSz,
|
||||
const byte* in,
|
||||
word32 sz,
|
||||
byte* digest,
|
||||
word32 verify);
|
||||
|
||||
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
|
||||
@ -128,10 +199,10 @@ typedef wolfssl_TSIP_Hash wc_Sha;
|
||||
#endif /* NO_SHA */
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
|
||||
typedef struct {
|
||||
tsip_aes_key_index_t tsip_keyIdx;
|
||||
word32 keySize;
|
||||
} TSIP_AES_CTX;
|
||||
typedef struct {
|
||||
tsip_aes_key_index_t tsip_keyIdx;
|
||||
word32 keySize;
|
||||
} TSIP_AES_CTX;
|
||||
|
||||
struct Aes;
|
||||
int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in,
|
||||
|
@ -27,14 +27,15 @@
|
||||
#include <libwolfssl/wolfcrypt/settings.h>
|
||||
#include <libwolfssl/wolfcrypt/error-crypt.h>
|
||||
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC_PKCB)
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
|
||||
defined(WOLFSSL_ATECC_PKCB)
|
||||
#undef SHA_BLOCK_SIZE
|
||||
#define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP
|
||||
#include <cryptoauthlib.h>
|
||||
#undef SHA_BLOCK_SIZE
|
||||
#endif
|
||||
|
||||
/* ATECC508A only supports ECC P-256 */
|
||||
/* ATECC508A/608A only supports ECC P-256 */
|
||||
#define ATECC_KEY_SIZE (32)
|
||||
#define ATECC_PUBKEY_SIZE (ATECC_KEY_SIZE*2) /* X and Y */
|
||||
#define ATECC_SIG_SIZE (ATECC_KEY_SIZE*2) /* R and S */
|
||||
@ -53,11 +54,19 @@
|
||||
#endif
|
||||
/* Symmetric encryption key */
|
||||
#ifndef ATECC_SLOT_I2C_ENC
|
||||
#define ATECC_SLOT_I2C_ENC (0x04)
|
||||
#ifdef WOLFSSL_ATECC_TNGTLS
|
||||
#define ATECC_SLOT_I2C_ENC (0x06)
|
||||
#else
|
||||
#define ATECC_SLOT_I2C_ENC (0x04)
|
||||
#endif
|
||||
#endif
|
||||
/* Parent encryption key */
|
||||
#ifndef ATECC_SLOT_ENC_PARENT
|
||||
#define ATECC_SLOT_ENC_PARENT (0x7)
|
||||
#ifdef WOLFSSL_ATECC_TNGTLS
|
||||
#define ATECC_SLOT_ENC_PARENT (0x6)
|
||||
#else
|
||||
#define ATECC_SLOT_ENC_PARENT (0x7)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* ATECC_KEY_SIZE required for ecc.h */
|
||||
@ -78,7 +87,7 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out);
|
||||
#endif
|
||||
long atmel_get_curr_time_and_date(long* tm);
|
||||
|
||||
#ifdef WOLFSSL_ATECC508A
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
|
||||
|
||||
enum atmelSlotType {
|
||||
ATMEL_SLOT_ANY,
|
||||
@ -100,6 +109,8 @@ int atmel_ecc_translate_err(int status);
|
||||
int atmel_get_rev_info(word32* revision);
|
||||
void atmel_show_rev_info(void);
|
||||
|
||||
WOLFSSL_API int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg);
|
||||
|
||||
/* The macro ATECC_GET_ENC_KEY can be set to override the default
|
||||
encryption key with your own at build-time */
|
||||
#ifndef ATECC_GET_ENC_KEY
|
||||
|
74
source/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
Normal file
74
source/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
Normal file
@ -0,0 +1,74 @@
|
||||
/* psoc6_crypto.h
|
||||
*
|
||||
* Copyright (C) 2006-2020 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifndef _PSOC6_CRYPTO_PORT_H_
|
||||
#define _PSOC6_CRYPTO_PORT_H_
|
||||
|
||||
#include <libwolfssl/wolfcrypt/settings.h>
|
||||
#ifdef USE_FAST_MATH
|
||||
#include <libwolfssl/wolfcrypt/tfm.h>
|
||||
#elif defined WOLFSSL_SP_MATH
|
||||
#include <libwolfssl/wolfcrypt/sp_int.h>
|
||||
#else
|
||||
#include <libwolfssl/wolfcrypt/integer.h>
|
||||
#endif
|
||||
#include "cy_crypto_core_sha.h"
|
||||
#include "cy_device_headers.h"
|
||||
#include "psoc6_02_config.h"
|
||||
#include "cy_crypto_common.h"
|
||||
#include "cy_crypto_core.h"
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
typedef struct wc_Sha512 {
|
||||
cy_stc_crypto_sha_state_t hash_state;
|
||||
cy_en_crypto_sha_mode_t sha_mode;
|
||||
cy_stc_crypto_v2_sha512_buffers_t sha_buffers;
|
||||
} wc_Sha512;
|
||||
|
||||
#define WC_SHA512_TYPE_DEFINED
|
||||
#include <libwolfssl/wolfcrypt/sha512.h>
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA256
|
||||
|
||||
typedef struct wc_Sha256 {
|
||||
cy_stc_crypto_sha_state_t hash_state;
|
||||
cy_en_crypto_sha_mode_t sha_mode;
|
||||
cy_stc_crypto_v2_sha256_buffers_t sha_buffers;
|
||||
} wc_Sha256;
|
||||
|
||||
#include <libwolfssl/wolfcrypt/sha.h>
|
||||
#include <libwolfssl/wolfcrypt/sha256.h>
|
||||
#endif /* !def NO_SHA256 */
|
||||
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#include <libwolfssl/wolfcrypt/ecc.h>
|
||||
int psoc6_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
word32 hashlen, int* verif_res, ecc_key* key);
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#define PSOC6_CRYPTO_BASE ((CRYPTO_Type*) CRYPTO_BASE)
|
||||
|
||||
/* Crypto HW engine initialization */
|
||||
int psoc6_crypto_port_init(void);
|
||||
|
||||
#endif /* _PSOC6_CRYPTO_PORT_H_ */
|
@ -65,8 +65,8 @@ int ksdk_port_init(void);
|
||||
int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m);
|
||||
|
||||
#ifdef HAVE_CURVE25519
|
||||
int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
|
||||
const ECPoint *wc_curve25519_GetBasePoint(void);
|
||||
int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
|
||||
const ECPoint *nxp_ltc_curve25519_GetBasePoint(void);
|
||||
status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
|
||||
status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
|
||||
status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint);
|
||||
|
@ -28,11 +28,6 @@
|
||||
#include <libwolfssl/wolfcrypt/settings.h>
|
||||
#include <libwolfssl/wolfcrypt/types.h>
|
||||
|
||||
#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)
|
||||
#include <libwolfssl/wolfcrypt/integer.h>
|
||||
#include <libwolfssl/wolfcrypt/ecc.h>
|
||||
#endif
|
||||
|
||||
#ifdef STM32_HASH
|
||||
|
||||
#define WOLFSSL_NO_HASH_RAW
|
||||
@ -54,6 +49,9 @@
|
||||
#if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b)
|
||||
#define HASH_DATATYPE_8B HASH_DataType_8b
|
||||
#endif
|
||||
#ifndef HASH_STR_NBW
|
||||
#define HASH_STR_NBW HASH_STR_NBLW
|
||||
#endif
|
||||
|
||||
#ifndef STM32_HASH_TIMEOUT
|
||||
#define STM32_HASH_TIMEOUT 0xFFFF
|
||||
@ -93,19 +91,30 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
|
||||
|
||||
#ifndef NO_AES
|
||||
#if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \
|
||||
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4))
|
||||
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \
|
||||
defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7))
|
||||
/* Hardware supports AES GCM acceleration */
|
||||
#define STM32_CRYPTO_AES_GCM
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_STM32L4
|
||||
#if defined(WOLFSSL_STM32WB)
|
||||
#define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
|
||||
#define CRYP AES1
|
||||
#define STM32_HAL_V2
|
||||
#endif
|
||||
#if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5)
|
||||
#ifdef WOLFSSL_STM32L4
|
||||
#define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
|
||||
#endif
|
||||
#define CRYP AES
|
||||
#ifndef CRYP_AES_GCM
|
||||
#define CRYP_AES_GCM CRYP_AES_GCM_GMAC
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */
|
||||
#if !defined(STM32_HAL_V2) && \
|
||||
defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM)
|
||||
#if !defined(STM32_HAL_V2) && defined(CRYP_AES_GCM) && \
|
||||
(defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7))
|
||||
#define STM32_HAL_V2
|
||||
#endif
|
||||
|
||||
@ -122,7 +131,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
|
||||
struct Aes;
|
||||
#ifdef WOLFSSL_STM32_CUBEMX
|
||||
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp);
|
||||
#else /* STD_PERI_LIB */
|
||||
#else /* Standard Peripheral Library */
|
||||
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit,
|
||||
CRYP_KeyInitTypeDef* keyInit);
|
||||
#endif /* WOLFSSL_STM32_CUBEMX */
|
||||
@ -131,12 +140,25 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
|
||||
#endif /* STM32_CRYPTO */
|
||||
|
||||
#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)
|
||||
int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
word32 hashlen, int* res, ecc_key* key);
|
||||
|
||||
int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng,
|
||||
ecc_key* key, mp_int *r, mp_int *s);
|
||||
#ifdef WOLFSSL_SP_MATH
|
||||
struct sp_int;
|
||||
#define MATH_INT_T struct sp_int
|
||||
#elif defined(USE_FAST_MATH)
|
||||
struct fp_int;
|
||||
#define MATH_INT_T struct fp_int
|
||||
#else
|
||||
struct mp_int;
|
||||
#define MATH_INT_T struct mp_int
|
||||
#endif
|
||||
struct ecc_key;
|
||||
struct WC_RNG;
|
||||
|
||||
int stm32_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash,
|
||||
word32 hashlen, int* res, struct ecc_key* key);
|
||||
|
||||
int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, struct WC_RNG* rng,
|
||||
struct ecc_key* key, MATH_INT_T *r, MATH_INT_T *s);
|
||||
#endif /* WOLFSSL_STM32_PKA && HAVE_ECC */
|
||||
|
||||
|
||||
#endif /* _WOLFPORT_STM32_H_ */
|
||||
|
@ -219,7 +219,7 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*);
|
||||
#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
|
||||
#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
|
||||
#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
|
||||
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
|
||||
#define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
|
||||
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
|
||||
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
|
||||
#endif
|
||||
|
@ -23,7 +23,13 @@
|
||||
\file wolfssl/wolfcrypt/rsa.h
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the interface to the RSA.
|
||||
RSA keys can be used to encrypt, decrypt, sign and verify data.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_RSA_H
|
||||
#define WOLF_CRYPT_RSA_H
|
||||
|
||||
@ -280,8 +286,9 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
RsaKey*, word32);
|
||||
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
|
||||
const byte* e, word32 eSz, RsaKey* key);
|
||||
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
|
||||
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
|
||||
#endif
|
||||
|
||||
#ifdef WC_RSA_BLINDING
|
||||
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
|
||||
|
@ -62,6 +62,9 @@
|
||||
/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
|
||||
/* #define MICROCHIP_TCPIP */
|
||||
|
||||
/* Uncomment next line if using above Microchip TCP/IP defines with BSD API */
|
||||
/* #define MICROCHIP_TCPIP_BSD_API */
|
||||
|
||||
/* Uncomment next line if using PIC32MZ Crypto Engine */
|
||||
/* #define WOLFSSL_MICROCHIP_PIC32MZ */
|
||||
|
||||
@ -209,10 +212,16 @@
|
||||
/* Uncomment next line if using RENESAS RX64N */
|
||||
/* #define WOLFSSL_RENESAS_RX65N */
|
||||
|
||||
/* Uncomment next line if using Solaris OS*/
|
||||
/* #define WOLFSSL_SOLARIS */
|
||||
|
||||
#include <libwolfssl/wolfcrypt/visibility.h>
|
||||
|
||||
#ifdef WOLFSSL_USER_SETTINGS
|
||||
#include "user_settings.h"
|
||||
#elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
|
||||
/* STM Configuration File (generated by CubeMX) */
|
||||
#include "wolfSSL.wolfSSL_conf.h"
|
||||
#endif
|
||||
|
||||
|
||||
@ -292,7 +301,7 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_RA6M3G)
|
||||
#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3)
|
||||
/* settings in user_settings.h */
|
||||
#endif
|
||||
|
||||
@ -337,7 +346,9 @@
|
||||
/* #define WOLFSSL_MICROCHIP_PIC32MZ */
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
#define SINGLE_THREADED
|
||||
#define WOLFSSL_USER_IO
|
||||
#ifndef MICROCHIP_TCPIP_BSD_API
|
||||
#define WOLFSSL_USER_IO
|
||||
#endif
|
||||
#define NO_WRITEV
|
||||
#define NO_DEV_RANDOM
|
||||
#define NO_FILESYSTEM
|
||||
@ -375,6 +386,16 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ATECC508A
|
||||
/* backwards compatibility */
|
||||
#ifndef WOLFSSL_ATECC_NO_ECDH_ENC
|
||||
#define WOLFSSL_ATECC_ECDH_ENC
|
||||
#endif
|
||||
#ifdef WOLFSSL_ATECC508A_DEBUG
|
||||
#define WOLFSSL_ATECC_DEBUG
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef MBED
|
||||
#define WOLFSSL_USER_IO
|
||||
#define NO_FILESYSTEM
|
||||
@ -601,7 +622,6 @@
|
||||
#ifdef WOLFSSL_NRF5x
|
||||
#define SIZEOF_LONG 4
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
#define NO_ASN_TIME
|
||||
#define NO_DEV_RANDOM
|
||||
#define NO_FILESYSTEM
|
||||
#define NO_MAIN_DRIVER
|
||||
@ -609,7 +629,6 @@
|
||||
#define SINGLE_THREADED
|
||||
#define USE_FAST_MATH
|
||||
#define TFM_TIMING_RESISTANT
|
||||
#define USE_WOLFSSL_MEMORY
|
||||
#define WOLFSSL_NRF51
|
||||
#define WOLFSSL_USER_IO
|
||||
#define NO_SESSION_CACHE
|
||||
@ -703,7 +722,7 @@ extern void uITRON4_free(void *p) ;
|
||||
https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
|
||||
#if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || defined(HAVE_ED448)
|
||||
#if defined(WOLFSSL_ESPIDF)
|
||||
/*In IDF, realloc(p, n) is equivalent to
|
||||
/*In IDF, realloc(p, n) is equivalent to
|
||||
heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */
|
||||
#define XREALLOC(p, n, h, t) realloc((p), (n))
|
||||
#else
|
||||
@ -900,6 +919,19 @@ extern void uITRON4_free(void *p) ;
|
||||
#define TFM_TIMING_RESISTANT
|
||||
#endif
|
||||
|
||||
/* To support storing some of the large constant tables in flash memory rather than SRAM.
|
||||
Useful for processors that have limited SRAM, such as the AVR family of microtrollers. */
|
||||
#ifdef WOLFSSL_USE_FLASHMEM
|
||||
/* This is supported on the avr-gcc compiler, for more information see:
|
||||
https://gcc.gnu.org/onlinedocs/gcc/Named-Address-Spaces.html */
|
||||
#define FLASH_QUALIFIER __flash
|
||||
|
||||
/* Copy data out of flash memory and into SRAM */
|
||||
#define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size))
|
||||
#else
|
||||
#define FLASH_QUALIFIER
|
||||
#endif
|
||||
|
||||
#ifdef FREESCALE_MQX_5_0
|
||||
/* use normal Freescale MQX port, but with minor changes for 5.0 */
|
||||
#define FREESCALE_MQX
|
||||
@ -1187,7 +1219,8 @@ extern void uITRON4_free(void *p) ;
|
||||
|
||||
#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
|
||||
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
|
||||
defined(WOLFSSL_STM32L4)
|
||||
defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
|
||||
defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7)
|
||||
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
#ifndef CHAR_BIT
|
||||
@ -1208,7 +1241,8 @@ extern void uITRON4_free(void *p) ;
|
||||
#undef STM32_CRYPTO
|
||||
#define STM32_CRYPTO
|
||||
|
||||
#ifdef WOLFSSL_STM32L4
|
||||
#if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
|
||||
defined(WOLFSSL_STM32WB)
|
||||
#define NO_AES_192 /* hardware does not support 192-bit */
|
||||
#endif
|
||||
#endif
|
||||
@ -1221,8 +1255,12 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
#define NO_OLD_RNGNAME
|
||||
#ifdef WOLFSSL_STM32_CUBEMX
|
||||
#if defined(WOLFSSL_STM32F2)
|
||||
#if defined(WOLFSSL_STM32F1)
|
||||
#include "stm32f1xx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32F2)
|
||||
#include "stm32f2xx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32L5)
|
||||
#include "stm32l5xx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32L4)
|
||||
#include "stm32l4xx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32F4)
|
||||
@ -1231,6 +1269,10 @@ extern void uITRON4_free(void *p) ;
|
||||
#include "stm32f7xx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32F1)
|
||||
#include "stm32f1xx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32H7)
|
||||
#include "stm32h7xx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32WB)
|
||||
#include "stm32wbxx_hal.h"
|
||||
#endif
|
||||
#if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
|
||||
#include "stm32l4xx_ll_rng.h"
|
||||
@ -1256,7 +1298,15 @@ extern void uITRON4_free(void *p) ;
|
||||
#ifdef STM32_HASH
|
||||
#include "stm32f4xx_hash.h"
|
||||
#endif
|
||||
#elif defined(WOLFSSL_STM32L4)
|
||||
#elif defined(WOLFSSL_STM32L5)
|
||||
#include "stm32l5xx.h"
|
||||
#ifdef STM32_CRYPTO
|
||||
#include "stm32l5xx_cryp.h"
|
||||
#endif
|
||||
#ifdef STM32_HASH
|
||||
#include "stm32l5xx_hash.h"
|
||||
#endif
|
||||
#elif defined(WOLFSSL_STM32L4)
|
||||
#include "stm32l4xx.h"
|
||||
#ifdef STM32_CRYPTO
|
||||
#include "stm32l4xx_cryp.h"
|
||||
@ -1266,11 +1316,14 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
#elif defined(WOLFSSL_STM32F7)
|
||||
#include "stm32f7xx.h"
|
||||
#elif defined(WOLFSSL_STM32H7)
|
||||
#include "stm32h7xx.h"
|
||||
#elif defined(WOLFSSL_STM32F1)
|
||||
#include "stm32f1xx.h"
|
||||
#endif
|
||||
#endif /* WOLFSSL_STM32_CUBEMX */
|
||||
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */
|
||||
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
|
||||
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
|
||||
#ifdef WOLFSSL_DEOS
|
||||
#include <deos.h>
|
||||
#include <timeout.h>
|
||||
@ -1400,6 +1453,22 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
#endif /* MICRIUM */
|
||||
|
||||
#if defined(sun) || defined(__sun)
|
||||
# if defined(__SVR4) || defined(__svr4__)
|
||||
/* Solaris */
|
||||
#ifndef WOLFSSL_SOLARIS
|
||||
#define WOLFSSL_SOLARIS
|
||||
#endif
|
||||
# else
|
||||
/* SunOS */
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SOLARIS
|
||||
/* Avoid naming clash with fp_zero from math.h > ieefp.h */
|
||||
#define WOLFSSL_DH_CONST
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_MCF5441X
|
||||
#define BIG_ENDIAN_ORDER
|
||||
#ifndef SIZEOF_LONG
|
||||
@ -2196,6 +2265,21 @@ extern void uITRON4_free(void *p) ;
|
||||
#define WOLFSSL_NO_CONSTCHARCONST
|
||||
#endif
|
||||
|
||||
/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */
|
||||
#if defined(HAVE_FIPS) && !defined(HAVE_FIPS_VERSION)
|
||||
#undef WC_RSA_PSS
|
||||
#undef WOLFSSL_TLS13
|
||||
#endif
|
||||
|
||||
/* For FIPSv2 make sure the ECDSA encoding allows extra bytes
|
||||
* but make sure users consider enabling it */
|
||||
#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \
|
||||
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
|
||||
/* ECDSA length checks off by default for CAVP testing
|
||||
* consider enabling strict checks in production */
|
||||
#define NO_STRICT_ECDSA_LEN
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
@ -101,6 +101,8 @@ enum {
|
||||
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
|
||||
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
|
||||
#elif defined(WOLFSSL_PSOC6_CRYPTO)
|
||||
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
|
||||
#else
|
||||
|
||||
/* Sha digest */
|
||||
|
@ -126,6 +126,8 @@ enum {
|
||||
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
|
||||
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
|
||||
#elif defined(WOLFSSL_PSOC6_CRYPTO)
|
||||
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
|
||||
#else
|
||||
|
||||
/* wc_Sha256 digest */
|
||||
@ -142,6 +144,7 @@ struct wc_Sha256 {
|
||||
word32 loLen; /* length in bytes */
|
||||
word32 hiLen; /* length in bytes */
|
||||
void* heap;
|
||||
#endif
|
||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
||||
hashUpdCache cache; /* cache for updates */
|
||||
#endif
|
||||
@ -150,7 +153,7 @@ struct wc_Sha256 {
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
word32* W;
|
||||
#endif
|
||||
#endif /* !FREESCALE_LTC_SHA && !STM32_HASH_SHA2 */
|
||||
#ifdef WOLFSSL_DEVCRYPTO_HASH
|
||||
WC_CRYPTODEV ctx;
|
||||
byte* msg;
|
||||
@ -168,7 +171,6 @@ struct wc_Sha256 {
|
||||
int devId;
|
||||
void* devCtx; /* generic crypto callback context */
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
|
||||
word32 flags; /* enum wc_HashFlags in hash.h */
|
||||
#endif
|
||||
|
@ -58,7 +58,8 @@ enum {
|
||||
WC_SHA3_512_DIGEST_SIZE = 64,
|
||||
WC_SHA3_512_COUNT = 9,
|
||||
|
||||
#ifndef HAVE_SELFTEST
|
||||
#if !defined(HAVE_SELFTEST) || \
|
||||
defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2)
|
||||
/* These values are used for HMAC, not SHA-3 directly.
|
||||
* They come from from FIPS PUB 202. */
|
||||
WC_SHA3_224_BLOCK_SIZE = 144,
|
||||
|
@ -31,6 +31,7 @@
|
||||
|
||||
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
|
||||
|
||||
|
||||
#if defined(HAVE_FIPS) && \
|
||||
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
|
||||
#include <libwolfssl/wolfcrypt/fips.h>
|
||||
@ -111,6 +112,8 @@ enum {
|
||||
|
||||
#ifdef WOLFSSL_IMX6_CAAM
|
||||
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
|
||||
#elif defined (WOLFSSL_PSOC6_CRYPTO)
|
||||
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
|
||||
#else
|
||||
/* wc_Sha512 digest */
|
||||
struct wc_Sha512 {
|
||||
@ -153,6 +156,7 @@ WOLFSSL_LOCAL void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
|
||||
|
||||
WOLFSSL_API int wc_InitSha512(wc_Sha512*);
|
||||
WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int);
|
||||
WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32);
|
||||
|
@ -37,7 +37,9 @@
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#define SP_NOINLINE __declspec(noinline)
|
||||
#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || defined(__KEIL__)
|
||||
#elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
|
||||
#define SP_NOINLINE _Pragma("inline = never")
|
||||
#elif defined(__GNUC__) || defined(__KEIL__)
|
||||
#define SP_NOINLINE __attribute__((noinline))
|
||||
#else
|
||||
#define SP_NOINLINE
|
||||
@ -141,7 +143,18 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
|
||||
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ);
|
||||
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym);
|
||||
|
||||
#endif /*ifdef WOLFSSL_HAVE_SP_ECC */
|
||||
#ifdef WOLFSSL_SP_NONBLOCK
|
||||
int sp_ecc_sign_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
|
||||
mp_int* rm, mp_int* sm, mp_int* km, void* heap);
|
||||
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY,
|
||||
mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
|
||||
int sp_ecc_sign_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
|
||||
mp_int* rm, mp_int* sm, mp_int* km, void* heap);
|
||||
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY,
|
||||
mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
|
||||
#endif /* WOLFSSL_SP_NONBLOCK */
|
||||
|
||||
#endif /* WOLFSSL_HAVE_SP_ECC */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -19,7 +19,11 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library provides single precision (SP) integer math functions.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_SP_INT_H
|
||||
#define WOLF_CRYPT_SP_INT_H
|
||||
|
||||
@ -60,6 +64,7 @@
|
||||
typedef int32 sp_digit;
|
||||
typedef uint32 sp_int_digit;
|
||||
typedef uint64 sp_int_word;
|
||||
typedef int64 sp_int_sword;
|
||||
#undef SP_WORD_SIZE
|
||||
#define SP_WORD_SIZE 32
|
||||
#elif !defined(WOLFSSL_SP_ASM)
|
||||
@ -67,6 +72,7 @@
|
||||
typedef int32_t sp_digit;
|
||||
typedef uint32_t sp_int_digit;
|
||||
typedef uint64_t sp_int_word;
|
||||
typedef int64_t sp_int_sword;
|
||||
#elif SP_WORD_SIZE == 64
|
||||
typedef int64_t sp_digit;
|
||||
typedef uint64_t sp_int_digit;
|
||||
@ -78,6 +84,7 @@
|
||||
typedef long int128_t __attribute__ ((mode(TI)));
|
||||
#endif
|
||||
typedef uint128_t sp_int_word;
|
||||
typedef int128_t sp_int_sword;
|
||||
#else
|
||||
#error Word size not defined
|
||||
#endif
|
||||
@ -86,6 +93,7 @@
|
||||
typedef uint32_t sp_digit;
|
||||
typedef uint32_t sp_int_digit;
|
||||
typedef uint64_t sp_int_word;
|
||||
typedef int64_t sp_int_sword;
|
||||
#elif SP_WORD_SIZE == 64
|
||||
typedef uint64_t sp_digit;
|
||||
typedef uint64_t sp_int_digit;
|
||||
@ -97,6 +105,7 @@
|
||||
typedef long int128_t __attribute__ ((mode(TI)));
|
||||
#endif
|
||||
typedef uint128_t sp_int_word;
|
||||
typedef int128_t sp_int_sword;
|
||||
#else
|
||||
#error Word size not defined
|
||||
#endif
|
||||
@ -104,6 +113,17 @@
|
||||
|
||||
#define SP_MASK (sp_digit)(-1)
|
||||
|
||||
|
||||
#if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)
|
||||
typedef struct sp_ecc_ctx {
|
||||
#ifdef WOLFSSL_SP_384
|
||||
byte data[48*80]; /* stack data */
|
||||
#else
|
||||
byte data[32*80]; /* stack data */
|
||||
#endif
|
||||
} sp_ecc_ctx_t;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SP_MATH
|
||||
#include <libwolfssl/wolfcrypt/random.h>
|
||||
|
||||
@ -169,9 +189,10 @@ typedef sp_int_digit mp_digit;
|
||||
MP_API int sp_init(sp_int* a);
|
||||
MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d,
|
||||
sp_int* e, sp_int* f);
|
||||
MP_API void sp_free(sp_int* a);
|
||||
MP_API void sp_clear(sp_int* a);
|
||||
MP_API int sp_unsigned_bin_size(sp_int* a);
|
||||
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz);
|
||||
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz);
|
||||
MP_API int sp_read_radix(sp_int* a, const char* in, int radix);
|
||||
MP_API int sp_cmp(sp_int* a, sp_int* b);
|
||||
MP_API int sp_count_bits(sp_int* a);
|
||||
@ -211,7 +232,6 @@ MP_API void sp_rshb(sp_int* a, int n, sp_int* r);
|
||||
MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r);
|
||||
|
||||
|
||||
#define MP_OKAY 0
|
||||
#define MP_NO 0
|
||||
#define MP_YES 1
|
||||
|
||||
@ -221,15 +241,17 @@ MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r);
|
||||
#define MP_EQ 0
|
||||
#define MP_LT -1
|
||||
|
||||
#define MP_OKAY 0
|
||||
#define MP_MEM -2
|
||||
#define MP_VAL -3
|
||||
#define FP_WOULDBLOCK -4
|
||||
|
||||
#define DIGIT_BIT SP_WORD_SIZE
|
||||
#define MP_MASK SP_MASK
|
||||
|
||||
#define CheckFastMathSettings() 1
|
||||
|
||||
#define mp_free(a)
|
||||
#define mp_free sp_free
|
||||
|
||||
#define mp_isodd sp_isodd
|
||||
#define mp_iseven sp_iseven
|
||||
|
@ -432,7 +432,7 @@ MP_API void fp_free(fp_int* a);
|
||||
|
||||
/* set to a small digit */
|
||||
void fp_set(fp_int *a, fp_digit b);
|
||||
void fp_set_int(fp_int *a, unsigned long b);
|
||||
int fp_set_int(fp_int *a, unsigned long b);
|
||||
|
||||
/* check if a bit is set */
|
||||
int fp_is_bit_set(fp_int *a, fp_digit b);
|
||||
@ -459,7 +459,7 @@ void fp_rshd(fp_int *a, int x);
|
||||
void fp_rshb(fp_int *a, int x);
|
||||
|
||||
/* left shift x digits */
|
||||
void fp_lshd(fp_int *a, int x);
|
||||
int fp_lshd(fp_int *a, int x);
|
||||
|
||||
/* signed comparison */
|
||||
int fp_cmp(fp_int *a, fp_int *b);
|
||||
@ -470,19 +470,22 @@ int fp_cmp_mag(fp_int *a, fp_int *b);
|
||||
/* power of 2 operations */
|
||||
void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d);
|
||||
void fp_mod_2d(fp_int *a, int b, fp_int *c);
|
||||
void fp_mul_2d(fp_int *a, int b, fp_int *c);
|
||||
int fp_mul_2d(fp_int *a, int b, fp_int *c);
|
||||
void fp_2expt (fp_int *a, int b);
|
||||
void fp_mul_2(fp_int *a, fp_int *c);
|
||||
int fp_mul_2(fp_int *a, fp_int *c);
|
||||
void fp_div_2(fp_int *a, fp_int *c);
|
||||
/* c = a / 2 (mod b) - constant time (a < b and positive) */
|
||||
int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c);
|
||||
|
||||
|
||||
/* Counts the number of lsbs which are zero before the first zero bit */
|
||||
int fp_cnt_lsb(fp_int *a);
|
||||
|
||||
/* c = a + b */
|
||||
void fp_add(fp_int *a, fp_int *b, fp_int *c);
|
||||
int fp_add(fp_int *a, fp_int *b, fp_int *c);
|
||||
|
||||
/* c = a - b */
|
||||
void fp_sub(fp_int *a, fp_int *b, fp_int *c);
|
||||
int fp_sub(fp_int *a, fp_int *b, fp_int *c);
|
||||
|
||||
/* c = a * b */
|
||||
int fp_mul(fp_int *a, fp_int *b, fp_int *c);
|
||||
@ -500,13 +503,13 @@ int fp_mod(fp_int *a, fp_int *b, fp_int *c);
|
||||
int fp_cmp_d(fp_int *a, fp_digit b);
|
||||
|
||||
/* c = a + b */
|
||||
void fp_add_d(fp_int *a, fp_digit b, fp_int *c);
|
||||
int fp_add_d(fp_int *a, fp_digit b, fp_int *c);
|
||||
|
||||
/* c = a - b */
|
||||
int fp_sub_d(fp_int *a, fp_digit b, fp_int *c);
|
||||
|
||||
/* c = a * b */
|
||||
void fp_mul_d(fp_int *a, fp_digit b, fp_int *c);
|
||||
int fp_mul_d(fp_int *a, fp_digit b, fp_int *c);
|
||||
|
||||
/* a/b => cb + d == a */
|
||||
/*int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d);*/
|
||||
@ -530,6 +533,12 @@ int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
|
||||
/* d = a + b (mod c) */
|
||||
int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
|
||||
|
||||
/* d = a - b (mod c) - constant time (a < c and b < c) */
|
||||
int fp_submod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
|
||||
|
||||
/* d = a + b (mod c) - constant time (a < c and b < c) */
|
||||
int fp_addmod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
|
||||
|
||||
/* c = a * a (mod b) */
|
||||
int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c);
|
||||
|
||||
@ -549,10 +558,11 @@ int fp_montgomery_setup(fp_int *a, fp_digit *mp);
|
||||
/* computes a = B**n mod b without division or multiplication useful for
|
||||
* normalizing numbers in a Montgomery system.
|
||||
*/
|
||||
void fp_montgomery_calc_normalization(fp_int *a, fp_int *b);
|
||||
int fp_montgomery_calc_normalization(fp_int *a, fp_int *b);
|
||||
|
||||
/* computes x/R == x (mod N) via Montgomery Reduction */
|
||||
int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
|
||||
int fp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, int ct);
|
||||
|
||||
/* d = a**b (mod c) */
|
||||
int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
|
||||
@ -637,7 +647,7 @@ int fp_count_bits(fp_int *a);
|
||||
int fp_leading_bit(fp_int *a);
|
||||
|
||||
int fp_unsigned_bin_size(fp_int *a);
|
||||
void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c);
|
||||
int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c);
|
||||
int fp_to_unsigned_bin(fp_int *a, unsigned char *b);
|
||||
int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c);
|
||||
int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b);
|
||||
@ -652,7 +662,7 @@ int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b);
|
||||
|
||||
|
||||
/* VARIOUS LOW LEVEL STUFFS */
|
||||
void s_fp_add(fp_int *a, fp_int *b, fp_int *c);
|
||||
int s_fp_add(fp_int *a, fp_int *b, fp_int *c);
|
||||
void s_fp_sub(fp_int *a, fp_int *b, fp_int *c);
|
||||
void fp_reverse(unsigned char *s, int len);
|
||||
|
||||
@ -728,6 +738,7 @@ int fp_sqr_comba64(fp_int *a, fp_int *b);
|
||||
#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX)
|
||||
|
||||
MP_API int mp_init (mp_int * a);
|
||||
MP_API int mp_init_copy(fp_int * a, fp_int * b);
|
||||
MP_API void mp_clear (mp_int * a);
|
||||
MP_API void mp_free (mp_int * a);
|
||||
MP_API void mp_forcezero (mp_int * a);
|
||||
@ -743,6 +754,8 @@ MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
|
||||
MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
|
||||
MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
|
||||
MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
|
||||
MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
|
||||
MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
|
||||
MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c);
|
||||
MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
|
||||
MP_API int mp_invmod_mont_ct(mp_int *a, mp_int *b, mp_int *c, fp_digit mp);
|
||||
@ -791,9 +804,11 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size);
|
||||
#ifdef HAVE_ECC
|
||||
MP_API int mp_sqr(fp_int *a, fp_int *b);
|
||||
MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
|
||||
MP_API int mp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp,
|
||||
int ct);
|
||||
MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho);
|
||||
MP_API int mp_div_2(fp_int * a, fp_int * b);
|
||||
MP_API int mp_init_copy(fp_int * a, fp_int * b);
|
||||
MP_API int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA) || \
|
||||
|
@ -22,7 +22,12 @@
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/types.h
|
||||
*/
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library defines the primitive data types and abstraction macros to
|
||||
decouple library dependencies with standard string, memory and so on.
|
||||
|
||||
*/
|
||||
#ifndef WOLF_CRYPT_TYPES_H
|
||||
#define WOLF_CRYPT_TYPES_H
|
||||
|
||||
@ -342,9 +347,9 @@
|
||||
#else
|
||||
/* just use plain C stdlib stuff if desired */
|
||||
#include <stdlib.h>
|
||||
#define XMALLOC(s, h, t) malloc((s))
|
||||
#define XMALLOC(s, h, t) malloc((size_t)(s))
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
|
||||
#define XREALLOC(p, n, h, t) realloc((p), (n))
|
||||
#define XREALLOC(p, n, h, t) realloc((p), (size_t)(n))
|
||||
#endif
|
||||
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
|
||||
&& !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
|
||||
|
@ -28,24 +28,33 @@
|
||||
#define WOLF_CRYPT_ENCRYPT_H
|
||||
|
||||
#include <libwolfssl/wolfcrypt/types.h>
|
||||
#include <libwolfssl/wolfcrypt/aes.h>
|
||||
#include <libwolfssl/wolfcrypt/chacha.h>
|
||||
#include <libwolfssl/wolfcrypt/des3.h>
|
||||
#include <libwolfssl/wolfcrypt/arc4.h>
|
||||
#ifndef NO_AES
|
||||
#include <libwolfssl/wolfcrypt/aes.h>
|
||||
#endif
|
||||
#ifdef HAVE_CHACHA
|
||||
#include <libwolfssl/wolfcrypt/chacha.h>
|
||||
#endif
|
||||
#ifndef NO_DES3
|
||||
#include <libwolfssl/wolfcrypt/des3.h>
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
#include <libwolfssl/wolfcrypt/arc4.h>
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* determine max cipher key size */
|
||||
/* determine max cipher key size - cannot use enum values here, must be define,
|
||||
* since WC_MAX_SYM_KEY_SIZE is used in if macro logic. */
|
||||
#ifndef NO_AES
|
||||
#define WC_MAX_SYM_KEY_SIZE (AES_MAX_KEY_SIZE/8)
|
||||
#elif defined(HAVE_CHACHA)
|
||||
#define WC_MAX_SYM_KEY_SIZE CHACHA_MAX_KEY_SZ
|
||||
#define WC_MAX_SYM_KEY_SIZE 32 /* CHACHA_MAX_KEY_SZ */
|
||||
#elif !defined(NO_DES3)
|
||||
#define WC_MAX_SYM_KEY_SIZE DES3_KEY_SIZE
|
||||
#define WC_MAX_SYM_KEY_SIZE 24 /* DES3_KEY_SIZE */
|
||||
#elif !defined(NO_RC4)
|
||||
#define WC_MAX_SYM_KEY_SIZE RC4_KEY_SIZE
|
||||
#define WC_MAX_SYM_KEY_SIZE 16 /* RC4_KEY_SIZE */
|
||||
#else
|
||||
#define WC_MAX_SYM_KEY_SIZE 32
|
||||
#endif
|
||||
|
@ -6,7 +6,7 @@
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
|
@ -156,8 +156,10 @@
|
||||
|
||||
#else
|
||||
#ifndef SINGLE_THREADED
|
||||
#define WOLFSSL_PTHREADS
|
||||
#include <pthread.h>
|
||||
#ifndef WOLFSSL_USER_MUTEX
|
||||
#define WOLFSSL_PTHREADS
|
||||
#include <pthread.h>
|
||||
#endif
|
||||
#endif
|
||||
#if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \
|
||||
!defined(NO_FILESYSTEM)
|
||||
@ -238,6 +240,8 @@
|
||||
typedef struct k_mutex wolfSSL_Mutex;
|
||||
#elif defined(WOLFSSL_TELIT_M2MB)
|
||||
typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex;
|
||||
#elif defined(WOLFSSL_USER_MUTEX)
|
||||
/* typedef User_Mutex wolfSSL_Mutex; */
|
||||
#else
|
||||
#error Need a mutex type in multithreaded mode
|
||||
#endif /* USE_WINDOWS_API */
|
||||
@ -245,7 +249,7 @@
|
||||
|
||||
/* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */
|
||||
#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \
|
||||
defined(STM32_CRYPTO)
|
||||
defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG)
|
||||
#ifndef WOLFSSL_CRYPT_HW_MUTEX
|
||||
#define WOLFSSL_CRYPT_HW_MUTEX 1
|
||||
#endif
|
||||
@ -451,6 +455,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
#define MAX_PATH 256
|
||||
#endif
|
||||
|
||||
WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf,
|
||||
size_t* bufLen, void* heap);
|
||||
|
||||
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \
|
||||
!defined(WOLFSSL_NUCLEUS_1_2)
|
||||
typedef struct ReadDirCtx {
|
||||
@ -553,6 +560,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
|
||||
#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
|
||||
#include <time.h>
|
||||
extern time_t pic32_time(time_t* timer);
|
||||
#define XTIME(t1) pic32_time((t1))
|
||||
#define XGMTIME(c, t) gmtime((c))
|
||||
|
||||
@ -683,7 +691,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
#endif
|
||||
#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE)
|
||||
#define USE_WOLF_VALIDDATE
|
||||
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
|
||||
#define XVALIDATE_DATE(d, f, t) wc_ValidateDate((d), (f), (t))
|
||||
#endif
|
||||
|
||||
/* wolf struct tm and time_t */
|
||||
|
@ -19,6 +19,11 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
DESCRIPTION
|
||||
This library provides big integer math functions.
|
||||
|
||||
*/
|
||||
#ifndef __WOLFMATH_H__
|
||||
#define __WOLFMATH_H__
|
||||
|
||||
|
@ -126,6 +126,8 @@
|
||||
#include <errno.h>
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
#include <net/socket.h>
|
||||
#elif defined(MICROCHIP_PIC32)
|
||||
#include <sys/errno.h>
|
||||
#elif defined(HAVE_NETX)
|
||||
#include "nx_api.h"
|
||||
#include "errno.h"
|
||||
@ -147,7 +149,6 @@
|
||||
&& !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
|
||||
&& !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
|
||||
#include <network.h>
|
||||
//#include <sys/socket.h>
|
||||
//#include <arpa/inet.h>
|
||||
//#include <netinet/in.h>
|
||||
//#include <netdb.h>
|
||||
@ -159,7 +160,7 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_RENESAS_RA6M3G) /* Uses FREERTOS_TCP */
|
||||
#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) /* Uses FREERTOS_TCP */
|
||||
#include <errno.h>
|
||||
#endif
|
||||
|
||||
|
@ -25,6 +25,7 @@
|
||||
#include "music/SoundHandler.hpp"
|
||||
#include "network/gcard.h"
|
||||
#include "unzip/U8Archive.h"
|
||||
#include "network/proxysettings.h"
|
||||
|
||||
// Sounds
|
||||
extern const u8 click_wav[];
|
||||
@ -172,6 +173,16 @@ bool CMenu::init(bool usb_mounted)
|
||||
/* Init Network if wanted for gamercard if it isn't already inited */
|
||||
if(has_enabled_providers())
|
||||
_initAsyncNetwork();
|
||||
/* Set the proxy settings */
|
||||
proxyUseSystem = m_cfg.getBool("PROXY", "proxy_use_system", true);
|
||||
memset(proxyAddress, 0, sizeof(proxyAddress));
|
||||
strncpy(proxyAddress, m_cfg.getString("PROXY", "proxy_address", "").c_str(), sizeof(proxyAddress) - 1);
|
||||
proxyPort = m_cfg.getInt("PROXY", "proxy_port", 0);
|
||||
memset(proxyUsername, 0, sizeof(proxyUsername));
|
||||
strncpy(proxyUsername, m_cfg.getString("PROXY", "proxy_username", "").c_str(), sizeof(proxyUsername) - 1);
|
||||
memset(proxyPassword, 0, sizeof(proxyPassword));
|
||||
strncpy(proxyPassword, m_cfg.getString("PROXY", "proxy_password", "").c_str(), sizeof(proxyPassword) - 1);
|
||||
getProxyInfo();
|
||||
|
||||
/* Set SD only to off if any usb device is attached and format is FAT, NTFS, WBFS, or LINUX */
|
||||
m_cfg.getBool("GENERAL", "sd_only", true);// will only set it true if this doesn't already exist
|
||||
|
@ -1196,6 +1196,13 @@ public:
|
||||
void _hideWaitMessage();
|
||||
void GC_Messenger(int message, int info, char *cinfo);
|
||||
|
||||
/* proxy settings */
|
||||
bool proxyUseSystem;
|
||||
char proxyAddress[256];
|
||||
u16 proxyPort;
|
||||
char proxyUsername[34];
|
||||
char proxyPassword[34];
|
||||
|
||||
/* general thread updating stuff */
|
||||
u64 m_thrdTotal;
|
||||
void update_pThread(u64 amount, bool add = true);
|
||||
|
@ -3,7 +3,7 @@
|
||||
#include "channel/nand.hpp"
|
||||
#include "loader/nk.h"
|
||||
|
||||
const int CMenu::_nbCfgPages = 13;
|
||||
const int CMenu::_nbCfgPages = 14;
|
||||
|
||||
void CMenu::_hideConfigCommon(bool instant)
|
||||
{
|
||||
|
@ -50,15 +50,18 @@ void CMenu::_showConfig7(int curPage)
|
||||
|
||||
m_btnMgr.show(m_config7Lbl1);
|
||||
m_btnMgr.show(m_config7Btn1);
|
||||
m_btnMgr.show(m_config7Lbl2);
|
||||
m_btnMgr.show(m_config7Btn2);
|
||||
m_btnMgr.show(m_config7Lbl3);
|
||||
m_btnMgr.show(m_config7Btn3);
|
||||
m_btnMgr.show(m_config7Lbl4);
|
||||
if(curPage != 14)
|
||||
{
|
||||
m_btnMgr.show(m_config7Lbl2);
|
||||
m_btnMgr.show(m_config7Btn2);
|
||||
m_btnMgr.show(m_config7Lbl3);
|
||||
m_btnMgr.show(m_config7Btn3);
|
||||
m_btnMgr.show(m_config7Lbl4);
|
||||
}
|
||||
|
||||
if(curPage == 7 || curPage == 11 || curPage == 12 || curPage == 13)
|
||||
m_btnMgr.show(m_config7Btn4);
|
||||
else
|
||||
else if(curPage != 14)
|
||||
{
|
||||
m_btnMgr.show(m_config7Lbl4Val);
|
||||
m_btnMgr.show(m_config7Btn4M);
|
||||
@ -131,7 +134,7 @@ void CMenu::_showConfig7(int curPage)
|
||||
m_btnMgr.setText(m_config7Lbl4, _t("cfg727", L"Use Plugin Database Titles"));
|
||||
m_btnMgr.setText(m_config7Btn4, m_cfg.getBool(PLUGIN_DOMAIN, "database_titles", true) ? _t("yes", L"Yes") : _t("no", L"No"));
|
||||
}
|
||||
else // page 13
|
||||
else if(curPage == 13)
|
||||
{
|
||||
m_btnMgr.setText(m_config7Lbl1, _t("cfgg49", L"480p Pixel Patch"));
|
||||
m_btnMgr.setText(m_config7Btn1, m_cfg.getBool(WII_DOMAIN, "fix480p", false) ? _t("on", L"On") : _t("off", L"Off"));
|
||||
@ -142,6 +145,11 @@ void CMenu::_showConfig7(int curPage)
|
||||
m_btnMgr.setText(m_config7Lbl4, _t("cfg724", L"Lock coverflow layouts"));
|
||||
m_btnMgr.setText(m_config7Btn4, m_cfg.getBool("general", "cf_locked") ? _t("yes", L"Yes") : _t("no", L"No"));
|
||||
}
|
||||
else // page 14
|
||||
{
|
||||
m_btnMgr.setText(m_config7Lbl1, _t("cfg729", L"Use system proxy settings"));
|
||||
m_btnMgr.setText(m_config7Btn1, m_cfg.getBool("PROXY", "proxy_use_system") ? _t("on", L"On") : _t("off", L"Off"));
|
||||
}
|
||||
}
|
||||
|
||||
int CMenu::_config7(int curPage)
|
||||
@ -348,6 +356,16 @@ int CMenu::_config7(int curPage)
|
||||
CFLocked = val;
|
||||
}
|
||||
}
|
||||
if(curPage == 14)
|
||||
{
|
||||
if(m_btnMgr.selected(m_config7Btn1))
|
||||
{
|
||||
bool val = !m_cfg.getBool("PROXY", "proxy_use_system");
|
||||
m_cfg.setBool("PROXY", "proxy_use_system", val);
|
||||
mainMenu.proxyUseSystem = val;
|
||||
m_btnMgr.setText(m_config7Btn1, val ? _t("on", L"On") : _t("off", L"Off"));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if(rand_music != m_cfg.getBool("GENERAL", "randomize_music"))
|
||||
|
171
source/network/base64.h
Normal file
171
source/network/base64.h
Normal file
@ -0,0 +1,171 @@
|
||||
/*
|
||||
|
||||
https://github.com/superwills/NibbleAndAHalf
|
||||
base64.h -- Fast base64 encoding and decoding.
|
||||
version 1.0.0, April 17, 2013 143a
|
||||
|
||||
Copyright (C) 2013 William Sherif
|
||||
|
||||
This software is provided 'as-is', without any express or implied
|
||||
warranty. In no event will the authors be held liable for any damages
|
||||
arising from the use of this software.
|
||||
|
||||
Permission is granted to anyone to use this software for any purpose,
|
||||
including commercial applications, and to alter it and redistribute it
|
||||
freely, subject to the following restrictions:
|
||||
|
||||
1. The origin of this software must not be misrepresented; you must not
|
||||
claim that you wrote the original software. If you use this software
|
||||
in a product, an acknowledgment in the product documentation would be
|
||||
appreciated but is not required.
|
||||
2. Altered source versions must be plainly marked as such, and must not be
|
||||
misrepresented as being the original software.
|
||||
3. This notice may not be removed or altered from any source distribution.
|
||||
|
||||
William Sherif
|
||||
will.sherif@gmail.com
|
||||
|
||||
YWxsIHlvdXIgYmFzZSBhcmUgYmVsb25nIHRvIHVz
|
||||
|
||||
*/
|
||||
#ifndef BASE64_H
|
||||
#define BASE64_H
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
static const char* b64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||||
|
||||
// maps A=>0,B=>1..
|
||||
static const unsigned char unb64[]={
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //10
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //20
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //30
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //40
|
||||
0, 0, 0, 62, 0, 0, 0, 63, 52, 53, //50
|
||||
54, 55, 56, 57, 58, 59, 60, 61, 0, 0, //60
|
||||
0, 0, 0, 0, 0, 0, 1, 2, 3, 4, //70
|
||||
5, 6, 7, 8, 9, 10, 11, 12, 13, 14, //80
|
||||
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, //90
|
||||
25, 0, 0, 0, 0, 0, 0, 26, 27, 28, //100
|
||||
29, 30, 31, 32, 33, 34, 35, 36, 37, 38, //110
|
||||
39, 40, 41, 42, 43, 44, 45, 46, 47, 48, //120
|
||||
49, 50, 51, 0, 0, 0, 0, 0, 0, 0, //130
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //140
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //150
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //160
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //170
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //180
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //190
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //200
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //210
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //220
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //230
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //240
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //250
|
||||
0, 0, 0, 0, 0, 0,
|
||||
}; // This array has 256 elements
|
||||
|
||||
// Converts binary data of length=len to base64 characters.
|
||||
// Length of the resultant string is stored in flen
|
||||
// (you must pass pointer flen).
|
||||
char* base64( const void* binaryData, int len, int *flen )
|
||||
{
|
||||
const unsigned char* bin = (const unsigned char*) binaryData;
|
||||
char* res;
|
||||
|
||||
int rc = 0; // result counter
|
||||
int byteNo; // I need this after the loop
|
||||
|
||||
int modulusLen = len % 3;
|
||||
int pad = ((modulusLen&1)<<1) + ((modulusLen&2)>>1); // 2 gives 1 and 1 gives 2, but 0 gives 0.
|
||||
|
||||
*flen = 4*(len + pad)/3;
|
||||
res = (char*) malloc( *flen + 1 ); // and one for the null
|
||||
if( !res )
|
||||
return 0;
|
||||
|
||||
for( byteNo = 0; byteNo <= len-3; byteNo+=3 )
|
||||
{
|
||||
unsigned char BYTE0=bin[byteNo];
|
||||
unsigned char BYTE1=bin[byteNo+1];
|
||||
unsigned char BYTE2=bin[byteNo+2];
|
||||
res[rc++] = b64[ BYTE0 >> 2 ];
|
||||
res[rc++] = b64[ ((0x3&BYTE0)<<4) + (BYTE1 >> 4) ];
|
||||
res[rc++] = b64[ ((0x0f&BYTE1)<<2) + (BYTE2>>6) ];
|
||||
res[rc++] = b64[ 0x3f&BYTE2 ];
|
||||
}
|
||||
|
||||
if( pad==2 )
|
||||
{
|
||||
res[rc++] = b64[ bin[byteNo] >> 2 ];
|
||||
res[rc++] = b64[ (0x3&bin[byteNo])<<4 ];
|
||||
res[rc++] = '=';
|
||||
res[rc++] = '=';
|
||||
}
|
||||
else if( pad==1 )
|
||||
{
|
||||
res[rc++] = b64[ bin[byteNo] >> 2 ];
|
||||
res[rc++] = b64[ ((0x3&bin[byteNo])<<4) + (bin[byteNo+1] >> 4) ];
|
||||
res[rc++] = b64[ (0x0f&bin[byteNo+1])<<2 ];
|
||||
res[rc++] = '=';
|
||||
}
|
||||
|
||||
res[rc]=0; // NULL TERMINATOR!;)
|
||||
return res;
|
||||
}
|
||||
|
||||
unsigned char* unbase64( const char* ascii, int len, int *flen )
|
||||
{
|
||||
const unsigned char *safeAsciiPtr = (const unsigned char*)ascii;
|
||||
unsigned char *bin;
|
||||
int cb=0;
|
||||
int charNo;
|
||||
int pad = 0;
|
||||
|
||||
if ((len <= 0) || (len % 4 != 0)) { // 2 accesses below would be OOB.
|
||||
// catch empty string or incorrect padding size, return NULL as result.
|
||||
*flen=0;
|
||||
return 0;
|
||||
}
|
||||
if( safeAsciiPtr[ len-1 ]=='=' ) ++pad;
|
||||
if( safeAsciiPtr[ len-2 ]=='=' ) ++pad;
|
||||
|
||||
*flen = 3*len/4 - pad;
|
||||
bin = (unsigned char*)malloc( *flen );
|
||||
if( !bin )
|
||||
return 0;
|
||||
|
||||
for( charNo=0; charNo <= len - 4 - pad; charNo+=4 )
|
||||
{
|
||||
int A=unb64[safeAsciiPtr[charNo]];
|
||||
int B=unb64[safeAsciiPtr[charNo+1]];
|
||||
int C=unb64[safeAsciiPtr[charNo+2]];
|
||||
int D=unb64[safeAsciiPtr[charNo+3]];
|
||||
|
||||
bin[cb++] = (A<<2) | (B>>4);
|
||||
bin[cb++] = (B<<4) | (C>>2);
|
||||
bin[cb++] = (C<<6) | (D);
|
||||
}
|
||||
|
||||
if( pad==1 )
|
||||
{
|
||||
int A=unb64[safeAsciiPtr[charNo]];
|
||||
int B=unb64[safeAsciiPtr[charNo+1]];
|
||||
int C=unb64[safeAsciiPtr[charNo+2]];
|
||||
|
||||
bin[cb++] = (A<<2) | (B>>4);
|
||||
bin[cb++] = (B<<4) | (C>>2);
|
||||
}
|
||||
else if( pad==2 )
|
||||
{
|
||||
int A=unb64[safeAsciiPtr[charNo]];
|
||||
int B=unb64[safeAsciiPtr[charNo+1]];
|
||||
|
||||
bin[cb++] = (A<<2) | (B>>4);
|
||||
}
|
||||
|
||||
return bin;
|
||||
}
|
||||
|
||||
#endif
|
@ -1,362 +1,481 @@
|
||||
// Code by blackb0x @ GBAtemp.net
|
||||
// This allows the Wii to download from servers that use SNI.
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
/*
|
||||
Code by blackb0x @ GBAtemp.net
|
||||
This allows the Wii to download from servers that use SNI.
|
||||
*/
|
||||
#include <network.h>
|
||||
#include <ogc/lwp_watchdog.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "https.h"
|
||||
#include "base64.h"
|
||||
#include "gecko/gecko.hpp"
|
||||
#include "picohttpparser.h"
|
||||
#include "https.h"
|
||||
#include "memory/mem2.hpp"
|
||||
#include "proxysettings.h"
|
||||
|
||||
u8 loop;
|
||||
WOLFSSL_SESSION *session;
|
||||
|
||||
int https_write(HTTP_INFO *httpinfo, char *buffer, int len)
|
||||
int https_write(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy)
|
||||
{
|
||||
int ret, slen = 0;
|
||||
while (1)
|
||||
{
|
||||
if (httpinfo->use_https)
|
||||
ret = wolfSSL_write(httpinfo->ssl, &buffer[slen], len - slen);
|
||||
else
|
||||
ret = net_write(httpinfo->sock, &buffer[slen], len - slen);
|
||||
|
||||
if (ret == 0)
|
||||
continue;
|
||||
else if (ret <= 0)
|
||||
return ret; // Timeout would return -1
|
||||
|
||||
slen += ret;
|
||||
if (slen >= len)
|
||||
break;
|
||||
}
|
||||
return slen;
|
||||
int ret, pos = 0;
|
||||
int rlen = (len > BLOCK_SIZE) ? BLOCK_SIZE : len;
|
||||
u64 time = gettime();
|
||||
while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT)
|
||||
{
|
||||
if (httpinfo->use_https && !proxy)
|
||||
ret = wolfSSL_write(httpinfo->ssl, &buffer[pos], rlen);
|
||||
else
|
||||
ret = net_write(httpinfo->sock, &buffer[pos], rlen);
|
||||
if (ret > 0)
|
||||
{
|
||||
pos += ret;
|
||||
rlen = (len - pos > BLOCK_SIZE) ? BLOCK_SIZE : len - pos;
|
||||
if (pos >= len)
|
||||
return pos;
|
||||
time = gettime();
|
||||
}
|
||||
usleep(10000);
|
||||
}
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("The connection timed out (write)\n");
|
||||
#endif
|
||||
return -ETIMEDOUT;
|
||||
}
|
||||
|
||||
int https_read(HTTP_INFO *httpinfo, char *buffer, int len)
|
||||
int https_read(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy)
|
||||
{
|
||||
struct pollsd fds[1];
|
||||
fds[0].socket = httpinfo->sock;
|
||||
fds[0].events = POLLIN;
|
||||
int ret = -ETIMEDOUT;
|
||||
u64 time = gettime();
|
||||
if (len > BLOCK_SIZE)
|
||||
len = BLOCK_SIZE;
|
||||
while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT)
|
||||
{
|
||||
if (httpinfo->use_https && !proxy)
|
||||
ret = wolfSSL_read(httpinfo->ssl, buffer, len);
|
||||
else
|
||||
ret = net_read(httpinfo->sock, buffer, len);
|
||||
if (ret >= 0)
|
||||
return ret;
|
||||
usleep(10000);
|
||||
}
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("The connection timed out (read)\n");
|
||||
#endif
|
||||
return -ETIMEDOUT;
|
||||
}
|
||||
|
||||
net_fcntl(httpinfo->sock, F_SETFL, 4);
|
||||
switch (net_poll(fds, 1, READ_WRITE_TIMEOUT))
|
||||
{
|
||||
case -1:
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("net_poll error\n");
|
||||
#endif
|
||||
return -1;
|
||||
case 0:
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("The connection timed out\n");
|
||||
#endif
|
||||
return -ETIMEDOUT;
|
||||
default:
|
||||
net_fcntl(httpinfo->sock, F_SETFL, 0);
|
||||
if (len > 8192)
|
||||
len = 8192; // 16KB is the max on a Wii, but 8KB is safe
|
||||
if (httpinfo->use_https)
|
||||
return wolfSSL_read(httpinfo->ssl, buffer, len);
|
||||
return net_read(httpinfo->sock, buffer, len);
|
||||
}
|
||||
int send_callback(__attribute__((unused)) WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
||||
{
|
||||
int sent = net_write(*(int *)ctx, buf, sz);
|
||||
if (sent < 0)
|
||||
{
|
||||
if (sent == -EAGAIN)
|
||||
return WOLFSSL_CBIO_ERR_WANT_WRITE;
|
||||
else if (sent == -ECONNRESET)
|
||||
return WOLFSSL_CBIO_ERR_CONN_RST;
|
||||
else if (sent == -EINTR)
|
||||
return WOLFSSL_CBIO_ERR_ISR;
|
||||
else if (sent == -EPIPE)
|
||||
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
||||
else
|
||||
return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
}
|
||||
return sent;
|
||||
}
|
||||
|
||||
int recv_callback(__attribute__((unused)) WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
||||
{
|
||||
int recvd = net_read(*(int *)ctx, buf, sz);
|
||||
if (recvd < 0)
|
||||
{
|
||||
if (recvd == -EAGAIN)
|
||||
return WOLFSSL_CBIO_ERR_WANT_READ;
|
||||
else if (recvd == -ECONNRESET)
|
||||
return WOLFSSL_CBIO_ERR_CONN_RST;
|
||||
else if (recvd == -EINTR)
|
||||
return WOLFSSL_CBIO_ERR_ISR;
|
||||
else if (recvd == -ECONNABORTED)
|
||||
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
||||
else
|
||||
return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
}
|
||||
else if (recvd == 0)
|
||||
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
||||
return recvd;
|
||||
}
|
||||
|
||||
void https_close(HTTP_INFO *httpinfo)
|
||||
{
|
||||
if (httpinfo->use_https)
|
||||
{
|
||||
if (wolfSSL_shutdown(httpinfo->ssl) == SSL_SHUTDOWN_NOT_DONE)
|
||||
wolfSSL_shutdown(httpinfo->ssl);
|
||||
wolfSSL_free(httpinfo->ssl);
|
||||
wolfSSL_CTX_free(httpinfo->ctx);
|
||||
}
|
||||
net_close(httpinfo->sock);
|
||||
if (httpinfo->use_https)
|
||||
{
|
||||
wolfSSL_shutdown(httpinfo->ssl);
|
||||
wolfSSL_free(httpinfo->ssl);
|
||||
wolfSSL_CTX_free(httpinfo->ctx);
|
||||
}
|
||||
net_close(httpinfo->sock);
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Closed socket and cleaned up\n");
|
||||
gprintf("Closed socket and cleaned up\n");
|
||||
#endif
|
||||
}
|
||||
|
||||
u8 get_header_value(struct phr_header *headers, size_t num_headers, char *dst, char *header)
|
||||
bool get_header_value(struct phr_header *headers, size_t num_headers, char *dst, char *header)
|
||||
{
|
||||
for (size_t i = 0; i != num_headers; ++i)
|
||||
{
|
||||
if (strncasecmp(header, headers[i].name, headers[i].name_len) == 0)
|
||||
{
|
||||
strlcpy(dst, headers[i].value, headers[i].value_len + 1);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
for (size_t i = 0; i != num_headers; ++i)
|
||||
{
|
||||
if (strncasecmp(header, headers[i].name, headers[i].name_len) == 0)
|
||||
{
|
||||
strlcpy(dst, headers[i].value, headers[i].value_len + 1);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
u8 is_chunked(struct phr_header *headers, size_t num_headers)
|
||||
u64 get_header_value_int(struct phr_header *headers, size_t num_headers, char *header)
|
||||
{
|
||||
char encoding[10] = {};
|
||||
if (!get_header_value(headers, num_headers, encoding, "transfer-encoding"))
|
||||
return 0;
|
||||
return (strcasecmp(encoding, "chunked") == 0) ? 1 : 0;
|
||||
char header_value[30];
|
||||
if (!get_header_value(headers, num_headers, header_value, header))
|
||||
return 0;
|
||||
return strtoull(header_value, NULL, 0);
|
||||
}
|
||||
|
||||
u8 read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
|
||||
bool is_chunked(struct phr_header *headers, size_t num_headers)
|
||||
{
|
||||
struct phr_chunked_decoder decoder = {};
|
||||
size_t capacity = 4096, rsize;
|
||||
ssize_t rret, pret;
|
||||
decoder.consume_trailer = 1;
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Data is chunked\n");
|
||||
#endif
|
||||
do
|
||||
{
|
||||
if (start_pos == capacity)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Increased buffer size\n");
|
||||
#endif
|
||||
capacity *= 2;
|
||||
buffer->data = MEM2_realloc(buffer->data, capacity);
|
||||
}
|
||||
while ((rret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos)) == -1 && errno == EINTR)
|
||||
;
|
||||
if (rret <= 0)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("IO error\n");
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
rsize = rret;
|
||||
pret = phr_decode_chunked(&decoder, &buffer->data[start_pos], &rsize);
|
||||
if (pret == -1)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Parse error\n");
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
start_pos += rsize;
|
||||
} while (pret == -2);
|
||||
buffer->size = start_pos;
|
||||
buffer->data = MEM2_realloc(buffer->data, buffer->size);
|
||||
return 1;
|
||||
char encoding[9];
|
||||
if (!get_header_value(headers, num_headers, encoding, "transfer-encoding"))
|
||||
return false;
|
||||
return (strcasecmp(encoding, "chunked") == 0) ? true : false;
|
||||
}
|
||||
|
||||
u8 read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
|
||||
bool read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
|
||||
{
|
||||
size_t capacity = 4096;
|
||||
ssize_t ret;
|
||||
struct phr_chunked_decoder decoder = {0};
|
||||
size_t rsize, capacity = 4096;
|
||||
ssize_t pret;
|
||||
int ret;
|
||||
decoder.consume_trailer = true;
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Data is not chunked\n");
|
||||
gprintf("Data is chunked\n");
|
||||
#endif
|
||||
while (1)
|
||||
{
|
||||
if (start_pos == capacity)
|
||||
{
|
||||
do
|
||||
{
|
||||
if (start_pos == capacity)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Increased buffer size\n");
|
||||
gprintf("Increased buffer size\n");
|
||||
#endif
|
||||
capacity *= 2;
|
||||
buffer->data = MEM2_realloc(buffer->data, capacity);
|
||||
}
|
||||
while ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos)) == -1 && errno == EINTR)
|
||||
;
|
||||
if (ret == 0)
|
||||
break;
|
||||
if (ret < 0)
|
||||
return 0;
|
||||
capacity *= 2;
|
||||
buffer->data = MEM2_realloc(buffer->data, capacity);
|
||||
}
|
||||
if ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos, false)) < 1)
|
||||
return false;
|
||||
rsize = ret;
|
||||
pret = phr_decode_chunked(&decoder, &buffer->data[start_pos], &rsize);
|
||||
if (pret == -1)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Parse error\n");
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
start_pos += rsize;
|
||||
} while (pret == -2);
|
||||
buffer->size = start_pos;
|
||||
buffer->data = MEM2_realloc(buffer->data, buffer->size);
|
||||
return true;
|
||||
}
|
||||
|
||||
start_pos += ret;
|
||||
};
|
||||
buffer->size = start_pos;
|
||||
buffer->data = MEM2_realloc(buffer->data, buffer->size);
|
||||
return 1;
|
||||
bool read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
|
||||
{
|
||||
size_t capacity = 4096;
|
||||
int ret;
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Data is not chunked\n");
|
||||
#endif
|
||||
while (true)
|
||||
{
|
||||
if (start_pos == capacity)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Increased buffer size\n");
|
||||
#endif
|
||||
capacity *= 2;
|
||||
buffer->data = MEM2_realloc(buffer->data, capacity);
|
||||
}
|
||||
if ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos, false)) == 0)
|
||||
break;
|
||||
if (ret < 0)
|
||||
return false;
|
||||
start_pos += ret;
|
||||
};
|
||||
buffer->size = start_pos;
|
||||
buffer->data = MEM2_realloc(buffer->data, buffer->size);
|
||||
return (buffer->content_length > 0 && buffer->content_length == start_pos) ? true : false;
|
||||
}
|
||||
|
||||
bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy)
|
||||
{
|
||||
int rret, minor_version;
|
||||
size_t msg_len, prevbuflen;
|
||||
const char *msg;
|
||||
|
||||
while (true)
|
||||
{
|
||||
if ((rret = https_read(httpinfo, &resp->data[resp->buflen], 1, proxy)) < 1)
|
||||
return false;
|
||||
prevbuflen = resp->buflen;
|
||||
resp->buflen += rret;
|
||||
// Parse the response
|
||||
resp->num_headers = sizeof(resp->headers) / sizeof(resp->headers[0]);
|
||||
if ((resp->pret = phr_parse_response(resp->data, resp->buflen, &minor_version, &resp->status, &msg, &msg_len, resp->headers, &resp->num_headers, prevbuflen)) > 0)
|
||||
return true; // Successfully parsed the response
|
||||
else if (resp->pret == -1)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("pret error %i\n", resp->pret);
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
if (resp->buflen == sizeof(resp->data))
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("buflen error %lu\n", (unsigned long)resp->buflen);
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
bool check_ip(char *str)
|
||||
{
|
||||
int partA, partB, partC, partD;
|
||||
char extra;
|
||||
// We avoid using regex because it increases the file size
|
||||
return (sscanf(str, "%d.%d.%d.%d%c", &partA, &partB, &partC, &partD, &extra) == 4) ? true : false;
|
||||
}
|
||||
|
||||
bool connect_proxy(HTTP_INFO *httpinfo, char *host, char *username, char *password)
|
||||
{
|
||||
HTTP_RESPONSE response = {0};
|
||||
char request[500];
|
||||
char credentials[65];
|
||||
char *auth;
|
||||
int len;
|
||||
if (username && password)
|
||||
{
|
||||
if(!snprintf(credentials, sizeof(credentials), "%s:%s", username, password))
|
||||
return false;
|
||||
if(!(auth = base64(credentials, strlen(credentials), &len)))
|
||||
return false;
|
||||
len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nProxy-Authorization: Basic %s\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80, auth);
|
||||
free(auth);
|
||||
}
|
||||
else
|
||||
len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80);
|
||||
if (len > 0 && https_write(httpinfo, request, len, true) != len)
|
||||
return false;
|
||||
if (get_response(httpinfo, &response, true))
|
||||
{
|
||||
if (response.status == 200)
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
int connect(char *host, u16 port)
|
||||
{
|
||||
struct sockaddr_in sin;
|
||||
s32 sock, ret;
|
||||
u64 t;
|
||||
|
||||
u32 ipaddress = getipbynamecached(host);
|
||||
if (ipaddress == 0)
|
||||
return -1;
|
||||
|
||||
sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
|
||||
if (sock < 0)
|
||||
return sock;
|
||||
|
||||
memset(&sin, 0, sizeof(struct sockaddr_in));
|
||||
sin.sin_family = AF_INET;
|
||||
sin.sin_port = htons(port);
|
||||
sin.sin_addr.s_addr = ipaddress;
|
||||
struct sockaddr_in sin;
|
||||
s32 sock, ret;
|
||||
u32 ipaddress;
|
||||
u64 time;
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Connecting to %s (%s)\n", host, inet_ntoa(sin.sin_addr));
|
||||
gprintf("Connecting to %s", host);
|
||||
#endif
|
||||
net_fcntl(sock, F_SETFL, 4);
|
||||
t = gettime();
|
||||
while (1)
|
||||
{
|
||||
if (ticks_to_millisecs(diff_ticks(t, gettime())) > TCP_CONNECT_TIMEOUT)
|
||||
{
|
||||
if ((ipaddress = check_ip(host) ? inet_addr(host) : getipbynamecached(host)) == 0)
|
||||
return -EFAULT;
|
||||
sin.sin_family = AF_INET;
|
||||
sin.sin_port = htons(port);
|
||||
sin.sin_addr.s_addr = ipaddress;
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("The connection timed out\n");
|
||||
if (!check_ip(host))
|
||||
gprintf(" (%s)", inet_ntoa(sin.sin_addr));
|
||||
#endif
|
||||
net_close(sock);
|
||||
return -ETIMEDOUT;
|
||||
}
|
||||
ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin));
|
||||
if (ret < 0)
|
||||
{
|
||||
if (ret == -EISCONN)
|
||||
break;
|
||||
if (ret == -EINPROGRESS || ret == -EALREADY)
|
||||
{
|
||||
usleep(20 * 1000);
|
||||
continue;
|
||||
}
|
||||
net_close(sock);
|
||||
return ret;
|
||||
}
|
||||
break;
|
||||
}
|
||||
net_fcntl(sock, F_SETFL, 0);
|
||||
return sock;
|
||||
if ((sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP)) < 0)
|
||||
return sock;
|
||||
net_fcntl(sock, F_SETFL, 4);
|
||||
time = gettime();
|
||||
while (ticks_to_millisecs(diff_ticks(time, gettime())) < CONNECT_TIMEOUT)
|
||||
{
|
||||
if ((ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin))) < 0)
|
||||
{
|
||||
if (ret == -EISCONN)
|
||||
return sock;
|
||||
if (ret == -EINPROGRESS || ret == -EALREADY)
|
||||
{
|
||||
usleep(10000);
|
||||
continue;
|
||||
}
|
||||
net_close(sock);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
net_close(sock);
|
||||
return -ETIMEDOUT;
|
||||
}
|
||||
|
||||
void downloadfile(const char *url, struct download *buffer)
|
||||
{
|
||||
HTTP_INFO httpinfo;
|
||||
memset(&httpinfo, 0, sizeof(HTTP_INFO));
|
||||
// Always reset the size due to the image downloader looping
|
||||
buffer->size = 0;
|
||||
HTTP_INFO httpinfo = {0};
|
||||
// Always reset the size due to the image downloader looping
|
||||
buffer->size = 0;
|
||||
// Check if we're using HTTPS and set the path
|
||||
char *path;
|
||||
if (strncmp(url, "https://", 8) == 0)
|
||||
{
|
||||
httpinfo.use_https = 1;
|
||||
path = strchr(url + 8, '/');
|
||||
}
|
||||
else if (strncmp(url, "http://", 7) == 0)
|
||||
{
|
||||
httpinfo.use_https = 0;
|
||||
path = strchr(url + 7, '/');
|
||||
}
|
||||
else
|
||||
return;
|
||||
if (path == NULL)
|
||||
return;
|
||||
// Get the host
|
||||
int domainlength = path - url - 7 - httpinfo.use_https;
|
||||
char host[domainlength + 1];
|
||||
strlcpy(host, url + 7 + httpinfo.use_https, domainlength + 1);
|
||||
// Start connecting
|
||||
if (getProxyAddress() && getProxyPort() > 0)
|
||||
httpinfo.sock = connect(getProxyAddress(), getProxyPort());
|
||||
else
|
||||
httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80);
|
||||
|
||||
// Check if we're using HTTPS and set the path
|
||||
char *path;
|
||||
if (strncmp(url, "https://", 8) == 0)
|
||||
{
|
||||
httpinfo.use_https = 1;
|
||||
path = strchr(url + 8, '/');
|
||||
}
|
||||
else if (strncmp(url, "http://", 7) == 0)
|
||||
{
|
||||
httpinfo.use_https = 0;
|
||||
path = strchr(url + 7, '/');
|
||||
}
|
||||
else
|
||||
return; // Prevents uninitialized warning
|
||||
|
||||
if (path == NULL)
|
||||
return;
|
||||
|
||||
// Get the host
|
||||
int domainlength = path - url - 7 - httpinfo.use_https;
|
||||
char host[domainlength + 1];
|
||||
strlcpy(host, url + 7 + httpinfo.use_https, domainlength + 1);
|
||||
|
||||
// Start connecting
|
||||
if ((httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80)) < 0)
|
||||
{
|
||||
if (httpinfo.sock < 0)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Failed to connect to %s\n", host);
|
||||
if (httpinfo.sock == -ETIMEDOUT)
|
||||
gprintf("\nFailed to connect (timed out)\n");
|
||||
else
|
||||
gprintf("\nFailed to connect (%i)\n", httpinfo.sock);
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
return;
|
||||
}
|
||||
#ifdef DEBUG_NETWORK
|
||||
else
|
||||
gprintf("Connected\n");
|
||||
gprintf("\nConnected\n");
|
||||
#endif
|
||||
|
||||
if (httpinfo.use_https)
|
||||
{
|
||||
// Create a new SSL context
|
||||
// wolfSSLv23_client_method() works, but resume would require further changes
|
||||
if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
|
||||
{
|
||||
// Connect to a web proxy without credentials
|
||||
if (getProxyAddress() && getProxyPort() > 0)
|
||||
{
|
||||
if (!connect_proxy(&httpinfo, host, getProxyUsername(), getProxyPassword()))
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Failed to create WOLFSSL_CTX\n");
|
||||
gprintf("Failed to connect to proxy (%s:%i)\n", getProxyAddress(), getProxyPort());
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Don't verify certificates
|
||||
wolfSSL_CTX_set_verify(httpinfo.ctx, WOLFSSL_VERIFY_NONE, 0);
|
||||
// Enable SNI
|
||||
if (wolfSSL_CTX_UseSNI(httpinfo.ctx, 0, host, strlen(host)) != WOLFSSL_SUCCESS)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
session = NULL; // Resume doesn't work with a proxy
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Failed to set SNI\n");
|
||||
gprintf("Proxy is ready to receive\n");
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Create a new wolfSSL session
|
||||
if ((httpinfo.ssl = wolfSSL_new(httpinfo.ctx)) == NULL)
|
||||
{
|
||||
}
|
||||
// Setup for HTTPS if it's necessary
|
||||
if (httpinfo.use_https)
|
||||
{
|
||||
// Create a new SSL context
|
||||
// wolfSSLv23_client_method() works but resume would require further changes
|
||||
if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("SSL session creation failed\n");
|
||||
gprintf("Failed to create WOLFSSL_CTX\n");
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Set the file descriptor
|
||||
if (wolfSSL_set_fd(httpinfo.ssl, httpinfo.sock) != SSL_SUCCESS)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Don't verify certificates
|
||||
wolfSSL_CTX_set_verify(httpinfo.ctx, WOLFSSL_VERIFY_NONE, 0);
|
||||
// Enable SNI
|
||||
if (wolfSSL_CTX_UseSNI(httpinfo.ctx, 0, host, strlen(host)) != WOLFSSL_SUCCESS)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Failed to set SSL file descriptor\n");
|
||||
gprintf("Failed to set SNI\n");
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Attempt to resume the session
|
||||
if (session != NULL && wolfSSL_set_session(httpinfo.ssl, session) != SSL_SUCCESS)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Custom I/O is essential due to how libogc handles errors
|
||||
wolfSSL_SetIOSend(httpinfo.ctx, send_callback);
|
||||
wolfSSL_SetIORecv(httpinfo.ctx, recv_callback);
|
||||
// Create a new wolfSSL session
|
||||
if ((httpinfo.ssl = wolfSSL_new(httpinfo.ctx)) == NULL)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Failed to set session (session timed out?)\n");
|
||||
gprintf("SSL session creation failed\n");
|
||||
#endif
|
||||
session = NULL;
|
||||
}
|
||||
// Initiate a handshake
|
||||
if (wolfSSL_connect(httpinfo.ssl) != SSL_SUCCESS)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Set the file descriptor
|
||||
if (wolfSSL_set_fd(httpinfo.ssl, httpinfo.sock) != SSL_SUCCESS)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("SSL handshake failed\n");
|
||||
gprintf("Failed to set SSL file descriptor\n");
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Check if we resumed successfully
|
||||
if (session != NULL && !wolfSSL_session_reused(httpinfo.ssl))
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Attempt to resume the session
|
||||
if (session != NULL && wolfSSL_set_session(httpinfo.ssl, session) != SSL_SUCCESS)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Failed to resume session\n");
|
||||
gprintf("Failed to set session (session timed out?)\n");
|
||||
#endif
|
||||
session = NULL;
|
||||
}
|
||||
// Cipher info
|
||||
session = NULL;
|
||||
}
|
||||
// Initiate a handshake
|
||||
u64 time = gettime();
|
||||
while (true)
|
||||
{
|
||||
if (ticks_to_millisecs(diff_ticks(time, gettime())) > CONNECT_TIMEOUT)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
/*char ciphers[4096];
|
||||
gprintf("SSL handshake failed\n");
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
if (wolfSSL_connect(httpinfo.ssl) == SSL_SUCCESS)
|
||||
break;
|
||||
usleep(10000);
|
||||
}
|
||||
// Check if we resumed successfully
|
||||
if (session != NULL && !wolfSSL_session_reused(httpinfo.ssl))
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Failed to resume session\n");
|
||||
#endif
|
||||
session = NULL;
|
||||
}
|
||||
// Cipher info
|
||||
#ifdef DEBUG_NETWORK
|
||||
/*char ciphers[4096];
|
||||
wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
|
||||
gprintf("All supported ciphers: %s\n", ciphers);*/
|
||||
WOLFSSL_CIPHER *cipher = wolfSSL_get_current_cipher(httpinfo.ssl);
|
||||
gprintf("Using: %s - %s\n", wolfSSL_get_version(httpinfo.ssl), wolfSSL_CIPHER_get_name(cipher));
|
||||
WOLFSSL_CIPHER *cipher = wolfSSL_get_current_cipher(httpinfo.ssl);
|
||||
gprintf("Using: %s - %s\n", wolfSSL_get_version(httpinfo.ssl), wolfSSL_CIPHER_get_name(cipher));
|
||||
#endif
|
||||
}
|
||||
|
||||
// Send our request
|
||||
char request[2200];
|
||||
char isgecko[36] = "Cookie: challenge=BitMitigate.com\r\n";
|
||||
int ret, len;
|
||||
if (strcmp(host, "www.geckocodes.org") != 0)
|
||||
memset(isgecko, 0, sizeof(isgecko)); // Not geckocodes, so don't set a cookie
|
||||
|
||||
len = snprintf(request, 2200,
|
||||
}
|
||||
// Send our request
|
||||
char request[2300];
|
||||
char isgecko[36] = "Cookie: challenge=BitMitigate.com\r\n";
|
||||
int ret, len;
|
||||
if (strncmp(host, "www.geckocodes.org", 18) != 0)
|
||||
memset(isgecko, 0, sizeof(isgecko)); // Not geckocodes, so don't set a cookie
|
||||
len = snprintf(request, sizeof(request),
|
||||
"GET %s HTTP/1.1\r\n"
|
||||
"Host: %s\r\n"
|
||||
"User-Agent: WiiFlow-Lite\r\n"
|
||||
@ -365,132 +484,95 @@ void downloadfile(const char *url, struct download *buffer)
|
||||
"Pragma: no-cache\r\n"
|
||||
"Cache-Control: no-cache\r\n\r\n",
|
||||
path, host, isgecko);
|
||||
if ((ret = https_write(&httpinfo, request, len)) != len)
|
||||
{
|
||||
if ((ret = https_write(&httpinfo, request, len, false)) != len)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("https_write error: %i\n", ret);
|
||||
gprintf("https_write error: %i\n", ret);
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if we want a response
|
||||
if (buffer->skip_response)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Check if we want a response
|
||||
if (buffer->skip_response)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Sent request to %s and skipping response\n", host);
|
||||
gprintf("Sent request to %s and skipping response\n", host);
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
|
||||
// Get the response
|
||||
char response[4096];
|
||||
struct phr_header headers[100];
|
||||
int pret, minor_version, status, dl_valid;
|
||||
size_t buflen = 0, prevbuflen = 0, num_headers, msg_len;
|
||||
ssize_t rret;
|
||||
const char *msg;
|
||||
|
||||
while (1)
|
||||
{
|
||||
// Read the response
|
||||
while ((rret = https_read(&httpinfo, &response[buflen], 1)) == -1 && errno == EINTR)
|
||||
;
|
||||
if (rret <= 0)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Get the response
|
||||
HTTP_RESPONSE response = {0};
|
||||
if (!get_response(&httpinfo, &response, false))
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// The website wants to redirect us
|
||||
if (response.status == 301 || response.status == 302)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
if (loop == REDIRECT_LIMIT)
|
||||
{
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("rret error %i\n", rret);
|
||||
gprintf("Reached redirect limit\n");
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
prevbuflen = buflen;
|
||||
buflen += rret;
|
||||
// Parse the response
|
||||
num_headers = sizeof(headers) / sizeof(headers[0]);
|
||||
pret = phr_parse_response(response, buflen, &minor_version, &status, &msg, &msg_len, headers, &num_headers, prevbuflen);
|
||||
if (pret > 0)
|
||||
break; // Successfully parsed the response
|
||||
else if (pret == -1)
|
||||
{
|
||||
return;
|
||||
}
|
||||
loop++;
|
||||
char location[2049];
|
||||
if (!get_header_value(response.headers, response.num_headers, location, "location"))
|
||||
return;
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("pret error %i\n", pret);
|
||||
gprintf("Redirect #%i - %s\n", loop, location);
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Response is incomplete so continue the loop
|
||||
if (buflen == sizeof(response))
|
||||
{
|
||||
downloadfile(location, buffer);
|
||||
return;
|
||||
}
|
||||
// It's not 301 or 302, so reset the loop
|
||||
loop = 0;
|
||||
// We got what we wanted
|
||||
if (response.status == 200)
|
||||
{
|
||||
buffer->data = MEM2_alloc(4096);
|
||||
memcpy(buffer->data, &response.data[response.pret], response.buflen - response.pret);
|
||||
// Determine how to read the data
|
||||
bool dl_valid;
|
||||
if (is_chunked(response.headers, response.num_headers))
|
||||
dl_valid = read_chunked(&httpinfo, buffer, response.buflen - response.pret);
|
||||
else
|
||||
{
|
||||
buffer->content_length = get_header_value_int(response.headers, response.num_headers, "content-length");
|
||||
dl_valid = read_all(&httpinfo, buffer, response.buflen - response.pret);
|
||||
}
|
||||
// Check if the download is incomplete
|
||||
if (!dl_valid || buffer->size < 1)
|
||||
{
|
||||
buffer->size = 0;
|
||||
MEM2_free(buffer->data);
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("buflen error %i\n", buflen);
|
||||
gprintf("Removed incomplete download\n");
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// The website wants to redirect us
|
||||
if (status == 301 || status == 302)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
if (loop == REDIRECT_LIMIT)
|
||||
{
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Save the session
|
||||
if (httpinfo.use_https)
|
||||
session = wolfSSL_get_session(httpinfo.ssl);
|
||||
// Finished
|
||||
https_close(&httpinfo);
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Reached redirect limit\n");
|
||||
gprintf("Download size: %llu\n", (long long)buffer->size);
|
||||
gprintf("------------- HEADERS -------------\n");
|
||||
for (size_t i = 0; i != response.num_headers; ++i)
|
||||
gprintf("%.*s: %.*s\n", (int)response.headers[i].name_len, response.headers[i].name, (int)response.headers[i].value_len, response.headers[i].value);
|
||||
gprintf("------------ COMPLETED ------------\n");
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
loop++;
|
||||
char location[2100] = {};
|
||||
if (!get_header_value(headers, num_headers, location, "location"))
|
||||
return;
|
||||
return;
|
||||
}
|
||||
// Close on all other status codes
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Redirect #%i - %s\n", loop, location);
|
||||
gprintf("Status code: %i - %s\n", response.status, url);
|
||||
#endif
|
||||
downloadfile(location, buffer);
|
||||
return;
|
||||
}
|
||||
// It's not 301 or 302, so reset the loop
|
||||
loop = 0;
|
||||
// We got what we wanted
|
||||
if (status == 200)
|
||||
{
|
||||
buffer->data = MEM2_alloc(4096);
|
||||
memcpy(buffer->data, &response[pret], buflen - pret);
|
||||
// Determine how to read the data
|
||||
if (is_chunked(headers, num_headers))
|
||||
dl_valid = read_chunked(&httpinfo, buffer, buflen - pret);
|
||||
else
|
||||
dl_valid = read_all(&httpinfo, buffer, buflen - pret);
|
||||
// Check if the download is incomplete
|
||||
if (!dl_valid || buffer->size <= 0)
|
||||
{
|
||||
buffer->size = 0;
|
||||
MEM2_free(buffer->data);
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Removed incomplete download\n");
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
return;
|
||||
}
|
||||
// Save the session
|
||||
if (httpinfo.use_https)
|
||||
session = wolfSSL_get_session(httpinfo.ssl);
|
||||
// Finished
|
||||
https_close(&httpinfo);
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Download size: %llu\n", buffer->size);
|
||||
gprintf("Headers:\n");
|
||||
for (size_t i = 0; i != num_headers; ++i)
|
||||
gprintf("%.*s: %.*s\n", (int)headers[i].name_len, headers[i].name, (int)headers[i].value_len, headers[i].value);
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
// Close on all other status codes
|
||||
#ifdef DEBUG_NETWORK
|
||||
gprintf("Status code: %i - %s\n", status, url);
|
||||
#endif
|
||||
https_close(&httpinfo);
|
||||
https_close(&httpinfo);
|
||||
}
|
||||
|
@ -1,11 +1,14 @@
|
||||
// Code by blackb0x @ GBAtemp.net
|
||||
// This allows the Wii to download from servers that use SNI.
|
||||
|
||||
/*
|
||||
Code by blackb0x @ GBAtemp.net
|
||||
This allows the Wii to download from servers that use SNI.
|
||||
*/
|
||||
#ifndef _HTTPS_H_
|
||||
#define _HTTPS_H_
|
||||
|
||||
#include <libwolfssl/ssl.h>
|
||||
|
||||
#include "dns.h"
|
||||
#include "picohttpparser.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
@ -14,26 +17,38 @@ extern "C"
|
||||
|
||||
// #define DEBUG_NETWORK
|
||||
#define REDIRECT_LIMIT 3
|
||||
#define TCP_CONNECT_TIMEOUT 5000
|
||||
#define READ_WRITE_TIMEOUT 5000
|
||||
#define CONNECT_TIMEOUT 10000
|
||||
#define READ_WRITE_TIMEOUT 20000
|
||||
#define BLOCK_SIZE 8192
|
||||
|
||||
struct download
|
||||
{
|
||||
u8 skip_response; // Used by WiinnerTag
|
||||
u64 size;
|
||||
char *data;
|
||||
};
|
||||
struct download
|
||||
{
|
||||
bool skip_response; // Used by WiinnerTag
|
||||
u64 content_length;
|
||||
u64 size;
|
||||
char *data;
|
||||
};
|
||||
|
||||
typedef struct
|
||||
{
|
||||
u8 use_https;
|
||||
s32 sock;
|
||||
WOLFSSL *ssl;
|
||||
WOLFSSL_CTX *ctx;
|
||||
} HTTP_INFO;
|
||||
typedef struct
|
||||
{
|
||||
int status;
|
||||
int pret;
|
||||
size_t num_headers;
|
||||
size_t buflen;
|
||||
struct phr_header headers[100];
|
||||
char data[4096];
|
||||
} HTTP_RESPONSE;
|
||||
|
||||
void downloadfile(const char *url, struct download *buffer);
|
||||
int wolfSSL_CTX_UseSNI(WOLFSSL_CTX *ctx, unsigned char type, const void *data, unsigned short size);
|
||||
typedef struct
|
||||
{
|
||||
u8 use_https;
|
||||
s32 sock;
|
||||
WOLFSSL *ssl;
|
||||
WOLFSSL_CTX *ctx;
|
||||
} HTTP_INFO;
|
||||
|
||||
void downloadfile(const char *url, struct download *buffer);
|
||||
int wolfSSL_CTX_UseSNI(WOLFSSL_CTX *ctx, unsigned char type, const void *data, unsigned short size);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -355,10 +355,12 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
|
||||
ADVANCE_TOKEN(*method, *method_len);
|
||||
do {
|
||||
++buf;
|
||||
CHECK_EOF();
|
||||
} while (*buf == ' ');
|
||||
ADVANCE_TOKEN(*path, *path_len);
|
||||
do {
|
||||
++buf;
|
||||
CHECK_EOF();
|
||||
} while (*buf == ' ');
|
||||
if (*method_len == 0 || *path_len == 0) {
|
||||
*ret = -1;
|
||||
@ -422,6 +424,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
|
||||
}
|
||||
do {
|
||||
++buf;
|
||||
CHECK_EOF();
|
||||
} while (*buf == ' ');
|
||||
/* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */
|
||||
if (buf_end - buf < 4) {
|
||||
@ -437,7 +440,8 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
|
||||
if (*msg_len == 0) {
|
||||
/* ok */
|
||||
} else if (**msg == ' ') {
|
||||
/* remove preceding space */
|
||||
/* Remove preceding space. Successful return from `get_token_to_eol` guarantees that we would hit something other than SP
|
||||
* before running past the end of the given buffer. */
|
||||
do {
|
||||
++*msg;
|
||||
--*msg_len;
|
||||
|
73
source/network/proxysettings.cpp
Normal file
73
source/network/proxysettings.cpp
Normal file
@ -0,0 +1,73 @@
|
||||
|
||||
#include <ogcsys.h>
|
||||
#include <ogc/isfs.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "proxysettings.h"
|
||||
#include "menu/menu.hpp"
|
||||
|
||||
#define ALIGN32(x) (((x) + 31) & ~31)
|
||||
|
||||
bool proxy_enabled;
|
||||
char proxy_address[256];
|
||||
u16 proxy_port;
|
||||
char proxy_username[33];
|
||||
char proxy_password[33];
|
||||
|
||||
void getProxyInfo()
|
||||
{
|
||||
char *buffer;
|
||||
int fd = ISFS_Open("/shared2/sys/net/02/config.dat", ISFS_OPEN_READ);
|
||||
if (fd >= 0)
|
||||
{
|
||||
fstats stats ATTRIBUTE_ALIGN(32) = {};
|
||||
if(ISFS_GetFileStats(fd, &stats) >= 0)
|
||||
{
|
||||
if (stats.file_length > 0)
|
||||
{
|
||||
buffer = (char*)MEM2_alloc(ALIGN32(stats.file_length));
|
||||
if (buffer)
|
||||
{
|
||||
if(ISFS_Read(fd, buffer, stats.file_length) == 7004)
|
||||
{
|
||||
proxy_enabled = buffer[44];
|
||||
strncpy(proxy_address, buffer + 48, sizeof(proxy_address) - 1);
|
||||
proxy_port = ((buffer[304] & 0xFF) << 8) | (buffer[305] & 0xFF);
|
||||
strncpy(proxy_username, buffer + 306, sizeof(proxy_username) - 1);
|
||||
strncpy(proxy_password, buffer + 338, sizeof(proxy_password) - 1);
|
||||
}
|
||||
}
|
||||
MEM2_free(buffer);
|
||||
}
|
||||
}
|
||||
ISFS_Close(fd);
|
||||
}
|
||||
}
|
||||
|
||||
char* getProxyAddress()
|
||||
{
|
||||
if (mainMenu.proxyUseSystem)
|
||||
return proxy_enabled ? proxy_address : NULL;
|
||||
return (strlen(mainMenu.proxyAddress) > 6) ? mainMenu.proxyAddress : NULL;
|
||||
}
|
||||
|
||||
u16 getProxyPort()
|
||||
{
|
||||
if (mainMenu.proxyUseSystem)
|
||||
return proxy_enabled ? proxy_port : 0;
|
||||
return mainMenu.proxyPort;
|
||||
}
|
||||
|
||||
char* getProxyUsername()
|
||||
{
|
||||
if (mainMenu.proxyUseSystem)
|
||||
return proxy_enabled ? proxy_username : NULL;
|
||||
return (strlen(mainMenu.proxyUsername) > 0) ? mainMenu.proxyUsername : NULL;
|
||||
}
|
||||
|
||||
char* getProxyPassword()
|
||||
{
|
||||
if (mainMenu.proxyUseSystem)
|
||||
return proxy_enabled ? proxy_password : NULL;
|
||||
return (strlen(mainMenu.proxyPassword) > 0) ? mainMenu.proxyPassword : NULL;
|
||||
}
|
18
source/network/proxysettings.h
Normal file
18
source/network/proxysettings.h
Normal file
@ -0,0 +1,18 @@
|
||||
|
||||
#ifndef _PROXYSETTINGS_
|
||||
#define _PROXYSETTINGS_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
void getProxyInfo();
|
||||
char *getProxyAddress();
|
||||
u16 getProxyPort();
|
||||
char *getProxyUsername();
|
||||
char *getProxyPassword();
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* _PROXYSETTINGS_ */
|
Loading…
Reference in New Issue
Block a user