Add proxy support, fix timeouts & update wolfSSL

This commit is contained in:
wiidev 2020-09-07 21:27:42 +01:00
parent 144e7669ed
commit a80d629859
68 changed files with 3049 additions and 1932 deletions

File diff suppressed because it is too large Load Diff

View File

@ -167,6 +167,8 @@ enum wolfSSL_ErrorCodes {
CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */ CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */
SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */ SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */
TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */ TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */
DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */

View File

@ -72,6 +72,9 @@
#ifndef NO_SHA256 #ifndef NO_SHA256
#include <libwolfssl/wolfcrypt/sha256.h> #include <libwolfssl/wolfcrypt/sha256.h>
#endif #endif
#if defined(WOLFSSL_SHA384)
#include <libwolfssl/wolfcrypt/sha512.h>
#endif
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
#include <libwolfssl/ocsp.h> #include <libwolfssl/ocsp.h>
#endif #endif
@ -183,9 +186,11 @@
/* do nothing */ /* do nothing */
#else #else
#ifndef SINGLE_THREADED #ifndef SINGLE_THREADED
#ifndef WOLFSSL_USER_MUTEX
#define WOLFSSL_PTHREADS #define WOLFSSL_PTHREADS
#include <pthread.h> #include <pthread.h>
#endif #endif
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
#include <unistd.h> /* for close of BIO */ #include <unistd.h> /* for close of BIO */
#endif #endif
@ -858,11 +863,13 @@
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \
@ -906,7 +913,7 @@
#define BUILD_DES3 #define BUILD_DES3
#endif #endif
#if defined(NO_AES) || defined(NO_AES_DECRYPT) #if defined(NO_AES) || !defined(HAVE_AES_DECRYPT)
#define AES_BLOCK_SIZE 16 #define AES_BLOCK_SIZE 16
#undef BUILD_AES #undef BUILD_AES
#else #else
@ -1165,7 +1172,8 @@ enum {
#ifndef MAX_PSK_ID_LEN #ifndef MAX_PSK_ID_LEN
/* max psk identity/hint supported */ /* max psk identity/hint supported */
#if defined(WOLFSSL_TLS13) #if defined(WOLFSSL_TLS13)
#define MAX_PSK_ID_LEN 256 /* OpenSSL has a 1472 byte sessiont ticket */
#define MAX_PSK_ID_LEN 1536
#else #else
#define MAX_PSK_ID_LEN 128 #define MAX_PSK_ID_LEN 128
#endif #endif
@ -1207,19 +1215,6 @@ enum Misc {
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
#ifdef WOLFSSL_TLS13_DRAFT
#ifdef WOLFSSL_TLS13_DRAFT_18
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
#elif defined(WOLFSSL_TLS13_DRAFT_22)
TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */
#elif defined(WOLFSSL_TLS13_DRAFT_23)
TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */
#elif defined(WOLFSSL_TLS13_DRAFT_26)
TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */
#else
TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */
#endif
#endif
OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
NO_COMPRESSION = 0, NO_COMPRESSION = 0,
@ -1355,10 +1350,21 @@ enum Misc {
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
#else #else
#if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
#if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48
MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE,
#elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32
MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE,
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#endif #endif
#ifdef HAVE_SELFTEST #if defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM #define WOLFSSL_AES_KEY_SIZE_ENUM
AES_IV_SIZE = 16, AES_IV_SIZE = 16,
@ -1502,7 +1508,7 @@ enum Misc {
/* number of items in the signature algo list */ /* number of items in the signature algo list */
#ifndef WOLFSSL_MAX_SIGALGO #ifndef WOLFSSL_MAX_SIGALGO
#define WOLFSSL_MAX_SIGALGO 32 #define WOLFSSL_MAX_SIGALGO 36
#endif #endif
@ -1590,6 +1596,7 @@ enum states {
SERVER_HELLO_COMPLETE, SERVER_HELLO_COMPLETE,
SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
SERVER_CERT_COMPLETE, SERVER_CERT_COMPLETE,
SERVER_CERT_VERIFY_COMPLETE,
SERVER_KEYEXCHANGE_COMPLETE, SERVER_KEYEXCHANGE_COMPLETE,
SERVER_HELLODONE_COMPLETE, SERVER_HELLODONE_COMPLETE,
SERVER_CHANGECIPHERSPEC_COMPLETE, SERVER_CHANGECIPHERSPEC_COMPLETE,
@ -1657,6 +1664,10 @@ WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
/* for sniffer */ /* for sniffer */
WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 size, word32 totalSz, int sniff); word32 size, word32 totalSz, int sniff);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 size, word32 totalSz, int sniff);
#endif
WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
/* TLS v1.3 needs these */ /* TLS v1.3 needs these */
WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
@ -1688,16 +1699,15 @@ WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
#ifndef NO_CERTS #ifndef NO_CERTS
WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN);
#ifdef OPENSSL_EXTRA WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc);
WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc);
#endif
#endif #endif
WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* output, int sz);
WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
int ivSz); int ivSz);
WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
#endif #endif
@ -1840,11 +1850,10 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define MAX_DESCRIPTION_SZ 255 #define MAX_DESCRIPTION_SZ 255
#endif #endif
/* wolfSSL Cipher type just points back to SSL */
struct WOLFSSL_CIPHER { struct WOLFSSL_CIPHER {
byte cipherSuite0; byte cipherSuite0;
byte cipherSuite; byte cipherSuite;
WOLFSSL* ssl; const WOLFSSL* ssl;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
char description[MAX_DESCRIPTION_SZ]; char description[MAX_DESCRIPTION_SZ];
unsigned long offset; unsigned long offset;
@ -2015,8 +2024,7 @@ WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
#ifndef NO_CERTS #ifndef NO_CERTS
#if !defined NOCERTS &&\ #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
(!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
typedef struct ProcPeerCertArgs { typedef struct ProcPeerCertArgs {
buffer* certs; buffer* certs;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
@ -2132,8 +2140,10 @@ typedef struct Keys {
byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
#endif #endif
#ifdef WOLFSSL_RENESAS_TSIP_TLS #ifdef WOLFSSL_RENESAS_TSIP_TLS
byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret;
tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret;
#endif #endif
} Keys; } Keys;
@ -2151,13 +2161,14 @@ typedef enum {
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
TLSX_EC_POINT_FORMATS = 0x000b, TLSX_EC_POINT_FORMATS = 0x000b,
#if !defined(WOLFSSL_NO_SIGALG) #if !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS = 0x000d, TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */
#endif #endif
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
#endif #endif
TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
TLSX_SESSION_TICKET = 0x0023, TLSX_SESSION_TICKET = 0x0023,
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
@ -2175,12 +2186,8 @@ typedef enum {
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TLSX_POST_HANDSHAKE_AUTH = 0x0031, TLSX_POST_HANDSHAKE_AUTH = 0x0031,
#endif #endif
#if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22)
TLSX_KEY_SHARE = 0x0028,
#else
TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
TLSX_KEY_SHARE = 0x0033, TLSX_KEY_SHARE = 0x0033,
#endif
#endif #endif
TLSX_RENEGOTIATION_INFO = 0xff01 TLSX_RENEGOTIATION_INFO = 0xff01
} TLSX_Type; } TLSX_Type;
@ -2522,7 +2529,6 @@ WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
#ifndef WOLFSSL_TLS13_DRAFT_18
/* Ticket nonce - for deriving PSK. /* Ticket nonce - for deriving PSK.
* Length allowed to be: 1..255. Only support 4 bytes. * Length allowed to be: 1..255. Only support 4 bytes.
*/ */
@ -2530,7 +2536,6 @@ typedef struct TicketNonce {
byte len; byte len;
byte data[MAX_TICKET_NONCE_SZ]; byte data[MAX_TICKET_NONCE_SZ];
} TicketNonce; } TicketNonce;
#endif
/* The PreSharedKey extension information - entry in a linked list. */ /* The PreSharedKey extension information - entry in a linked list. */
typedef struct PreSharedKey { typedef struct PreSharedKey {
@ -2586,6 +2591,13 @@ enum DeriveKeyType {
update_traffic_key update_traffic_key
}; };
WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl);
WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl);
WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store);
WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl);
WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret);
WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key);
/* The key update request values for KeyUpdate message. */ /* The key update request values for KeyUpdate message. */
enum KeyUpdateRequest { enum KeyUpdateRequest {
update_not_requested, update_not_requested,
@ -2602,6 +2614,14 @@ enum SetCBIO {
}; };
#endif #endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
typedef struct {
int keyAlgo;
DerBuffer* key;
} StaticKeyExchangeInfo_t;
#endif
/* wolfSSL context type */ /* wolfSSL context type */
struct WOLFSSL_CTX { struct WOLFSSL_CTX {
WOLFSSL_METHOD* method; WOLFSSL_METHOD* method;
@ -2710,9 +2730,7 @@ struct WOLFSSL_CTX {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum ECC key size */ short minEccKeySz; /* minimum ECC key size */
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
unsigned long mask; /* store SSL_OP_ flags */ unsigned long mask; /* store SSL_OP_ flags */
#endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
byte sessionCtx[ID_LEN]; /* app session context ID */ byte sessionCtx[ID_LEN]; /* app session context ID */
word32 disabledCurves; /* curves disabled by user */ word32 disabledCurves; /* curves disabled by user */
@ -2755,6 +2773,7 @@ struct WOLFSSL_CTX {
wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
#endif #endif
void* psk_ctx;
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
#endif /* HAVE_SESSION_TICKET || !NO_PSK */ #endif /* HAVE_SESSION_TICKET || !NO_PSK */
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
@ -2771,7 +2790,7 @@ struct WOLFSSL_CTX {
pem_password_cb* passwd_cb; pem_password_cb* passwd_cb;
void* passwd_userdata; void* passwd_userdata;
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
byte readAhead; byte readAhead;
@ -2887,6 +2906,9 @@ struct WOLFSSL_CTX {
Srp* srp; /* TLS Secure Remote Password Protocol*/ Srp* srp; /* TLS Secure Remote Password Protocol*/
byte* srp_password; byte* srp_password;
#endif #endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
StaticKeyExchangeInfo_t staticKE;
#endif
}; };
WOLFSSL_LOCAL WOLFSSL_LOCAL
@ -2950,7 +2972,6 @@ enum KeyExchangeAlgorithm {
ecc_static_diffie_hellman_kea /* for verify suite only */ ecc_static_diffie_hellman_kea /* for verify suite only */
}; };
/* Supported Authentication Schemes */ /* Supported Authentication Schemes */
enum SignatureAlgorithm { enum SignatureAlgorithm {
anonymous_sa_algo = 0, anonymous_sa_algo = 0,
@ -3009,6 +3030,13 @@ enum CipherType { aead };
#define CIPHER_NONCE #define CIPHER_NONCE
#endif #endif
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
enum CipherSrc {
KEYS_NOT_SET = 0,
KEYS, /* keys from ssl->keys are loaded */
SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */
};
#endif
/* cipher for now */ /* cipher for now */
typedef struct Ciphers { typedef struct Ciphers {
@ -3048,6 +3076,10 @@ typedef struct Ciphers {
#endif #endif
byte state; byte state;
byte setup; /* have we set it up flag for detection */ byte setup; /* have we set it up flag for detection */
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
enum CipherSrc src; /* DTLS uses this to determine which keys
* are currently loaded */
#endif
} Ciphers; } Ciphers;
@ -3149,6 +3181,8 @@ struct WOLFSSL_SESSION {
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
byte sessionCtxSz; /* sessionCtx length */ byte sessionCtxSz; /* sessionCtx length */
byte sessionCtx[ID_LEN]; /* app specific context id */ byte sessionCtx[ID_LEN]; /* app specific context id */
wolfSSL_Mutex refMutex; /* ref count mutex */
int refCount; /* reference count */
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
word16 namedGroup; word16 namedGroup;
@ -3157,10 +3191,8 @@ struct WOLFSSL_SESSION {
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
word32 ticketSeen; /* Time ticket seen (ms) */ word32 ticketSeen; /* Time ticket seen (ms) */
word32 ticketAdd; /* Added by client */ word32 ticketAdd; /* Added by client */
#ifndef WOLFSSL_TLS13_DRAFT_18
TicketNonce ticketNonce; /* Nonce used to derive PSK */ TicketNonce ticketNonce; /* Nonce used to derive PSK */
#endif #endif
#endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
word32 maxEarlyDataSz; word32 maxEarlyDataSz;
#endif #endif
@ -3171,7 +3203,7 @@ struct WOLFSSL_SESSION {
byte staticTicket[SESSION_TICKET_LEN]; byte staticTicket[SESSION_TICKET_LEN];
byte isDynamic; byte isDynamic;
#endif #endif
#ifdef HAVE_EXT_CACHE #if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA)
byte isAlloced; byte isAlloced;
#endif #endif
#ifdef HAVE_EX_DATA #ifdef HAVE_EX_DATA
@ -3185,7 +3217,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
WOLFSSL_LOCAL WOLFSSL_LOCAL
int SetSession(WOLFSSL*, WOLFSSL_SESSION*); int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
#ifndef NO_CLIENT_CACHE #ifndef NO_CLIENT_CACHE
WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
@ -3346,8 +3378,9 @@ typedef struct Options {
wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
#endif #endif
void* psk_ctx;
#endif /* NO_PSK */ #endif /* NO_PSK */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
unsigned long mask; /* store SSL_OP_ flags */ unsigned long mask; /* store SSL_OP_ flags */
#endif #endif
@ -3587,15 +3620,15 @@ struct WOLFSSL_X509_NAME {
char staticName[ASN_NAME_MAX]; char staticName[ASN_NAME_MAX];
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_ASN) !defined(NO_ASN)
DecodedName fullName; int entrySz; /* number of entries */
WOLFSSL_X509_NAME_ENTRY cnEntry; WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
WOLFSSL_X509* x509; /* x509 that struct belongs to */ WOLFSSL_X509* x509; /* x509 that struct belongs to */
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
byte raw[ASN_NAME_MAX]; byte raw[ASN_NAME_MAX];
int rawLen; int rawLen;
#endif #endif
void* heap;
}; };
#ifndef EXTERNAL_SERIAL_SIZE #ifndef EXTERNAL_SERIAL_SIZE
@ -3741,6 +3774,7 @@ typedef struct DtlsMsg {
byte* msg; byte* msg;
DtlsFrag* fragList; DtlsFrag* fragList;
word32 fragSz; /* Length of fragments received */ word32 fragSz; /* Length of fragments received */
word16 epoch; /* Epoch that this message belongs to */
word32 seq; /* Handshake sequence number */ word32 seq; /* Handshake sequence number */
word32 sz; /* Length of whole message */ word32 sz; /* Length of whole message */
byte type; byte type;
@ -3810,6 +3844,20 @@ typedef struct HS_Hashes {
} HS_Hashes; } HS_Hashes;
#ifndef WOLFSSL_NO_TLS12
/* Persistable BuildMessage arguments */
typedef struct BuildMsgArgs {
word32 digestSz;
word32 sz;
word32 pad;
word32 idx;
word32 headerSz;
word16 size;
word32 ivSz; /* TLSv1.1 IV */
byte* iv;
} BuildMsgArgs;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
#define MAX_ASYNC_ARGS 18 #define MAX_ASYNC_ARGS 18
typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
@ -3818,6 +3866,7 @@ typedef struct HS_Hashes {
WC_ASYNC_DEV* dev; WC_ASYNC_DEV* dev;
FreeArgsCb freeArgs; /* function pointer to cleanup args */ FreeArgsCb freeArgs; /* function pointer to cleanup args */
word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
BuildMsgArgs buildArgs; /* holder for current BuildMessage args */
}; };
#endif #endif
@ -3971,11 +4020,9 @@ struct WOLFSSL {
#endif #endif
word16 pssAlgo; word16 pssAlgo;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
#if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
* offer */ * offer */
#endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
#endif #endif
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
word16 peerNtruKeyLen; word16 peerNtruKeyLen;
@ -4202,6 +4249,9 @@ struct WOLFSSL {
WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
#endif #endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
StaticKeyExchangeInfo_t staticKE;
#endif
}; };
@ -4221,10 +4271,8 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
int type, WOLFSSL* ssl, int userChain, int type, WOLFSSL* ssl, int userChain,
WOLFSSL_CRL* crl, int verify); WOLFSSL_CRL* crl, int verify);
#ifdef OPENSSL_EXTRA WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
size_t domainNameLen); size_t domainNameLen);
#endif
#endif #endif
@ -4333,12 +4381,8 @@ WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
#ifdef WOLFSSL_TLS13_DRAFT_18
WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
#else
WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
#endif #endif
#endif
WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
@ -4464,7 +4508,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
#ifndef WOLFSSL_AEAD_ONLY #ifndef WOLFSSL_AEAD_ONLY
WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
word32 sz, int padSz, int content, int verify); word32 sz, int padSz, int content, int verify, int epochOrder);
#endif #endif
#endif #endif
@ -4486,24 +4530,30 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte,
word32, word32, void*); word32, word32, void*);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32);
WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32, WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32,
byte, word32, word32, void*); byte, word32, word32, void*);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType);
WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head);
WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
#ifndef NO_TLS #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl);
WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order);
#endif
WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out);
#endif /* NO_TLS */
#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
@ -4511,8 +4561,8 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL word32 LowResTimer(void); WOLFSSL_LOCAL word32 LowResTimer(void);
#ifndef NO_CERTS #ifndef NO_CERTS
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*);
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap); WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
@ -4598,9 +4648,13 @@ WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
#ifndef WOLFSSL_NO_TLS12
WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args);
#endif
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type, int hashOutput, const byte* input, int inSz, int type, int hashOutput,
int sizeOnly, int asyncOkay); int sizeOnly, int asyncOkay, int epochOrder);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,

Binary file not shown.

View File

@ -107,7 +107,7 @@ typedef enum {
} WOLFSSL_ASN1_TYPES; } WOLFSSL_ASN1_TYPES;
#define ASN1_SEQUENCE(type) \ #define ASN1_SEQUENCE(type) \
static const type __##type##_dummy_struct;\ static type __##type##_dummy_struct;\
static const WOLFSSL_ASN1_TEMPLATE type##_member_data[] static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
#define ASN1_SIMPLE(type, member, member_type) \ #define ASN1_SIMPLE(type, member, member_type) \

View File

@ -33,11 +33,11 @@
#endif #endif
#define BIO_FLAG_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL #define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
#define BIO_FLAG_READ WOLFSSL_BIO_FLAG_READ #define BIO_FLAGS_READ WOLFSSL_BIO_FLAG_READ
#define BIO_FLAG_WRITE WOLFSSL_BIO_FLAG_WRITE #define BIO_FLAGS_WRITE WOLFSSL_BIO_FLAG_WRITE
#define BIO_FLAG_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL #define BIO_FLAGS_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL
#define BIO_FLAG_RETRY WOLFSSL_BIO_FLAG_RETRY #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
#define BIO_new_fp wolfSSL_BIO_new_fp #define BIO_new_fp wolfSSL_BIO_new_fp
#define BIO_new_file wolfSSL_BIO_new_file #define BIO_new_file wolfSSL_BIO_new_file

View File

@ -80,6 +80,8 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
unsigned char* sig, unsigned char* sig,
WOLFSSL_DSA* dsa, int *dsacheck); WOLFSSL_DSA* dsa, int *dsacheck);
WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void); WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig); WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,

View File

@ -148,12 +148,21 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
WOLFSSL_API WOLFSSL_API
int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out); int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
WOLFSSL_API WOLFSSL_API
WOLFSSL_EC_KEY *wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY **key, const unsigned char **in,
long len);
WOLFSSL_API
int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
WOLFSSL_API
void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form); void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form);
WOLFSSL_API WOLFSSL_API
WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *p, const WOLFSSL_EC_POINT *p,
char form, char form,
WOLFSSL_BIGNUM *in, WOLFSSL_BN_CTX *ctx); WOLFSSL_BIGNUM *in, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_is_on_curve(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *point,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API WOLFSSL_API
int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
@ -198,6 +207,8 @@ WOLFSSL_API
int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
WOLFSSL_BN_CTX *ctx); WOLFSSL_BN_CTX *ctx);
WOLFSSL_API WOLFSSL_API
WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_dup(const WOLFSSL_EC_GROUP *src);
WOLFSSL_API
int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group); int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
WOLFSSL_API WOLFSSL_API
int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group); int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
@ -228,11 +239,18 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_BIGNUM *y, const WOLFSSL_BIGNUM *y,
WOLFSSL_BN_CTX *ctx); WOLFSSL_BN_CTX *ctx);
WOLFSSL_API WOLFSSL_API
int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_EC_POINT *p1,
const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_BIGNUM *n, const WOLFSSL_BIGNUM *n,
const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
WOLFSSL_BN_CTX *ctx); WOLFSSL_BN_CTX *ctx);
WOLFSSL_API WOLFSSL_API
int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *a,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point); void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
WOLFSSL_API WOLFSSL_API
int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
@ -277,6 +295,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag #define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name #define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name
#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp #define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp
#define EC_GROUP_dup wolfSSL_EC_GROUP_dup
#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name #define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name
#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree #define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree
#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order #define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
@ -291,7 +310,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
wolfSSL_EC_POINT_get_affine_coordinates_GFp wolfSSL_EC_POINT_get_affine_coordinates_GFp
#define EC_POINT_set_affine_coordinates_GFp \ #define EC_POINT_set_affine_coordinates_GFp \
wolfSSL_EC_POINT_set_affine_coordinates_GFp wolfSSL_EC_POINT_set_affine_coordinates_GFp
#define EC_POINT_add wolfSSL_EC_POINT_add
#define EC_POINT_mul wolfSSL_EC_POINT_mul #define EC_POINT_mul wolfSSL_EC_POINT_mul
#define EC_POINT_invert wolfSSL_EC_POINT_invert
#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free #define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
#define EC_POINT_cmp wolfSSL_EC_POINT_cmp #define EC_POINT_cmp wolfSSL_EC_POINT_cmp
#define EC_POINT_copy wolfSSL_EC_POINT_copy #define EC_POINT_copy wolfSSL_EC_POINT_copy
@ -304,7 +325,11 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_POINT_point2oct wolfSSL_EC_POINT_point2oct #define EC_POINT_point2oct wolfSSL_EC_POINT_point2oct
#define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point #define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point
#define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn #define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn
#define EC_POINT_is_on_curve wolfSSL_EC_POINT_is_on_curve
#define i2o_ECPublicKey wolfSSL_i2o_ECPublicKey #define i2o_ECPublicKey wolfSSL_i2o_ECPublicKey
#define i2d_EC_PUBKEY wolfSSL_i2o_ECPublicKey
#define d2i_ECPrivateKey wolfSSL_d2i_ECPrivateKey
#define i2d_ECPrivateKey wolfSSL_i2d_ECPrivateKey
#define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form #define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form
#ifndef HAVE_SELFTEST #ifndef HAVE_SELFTEST

View File

@ -356,10 +356,10 @@ struct WOLFSSL_EVP_CIPHER_CTX {
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
byte* gcmDecryptBuffer; byte* gcmDecryptBuffer;
int gcmDecryptBufferLen; int gcmDecryptBufferLen;
#endif
ALIGN16 unsigned char authTag[AES_BLOCK_SIZE]; ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
int authTagSz; int authTagSz;
#endif #endif
#endif
}; };
struct WOLFSSL_EVP_PKEY_CTX { struct WOLFSSL_EVP_PKEY_CTX {
@ -521,6 +521,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key);
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);

View File

@ -72,6 +72,7 @@ WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx,
WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
unsigned int* len); unsigned int* len);
WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx); WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx);
WOLFSSL_API void wolfSSL_HMAC_CTX_cleanup(WOLFSSL_HMAC_CTX* ctx);
WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx); WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx);
WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx); WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx);
@ -83,6 +84,7 @@ typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
#define HMAC_CTX_init wolfSSL_HMAC_CTX_Init #define HMAC_CTX_init wolfSSL_HMAC_CTX_Init
#define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy #define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy
#define HMAC_CTX_free wolfSSL_HMAC_CTX_free #define HMAC_CTX_free wolfSSL_HMAC_CTX_free
#define HMAC_CTX_cleanup wolfSSL_HMAC_CTX_cleanup
#define HMAC_CTX_reset wolfSSL_HMAC_cleanup #define HMAC_CTX_reset wolfSSL_HMAC_cleanup
#define HMAC_Init_ex wolfSSL_HMAC_Init_ex #define HMAC_Init_ex wolfSSL_HMAC_Init_ex
#define HMAC_Init wolfSSL_HMAC_Init #define HMAC_Init wolfSSL_HMAC_Init

View File

@ -79,6 +79,7 @@ typedef WOLFSSL_X509_NAME X509_NAME;
typedef WOLFSSL_X509_INFO X509_INFO; typedef WOLFSSL_X509_INFO X509_INFO;
typedef WOLFSSL_X509_CHAIN X509_CHAIN; typedef WOLFSSL_X509_CHAIN X509_CHAIN;
/* STACK_OF(ASN1_OBJECT) */
typedef WOLFSSL_STACK EXTENDED_KEY_USAGE; typedef WOLFSSL_STACK EXTENDED_KEY_USAGE;
@ -151,6 +152,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data #define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data
#define set_ex_data wolfSSL_CRYPTO_set_ex_data #define set_ex_data wolfSSL_CRYPTO_set_ex_data
#define get_ex_data wolfSSL_CRYPTO_get_ex_data #define get_ex_data wolfSSL_CRYPTO_get_ex_data
#define CRYPTO_memcmp wolfSSL_CRYPTO_memcmp
/* this function was used to set the default malloc, free, and realloc */ /* this function was used to set the default malloc, free, and realloc */
#define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */ #define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */
@ -174,14 +176,15 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio
#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey
#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free
#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp
#define i2d_PUBKEY wolfSSL_i2d_PUBKEY
#define d2i_PUBKEY wolfSSL_d2i_PUBKEY #define d2i_PUBKEY wolfSSL_d2i_PUBKEY
#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio
#define d2i_PrivateKey wolfSSL_d2i_PrivateKey #define d2i_PrivateKey wolfSSL_d2i_PrivateKey
#define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey #define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey
#define i2d_PrivateKey wolfSSL_i2d_PrivateKey
#define SSL_use_PrivateKey wolfSSL_use_PrivateKey #define SSL_use_PrivateKey wolfSSL_use_PrivateKey
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 #define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 #define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
@ -301,6 +304,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_set_connect_state wolfSSL_set_connect_state #define SSL_set_connect_state wolfSSL_set_connect_state
#define SSL_set_accept_state wolfSSL_set_accept_state #define SSL_set_accept_state wolfSSL_set_accept_state
#define SSL_session_reused wolfSSL_session_reused #define SSL_session_reused wolfSSL_session_reused
#define SSL_SESSION_up_ref wolfSSL_SESSION_up_ref
#define SSL_SESSION_dup wolfSSL_SESSION_dup #define SSL_SESSION_dup wolfSSL_SESSION_dup
#define SSL_SESSION_free wolfSSL_SESSION_free #define SSL_SESSION_free wolfSSL_SESSION_free
#define SSL_is_init_finished wolfSSL_is_init_finished #define SSL_is_init_finished wolfSSL_is_init_finished
@ -340,8 +344,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define DSA_dup_DH wolfSSL_DSA_dup_DH #define DSA_dup_DH wolfSSL_DSA_dup_DH
/* wolfSSL does not support DSA as the cert public key */ /* wolfSSL does not support DSA as the cert public key */
#define EVP_PKEY_get0_DSA(...) NULL #define EVP_PKEY_get0_DSA wolfSSL_EVP_PKEY_get0_DSA
#define DSA_bits(...) 0 #define DSA_bits wolfSSL_DSA_bits
#define i2d_X509_bio wolfSSL_i2d_X509_bio #define i2d_X509_bio wolfSSL_i2d_X509_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio
@ -374,14 +378,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_digest wolfSSL_X509_digest #define X509_digest wolfSSL_X509_digest
#define X509_get_ext_count wolfSSL_X509_get_ext_count #define X509_get_ext_count wolfSSL_X509_get_ext_count
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i #define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
#define X509_get_ext wolfSSL_X509_get_ext #define X509_get_ext wolfSSL_X509_get_ext
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID #define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name #define X509_get_issuer_name wolfSSL_X509_get_issuer_name
#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
#define X509_get_subject_name wolfSSL_X509_get_subject_name #define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_get_pubkey wolfSSL_X509_get_pubkey #define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey #define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore #define X509_get_notBefore wolfSSL_X509_get_notBefore
#define X509_get0_notBefore wolfSSL_X509_get_notBefore
#define X509_get_notAfter wolfSSL_X509_get_notAfter #define X509_get_notAfter wolfSSL_X509_get_notAfter
#define X509_get0_notAfter wolfSSL_X509_get_notAfter
#define X509_get_serialNumber wolfSSL_X509_get_serialNumber #define X509_get_serialNumber wolfSSL_X509_get_serialNumber
#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr #define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index #define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index
@ -407,9 +416,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_check_private_key wolfSSL_X509_check_private_key #define X509_check_private_key wolfSSL_X509_check_private_key
#define X509_check_ca wolfSSL_X509_check_ca #define X509_check_ca wolfSSL_X509_check_ca
#define X509_check_host wolfSSL_X509_check_host #define X509_check_host wolfSSL_X509_check_host
#define X509_check_ip_asc wolfSSL_X509_check_ip_asc
#define X509_email_free wolfSSL_X509_email_free #define X509_email_free wolfSSL_X509_email_free
#define X509_check_issued wolfSSL_X509_check_issued #define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup #define X509_dup wolfSSL_X509_dup
#define X509_add_ext wolfSSL_X509_add_ext
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
@ -422,7 +433,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_push wolfSSL_sk_X509_push #define sk_X509_push wolfSSL_sk_X509_push
#define sk_X509_pop wolfSSL_sk_X509_pop #define sk_X509_pop wolfSSL_sk_X509_pop
#define sk_X509_pop_free wolfSSL_sk_X509_pop_free #define sk_X509_pop_free wolfSSL_sk_X509_pop_free
#define sk_X509_dup wolfSSL_sk_X509_dup #define sk_X509_dup wolfSSL_sk_dup
#define sk_X509_free wolfSSL_sk_X509_free #define sk_X509_free wolfSSL_sk_X509_free
#define sk_X509_EXTENSION_num wolfSSL_sk_X509_EXTENSION_num #define sk_X509_EXTENSION_num wolfSSL_sk_X509_EXTENSION_num
@ -430,7 +441,6 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null #define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null
#define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free #define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free
#define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push #define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push
#define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free
#define X509_INFO_new wolfSSL_X509_INFO_new #define X509_INFO_new wolfSSL_X509_INFO_new
#define X509_INFO_free wolfSSL_X509_INFO_free #define X509_INFO_free wolfSSL_X509_INFO_free
@ -444,6 +454,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free #define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free
#define i2d_X509_NAME wolfSSL_i2d_X509_NAME #define i2d_X509_NAME wolfSSL_i2d_X509_NAME
#define d2i_X509_NAME wolfSSL_d2i_X509_NAME
#define X509_NAME_new wolfSSL_X509_NAME_new #define X509_NAME_new wolfSSL_X509_NAME_new
#define X509_NAME_free wolfSSL_X509_NAME_free #define X509_NAME_free wolfSSL_X509_NAME_free
#define X509_NAME_dup wolfSSL_X509_NAME_dup #define X509_NAME_dup wolfSSL_X509_NAME_dup
@ -568,7 +579,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value #define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents #define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_check_purpose(...) 0 #define X509_check_purpose(...) 0
@ -661,6 +671,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN #define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
#define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT #define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT
#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
@ -850,7 +861,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
/*#if OPENSSL_API_COMPAT < 0x10100000L*/ /*#if OPENSSL_API_COMPAT < 0x10100000L*/
#define CONF_modules_free() #define CONF_modules_free()
#define ENGINE_cleanup() #define ENGINE_cleanup()
#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup
#define SSL_CTX_need_tmp_RSA(ctx) 0 #define SSL_CTX_need_tmp_RSA(ctx) 0
#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 #define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
#define SSL_need_tmp_RSA(ssl) 0 #define SSL_need_tmp_RSA(ssl) 0
@ -887,14 +897,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find #define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find
enum {
GEN_DNS = 0x02, /* ASN_DNS_TYPE */
GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */
GEN_URI = 0x06, /* ASN_URI_TYPE */
GEN_IPADD = 0x07,
GEN_RID = 0x08, /* Registered ID, not supported */
};
#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
@ -910,7 +912,7 @@ enum {
#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero #define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero
#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value #define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ #endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */
#define sk_SSL_CIPHER_dup wolfSSL_sk_SSL_CIPHER_dup #define sk_SSL_CIPHER_dup wolfSSL_sk_dup
#define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free #define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free
#define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find #define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find
@ -919,7 +921,6 @@ enum {
#include <libwolfssl/openssl/pem.h> #include <libwolfssl/openssl/pem.h>
#define SSL_CTRL_CHAIN 88 #define SSL_CTRL_CHAIN 88
#define GEN_IPADD 7
#define ERR_LIB_SSL 20 #define ERR_LIB_SSL 20
#define SSL_R_SHORT_READ 10 #define SSL_R_SHORT_READ 10
#define ERR_R_PEM_LIB 9 #define ERR_R_PEM_LIB 9
@ -959,6 +960,7 @@ enum {
#define SSL_num_renegotiations wolfSSL_num_renegotiations #define SSL_num_renegotiations wolfSSL_num_renegotiations
#define SSL_renegotiate wolfSSL_Rehandshake #define SSL_renegotiate wolfSSL_Rehandshake
#define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support #define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support
#define SSL_renegotiate_pending wolfSSL_SSL_renegotiate_pending
#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg #define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg
#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type #define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type
#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts #define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts
@ -1227,7 +1229,7 @@ enum {
#define X509_OBJECT_free wolfSSL_X509_OBJECT_free #define X509_OBJECT_free wolfSSL_X509_OBJECT_free
#define X509_OBJECT_get_type(x) 0 #define X509_OBJECT_get_type(x) 0
#define OpenSSL_version(x) wolfSSL_lib_version() #define OpenSSL_version(x) wolfSSL_OpenSSL_version()
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */

View File

@ -28,6 +28,8 @@
extern "C" { extern "C" {
#endif #endif
#include <libwolfssl/openssl/conf.h>
typedef void (*wolfSSL_sk_freefunc)(void *); typedef void (*wolfSSL_sk_freefunc)(void *);
WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc); WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);

View File

@ -40,6 +40,7 @@
/* Forward reference */ /* Forward reference */
typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) ( typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
struct WOLFSSL_v3_ext_method *method, struct WOLFSSL_v3_ext_method *method,
void *ext, STACK_OF(CONF_VALUE) *extlist); void *ext, STACK_OF(CONF_VALUE) *extlist);
@ -53,6 +54,7 @@ struct WOLFSSL_v3_ext_method {
int ext_flags; int ext_flags;
void *usr_data; void *usr_data;
X509V3_EXT_D2I d2i; X509V3_EXT_D2I d2i;
X509V3_EXT_I2D i2d;
X509V3_EXT_I2V i2v; X509V3_EXT_I2V i2v;
X509V3_EXT_I2S i2s; X509V3_EXT_I2S i2s;
X509V3_EXT_I2R i2r; X509V3_EXT_I2R i2r;
@ -61,7 +63,7 @@ struct WOLFSSL_v3_ext_method {
struct WOLFSSL_X509_EXTENSION { struct WOLFSSL_X509_EXTENSION {
WOLFSSL_ASN1_OBJECT *obj; WOLFSSL_ASN1_OBJECT *obj;
WOLFSSL_ASN1_BOOLEAN crit; WOLFSSL_ASN1_BOOLEAN crit;
WOLFSSL_ASN1_STRING value; ASN1_OCTET_STRING value; /* DER format of extension */
WOLFSSL_v3_ext_method ext_method; WOLFSSL_v3_ext_method ext_method;
WOLFSSL_STACK* ext_sk; /* For extension specific data */ WOLFSSL_STACK* ext_sk; /* For extension specific data */
}; };
@ -86,7 +88,9 @@ typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS; typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;
WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc); WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc);
WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void);
WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id); WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id);
WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get( WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
WOLFSSL_X509_EXTENSION* ex); WOLFSSL_X509_EXTENSION* ex);

View File

@ -49,12 +49,49 @@ SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port,
const char* keyFile, int typeK, const char* keyFile, int typeK,
const char* password, char* error); const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetPrivateKeyBuffer(const char* address, int port,
const char* keyBuf, int keySz,
int typeK, const char* password,
char* error);
WOLFSSL_API WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name, SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name,
const char* address, int port, const char* address, int port,
const char* keyFile, int typeK, const char* keyFile, int typeK,
const char* password, char* error); const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedPrivateKeyBuffer(const char* name,
const char* address, int port,
const char* keyBuf, int keySz,
int typeK, const char* password,
char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetEphemeralKey(const char* address, int port,
const char* keyFile, int typeKey,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetEphemeralKeyBuffer(const char* address, int port,
const char* keyBuf, int keySz, int typeKey,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedEphemeralKey(const char* name,
const char* address, int port,
const char* keyFile, int typeKey,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedEphemeralKeyBuffer(const char* name,
const char* address, int port,
const char* keyBuf, int keySz, int typeKey,
const char* password, char* error);
WOLFSSL_API WOLFSSL_API
SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
unsigned char** data, char* error); unsigned char** data, char* error);

View File

@ -130,6 +130,7 @@
#define NO_DATA_DEST_STR 91 #define NO_DATA_DEST_STR 91
#define STORE_DATA_FAIL_STR 92 #define STORE_DATA_FAIL_STR 92
#define CHAIN_INPUT_STR 93 #define CHAIN_INPUT_STR 93
#define GOT_ENC_EXT_STR 94
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */

View File

@ -274,7 +274,8 @@ struct WOLFSSL_ASN1_OBJECT {
int ca; int ca;
WOLFSSL_ASN1_INTEGER *pathlen; WOLFSSL_ASN1_INTEGER *pathlen;
#endif #endif
unsigned char dynamic; /* if 1 then obj was dynamically created, 0 otherwise */ unsigned char dynamic; /* Use WOLFSSL_ASN1_DYNAMIC and WOLFSSL_ASN1_DYNAMIC_DATA
* to determine what needs to be freed. */
#if defined(WOLFSSL_APACHE_HTTPD) #if defined(WOLFSSL_APACHE_HTTPD)
WOLFSSL_GENERAL_NAME* gn; WOLFSSL_GENERAL_NAME* gn;
@ -506,7 +507,7 @@ struct WOLFSSL_X509_STORE {
int cache; /* stunnel dereference */ int cache; /* stunnel dereference */
WOLFSSL_CERT_MANAGER* cm; WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_X509_LOOKUP lookup; WOLFSSL_X509_LOOKUP lookup;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
int isDynamic; int isDynamic;
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
#endif #endif
@ -516,15 +517,15 @@ struct WOLFSSL_X509_STORE {
#ifdef HAVE_EX_DATA #ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data; WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif #endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL)
WOLFSSL_X509_CRL *crl; WOLFSSL_X509_CRL *crl; /* points to cm->crl */
#endif #endif
}; };
#ifdef OPENSSL_EXTRA #define WOLFSSL_NO_WILDCARDS 0x4
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000 #define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_NO_WILDCARDS 0x4
#define WOLFSSL_HOST_NAME_MAX 256 #define WOLFSSL_HOST_NAME_MAX 256
#define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
struct WOLFSSL_X509_VERIFY_PARAM { struct WOLFSSL_X509_VERIFY_PARAM {
@ -534,7 +535,7 @@ struct WOLFSSL_X509_VERIFY_PARAM {
unsigned int hostFlags; unsigned int hostFlags;
char ipasc[WOLFSSL_MAX_IPSTR]; char ipasc[WOLFSSL_MAX_IPSTR];
}; };
#endif #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
typedef struct WOLFSSL_ALERT { typedef struct WOLFSSL_ALERT {
int code; int code;
@ -709,11 +710,11 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
#endif #endif
@ -861,7 +862,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int); WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
WOLFSSL_API int wolfSSL_accept(WOLFSSL*); WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req); WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req);
WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req); WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
@ -891,10 +892,12 @@ WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx, WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
unsigned int sz); unsigned int sz);
WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz); WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*); WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*); int sz, int* outSz);
#endif WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
#endif int* outSz);
#endif /* WOLFSSL_EARLY_DATA */
#endif /* WOLFSSL_TLS13 */
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*); WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
@ -918,9 +921,11 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t, WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
WOLFSSL_BIO**, size_t); WOLFSSL_BIO**, size_t);
WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa,
unsigned char *EM,
const unsigned char *mHash, const unsigned char *mHash,
const WOLFSSL_EVP_MD *Hash, int saltLen); const WOLFSSL_EVP_MD *hashAlg,
int saltLen);
WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *hashAlg,
const unsigned char *EM, int saltLen); const unsigned char *EM, int saltLen);
@ -1082,6 +1087,7 @@ typedef int WOLFSSL_LHASH;
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in); WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk);
WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
@ -1102,11 +1108,12 @@ typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
WOLFSSL_X509* x509); WOLFSSL_X509* x509);
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_dup(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void); WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void);
WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn); WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn);
WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk, WOLFSSL_API WOLFSSL_GENERAL_NAMES* wolfSSL_GENERAL_NAMES_dup(
WOLFSSL_GENERAL_NAMES* gns);
WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
WOLFSSL_GENERAL_NAME* gn); WOLFSSL_GENERAL_NAME* gn);
WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value( WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(
WOLFSSL_STACK* sk, int i); WOLFSSL_STACK* sk, int i);
@ -1129,6 +1136,7 @@ WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
void (*f) (WOLFSSL_X509_EXTENSION*)); void (*f) (WOLFSSL_X509_EXTENSION*));
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj);
WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void);
WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
@ -1153,11 +1161,13 @@ WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*); WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*); WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*); WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL*);
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int);
@ -1312,6 +1322,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
unsigned char** out); unsigned char** out);
WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
unsigned char **in, long length);
#ifndef NO_RSA #ifndef NO_RSA
WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset); WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset);
#endif #endif
@ -1325,8 +1337,10 @@ WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int);
#endif #endif
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
WOLFSSL_X509*); WOLFSSL_X509*);
WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
WOLFSSL_X509*); WOLFSSL_X509*);
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
@ -1365,6 +1379,7 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID(
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1); WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len);
@ -1421,11 +1436,12 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** out); WOLFSSL_EVP_PKEY** out);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
const unsigned char** in, long inSz); const unsigned char** in, long inSz);
WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key,
unsigned char** in, long inSz); unsigned char** in, long inSz);
WOLFSSL_API int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key,
unsigned char** der); unsigned char** der);
WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
@ -1571,6 +1587,7 @@ WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s); WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
@ -1597,8 +1614,6 @@ enum {
WOLFSSL_CRL_CHECK = 2, WOLFSSL_CRL_CHECK = 2,
}; };
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(HAVE_WEBSERVER)
/* Separated out from other enums because of size */ /* Separated out from other enums because of size */
enum { enum {
SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
@ -1645,6 +1660,8 @@ enum {
| SSL_OP_TLS_ROLLBACK_BUG), | SSL_OP_TLS_ROLLBACK_BUG),
}; };
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(HAVE_WEBSERVER)
/* for compatibility these must be macros */ /* for compatibility these must be macros */
#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2 #define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2
#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3 #define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3
@ -1950,6 +1967,11 @@ enum { /* ssl Constants */
WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*, WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*,
wc_psk_server_tls13_callback); wc_psk_server_tls13_callback);
#endif #endif
WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL*);
WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL*, void*);
WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX*, void*);
#define PSK_TYPES_DEFINED #define PSK_TYPES_DEFINED
#endif /* NO_PSK */ #endif /* NO_PSK */
@ -1992,10 +2014,9 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
#ifndef NO_CERTS #if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY)
WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
#endif /* !NO_CERTS */ #endif
WOLFSSL_API void wolfSSL_ERR_free_strings(void); WOLFSSL_API void wolfSSL_ERR_free_strings(void);
WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long); WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
@ -2045,7 +2066,8 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk); WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i); WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
#if defined(HAVE_EX_DATA) || defined(FORTRESS) #if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
(defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx); int idx);
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
@ -2087,6 +2109,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
/* which library version do we have */ /* which library version do we have */
WOLFSSL_API const char* wolfSSL_lib_version(void); WOLFSSL_API const char* wolfSSL_lib_version(void);
WOLFSSL_API const char* wolfSSL_OpenSSL_version(void);
/* which library version do we have in hex */ /* which library version do we have in hex */
WOLFSSL_API word32 wolfSSL_lib_version_hex(void); WOLFSSL_API word32 wolfSSL_lib_version_hex(void);
@ -2134,6 +2157,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_add_altname_ex(WOLFSSL_X509*, const char*, word32, int);
WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int); WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int);
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
@ -2424,6 +2448,7 @@ WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl);
WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int); WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
WOLFSSL_API const unsigned char* wolfSSL_GetDtlsMacSecret(WOLFSSL*, int, int);
WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*); WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*); WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*); WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
@ -2527,7 +2552,7 @@ struct DhKey;
typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key, typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key,
const unsigned char* priv, unsigned int privSz, const unsigned char* priv, unsigned int privSz,
const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz, const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz,
unsigned char* out, unsigned int* outlen, unsigned char* out, word32* outlen,
void* ctx); void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree); WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree);
WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx);
@ -2625,7 +2650,7 @@ WOLFSSL_API void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl);
#ifndef NO_RSA #ifndef NO_RSA
typedef int (*CallbackRsaSign)(WOLFSSL* ssl, typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz, const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz, unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz, const unsigned char* keyDer, unsigned int keySz,
void* ctx); void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign); WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
@ -2670,7 +2695,7 @@ WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
/* RSA Public Encrypt cb */ /* RSA Public Encrypt cb */
typedef int (*CallbackRsaEnc)(WOLFSSL* ssl, typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz, const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz, unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz, const unsigned char* keyDer, unsigned int keySz,
void* ctx); void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc); WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
@ -3031,6 +3056,7 @@ enum {
WOLFSSL_ECC_BRAINPOOLP512R1 = 28, WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
WOLFSSL_ECC_X25519 = 29, WOLFSSL_ECC_X25519 = 29,
WOLFSSL_ECC_X448 = 30, WOLFSSL_ECC_X448 = 30,
WOLFSSL_ECC_MAX = 30,
WOLFSSL_FFDHE_2048 = 256, WOLFSSL_FFDHE_2048 = 256,
WOLFSSL_FFDHE_3072 = 257, WOLFSSL_FFDHE_3072 = 257,
@ -3208,7 +3234,6 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
#include <libwolfssl/openssl/asn1.h> #include <libwolfssl/openssl/asn1.h>
struct WOLFSSL_X509_NAME_ENTRY { struct WOLFSSL_X509_NAME_ENTRY {
WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */ WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */
WOLFSSL_ASN1_STRING data;
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
int nid; /* i.e. ASN_COMMON_NAME */ int nid; /* i.e. ASN_COMMON_NAME */
int set; int set;
@ -3219,11 +3244,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
const WOLFSSL_ASN1_OBJECT *obj, const WOLFSSL_ASN1_OBJECT *obj,
int idx); int idx);
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
enum { enum {
WOLFSSL_SYS_ACCEPT = 0, WOLFSSL_SYS_ACCEPT = 0,
WOLFSSL_SYS_BIND, WOLFSSL_SYS_BIND,
@ -3293,12 +3315,23 @@ WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
#endif /* !NO_CERTS */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
int nid, int* c, int* idx); int nid, int* c, int* idx);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
#ifndef NO_CERTS
WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert); WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert);
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos);
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
void *data);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid( WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid, WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
char* value); char* value);
@ -3335,7 +3368,7 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext);
#endif /* NO_CERTS */ #endif /* !NO_CERTS */
WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r); WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
@ -3343,8 +3376,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
unsigned char* out, int outSz); unsigned char* out, int outSz);
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses); WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#if !defined(NO_FILESYSTEM) #if !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
@ -3353,20 +3384,27 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s
#endif #endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
WOLFSSL_X509** x509); WOLFSSL_X509** x509);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); #endif /* OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio); WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen);
WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**); WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**);
WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int); WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int); WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
@ -3385,9 +3423,12 @@ WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header,
WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher, WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
unsigned char* data, long* len, unsigned char* data, long* len,
pem_password_cb* callback, void* ctx); pem_password_cb* callback, void* ctx);
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
/*lighttp compatibility */ /*lighttp compatibility */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(OPENSSL_EXTRA_X509_SMALL)
struct WOLFSSL_ASN1_BIT_STRING { struct WOLFSSL_ASN1_BIT_STRING {
int length; int length;
int type; int type;
@ -3395,6 +3436,11 @@ struct WOLFSSL_ASN1_BIT_STRING {
long flags; long flags;
}; };
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_EXTRA) \ #if defined(OPENSSL_EXTRA) \
|| defined(OPENSSL_ALL) \ || defined(OPENSSL_ALL) \
@ -3402,7 +3448,8 @@ struct WOLFSSL_ASN1_BIT_STRING {
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \ || defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
@ -3414,7 +3461,6 @@ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
@ -3468,12 +3514,8 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
#endif #endif
#if defined(OPENSSL_ALL) \ #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(HAVE_STUNNEL) \ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
|| defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) \
|| defined(HAVE_LIGHTY)
#include <libwolfssl/openssl/crypto.h> #include <libwolfssl/openssl/crypto.h>
@ -3485,6 +3527,8 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const ch
WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void); WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn);
@ -3550,7 +3594,9 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
unsigned long); unsigned long);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void); WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void);
WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*); WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*);
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
@ -3559,6 +3605,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
const WOLFSSL_ASN1_BIT_STRING*, int); const WOLFSSL_ASN1_BIT_STRING*, int);
WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit( WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
WOLFSSL_ASN1_BIT_STRING*, int, int); WOLFSSL_ASN1_BIT_STRING*, int, int);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
@ -3571,17 +3621,22 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, in
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*); WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int); WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*, WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
CRYPTO_free_func*); CRYPTO_free_func*);
WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*,
unsigned int*); unsigned int*);
@ -3624,10 +3679,13 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
WOLFSSL_API WOLFSSL_X509_OBJECT* WOLFSSL_API WOLFSSL_X509_OBJECT*
wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i); wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i);
WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a); WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a);
WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#include <libwolfssl/openssl/stack.h>
WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names); WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names);
WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names); WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names);
@ -3688,14 +3746,17 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
void *b, void *c); void *b, void *c);
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data, WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len); const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
@ -3715,8 +3776,6 @@ WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*);
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s); WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s);
#endif #endif
WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
size_t chklen, unsigned int flags, char **peername);
WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
const WOLFSSL_ASN1_INTEGER *a); const WOLFSSL_ASN1_INTEGER *a);
@ -3745,13 +3804,13 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
WOLFSSL_X509 *cert); WOLFSSL_X509 *cert);
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
OPENSSL_EXTRA || HAVE_LIGHTY*/ OPENSSL_EXTRA || HAVE_LIGHTY */
WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
const unsigned char **data, unsigned int *len); const unsigned char **data, unsigned int *len);
@ -3782,8 +3841,14 @@ WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
unsigned *len); unsigned *len);
#ifndef NO_ASN
WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
size_t chklen, unsigned int flags, char **peername);
WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
unsigned int flags);
#endif
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
@ -3808,6 +3873,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key);
WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key); WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key);
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir); WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
@ -3815,8 +3881,6 @@ WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find( WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find(
WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind); WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_sk_SSL_CIPHER_dup(
WOLF_STACK_OF(WOLFSSL_CIPHER)* in);
WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk); WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk);
@ -3843,10 +3907,9 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u); WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey( WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length); WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl);
@ -3858,6 +3921,15 @@ WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int);
WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int); WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int);
#endif #endif
/* This feature is used to set a fixed ephemeral key and is for testing only */
/* Currently allows ECDHE and DHE only */
#ifdef WOLFSSL_STATIC_EPHEMERAL
WOLFSSL_API int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
const char* key, unsigned int keySz, int format);
WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
const char* key, unsigned int keySz, int format);
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

View File

@ -55,6 +55,7 @@
#endif #endif
#define SOCKET_T SOCKET #define SOCKET_T SOCKET
#define SNPRINTF _snprintf #define SNPRINTF _snprintf
#define XSLEEP_MS(t) Sleep(t)
#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
#include <string.h> #include <string.h>
#include "rl_net.h" #include "rl_net.h"
@ -69,9 +70,9 @@
return(ret) ; return(ret) ;
} }
#if defined(HAVE_KEIL_RTX) #if defined(HAVE_KEIL_RTX)
#define sleep(t) os_dly_wait(t/1000+1); #define XSLEEP_MS(t) os_dly_wait(t)
#elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) #elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2)
#define sleep(t) osDelay(t/1000+1); #define XSLEEP_MS(t) osDelay(t)
#endif #endif
#elif defined(WOLFSSL_TIRTOS) #elif defined(WOLFSSL_TIRTOS)
#include <string.h> #include <string.h>
@ -88,6 +89,7 @@
char **h_addr_list; /* list of addresses from name server */ char **h_addr_list; /* list of addresses from name server */
}; };
#define SOCKET_T int #define SOCKET_T int
#define XSLEEP_MS(t) Task_sleep(t/1000)
#elif defined(WOLFSSL_VXWORKS) #elif defined(WOLFSSL_VXWORKS)
#include <hostLib.h> #include <hostLib.h>
#include <sockLib.h> #include <sockLib.h>
@ -148,8 +150,19 @@
#include <signal.h> /* ignore SIGPIPE */ #include <signal.h> /* ignore SIGPIPE */
#endif #endif
#define SNPRINTF snprintf #define SNPRINTF snprintf
#define XSELECT_WAIT(x,y) do { \
struct timeval tv = {(x),(y)}; \
select(0, NULL, NULL, NULL, &tv); \
} while (0)
#define XSLEEP_US(u) XSELECT_WAIT(0,u)
#define XSLEEP_MS(m) XSELECT_WAIT(0,(m)*1000)
#endif /* USE_WINDOWS_API */ #endif /* USE_WINDOWS_API */
#ifndef XSLEEP_MS
#define XSLEEP_MS(t) sleep(t/1000)
#endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
#include <libwolfssl/wolfcrypt/async.h> #include <libwolfssl/wolfcrypt/async.h>
#endif #endif
@ -409,6 +422,7 @@ typedef struct callback_functions {
ssl_callback ssl_ready; ssl_callback ssl_ready;
ssl_callback on_result; ssl_callback on_result;
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
unsigned char isSharedCtx:1;
} callback_functions; } callback_functions;
typedef struct func_args { typedef struct func_args {
@ -1302,7 +1316,7 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
(void)key_max_len; (void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
strncpy(identity, kIdentityStr, id_max_len); XSTRNCPY(identity, kIdentityStr, id_max_len);
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
@ -1336,7 +1350,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
(void)key_max_len; (void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
return 0; return 0;
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
@ -1370,13 +1384,14 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
{ {
int i; int i;
int b = 0x01; int b = 0x01;
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
(void)ssl; (void)ssl;
(void)hint; (void)hint;
(void)key_max_len; (void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
strncpy(identity, kIdentityStr, id_max_len); XSTRNCPY(identity, kIdentityStr, id_max_len);
for (i = 0; i < 32; i++, b += 0x22) { for (i = 0; i < 32; i++, b += 0x22) {
if (b >= 0x100) if (b >= 0x100)
@ -1384,7 +1399,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
key[i] = b; key[i] = b;
} }
*ciphersuite = "TLS13-AES128-GCM-SHA256"; *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
return 32; /* length of key in octets or 0 for error */ return 32; /* length of key in octets or 0 for error */
} }
@ -1396,12 +1411,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
{ {
int i; int i;
int b = 0x01; int b = 0x01;
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
(void)ssl; (void)ssl;
(void)key_max_len; (void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
return 0; return 0;
for (i = 0; i < 32; i++, b += 0x22) { for (i = 0; i < 32; i++, b += 0x22) {
@ -1410,12 +1426,12 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
key[i] = b; key[i] = b;
} }
*ciphersuite = "TLS13-AES128-GCM-SHA256"; *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
return 32; /* length of key in octets or 0 for error */ return 32; /* length of key in octets or 0 for error */
} }
#endif /* NO_PSK */ #endif /* !NO_PSK */
#if defined(WOLFSSL_USER_CURRTIME) #if defined(WOLFSSL_USER_CURRTIME)
@ -1675,7 +1691,13 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
#endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */ #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */
static int myVerifyFail = 0; enum {
VERIFY_OVERRIDE_ERROR,
VERIFY_FORCE_FAIL,
VERIFY_USE_PREVERFIY,
VERIFY_OVERRIDE_DATE_ERR,
};
static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
/* The verify callback is called for every certificate only when /* The verify callback is called for every certificate only when
* --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and * --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and
@ -1727,7 +1749,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
/* avoid printing duplicate certs */ /* avoid printing duplicate certs */
if (store->depth == 1) { if (store->depth == 1) {
/* retrieve x509 certs and display them on stdout */ /* retrieve x509 certs and display them on stdout */
sk = wolfSSL_X509_STORE_GetCerts(store); sk = wolfSSL_X509_STORE_GetCerts(store);
@ -1762,37 +1784,24 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain); printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain);
/* Testing forced fail case by return zero */ /* Testing forced fail case by return zero */
if (myVerifyFail) { if (myVerifyAction == VERIFY_FORCE_FAIL) {
return 0; /* test failure case */ return 0; /* test failure case */
} }
if (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR &&
(store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E)) {
printf("Overriding cert date error as example for bad clock testing\n");
return 1;
}
/* If error indicate we are overriding it for testing purposes */ /* If error indicate we are overriding it for testing purposes */
if (store->error != 0) { if (store->error != 0 && myVerifyAction == VERIFY_OVERRIDE_ERROR) {
printf("\tAllowing failed certificate check, testing only " printf("\tAllowing failed certificate check, testing only "
"(shouldn't do this in production)\n"); "(shouldn't do this in production)\n");
} }
/* A non-zero return code indicates failure override */ /* A non-zero return code indicates failure override */
return 1; return (myVerifyAction == VERIFY_OVERRIDE_ERROR) ? 1 : preverify;
}
static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
{
char buffer[WOLFSSL_MAX_ERROR_SZ];
(void)preverify;
printf("In verification callback, error = %d, %s\n", store->error,
wolfSSL_ERR_error_string(store->error, buffer));
printf("Subject's domain name is %s\n", store->domain);
if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
printf("Overriding cert date error as example for bad clock testing\n");
return 1;
}
printf("Cert error is not date error, not overriding\n");
return 0;
} }
@ -1952,7 +1961,7 @@ static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
int ret, i, used; int ret, i, used;
void* status; void* status;
unsigned char* myStack = NULL; unsigned char* myStack = NULL;
int stackSize = 1024*152; int stackSize = 1024*176;
pthread_attr_t myAttr; pthread_attr_t myAttr;
pthread_t threadId; pthread_t threadId;
@ -2664,6 +2673,13 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl));
}
#endif
/* generate shared secret and return it */ /* generate shared secret and return it */
if (ret == 0) { if (ret == 0) {
ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen); ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
@ -2873,7 +2889,7 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
if (ret == 0) { if (ret == 0) {
ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz); ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
if (ret == 0) if (ret == 0)
ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey); ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0);
wc_ed448_free(&myKey); wc_ed448_free(&myKey);
} }
@ -2905,7 +2921,8 @@ static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
if (ret == 0) { if (ret == 0) {
ret = wc_ed448_import_public(key, keySz, &myKey); ret = wc_ed448_import_public(key, keySz, &myKey);
if (ret == 0) { if (ret == 0) {
ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey); ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey,
NULL, 0);
} }
wc_ed448_free(&myKey); wc_ed448_free(&myKey);
} }
@ -3605,15 +3622,16 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
int enc, byte* ticket, int inLen, int* outLen, int enc, byte* ticket, int inLen, int* outLen,
void* userCtx) void* userCtx)
{ {
(void)ssl;
(void)userCtx;
int ret; int ret;
word16 sLen = XHTONS(inLen); word16 sLen = XHTONS(inLen);
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
byte* tmp = aad; byte* tmp = aad;
(void)ssl;
(void)userCtx;
/* encrypt */
if (enc) { if (enc) {
XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ); XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
@ -3634,8 +3652,9 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
mac); mac);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */ *outLen = inLen; /* no padding in this mode */
} else { }
/* decrypt */ /* decrypt */
else {
/* see if we know this key */ /* see if we know this key */
if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){ if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
@ -3662,7 +3681,7 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
return WOLFSSL_TICKET_RET_OK; return WOLFSSL_TICKET_RET_OK;
} }
#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */ #endif /* HAVE_SESSION_TICKET && HAVE_CHACHA && HAVE_POLY1305 */
static WC_INLINE word16 GetRandomPort(void) static WC_INLINE word16 GetRandomPort(void)
{ {

View File

@ -28,8 +28,8 @@
extern "C" { extern "C" {
#endif #endif
#define LIBWOLFSSL_VERSION_STRING "4.4.0" #define LIBWOLFSSL_VERSION_STRING "4.5.0"
#define LIBWOLFSSL_VERSION_HEX 0x04004000 #define LIBWOLFSSL_VERSION_HEX 0x04005000
#ifdef __cplusplus #ifdef __cplusplus
} }

View File

@ -22,8 +22,15 @@
/*! /*!
\file wolfssl/wolfcrypt/aes.h \file wolfssl/wolfcrypt/aes.h
*/ */
/*
DESCRIPTION
This library provides the interfaces to the Advanced Encryption Standard (AES)
for encrypting and decrypting data. AES is the standard known for a symmetric
block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
192-bits, and 256-bits of key sizes.
*/
#ifndef WOLF_CRYPT_AES_H #ifndef WOLF_CRYPT_AES_H
#define WOLF_CRYPT_AES_H #define WOLF_CRYPT_AES_H

View File

@ -23,6 +23,14 @@
\file wolfssl/wolfcrypt/asn.h \file wolfssl/wolfcrypt/asn.h
*/ */
/*
DESCRIPTION
This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
ASN.1 is a standard interface description language for defining data structures
that can be serialized and deserialized in a cross-platform way.
*/
#ifndef WOLF_CRYPT_ASN_H #ifndef WOLF_CRYPT_ASN_H
#define WOLF_CRYPT_ASN_H #define WOLF_CRYPT_ASN_H
@ -233,6 +241,7 @@ enum
NID_jurisdictionStateOrProvinceName = 0xd, NID_jurisdictionStateOrProvinceName = 0xd,
NID_businessCategory = ASN_BUS_CAT, NID_businessCategory = ASN_BUS_CAT,
NID_domainComponent = ASN_DOMAIN_COMPONENT, NID_domainComponent = ASN_DOMAIN_COMPONENT,
NID_userId = 458,
NID_emailAddress = 0x30, /* emailAddress */ NID_emailAddress = 0x30, /* emailAddress */
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */ NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */ NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
@ -341,7 +350,8 @@ enum Misc_ASN {
#endif #endif
/* Max total extensions, id + len + others */ /* Max total extensions, id + len + others */
#endif #endif
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL)
MAX_OID_SZ = 32, /* Max DER length of OID*/ MAX_OID_SZ = 32, /* Max DER length of OID*/
MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
#endif #endif
@ -356,7 +366,7 @@ enum Misc_ASN {
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif #endif
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/ MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */ MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
@ -371,6 +381,8 @@ enum Misc_ASN {
TRAILING_ZERO = 1, /* Used for size of zero pad */ TRAILING_ZERO = 1, /* Used for size of zero pad */
ASN_TAG_SZ = 1, /* single byte ASN.1 tag */ ASN_TAG_SZ = 1, /* single byte ASN.1 tag */
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
MAX_X509_VERSION = 3, /* Max X509 version allowed */
MIN_X509_VERSION = 0, /* Min X509 version allowed */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
@ -609,64 +621,6 @@ struct Base_entry {
byte type; /* Name base type (DNS or RFC822) */ byte type; /* Name base type (DNS or RFC822) */
}; };
#define DOMAIN_COMPONENT_MAX 10
#define DN_NAMES_MAX 9
struct DecodedName {
char* fullName;
int fullNameLen;
int entryCount;
int cnIdx;
int cnLen;
int cnNid;
int snIdx;
int snLen;
int snNid;
int cIdx;
int cLen;
int cNid;
int lIdx;
int lLen;
int lNid;
int stIdx;
int stLen;
int stNid;
int oIdx;
int oLen;
int oNid;
int ouIdx;
int ouLen;
#ifdef WOLFSSL_CERT_EXT
int bcIdx;
int bcLen;
int jcIdx;
int jcLen;
int jsIdx;
int jsLen;
#endif
int ouNid;
int emailIdx;
int emailLen;
int emailNid;
int uidIdx;
int uidLen;
int uidNid;
int serialIdx;
int serialLen;
int serialNid;
int dcIdx[DOMAIN_COMPONENT_MAX];
int dcLen[DOMAIN_COMPONENT_MAX];
int dcNum;
int dcMode;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* hold the location / order with which each of the DN tags was found
*
* example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
*/
int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
int locSz;
#endif
};
enum SignatureState { enum SignatureState {
SIG_STATE_BEGIN, SIG_STATE_BEGIN,
@ -784,7 +738,6 @@ struct CertSignCtx {
#endif #endif
typedef struct DecodedCert DecodedCert; typedef struct DecodedCert DecodedCert;
typedef struct DecodedName DecodedName;
typedef struct Signer Signer; typedef struct Signer Signer;
#ifdef WOLFSSL_TRUST_PEER_CERT #ifdef WOLFSSL_TRUST_PEER_CERT
typedef struct TrustedPeerCert TrustedPeerCert; typedef struct TrustedPeerCert TrustedPeerCert;
@ -911,8 +864,9 @@ struct DecodedCert {
int subjectEmailLen; int subjectEmailLen;
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
DecodedName issuerName; /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
DecodedName subjectName; void* issuerName;
void* subjectName;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_SEP #ifdef WOLFSSL_SEP
int deviceTypeSz; int deviceTypeSz;
@ -1052,6 +1006,7 @@ struct TrustedPeerCert {
#endif #endif
WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
word32* derSz); word32* derSz);
@ -1118,12 +1073,14 @@ WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len);
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
wolfssl_tm* certTime, int* idx); wolfssl_tm* certTime, int* idx);
WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b); WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
/* ASN.1 helper functions */ /* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
WOLFSSL_LOCAL byte GetCertNameId(int idx);
#endif #endif
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
word32 maxIdx); word32 maxIdx);

View File

@ -23,6 +23,11 @@
\file wolfssl/wolfcrypt/asn_public.h \file wolfssl/wolfcrypt/asn_public.h
*/ */
/*
DESCRIPTION
This library defines the interface APIs for X509 certificates.
*/
#ifndef WOLF_CRYPT_ASN_PUBLIC_H #ifndef WOLF_CRYPT_ASN_PUBLIC_H
#define WOLF_CRYPT_ASN_PUBLIC_H #define WOLF_CRYPT_ASN_PUBLIC_H

View File

@ -18,7 +18,12 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/*
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher.
*/
/*! /*!
\file wolfssl/wolfcrypt/chacha.h \file wolfssl/wolfcrypt/chacha.h
*/ */
@ -35,9 +40,21 @@
extern "C" { extern "C" {
#endif #endif
/*
Initialization vector starts at 13 with zero being the index origin of a matrix.
Block counter is located at index 12.
0 1 2 3
4 5 6 7
8 9 10 11
12 13 14 15
*/
#define CHACHA_MATRIX_CNT_IV 12
/* Size of the IV */ /* Size of the IV */
#define CHACHA_IV_WORDS 3 #define CHACHA_IV_WORDS 3
#define CHACHA_IV_BYTES (CHACHA_IV_WORDS * sizeof(word32))
/* Size of IV in bytes*/
#define CHACHA_IV_BYTES 12
/* Size of ChaCha chunks */ /* Size of ChaCha chunks */
#define CHACHA_CHUNK_WORDS 16 #define CHACHA_CHUNK_WORDS 16
@ -57,10 +74,13 @@ enum {
typedef struct ChaCha { typedef struct ChaCha {
word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */ word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */
word32 left; /* number of bytes leftover */
#ifdef HAVE_INTEL_AVX1 #ifdef HAVE_INTEL_AVX1
/* vpshufd reads 16 bytes but we only use bottom 4. */ /* vpshufd reads 16 bytes but we only use bottom 4. */
byte extra[12]; byte extra[12];
#endif
word32 left; /* number of bytes leftover */
#ifdef USE_INTEL_CHACHA_SPEEDUP
word32 over[CHACHA_CHUNK_WORDS];
#endif #endif
} ChaCha; } ChaCha;

View File

@ -18,12 +18,14 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/*
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher and
the Poly1305 authenticator, both as as combined-mode,
or Authenticated Encryption with Additional Data (AEAD) algorithm.
/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20 */
* and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10):
* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10
*/
/*! /*!
\file wolfssl/wolfcrypt/chacha20_poly1305.h \file wolfssl/wolfcrypt/chacha20_poly1305.h
@ -45,6 +47,7 @@
#define CHACHA20_POLY1305_AEAD_KEYSIZE 32 #define CHACHA20_POLY1305_AEAD_KEYSIZE 32
#define CHACHA20_POLY1305_AEAD_IV_SIZE 12 #define CHACHA20_POLY1305_AEAD_IV_SIZE 12
#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16 #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
#define CHACHA20_POLY1305_MAX 4294967295U
enum { enum {
CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */ CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */

View File

@ -6,7 +6,7 @@
* *
* wolfSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* wolfSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,

View File

@ -86,6 +86,10 @@ enum {
EC25519_BIG_ENDIAN=1 EC25519_BIG_ENDIAN=1
}; };
WOLFSSL_API
int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
const byte* priv);
WOLFSSL_API WOLFSSL_API
int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);

View File

@ -45,11 +45,19 @@
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
#include <libwolfssl/wolfcrypt/async.h> #include <libwolfssl/wolfcrypt/async.h>
#endif #endif
/* Optional support extended DH public / private keys */
#if !defined(WOLFSSL_DH_EXTRA) && (defined(WOLFSSL_QT) || \
defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
defined(WOLFSSL_STATIC_EPHEMERAL))
#define WOLFSSL_DH_EXTRA
#endif
typedef struct DhParams { typedef struct DhParams {
#ifdef HAVE_FFDHE_Q #ifdef HAVE_FFDHE_Q
const byte* q; const byte* q;
word32 q_len; word32 q_len;
#endif /* HAVE_FFDHE_Q */ #endif /* HAVE_FFDHE_Q */
const byte* p; const byte* p;
word32 p_len; word32 p_len;
const byte* g; const byte* g;
@ -59,7 +67,7 @@ typedef struct DhParams {
/* Diffie-Hellman Key */ /* Diffie-Hellman Key */
struct DhKey { struct DhKey {
mp_int p, g, q; /* group parameters */ mp_int p, g, q; /* group parameters */
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) #ifdef WOLFSSL_DH_EXTRA
mp_int pub; mp_int pub;
mp_int priv; mp_int priv;
#endif #endif
@ -101,15 +109,20 @@ WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
word32 pubSz); word32 pubSz);
WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
word32); word32); /* wc_DhKeyDecode is in asn.c */
WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
word32 gSz); word32 gSz);
WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz); const byte* g, word32 gSz, const byte* q, word32 qSz);
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz, #ifdef WOLFSSL_DH_EXTRA
const byte* pub_key, word32 pubSz); WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
#endif const byte* pub, word32 pubSz);
WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
byte* pub, word32* pPubSz);
#endif /* WOLFSSL_DH_EXTRA */
WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz, const byte* g, word32 gSz, const byte* q, word32 qSz,
int trusted, WC_RNG* rng); int trusted, WC_RNG* rng);
@ -136,4 +149,3 @@ WOLFSSL_API int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
#endif /* NO_DH */ #endif /* NO_DH */
#endif /* WOLF_CRYPT_DH_H */ #endif /* WOLF_CRYPT_DH_H */

View File

@ -50,7 +50,7 @@
#endif #endif
#endif #endif
#ifdef WOLFSSL_ATECC508A #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#include <libwolfssl/wolfcrypt/port/atmel/atmel.h> #include <libwolfssl/wolfcrypt/port/atmel/atmel.h>
#endif /* WOLFSSL_ATECC508A */ #endif /* WOLFSSL_ATECC508A */
@ -58,6 +58,11 @@
#include <libwolfssl/wolfcrypt/port/arm/cryptoCell.h> #include <libwolfssl/wolfcrypt/port/arm/cryptoCell.h>
#endif #endif
#ifdef WOLFSSL_HAVE_SP_ECC
#include <libwolfssl/wolfcrypt/sp_int.h>
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -127,7 +132,7 @@ enum {
ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ), ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
/* max crypto hardware size */ /* max crypto hardware size */
#ifdef WOLFSSL_ATECC508A #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
#elif defined(PLUTON_CRYPTO_ECC) #elif defined(PLUTON_CRYPTO_ECC)
@ -278,14 +283,15 @@ typedef struct ecc_set_type {
* mp_ints for the components of the point. With ALT_ECC_SIZE, the components * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
* of the point are pointers that are set to each of a three item array of * of the point are pointers that are set to each of a three item array of
* alt_fp_ints. While an mp_int will have 4096 bits of digit inside the * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
* structure, the alt_fp_int will only have 528 bits. A size value was added * structure, the alt_fp_int will only have 512 bits for ECC 256-bit and
* in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The * 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well,
* functions fp_zero() and fp_copy() use the size parameter. An int needs to * and is set by mp_init() and alt_fp_init(). The functions fp_zero() and
* be initialized before using it instead of just fp_zeroing it, the init will * fp_copy() use the size parameter. An int needs to be initialized before
* call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the * using it instead of just fp_zeroing it, the init will call zero. The
* number of bits used in the alternate FP_INT. * FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but
* can be set to change the number of bits used in the alternate FP_INT.
* *
* Do not enable ALT_ECC_SIZE and disable fast math in the configuration. * The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH.
*/ */
#ifndef USE_FAST_MATH #ifndef USE_FAST_MATH
@ -294,19 +300,18 @@ typedef struct ecc_set_type {
/* determine max bits required for ECC math */ /* determine max bits required for ECC math */
#ifndef FP_MAX_BITS_ECC #ifndef FP_MAX_BITS_ECC
/* check alignment */ /* max bits rounded up by 8 then doubled */
#if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0 /* (ROUND8(MAX_ECC_BITS) * 2) */
/* max bits is double */ #define FP_MAX_BITS_ECC (2 * \
#define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2) ((MAX_ECC_BITS + DIGIT_BIT - 1) / DIGIT_BIT) * DIGIT_BIT)
#else
/* max bits is doubled, plus one digit of fudge */ /* Note: For ECC verify only FP_MAX_BITS_ECC can be reduced to:
#define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT) ROUND8(MAX_ECC_BITS) + ROUND8(DIGIT_BIT) */
#endif #endif
#else
/* verify alignment */ /* verify alignment */
#if FP_MAX_BITS_ECC % CHAR_BIT #if FP_MAX_BITS_ECC % CHAR_BIT
#error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
#endif
#endif #endif
/* determine buffer size */ /* determine buffer size */
@ -353,6 +358,19 @@ enum {
#endif #endif
}; };
/* ECC non-blocking */
#ifdef WC_ECC_NONBLOCK
typedef struct ecc_nb_ctx {
#if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)
sp_ecc_ctx_t sp_ctx;
#else
/* build configuration not supported */
#error ECC non-blocking only supports SP (--enable-sp=nonblock)
#endif
} ecc_nb_ctx_t;
#endif /* WC_ECC_NONBLOCK */
/* An ECC Key */ /* An ECC Key */
struct ecc_key { struct ecc_key {
int type; /* Public or Private */ int type; /* Public or Private */
@ -369,7 +387,7 @@ struct ecc_key {
void* heap; /* heap hint */ void* heap; /* heap hint */
ecc_point pubkey; /* public key */ ecc_point pubkey; /* public key */
mp_int k; /* private key */ mp_int k; /* private key */
#ifdef WOLFSSL_ATECC508A #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
int slot; /* Key Slot Number (-1 unknown) */ int slot; /* Key Slot Number (-1 unknown) */
byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
#endif #endif
@ -413,6 +431,12 @@ struct ecc_key {
#ifdef WOLFSSL_DSP #ifdef WOLFSSL_DSP
remote_handle64 handle; remote_handle64 handle;
#endif #endif
#ifdef ECC_TIMING_RESISTANT
WC_RNG* rng;
#endif
#ifdef WC_ECC_NONBLOCK
ecc_nb_ctx_t* nb_ctx;
#endif
}; };
@ -427,7 +451,7 @@ extern const size_t ecc_sets_count;
WOLFSSL_API WOLFSSL_API
const char* wc_ecc_get_name(int curve_id); const char* wc_ecc_get_name(int curve_id);
#ifndef WOLFSSL_ATECC508A #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL #ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
#define ECC_API WOLFSSL_API #define ECC_API WOLFSSL_API
@ -455,6 +479,8 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id);
WOLFSSL_API WOLFSSL_API
int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
WOLFSSL_API WOLFSSL_API
int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng);
WOLFSSL_API
int wc_ecc_check_key(ecc_key* key); int wc_ecc_check_key(ecc_key* key);
WOLFSSL_API WOLFSSL_API
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime); int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
@ -472,7 +498,8 @@ WOLFSSL_API
int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
byte* out, word32 *outlen); byte* out, word32 *outlen);
#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret
#else #else
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */ #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
@ -521,6 +548,12 @@ WOLFSSL_API
int wc_ecc_set_flags(ecc_key* key, word32 flags); int wc_ecc_set_flags(ecc_key* key, word32 flags);
WOLFSSL_API WOLFSSL_API
void wc_ecc_fp_free(void); void wc_ecc_fp_free(void);
WOLFSSL_LOCAL
void wc_ecc_fp_init(void);
#ifdef ECC_TIMING_RESISTANT
WOLFSSL_API
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
#endif
WOLFSSL_API WOLFSSL_API
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
@ -568,14 +601,20 @@ WOLFSSL_API
int wc_ecc_cmp_point(ecc_point* a, ecc_point *b); int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
WOLFSSL_API WOLFSSL_API
int wc_ecc_point_is_at_infinity(ecc_point *p); int wc_ecc_point_is_at_infinity(ecc_point *p);
WOLFSSL_API
int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx);
#ifndef WOLFSSL_ATECC508A #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
WOLFSSL_API WOLFSSL_API
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* a, mp_int* modulus, int map); mp_int* a, mp_int* modulus, int map);
WOLFSSL_LOCAL WOLFSSL_LOCAL
int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* a, mp_int* modulus, int map, void* heap); mp_int* a, mp_int* modulus, int map, void* heap);
WOLFSSL_LOCAL
int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
void* heap);
#endif /* !WOLFSSL_ATECC508A */ #endif /* !WOLFSSL_ATECC508A */
@ -754,6 +793,10 @@ int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashL
mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
#endif #endif
#ifdef WC_ECC_NONBLOCK
WOLFSSL_API int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

View File

@ -22,6 +22,11 @@
/*! /*!
\file wolfssl/wolfcrypt/error-crypt.h \file wolfssl/wolfcrypt/error-crypt.h
*/ */
/*
DESCRIPTION
This library defines error codes and contians routines for setting and examining
the error status.
*/
#ifndef WOLF_CRYPT_ERROR_H #ifndef WOLF_CRYPT_ERROR_H
#define WOLF_CRYPT_ERROR_H #define WOLF_CRYPT_ERROR_H
@ -227,10 +232,10 @@ enum {
CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */ CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */
PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */ PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */
PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */ PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */
CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
ASN_SELF_SIGNED_E = -274, /* ASN self-signed certificate error */ WC_LAST_E = -275, /* Update this to indicate last error */
WC_LAST_E = -274, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */ MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes /* add new companion error id strings for any new error codes

View File

@ -40,7 +40,7 @@
#endif #endif
/* default to be faster but take more memory */ /* default to be faster but take more memory */
#if !defined(CURVE448_SMALL) || !defined(ED448_SMALL) #if !defined(CURVE448_SMALL) && !defined(ED448_SMALL)
#if defined(CURVED448_128BIT) #if defined(CURVED448_128BIT)
typedef int64_t fe448; typedef int64_t fe448;

View File

@ -79,7 +79,7 @@ Bounds on each t[i] vary depending on context.
#if !defined(FREESCALE_LTC_ECC) #if !defined(FREESCALE_LTC_ECC)
WOLFSSL_LOCAL void fe_init(void); WOLFSSL_LOCAL void fe_init(void);
WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p); WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p);
#endif #endif
/* default to be faster but take more memory */ /* default to be faster but take more memory */

View File

@ -131,11 +131,11 @@ typedef union {
#ifdef WOLFSSL_SHA3 #ifdef WOLFSSL_SHA3
wc_Sha3 sha3; wc_Sha3 sha3;
#endif #endif
} Hash; } wc_Hmac_Hash;
/* Hmac digest */ /* Hmac digest */
struct Hmac { struct Hmac {
Hash hash; wc_Hmac_Hash hash;
word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)];
word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)]; word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];

View File

@ -318,6 +318,7 @@ MP_API int mp_is_bit_set (mp_int * a, mp_digit b);
MP_API int mp_mod (mp_int * a, mp_int * b, mp_int * c); MP_API int mp_mod (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d); MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_div_2(mp_int * a, mp_int * b); MP_API int mp_div_2(mp_int * a, mp_int * b);
MP_API int mp_div_2_mod_ct (mp_int* a, mp_int* b, mp_int* c);
MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c); MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c);
int s_mp_add (mp_int * a, mp_int * b, mp_int * c); int s_mp_add (mp_int * a, mp_int * b, mp_int * c);
int s_mp_sub (mp_int * a, mp_int * b, mp_int * c); int s_mp_sub (mp_int * a, mp_int * b, mp_int * c);
@ -332,6 +333,7 @@ MP_API int mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y);
MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho); MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho);
int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho); int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho); MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
#define mp_montgomery_reduce_ex(x, n, rho, ct) mp_montgomery_reduce (x, n, rho)
MP_API void mp_dr_setup(mp_int *a, mp_digit *d); MP_API void mp_dr_setup(mp_int *a, mp_digit *d);
MP_API int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k); MP_API int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k);
MP_API int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d); MP_API int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
@ -355,6 +357,8 @@ MP_API int mp_sqr (mp_int * a, mp_int * b);
MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d); MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c); MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
MP_API int mp_2expt (mp_int * a, int b); MP_API int mp_2expt (mp_int * a, int b);
MP_API int mp_set_bit (mp_int * a, int b); MP_API int mp_set_bit (mp_int * a, int b);

View File

@ -110,8 +110,12 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
#elif defined (OPENSSL_EXTRA) #elif defined (OPENSSL_EXTRA)
/* extra storage in structs for multiple attributes and order */ /* extra storage in structs for multiple attributes and order */
#ifndef LARGEST_MEM_BUCKET #ifndef LARGEST_MEM_BUCKET
#ifdef WOLFSSL_TLS13
#define LARGEST_MEM_BUCKET 30400
#else
#define LARGEST_MEM_BUCKET 25600 #define LARGEST_MEM_BUCKET 25600
#endif #endif
#endif
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\
LARGEST_MEM_BUCKET LARGEST_MEM_BUCKET
#elif defined (WOLFSSL_CERT_EXT) #elif defined (WOLFSSL_CERT_EXT)

View File

@ -18,9 +18,13 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/*
DESCRIPTION
This module implements the arithmetic-shift right, left, byte swapping, XOR,
masking and clearing memory logic.
*/
#ifndef WOLF_CRYPT_MISC_H #ifndef WOLF_CRYPT_MISC_H
#define WOLF_CRYPT_MISC_H #define WOLF_CRYPT_MISC_H

View File

@ -6,7 +6,7 @@
* *
* wolfSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* wolfSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,

View File

@ -154,8 +154,9 @@ enum Pkcs7_Misc {
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)) || defined(HAVE_SELFTEST) (HAVE_FIPS_VERSION >= 2)) || (defined(HAVE_SELFTEST) && \
/* In the event of fips cert 3389 or CAVP selftest build, these enums are (!defined(HAVE_SELFTEST_VERSION) || HAVE_SELFTEST_VERSION < 2))
/* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are
* not in aes.h for use with pkcs7 so enumerate it here outside the fips * not in aes.h for use with pkcs7 so enumerate it here outside the fips
* boundary */ * boundary */
GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */ GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */

View File

@ -119,9 +119,12 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 data
WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
byte* input, word32 sz, byte* tag, word32 tagSz); byte* input, word32 sz, byte* tag, word32 tagSz);
void poly1305_block(Poly1305* ctx, const unsigned char *m); #if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM)
void poly1305_blocks(Poly1305* ctx, const unsigned char *m, void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
size_t bytes); size_t bytes);
void poly1305_block(Poly1305* ctx, const unsigned char *m);
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

View File

@ -35,6 +35,13 @@
extern "C" { extern "C" {
#endif #endif
#define TSIP_SESSIONKEY_NONCE_SIZE 8
typedef enum {
WOLFSSL_TSIP_NOERROR = 0,
WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
}wolfssl_tsip_error_number;
typedef enum { typedef enum {
tsip_Key_SESSION = 1, tsip_Key_SESSION = 1,
tsip_Key_AES128 = 2, tsip_Key_AES128 = 2,
@ -52,6 +59,34 @@ enum {
l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
}; };
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
typedef struct
{
uint8_t *encrypted_provisioning_key;
uint8_t *iv;
uint8_t *encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
} tsip_key_data;
void tsip_inform_user_keys_ex(
byte* provisioning_key, /* key got from DLM server */
byte* iv, /* iv used for public key */
byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/
word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */
int tsip_generateMasterSecretEx(
byte cipherSuiteFirst,
byte cipherSuite,
const byte* pr, /* pre-master */
const byte* cr, /* client random */
const byte* sr, /* server random */
byte* ms);
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106)
typedef struct typedef struct
{ {
uint8_t *encrypted_session_key; uint8_t *encrypted_session_key;
@ -60,44 +95,80 @@ typedef struct
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
} tsip_key_data; } tsip_key_data;
struct WOLFSSL;
int tsip_Open( );
void tsip_Close( );
int tsip_hw_lock();
void tsip_hw_unlock( void );
int tsip_usable(const struct WOLFSSL *ssl);
void tsip_inform_sflash_signedcacert(const byte *ps_flash,
const byte *psigned_ca_cert, word32 len);
void tsip_inform_cert_sign(const byte *sign);
/* set / get key */
void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv, void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv,
byte *encrypted_user_tls_key); byte *encrypted_user_tls_key);
int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr,
byte *ms);
#endif
struct WOLFSSL;
int tsip_Open();
void tsip_Close();
int tsip_hw_lock();
void tsip_hw_unlock( void );
int tsip_usable(const struct WOLFSSL *ssl);
void tsip_inform_sflash_signedcacert(
const byte* ps_flash,
const byte* psigned_ca_cert,
word32 len);
void tsip_inform_cert_sign(const byte *sign);
byte tsip_rootCAverified();
byte tsip_rootCAverified( );
byte tsip_checkCA(word32 cmIdx); byte tsip_checkCA(word32 cmIdx);
int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len,
int tsip_tls_RootCertVerify(
const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len, word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len, word32 key_e_start, word32 key_e_len,
word32 cm_row); word32 cm_row);
int tsip_tls_CertVerify(const byte *cert, word32 certSz,
const byte *signature, word32 sigSz, int tsip_tls_CertVerify(
const byte* cert, word32 certSz,
const byte* signature, word32 sigSz,
word32 key_n_start, word32 key_n_len, word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len, word32 key_e_start, word32 key_e_len,
byte *tsip_encRsaKeyIdx); byte* tsip_encRsaKeyIdx);
void tsip_inform_key_position(const word32 key_n_start, const word32 key_n_len,
const word32 key_e_start, const word32 key_e_len); void tsip_inform_key_position(
int tsip_generatePremasterSecret(byte *premaster, word32 preSz); const word32 key_n_start,
int tsip_generateEncryptPreMasterSecret(struct WOLFSSL *ssl, byte *out, const word32 key_n_len,
word32 *outSz); const word32 key_e_start,
int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr, const word32 key_e_len);
byte *ms);
int tsip_generatePremasterSecret(
byte* premaster,
word32 preSz);
int tsip_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
byte* out,
word32* outSz);
int tsip_generateSeesionKey(struct WOLFSSL *ssl); int tsip_generateSeesionKey(struct WOLFSSL *ssl);
int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner,
word32 innerSz, const byte *in, word32 sz, byte *digest, int tsip_Sha256Hmac(
const struct WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
word32 sz,
byte* digest,
word32 verify); word32 verify);
int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner,
word32 innerSz, const byte *in, word32 sz, byte *digest, int tsip_Sha1Hmac(
const struct WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
word32 sz,
byte* digest,
word32 verify); word32 verify);
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ #if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
@ -128,10 +199,10 @@ typedef wolfssl_TSIP_Hash wc_Sha;
#endif /* NO_SHA */ #endif /* NO_SHA */
#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) #if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
typedef struct { typedef struct {
tsip_aes_key_index_t tsip_keyIdx; tsip_aes_key_index_t tsip_keyIdx;
word32 keySize; word32 keySize;
} TSIP_AES_CTX; } TSIP_AES_CTX;
struct Aes; struct Aes;
int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in,

View File

@ -27,14 +27,15 @@
#include <libwolfssl/wolfcrypt/settings.h> #include <libwolfssl/wolfcrypt/settings.h>
#include <libwolfssl/wolfcrypt/error-crypt.h> #include <libwolfssl/wolfcrypt/error-crypt.h>
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC_PKCB) #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_ATECC_PKCB)
#undef SHA_BLOCK_SIZE #undef SHA_BLOCK_SIZE
#define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP #define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP
#include <cryptoauthlib.h> #include <cryptoauthlib.h>
#undef SHA_BLOCK_SIZE #undef SHA_BLOCK_SIZE
#endif #endif
/* ATECC508A only supports ECC P-256 */ /* ATECC508A/608A only supports ECC P-256 */
#define ATECC_KEY_SIZE (32) #define ATECC_KEY_SIZE (32)
#define ATECC_PUBKEY_SIZE (ATECC_KEY_SIZE*2) /* X and Y */ #define ATECC_PUBKEY_SIZE (ATECC_KEY_SIZE*2) /* X and Y */
#define ATECC_SIG_SIZE (ATECC_KEY_SIZE*2) /* R and S */ #define ATECC_SIG_SIZE (ATECC_KEY_SIZE*2) /* R and S */
@ -53,11 +54,19 @@
#endif #endif
/* Symmetric encryption key */ /* Symmetric encryption key */
#ifndef ATECC_SLOT_I2C_ENC #ifndef ATECC_SLOT_I2C_ENC
#define ATECC_SLOT_I2C_ENC (0x04) #ifdef WOLFSSL_ATECC_TNGTLS
#define ATECC_SLOT_I2C_ENC (0x06)
#else
#define ATECC_SLOT_I2C_ENC (0x04)
#endif
#endif #endif
/* Parent encryption key */ /* Parent encryption key */
#ifndef ATECC_SLOT_ENC_PARENT #ifndef ATECC_SLOT_ENC_PARENT
#define ATECC_SLOT_ENC_PARENT (0x7) #ifdef WOLFSSL_ATECC_TNGTLS
#define ATECC_SLOT_ENC_PARENT (0x6)
#else
#define ATECC_SLOT_ENC_PARENT (0x7)
#endif
#endif #endif
/* ATECC_KEY_SIZE required for ecc.h */ /* ATECC_KEY_SIZE required for ecc.h */
@ -78,7 +87,7 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out);
#endif #endif
long atmel_get_curr_time_and_date(long* tm); long atmel_get_curr_time_and_date(long* tm);
#ifdef WOLFSSL_ATECC508A #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
enum atmelSlotType { enum atmelSlotType {
ATMEL_SLOT_ANY, ATMEL_SLOT_ANY,
@ -100,6 +109,8 @@ int atmel_ecc_translate_err(int status);
int atmel_get_rev_info(word32* revision); int atmel_get_rev_info(word32* revision);
void atmel_show_rev_info(void); void atmel_show_rev_info(void);
WOLFSSL_API int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg);
/* The macro ATECC_GET_ENC_KEY can be set to override the default /* The macro ATECC_GET_ENC_KEY can be set to override the default
encryption key with your own at build-time */ encryption key with your own at build-time */
#ifndef ATECC_GET_ENC_KEY #ifndef ATECC_GET_ENC_KEY

View File

@ -0,0 +1,74 @@
/* psoc6_crypto.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _PSOC6_CRYPTO_PORT_H_
#define _PSOC6_CRYPTO_PORT_H_
#include <libwolfssl/wolfcrypt/settings.h>
#ifdef USE_FAST_MATH
#include <libwolfssl/wolfcrypt/tfm.h>
#elif defined WOLFSSL_SP_MATH
#include <libwolfssl/wolfcrypt/sp_int.h>
#else
#include <libwolfssl/wolfcrypt/integer.h>
#endif
#include "cy_crypto_core_sha.h"
#include "cy_device_headers.h"
#include "psoc6_02_config.h"
#include "cy_crypto_common.h"
#include "cy_crypto_core.h"
#ifdef WOLFSSL_SHA512
typedef struct wc_Sha512 {
cy_stc_crypto_sha_state_t hash_state;
cy_en_crypto_sha_mode_t sha_mode;
cy_stc_crypto_v2_sha512_buffers_t sha_buffers;
} wc_Sha512;
#define WC_SHA512_TYPE_DEFINED
#include <libwolfssl/wolfcrypt/sha512.h>
#endif
#ifndef NO_SHA256
typedef struct wc_Sha256 {
cy_stc_crypto_sha_state_t hash_state;
cy_en_crypto_sha_mode_t sha_mode;
cy_stc_crypto_v2_sha256_buffers_t sha_buffers;
} wc_Sha256;
#include <libwolfssl/wolfcrypt/sha.h>
#include <libwolfssl/wolfcrypt/sha256.h>
#endif /* !def NO_SHA256 */
#ifdef HAVE_ECC
#include <libwolfssl/wolfcrypt/ecc.h>
int psoc6_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* verif_res, ecc_key* key);
#endif /* HAVE_ECC */
#define PSOC6_CRYPTO_BASE ((CRYPTO_Type*) CRYPTO_BASE)
/* Crypto HW engine initialization */
int psoc6_crypto_port_init(void);
#endif /* _PSOC6_CRYPTO_PORT_H_ */

View File

@ -65,8 +65,8 @@ int ksdk_port_init(void);
int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m); int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m);
#ifdef HAVE_CURVE25519 #ifdef HAVE_CURVE25519
int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
const ECPoint *wc_curve25519_GetBasePoint(void); const ECPoint *nxp_ltc_curve25519_GetBasePoint(void);
status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint); status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint);

View File

@ -28,11 +28,6 @@
#include <libwolfssl/wolfcrypt/settings.h> #include <libwolfssl/wolfcrypt/settings.h>
#include <libwolfssl/wolfcrypt/types.h> #include <libwolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)
#include <libwolfssl/wolfcrypt/integer.h>
#include <libwolfssl/wolfcrypt/ecc.h>
#endif
#ifdef STM32_HASH #ifdef STM32_HASH
#define WOLFSSL_NO_HASH_RAW #define WOLFSSL_NO_HASH_RAW
@ -54,6 +49,9 @@
#if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b) #if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b)
#define HASH_DATATYPE_8B HASH_DataType_8b #define HASH_DATATYPE_8B HASH_DataType_8b
#endif #endif
#ifndef HASH_STR_NBW
#define HASH_STR_NBW HASH_STR_NBLW
#endif
#ifndef STM32_HASH_TIMEOUT #ifndef STM32_HASH_TIMEOUT
#define STM32_HASH_TIMEOUT 0xFFFF #define STM32_HASH_TIMEOUT 0xFFFF
@ -93,19 +91,30 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
#ifndef NO_AES #ifndef NO_AES
#if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4)) defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \
defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7))
/* Hardware supports AES GCM acceleration */ /* Hardware supports AES GCM acceleration */
#define STM32_CRYPTO_AES_GCM #define STM32_CRYPTO_AES_GCM
#endif #endif
#if defined(WOLFSSL_STM32WB)
#define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
#define CRYP AES1
#define STM32_HAL_V2
#endif
#if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5)
#ifdef WOLFSSL_STM32L4 #ifdef WOLFSSL_STM32L4
#define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
#endif
#define CRYP AES #define CRYP AES
#ifndef CRYP_AES_GCM
#define CRYP_AES_GCM CRYP_AES_GCM_GMAC
#endif
#endif #endif
/* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */
#if !defined(STM32_HAL_V2) && \ #if !defined(STM32_HAL_V2) && defined(CRYP_AES_GCM) && \
defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM) (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7))
#define STM32_HAL_V2 #define STM32_HAL_V2
#endif #endif
@ -122,7 +131,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
struct Aes; struct Aes;
#ifdef WOLFSSL_STM32_CUBEMX #ifdef WOLFSSL_STM32_CUBEMX
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp); int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp);
#else /* STD_PERI_LIB */ #else /* Standard Peripheral Library */
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit, int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit,
CRYP_KeyInitTypeDef* keyInit); CRYP_KeyInitTypeDef* keyInit);
#endif /* WOLFSSL_STM32_CUBEMX */ #endif /* WOLFSSL_STM32_CUBEMX */
@ -131,12 +140,25 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
#endif /* STM32_CRYPTO */ #endif /* STM32_CRYPTO */
#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)
int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #ifdef WOLFSSL_SP_MATH
word32 hashlen, int* res, ecc_key* key); struct sp_int;
#define MATH_INT_T struct sp_int
int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng, #elif defined(USE_FAST_MATH)
ecc_key* key, mp_int *r, mp_int *s); struct fp_int;
#define MATH_INT_T struct fp_int
#else
struct mp_int;
#define MATH_INT_T struct mp_int
#endif #endif
struct ecc_key;
struct WC_RNG;
int stm32_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash,
word32 hashlen, int* res, struct ecc_key* key);
int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, struct WC_RNG* rng,
struct ecc_key* key, MATH_INT_T *r, MATH_INT_T *s);
#endif /* WOLFSSL_STM32_PKA && HAVE_ECC */
#endif /* _WOLFPORT_STM32_H_ */ #endif /* _WOLFPORT_STM32_H_ */

View File

@ -219,7 +219,7 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*);
#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN #define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN #define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN #define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN #define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN #define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN #define wc_FreeRng(rng) (void)NOT_COMPILED_IN
#endif #endif

View File

@ -23,7 +23,13 @@
\file wolfssl/wolfcrypt/rsa.h \file wolfssl/wolfcrypt/rsa.h
*/ */
/*
DESCRIPTION
This library provides the interface to the RSA.
RSA keys can be used to encrypt, decrypt, sign and verify data.
*/
#ifndef WOLF_CRYPT_RSA_H #ifndef WOLF_CRYPT_RSA_H
#define WOLF_CRYPT_RSA_H #define WOLF_CRYPT_RSA_H
@ -280,8 +286,9 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
RsaKey*, word32); RsaKey*, word32);
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
const byte* e, word32 eSz, RsaKey* key); const byte* e, word32 eSz, RsaKey* key);
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); #ifdef WOLFSSL_KEY_GEN
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
#endif
#ifdef WC_RSA_BLINDING #ifdef WC_RSA_BLINDING
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);

View File

@ -62,6 +62,9 @@
/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */ /* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
/* #define MICROCHIP_TCPIP */ /* #define MICROCHIP_TCPIP */
/* Uncomment next line if using above Microchip TCP/IP defines with BSD API */
/* #define MICROCHIP_TCPIP_BSD_API */
/* Uncomment next line if using PIC32MZ Crypto Engine */ /* Uncomment next line if using PIC32MZ Crypto Engine */
/* #define WOLFSSL_MICROCHIP_PIC32MZ */ /* #define WOLFSSL_MICROCHIP_PIC32MZ */
@ -209,10 +212,16 @@
/* Uncomment next line if using RENESAS RX64N */ /* Uncomment next line if using RENESAS RX64N */
/* #define WOLFSSL_RENESAS_RX65N */ /* #define WOLFSSL_RENESAS_RX65N */
/* Uncomment next line if using Solaris OS*/
/* #define WOLFSSL_SOLARIS */
#include <libwolfssl/wolfcrypt/visibility.h> #include <libwolfssl/wolfcrypt/visibility.h>
#ifdef WOLFSSL_USER_SETTINGS #ifdef WOLFSSL_USER_SETTINGS
#include "user_settings.h" #include "user_settings.h"
#elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
/* STM Configuration File (generated by CubeMX) */
#include "wolfSSL.wolfSSL_conf.h"
#endif #endif
@ -292,7 +301,7 @@
#endif #endif
#endif #endif
#if defined(WOLFSSL_RENESAS_RA6M3G) #if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3)
/* settings in user_settings.h */ /* settings in user_settings.h */
#endif #endif
@ -337,7 +346,9 @@
/* #define WOLFSSL_MICROCHIP_PIC32MZ */ /* #define WOLFSSL_MICROCHIP_PIC32MZ */
#define SIZEOF_LONG_LONG 8 #define SIZEOF_LONG_LONG 8
#define SINGLE_THREADED #define SINGLE_THREADED
#ifndef MICROCHIP_TCPIP_BSD_API
#define WOLFSSL_USER_IO #define WOLFSSL_USER_IO
#endif
#define NO_WRITEV #define NO_WRITEV
#define NO_DEV_RANDOM #define NO_DEV_RANDOM
#define NO_FILESYSTEM #define NO_FILESYSTEM
@ -375,6 +386,16 @@
#endif #endif
#endif #endif
#ifdef WOLFSSL_ATECC508A
/* backwards compatibility */
#ifndef WOLFSSL_ATECC_NO_ECDH_ENC
#define WOLFSSL_ATECC_ECDH_ENC
#endif
#ifdef WOLFSSL_ATECC508A_DEBUG
#define WOLFSSL_ATECC_DEBUG
#endif
#endif
#ifdef MBED #ifdef MBED
#define WOLFSSL_USER_IO #define WOLFSSL_USER_IO
#define NO_FILESYSTEM #define NO_FILESYSTEM
@ -601,7 +622,6 @@
#ifdef WOLFSSL_NRF5x #ifdef WOLFSSL_NRF5x
#define SIZEOF_LONG 4 #define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8 #define SIZEOF_LONG_LONG 8
#define NO_ASN_TIME
#define NO_DEV_RANDOM #define NO_DEV_RANDOM
#define NO_FILESYSTEM #define NO_FILESYSTEM
#define NO_MAIN_DRIVER #define NO_MAIN_DRIVER
@ -609,7 +629,6 @@
#define SINGLE_THREADED #define SINGLE_THREADED
#define USE_FAST_MATH #define USE_FAST_MATH
#define TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT
#define USE_WOLFSSL_MEMORY
#define WOLFSSL_NRF51 #define WOLFSSL_NRF51
#define WOLFSSL_USER_IO #define WOLFSSL_USER_IO
#define NO_SESSION_CACHE #define NO_SESSION_CACHE
@ -900,6 +919,19 @@ extern void uITRON4_free(void *p) ;
#define TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT
#endif #endif
/* To support storing some of the large constant tables in flash memory rather than SRAM.
Useful for processors that have limited SRAM, such as the AVR family of microtrollers. */
#ifdef WOLFSSL_USE_FLASHMEM
/* This is supported on the avr-gcc compiler, for more information see:
https://gcc.gnu.org/onlinedocs/gcc/Named-Address-Spaces.html */
#define FLASH_QUALIFIER __flash
/* Copy data out of flash memory and into SRAM */
#define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size))
#else
#define FLASH_QUALIFIER
#endif
#ifdef FREESCALE_MQX_5_0 #ifdef FREESCALE_MQX_5_0
/* use normal Freescale MQX port, but with minor changes for 5.0 */ /* use normal Freescale MQX port, but with minor changes for 5.0 */
#define FREESCALE_MQX #define FREESCALE_MQX
@ -1187,7 +1219,8 @@ extern void uITRON4_free(void *p) ;
#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
defined(WOLFSSL_STM32L4) defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7)
#define SIZEOF_LONG_LONG 8 #define SIZEOF_LONG_LONG 8
#ifndef CHAR_BIT #ifndef CHAR_BIT
@ -1208,7 +1241,8 @@ extern void uITRON4_free(void *p) ;
#undef STM32_CRYPTO #undef STM32_CRYPTO
#define STM32_CRYPTO #define STM32_CRYPTO
#ifdef WOLFSSL_STM32L4 #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
defined(WOLFSSL_STM32WB)
#define NO_AES_192 /* hardware does not support 192-bit */ #define NO_AES_192 /* hardware does not support 192-bit */
#endif #endif
#endif #endif
@ -1221,8 +1255,12 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#define NO_OLD_RNGNAME #define NO_OLD_RNGNAME
#ifdef WOLFSSL_STM32_CUBEMX #ifdef WOLFSSL_STM32_CUBEMX
#if defined(WOLFSSL_STM32F2) #if defined(WOLFSSL_STM32F1)
#include "stm32f1xx_hal.h"
#elif defined(WOLFSSL_STM32F2)
#include "stm32f2xx_hal.h" #include "stm32f2xx_hal.h"
#elif defined(WOLFSSL_STM32L5)
#include "stm32l5xx_hal.h"
#elif defined(WOLFSSL_STM32L4) #elif defined(WOLFSSL_STM32L4)
#include "stm32l4xx_hal.h" #include "stm32l4xx_hal.h"
#elif defined(WOLFSSL_STM32F4) #elif defined(WOLFSSL_STM32F4)
@ -1231,6 +1269,10 @@ extern void uITRON4_free(void *p) ;
#include "stm32f7xx_hal.h" #include "stm32f7xx_hal.h"
#elif defined(WOLFSSL_STM32F1) #elif defined(WOLFSSL_STM32F1)
#include "stm32f1xx_hal.h" #include "stm32f1xx_hal.h"
#elif defined(WOLFSSL_STM32H7)
#include "stm32h7xx_hal.h"
#elif defined(WOLFSSL_STM32WB)
#include "stm32wbxx_hal.h"
#endif #endif
#if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
#include "stm32l4xx_ll_rng.h" #include "stm32l4xx_ll_rng.h"
@ -1256,6 +1298,14 @@ extern void uITRON4_free(void *p) ;
#ifdef STM32_HASH #ifdef STM32_HASH
#include "stm32f4xx_hash.h" #include "stm32f4xx_hash.h"
#endif #endif
#elif defined(WOLFSSL_STM32L5)
#include "stm32l5xx.h"
#ifdef STM32_CRYPTO
#include "stm32l5xx_cryp.h"
#endif
#ifdef STM32_HASH
#include "stm32l5xx_hash.h"
#endif
#elif defined(WOLFSSL_STM32L4) #elif defined(WOLFSSL_STM32L4)
#include "stm32l4xx.h" #include "stm32l4xx.h"
#ifdef STM32_CRYPTO #ifdef STM32_CRYPTO
@ -1266,11 +1316,14 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#elif defined(WOLFSSL_STM32F7) #elif defined(WOLFSSL_STM32F7)
#include "stm32f7xx.h" #include "stm32f7xx.h"
#elif defined(WOLFSSL_STM32H7)
#include "stm32h7xx.h"
#elif defined(WOLFSSL_STM32F1) #elif defined(WOLFSSL_STM32F1)
#include "stm32f1xx.h" #include "stm32f1xx.h"
#endif #endif
#endif /* WOLFSSL_STM32_CUBEMX */ #endif /* WOLFSSL_STM32_CUBEMX */
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */ #endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
#ifdef WOLFSSL_DEOS #ifdef WOLFSSL_DEOS
#include <deos.h> #include <deos.h>
#include <timeout.h> #include <timeout.h>
@ -1400,6 +1453,22 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#endif /* MICRIUM */ #endif /* MICRIUM */
#if defined(sun) || defined(__sun)
# if defined(__SVR4) || defined(__svr4__)
/* Solaris */
#ifndef WOLFSSL_SOLARIS
#define WOLFSSL_SOLARIS
#endif
# else
/* SunOS */
# endif
#endif
#ifdef WOLFSSL_SOLARIS
/* Avoid naming clash with fp_zero from math.h > ieefp.h */
#define WOLFSSL_DH_CONST
#endif
#ifdef WOLFSSL_MCF5441X #ifdef WOLFSSL_MCF5441X
#define BIG_ENDIAN_ORDER #define BIG_ENDIAN_ORDER
#ifndef SIZEOF_LONG #ifndef SIZEOF_LONG
@ -2196,6 +2265,21 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_NO_CONSTCHARCONST #define WOLFSSL_NO_CONSTCHARCONST
#endif #endif
/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */
#if defined(HAVE_FIPS) && !defined(HAVE_FIPS_VERSION)
#undef WC_RSA_PSS
#undef WOLFSSL_TLS13
#endif
/* For FIPSv2 make sure the ECDSA encoding allows extra bytes
* but make sure users consider enabling it */
#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
/* ECDSA length checks off by default for CAVP testing
* consider enabling strict checks in production */
#define NO_STRICT_ECDSA_LEN
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */

View File

@ -101,6 +101,8 @@ enum {
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ #elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#elif defined(WOLFSSL_PSOC6_CRYPTO)
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
#else #else
/* Sha digest */ /* Sha digest */

View File

@ -126,6 +126,8 @@ enum {
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ #elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#elif defined(WOLFSSL_PSOC6_CRYPTO)
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
#else #else
/* wc_Sha256 digest */ /* wc_Sha256 digest */
@ -142,6 +144,7 @@ struct wc_Sha256 {
word32 loLen; /* length in bytes */ word32 loLen; /* length in bytes */
word32 hiLen; /* length in bytes */ word32 hiLen; /* length in bytes */
void* heap; void* heap;
#endif
#ifdef WOLFSSL_PIC32MZ_HASH #ifdef WOLFSSL_PIC32MZ_HASH
hashUpdCache cache; /* cache for updates */ hashUpdCache cache; /* cache for updates */
#endif #endif
@ -150,7 +153,7 @@ struct wc_Sha256 {
#endif /* WOLFSSL_ASYNC_CRYPT */ #endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef WOLFSSL_SMALL_STACK_CACHE #ifdef WOLFSSL_SMALL_STACK_CACHE
word32* W; word32* W;
#endif #endif /* !FREESCALE_LTC_SHA && !STM32_HASH_SHA2 */
#ifdef WOLFSSL_DEVCRYPTO_HASH #ifdef WOLFSSL_DEVCRYPTO_HASH
WC_CRYPTODEV ctx; WC_CRYPTODEV ctx;
byte* msg; byte* msg;
@ -168,7 +171,6 @@ struct wc_Sha256 {
int devId; int devId;
void* devCtx; /* generic crypto callback context */ void* devCtx; /* generic crypto callback context */
#endif #endif
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
word32 flags; /* enum wc_HashFlags in hash.h */ word32 flags; /* enum wc_HashFlags in hash.h */
#endif #endif

View File

@ -58,7 +58,8 @@ enum {
WC_SHA3_512_DIGEST_SIZE = 64, WC_SHA3_512_DIGEST_SIZE = 64,
WC_SHA3_512_COUNT = 9, WC_SHA3_512_COUNT = 9,
#ifndef HAVE_SELFTEST #if !defined(HAVE_SELFTEST) || \
defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2)
/* These values are used for HMAC, not SHA-3 directly. /* These values are used for HMAC, not SHA-3 directly.
* They come from from FIPS PUB 202. */ * They come from from FIPS PUB 202. */
WC_SHA3_224_BLOCK_SIZE = 144, WC_SHA3_224_BLOCK_SIZE = 144,

View File

@ -31,6 +31,7 @@
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
#if defined(HAVE_FIPS) && \ #if defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
#include <libwolfssl/wolfcrypt/fips.h> #include <libwolfssl/wolfcrypt/fips.h>
@ -111,6 +112,8 @@ enum {
#ifdef WOLFSSL_IMX6_CAAM #ifdef WOLFSSL_IMX6_CAAM
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#elif defined (WOLFSSL_PSOC6_CRYPTO)
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
#else #else
/* wc_Sha512 digest */ /* wc_Sha512 digest */
struct wc_Sha512 { struct wc_Sha512 {
@ -153,6 +156,7 @@ WOLFSSL_LOCAL void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
WOLFSSL_API int wc_InitSha512(wc_Sha512*); WOLFSSL_API int wc_InitSha512(wc_Sha512*);
WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int); WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int);
WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32); WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32);

View File

@ -37,7 +37,9 @@
#if defined(_MSC_VER) #if defined(_MSC_VER)
#define SP_NOINLINE __declspec(noinline) #define SP_NOINLINE __declspec(noinline)
#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || defined(__KEIL__) #elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
#define SP_NOINLINE _Pragma("inline = never")
#elif defined(__GNUC__) || defined(__KEIL__)
#define SP_NOINLINE __attribute__((noinline)) #define SP_NOINLINE __attribute__((noinline))
#else #else
#define SP_NOINLINE #define SP_NOINLINE
@ -141,7 +143,18 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ); int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ);
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym); int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym);
#endif /*ifdef WOLFSSL_HAVE_SP_ECC */ #ifdef WOLFSSL_SP_NONBLOCK
int sp_ecc_sign_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
mp_int* rm, mp_int* sm, mp_int* km, void* heap);
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY,
mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
int sp_ecc_sign_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
mp_int* rm, mp_int* sm, mp_int* km, void* heap);
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY,
mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* WOLFSSL_HAVE_SP_ECC */
#ifdef __cplusplus #ifdef __cplusplus

View File

@ -19,7 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/*
DESCRIPTION
This library provides single precision (SP) integer math functions.
*/
#ifndef WOLF_CRYPT_SP_INT_H #ifndef WOLF_CRYPT_SP_INT_H
#define WOLF_CRYPT_SP_INT_H #define WOLF_CRYPT_SP_INT_H
@ -60,6 +64,7 @@
typedef int32 sp_digit; typedef int32 sp_digit;
typedef uint32 sp_int_digit; typedef uint32 sp_int_digit;
typedef uint64 sp_int_word; typedef uint64 sp_int_word;
typedef int64 sp_int_sword;
#undef SP_WORD_SIZE #undef SP_WORD_SIZE
#define SP_WORD_SIZE 32 #define SP_WORD_SIZE 32
#elif !defined(WOLFSSL_SP_ASM) #elif !defined(WOLFSSL_SP_ASM)
@ -67,6 +72,7 @@
typedef int32_t sp_digit; typedef int32_t sp_digit;
typedef uint32_t sp_int_digit; typedef uint32_t sp_int_digit;
typedef uint64_t sp_int_word; typedef uint64_t sp_int_word;
typedef int64_t sp_int_sword;
#elif SP_WORD_SIZE == 64 #elif SP_WORD_SIZE == 64
typedef int64_t sp_digit; typedef int64_t sp_digit;
typedef uint64_t sp_int_digit; typedef uint64_t sp_int_digit;
@ -78,6 +84,7 @@
typedef long int128_t __attribute__ ((mode(TI))); typedef long int128_t __attribute__ ((mode(TI)));
#endif #endif
typedef uint128_t sp_int_word; typedef uint128_t sp_int_word;
typedef int128_t sp_int_sword;
#else #else
#error Word size not defined #error Word size not defined
#endif #endif
@ -86,6 +93,7 @@
typedef uint32_t sp_digit; typedef uint32_t sp_digit;
typedef uint32_t sp_int_digit; typedef uint32_t sp_int_digit;
typedef uint64_t sp_int_word; typedef uint64_t sp_int_word;
typedef int64_t sp_int_sword;
#elif SP_WORD_SIZE == 64 #elif SP_WORD_SIZE == 64
typedef uint64_t sp_digit; typedef uint64_t sp_digit;
typedef uint64_t sp_int_digit; typedef uint64_t sp_int_digit;
@ -97,6 +105,7 @@
typedef long int128_t __attribute__ ((mode(TI))); typedef long int128_t __attribute__ ((mode(TI)));
#endif #endif
typedef uint128_t sp_int_word; typedef uint128_t sp_int_word;
typedef int128_t sp_int_sword;
#else #else
#error Word size not defined #error Word size not defined
#endif #endif
@ -104,6 +113,17 @@
#define SP_MASK (sp_digit)(-1) #define SP_MASK (sp_digit)(-1)
#if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)
typedef struct sp_ecc_ctx {
#ifdef WOLFSSL_SP_384
byte data[48*80]; /* stack data */
#else
byte data[32*80]; /* stack data */
#endif
} sp_ecc_ctx_t;
#endif
#ifdef WOLFSSL_SP_MATH #ifdef WOLFSSL_SP_MATH
#include <libwolfssl/wolfcrypt/random.h> #include <libwolfssl/wolfcrypt/random.h>
@ -169,9 +189,10 @@ typedef sp_int_digit mp_digit;
MP_API int sp_init(sp_int* a); MP_API int sp_init(sp_int* a);
MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d, MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d,
sp_int* e, sp_int* f); sp_int* e, sp_int* f);
MP_API void sp_free(sp_int* a);
MP_API void sp_clear(sp_int* a); MP_API void sp_clear(sp_int* a);
MP_API int sp_unsigned_bin_size(sp_int* a); MP_API int sp_unsigned_bin_size(sp_int* a);
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz); MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz);
MP_API int sp_read_radix(sp_int* a, const char* in, int radix); MP_API int sp_read_radix(sp_int* a, const char* in, int radix);
MP_API int sp_cmp(sp_int* a, sp_int* b); MP_API int sp_cmp(sp_int* a, sp_int* b);
MP_API int sp_count_bits(sp_int* a); MP_API int sp_count_bits(sp_int* a);
@ -211,7 +232,6 @@ MP_API void sp_rshb(sp_int* a, int n, sp_int* r);
MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r); MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r);
#define MP_OKAY 0
#define MP_NO 0 #define MP_NO 0
#define MP_YES 1 #define MP_YES 1
@ -221,15 +241,17 @@ MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r);
#define MP_EQ 0 #define MP_EQ 0
#define MP_LT -1 #define MP_LT -1
#define MP_OKAY 0
#define MP_MEM -2 #define MP_MEM -2
#define MP_VAL -3 #define MP_VAL -3
#define FP_WOULDBLOCK -4
#define DIGIT_BIT SP_WORD_SIZE #define DIGIT_BIT SP_WORD_SIZE
#define MP_MASK SP_MASK #define MP_MASK SP_MASK
#define CheckFastMathSettings() 1 #define CheckFastMathSettings() 1
#define mp_free(a) #define mp_free sp_free
#define mp_isodd sp_isodd #define mp_isodd sp_isodd
#define mp_iseven sp_iseven #define mp_iseven sp_iseven

View File

@ -432,7 +432,7 @@ MP_API void fp_free(fp_int* a);
/* set to a small digit */ /* set to a small digit */
void fp_set(fp_int *a, fp_digit b); void fp_set(fp_int *a, fp_digit b);
void fp_set_int(fp_int *a, unsigned long b); int fp_set_int(fp_int *a, unsigned long b);
/* check if a bit is set */ /* check if a bit is set */
int fp_is_bit_set(fp_int *a, fp_digit b); int fp_is_bit_set(fp_int *a, fp_digit b);
@ -459,7 +459,7 @@ void fp_rshd(fp_int *a, int x);
void fp_rshb(fp_int *a, int x); void fp_rshb(fp_int *a, int x);
/* left shift x digits */ /* left shift x digits */
void fp_lshd(fp_int *a, int x); int fp_lshd(fp_int *a, int x);
/* signed comparison */ /* signed comparison */
int fp_cmp(fp_int *a, fp_int *b); int fp_cmp(fp_int *a, fp_int *b);
@ -470,19 +470,22 @@ int fp_cmp_mag(fp_int *a, fp_int *b);
/* power of 2 operations */ /* power of 2 operations */
void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d); void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d);
void fp_mod_2d(fp_int *a, int b, fp_int *c); void fp_mod_2d(fp_int *a, int b, fp_int *c);
void fp_mul_2d(fp_int *a, int b, fp_int *c); int fp_mul_2d(fp_int *a, int b, fp_int *c);
void fp_2expt (fp_int *a, int b); void fp_2expt (fp_int *a, int b);
void fp_mul_2(fp_int *a, fp_int *c); int fp_mul_2(fp_int *a, fp_int *c);
void fp_div_2(fp_int *a, fp_int *c); void fp_div_2(fp_int *a, fp_int *c);
/* c = a / 2 (mod b) - constant time (a < b and positive) */
int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c);
/* Counts the number of lsbs which are zero before the first zero bit */ /* Counts the number of lsbs which are zero before the first zero bit */
int fp_cnt_lsb(fp_int *a); int fp_cnt_lsb(fp_int *a);
/* c = a + b */ /* c = a + b */
void fp_add(fp_int *a, fp_int *b, fp_int *c); int fp_add(fp_int *a, fp_int *b, fp_int *c);
/* c = a - b */ /* c = a - b */
void fp_sub(fp_int *a, fp_int *b, fp_int *c); int fp_sub(fp_int *a, fp_int *b, fp_int *c);
/* c = a * b */ /* c = a * b */
int fp_mul(fp_int *a, fp_int *b, fp_int *c); int fp_mul(fp_int *a, fp_int *b, fp_int *c);
@ -500,13 +503,13 @@ int fp_mod(fp_int *a, fp_int *b, fp_int *c);
int fp_cmp_d(fp_int *a, fp_digit b); int fp_cmp_d(fp_int *a, fp_digit b);
/* c = a + b */ /* c = a + b */
void fp_add_d(fp_int *a, fp_digit b, fp_int *c); int fp_add_d(fp_int *a, fp_digit b, fp_int *c);
/* c = a - b */ /* c = a - b */
int fp_sub_d(fp_int *a, fp_digit b, fp_int *c); int fp_sub_d(fp_int *a, fp_digit b, fp_int *c);
/* c = a * b */ /* c = a * b */
void fp_mul_d(fp_int *a, fp_digit b, fp_int *c); int fp_mul_d(fp_int *a, fp_digit b, fp_int *c);
/* a/b => cb + d == a */ /* a/b => cb + d == a */
/*int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d);*/ /*int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d);*/
@ -530,6 +533,12 @@ int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* d = a + b (mod c) */ /* d = a + b (mod c) */
int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* d = a - b (mod c) - constant time (a < c and b < c) */
int fp_submod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* d = a + b (mod c) - constant time (a < c and b < c) */
int fp_addmod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* c = a * a (mod b) */ /* c = a * a (mod b) */
int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c); int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c);
@ -549,10 +558,11 @@ int fp_montgomery_setup(fp_int *a, fp_digit *mp);
/* computes a = B**n mod b without division or multiplication useful for /* computes a = B**n mod b without division or multiplication useful for
* normalizing numbers in a Montgomery system. * normalizing numbers in a Montgomery system.
*/ */
void fp_montgomery_calc_normalization(fp_int *a, fp_int *b); int fp_montgomery_calc_normalization(fp_int *a, fp_int *b);
/* computes x/R == x (mod N) via Montgomery Reduction */ /* computes x/R == x (mod N) via Montgomery Reduction */
int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
int fp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, int ct);
/* d = a**b (mod c) */ /* d = a**b (mod c) */
int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
@ -637,7 +647,7 @@ int fp_count_bits(fp_int *a);
int fp_leading_bit(fp_int *a); int fp_leading_bit(fp_int *a);
int fp_unsigned_bin_size(fp_int *a); int fp_unsigned_bin_size(fp_int *a);
void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c); int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c);
int fp_to_unsigned_bin(fp_int *a, unsigned char *b); int fp_to_unsigned_bin(fp_int *a, unsigned char *b);
int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c); int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c);
int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b); int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b);
@ -652,7 +662,7 @@ int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b);
/* VARIOUS LOW LEVEL STUFFS */ /* VARIOUS LOW LEVEL STUFFS */
void s_fp_add(fp_int *a, fp_int *b, fp_int *c); int s_fp_add(fp_int *a, fp_int *b, fp_int *c);
void s_fp_sub(fp_int *a, fp_int *b, fp_int *c); void s_fp_sub(fp_int *a, fp_int *b, fp_int *c);
void fp_reverse(unsigned char *s, int len); void fp_reverse(unsigned char *s, int len);
@ -728,6 +738,7 @@ int fp_sqr_comba64(fp_int *a, fp_int *b);
#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX) #define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX)
MP_API int mp_init (mp_int * a); MP_API int mp_init (mp_int * a);
MP_API int mp_init_copy(fp_int * a, fp_int * b);
MP_API void mp_clear (mp_int * a); MP_API void mp_clear (mp_int * a);
MP_API void mp_free (mp_int * a); MP_API void mp_free (mp_int * a);
MP_API void mp_forcezero (mp_int * a); MP_API void mp_forcezero (mp_int * a);
@ -743,6 +754,8 @@ MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d); MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c); MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c);
MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c); MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
MP_API int mp_invmod_mont_ct(mp_int *a, mp_int *b, mp_int *c, fp_digit mp); MP_API int mp_invmod_mont_ct(mp_int *a, mp_int *b, mp_int *c, fp_digit mp);
@ -791,9 +804,11 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size);
#ifdef HAVE_ECC #ifdef HAVE_ECC
MP_API int mp_sqr(fp_int *a, fp_int *b); MP_API int mp_sqr(fp_int *a, fp_int *b);
MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
MP_API int mp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp,
int ct);
MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho); MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho);
MP_API int mp_div_2(fp_int * a, fp_int * b); MP_API int mp_div_2(fp_int * a, fp_int * b);
MP_API int mp_init_copy(fp_int * a, fp_int * b); MP_API int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c);
#endif #endif
#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA) || \ #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA) || \

View File

@ -22,7 +22,12 @@
/*! /*!
\file wolfssl/wolfcrypt/types.h \file wolfssl/wolfcrypt/types.h
*/ */
/*
DESCRIPTION
This library defines the primitive data types and abstraction macros to
decouple library dependencies with standard string, memory and so on.
*/
#ifndef WOLF_CRYPT_TYPES_H #ifndef WOLF_CRYPT_TYPES_H
#define WOLF_CRYPT_TYPES_H #define WOLF_CRYPT_TYPES_H
@ -342,9 +347,9 @@
#else #else
/* just use plain C stdlib stuff if desired */ /* just use plain C stdlib stuff if desired */
#include <stdlib.h> #include <stdlib.h>
#define XMALLOC(s, h, t) malloc((s)) #define XMALLOC(s, h, t) malloc((size_t)(s))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
#define XREALLOC(p, n, h, t) realloc((p), (n)) #define XREALLOC(p, n, h, t) realloc((p), (size_t)(n))
#endif #endif
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
&& !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \

View File

@ -28,24 +28,33 @@
#define WOLF_CRYPT_ENCRYPT_H #define WOLF_CRYPT_ENCRYPT_H
#include <libwolfssl/wolfcrypt/types.h> #include <libwolfssl/wolfcrypt/types.h>
#include <libwolfssl/wolfcrypt/aes.h> #ifndef NO_AES
#include <libwolfssl/wolfcrypt/chacha.h> #include <libwolfssl/wolfcrypt/aes.h>
#include <libwolfssl/wolfcrypt/des3.h> #endif
#include <libwolfssl/wolfcrypt/arc4.h> #ifdef HAVE_CHACHA
#include <libwolfssl/wolfcrypt/chacha.h>
#endif
#ifndef NO_DES3
#include <libwolfssl/wolfcrypt/des3.h>
#endif
#ifndef NO_RC4
#include <libwolfssl/wolfcrypt/arc4.h>
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/* determine max cipher key size */ /* determine max cipher key size - cannot use enum values here, must be define,
* since WC_MAX_SYM_KEY_SIZE is used in if macro logic. */
#ifndef NO_AES #ifndef NO_AES
#define WC_MAX_SYM_KEY_SIZE (AES_MAX_KEY_SIZE/8) #define WC_MAX_SYM_KEY_SIZE (AES_MAX_KEY_SIZE/8)
#elif defined(HAVE_CHACHA) #elif defined(HAVE_CHACHA)
#define WC_MAX_SYM_KEY_SIZE CHACHA_MAX_KEY_SZ #define WC_MAX_SYM_KEY_SIZE 32 /* CHACHA_MAX_KEY_SZ */
#elif !defined(NO_DES3) #elif !defined(NO_DES3)
#define WC_MAX_SYM_KEY_SIZE DES3_KEY_SIZE #define WC_MAX_SYM_KEY_SIZE 24 /* DES3_KEY_SIZE */
#elif !defined(NO_RC4) #elif !defined(NO_RC4)
#define WC_MAX_SYM_KEY_SIZE RC4_KEY_SIZE #define WC_MAX_SYM_KEY_SIZE 16 /* RC4_KEY_SIZE */
#else #else
#define WC_MAX_SYM_KEY_SIZE 32 #define WC_MAX_SYM_KEY_SIZE 32
#endif #endif

View File

@ -6,7 +6,7 @@
* *
* wolfSSL is free software; you can redistribute it and/or modify * wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* wolfSSL is distributed in the hope that it will be useful, * wolfSSL is distributed in the hope that it will be useful,

View File

@ -156,9 +156,11 @@
#else #else
#ifndef SINGLE_THREADED #ifndef SINGLE_THREADED
#ifndef WOLFSSL_USER_MUTEX
#define WOLFSSL_PTHREADS #define WOLFSSL_PTHREADS
#include <pthread.h> #include <pthread.h>
#endif #endif
#endif
#if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \ #if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \
!defined(NO_FILESYSTEM) !defined(NO_FILESYSTEM)
#include <unistd.h> /* for close of BIO */ #include <unistd.h> /* for close of BIO */
@ -238,6 +240,8 @@
typedef struct k_mutex wolfSSL_Mutex; typedef struct k_mutex wolfSSL_Mutex;
#elif defined(WOLFSSL_TELIT_M2MB) #elif defined(WOLFSSL_TELIT_M2MB)
typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex; typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex;
#elif defined(WOLFSSL_USER_MUTEX)
/* typedef User_Mutex wolfSSL_Mutex; */
#else #else
#error Need a mutex type in multithreaded mode #error Need a mutex type in multithreaded mode
#endif /* USE_WINDOWS_API */ #endif /* USE_WINDOWS_API */
@ -245,7 +249,7 @@
/* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */ /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */
#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \ #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \
defined(STM32_CRYPTO) defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG)
#ifndef WOLFSSL_CRYPT_HW_MUTEX #ifndef WOLFSSL_CRYPT_HW_MUTEX
#define WOLFSSL_CRYPT_HW_MUTEX 1 #define WOLFSSL_CRYPT_HW_MUTEX 1
#endif #endif
@ -451,6 +455,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define MAX_PATH 256 #define MAX_PATH 256
#endif #endif
WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf,
size_t* bufLen, void* heap);
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \ #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \
!defined(WOLFSSL_NUCLEUS_1_2) !defined(WOLFSSL_NUCLEUS_1_2)
typedef struct ReadDirCtx { typedef struct ReadDirCtx {
@ -553,6 +560,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) #elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
#include <time.h> #include <time.h>
extern time_t pic32_time(time_t* timer);
#define XTIME(t1) pic32_time((t1)) #define XTIME(t1) pic32_time((t1))
#define XGMTIME(c, t) gmtime((c)) #define XGMTIME(c, t) gmtime((c))
@ -683,7 +691,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#endif #endif
#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE) #if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE)
#define USE_WOLF_VALIDDATE #define USE_WOLF_VALIDDATE
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) #define XVALIDATE_DATE(d, f, t) wc_ValidateDate((d), (f), (t))
#endif #endif
/* wolf struct tm and time_t */ /* wolf struct tm and time_t */

View File

@ -19,6 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/*
DESCRIPTION
This library provides big integer math functions.
*/
#ifndef __WOLFMATH_H__ #ifndef __WOLFMATH_H__
#define __WOLFMATH_H__ #define __WOLFMATH_H__

View File

@ -126,6 +126,8 @@
#include <errno.h> #include <errno.h>
#elif defined(WOLFSSL_ZEPHYR) #elif defined(WOLFSSL_ZEPHYR)
#include <net/socket.h> #include <net/socket.h>
#elif defined(MICROCHIP_PIC32)
#include <sys/errno.h>
#elif defined(HAVE_NETX) #elif defined(HAVE_NETX)
#include "nx_api.h" #include "nx_api.h"
#include "errno.h" #include "errno.h"
@ -147,7 +149,6 @@
&& !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \ && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
&& !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS) && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
#include <network.h> #include <network.h>
//#include <sys/socket.h>
//#include <arpa/inet.h> //#include <arpa/inet.h>
//#include <netinet/in.h> //#include <netinet/in.h>
//#include <netdb.h> //#include <netdb.h>
@ -159,7 +160,7 @@
#endif #endif
#endif #endif
#if defined(WOLFSSL_RENESAS_RA6M3G) /* Uses FREERTOS_TCP */ #if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) /* Uses FREERTOS_TCP */
#include <errno.h> #include <errno.h>
#endif #endif

View File

@ -25,6 +25,7 @@
#include "music/SoundHandler.hpp" #include "music/SoundHandler.hpp"
#include "network/gcard.h" #include "network/gcard.h"
#include "unzip/U8Archive.h" #include "unzip/U8Archive.h"
#include "network/proxysettings.h"
// Sounds // Sounds
extern const u8 click_wav[]; extern const u8 click_wav[];
@ -172,6 +173,16 @@ bool CMenu::init(bool usb_mounted)
/* Init Network if wanted for gamercard if it isn't already inited */ /* Init Network if wanted for gamercard if it isn't already inited */
if(has_enabled_providers()) if(has_enabled_providers())
_initAsyncNetwork(); _initAsyncNetwork();
/* Set the proxy settings */
proxyUseSystem = m_cfg.getBool("PROXY", "proxy_use_system", true);
memset(proxyAddress, 0, sizeof(proxyAddress));
strncpy(proxyAddress, m_cfg.getString("PROXY", "proxy_address", "").c_str(), sizeof(proxyAddress) - 1);
proxyPort = m_cfg.getInt("PROXY", "proxy_port", 0);
memset(proxyUsername, 0, sizeof(proxyUsername));
strncpy(proxyUsername, m_cfg.getString("PROXY", "proxy_username", "").c_str(), sizeof(proxyUsername) - 1);
memset(proxyPassword, 0, sizeof(proxyPassword));
strncpy(proxyPassword, m_cfg.getString("PROXY", "proxy_password", "").c_str(), sizeof(proxyPassword) - 1);
getProxyInfo();
/* Set SD only to off if any usb device is attached and format is FAT, NTFS, WBFS, or LINUX */ /* Set SD only to off if any usb device is attached and format is FAT, NTFS, WBFS, or LINUX */
m_cfg.getBool("GENERAL", "sd_only", true);// will only set it true if this doesn't already exist m_cfg.getBool("GENERAL", "sd_only", true);// will only set it true if this doesn't already exist

View File

@ -1196,6 +1196,13 @@ public:
void _hideWaitMessage(); void _hideWaitMessage();
void GC_Messenger(int message, int info, char *cinfo); void GC_Messenger(int message, int info, char *cinfo);
/* proxy settings */
bool proxyUseSystem;
char proxyAddress[256];
u16 proxyPort;
char proxyUsername[34];
char proxyPassword[34];
/* general thread updating stuff */ /* general thread updating stuff */
u64 m_thrdTotal; u64 m_thrdTotal;
void update_pThread(u64 amount, bool add = true); void update_pThread(u64 amount, bool add = true);

View File

@ -3,7 +3,7 @@
#include "channel/nand.hpp" #include "channel/nand.hpp"
#include "loader/nk.h" #include "loader/nk.h"
const int CMenu::_nbCfgPages = 13; const int CMenu::_nbCfgPages = 14;
void CMenu::_hideConfigCommon(bool instant) void CMenu::_hideConfigCommon(bool instant)
{ {

View File

@ -50,15 +50,18 @@ void CMenu::_showConfig7(int curPage)
m_btnMgr.show(m_config7Lbl1); m_btnMgr.show(m_config7Lbl1);
m_btnMgr.show(m_config7Btn1); m_btnMgr.show(m_config7Btn1);
if(curPage != 14)
{
m_btnMgr.show(m_config7Lbl2); m_btnMgr.show(m_config7Lbl2);
m_btnMgr.show(m_config7Btn2); m_btnMgr.show(m_config7Btn2);
m_btnMgr.show(m_config7Lbl3); m_btnMgr.show(m_config7Lbl3);
m_btnMgr.show(m_config7Btn3); m_btnMgr.show(m_config7Btn3);
m_btnMgr.show(m_config7Lbl4); m_btnMgr.show(m_config7Lbl4);
}
if(curPage == 7 || curPage == 11 || curPage == 12 || curPage == 13) if(curPage == 7 || curPage == 11 || curPage == 12 || curPage == 13)
m_btnMgr.show(m_config7Btn4); m_btnMgr.show(m_config7Btn4);
else else if(curPage != 14)
{ {
m_btnMgr.show(m_config7Lbl4Val); m_btnMgr.show(m_config7Lbl4Val);
m_btnMgr.show(m_config7Btn4M); m_btnMgr.show(m_config7Btn4M);
@ -131,7 +134,7 @@ void CMenu::_showConfig7(int curPage)
m_btnMgr.setText(m_config7Lbl4, _t("cfg727", L"Use Plugin Database Titles")); m_btnMgr.setText(m_config7Lbl4, _t("cfg727", L"Use Plugin Database Titles"));
m_btnMgr.setText(m_config7Btn4, m_cfg.getBool(PLUGIN_DOMAIN, "database_titles", true) ? _t("yes", L"Yes") : _t("no", L"No")); m_btnMgr.setText(m_config7Btn4, m_cfg.getBool(PLUGIN_DOMAIN, "database_titles", true) ? _t("yes", L"Yes") : _t("no", L"No"));
} }
else // page 13 else if(curPage == 13)
{ {
m_btnMgr.setText(m_config7Lbl1, _t("cfgg49", L"480p Pixel Patch")); m_btnMgr.setText(m_config7Lbl1, _t("cfgg49", L"480p Pixel Patch"));
m_btnMgr.setText(m_config7Btn1, m_cfg.getBool(WII_DOMAIN, "fix480p", false) ? _t("on", L"On") : _t("off", L"Off")); m_btnMgr.setText(m_config7Btn1, m_cfg.getBool(WII_DOMAIN, "fix480p", false) ? _t("on", L"On") : _t("off", L"Off"));
@ -142,6 +145,11 @@ void CMenu::_showConfig7(int curPage)
m_btnMgr.setText(m_config7Lbl4, _t("cfg724", L"Lock coverflow layouts")); m_btnMgr.setText(m_config7Lbl4, _t("cfg724", L"Lock coverflow layouts"));
m_btnMgr.setText(m_config7Btn4, m_cfg.getBool("general", "cf_locked") ? _t("yes", L"Yes") : _t("no", L"No")); m_btnMgr.setText(m_config7Btn4, m_cfg.getBool("general", "cf_locked") ? _t("yes", L"Yes") : _t("no", L"No"));
} }
else // page 14
{
m_btnMgr.setText(m_config7Lbl1, _t("cfg729", L"Use system proxy settings"));
m_btnMgr.setText(m_config7Btn1, m_cfg.getBool("PROXY", "proxy_use_system") ? _t("on", L"On") : _t("off", L"Off"));
}
} }
int CMenu::_config7(int curPage) int CMenu::_config7(int curPage)
@ -348,6 +356,16 @@ int CMenu::_config7(int curPage)
CFLocked = val; CFLocked = val;
} }
} }
if(curPage == 14)
{
if(m_btnMgr.selected(m_config7Btn1))
{
bool val = !m_cfg.getBool("PROXY", "proxy_use_system");
m_cfg.setBool("PROXY", "proxy_use_system", val);
mainMenu.proxyUseSystem = val;
m_btnMgr.setText(m_config7Btn1, val ? _t("on", L"On") : _t("off", L"Off"));
}
}
} }
} }
if(rand_music != m_cfg.getBool("GENERAL", "randomize_music")) if(rand_music != m_cfg.getBool("GENERAL", "randomize_music"))

171
source/network/base64.h Normal file
View File

@ -0,0 +1,171 @@
/*
https://github.com/superwills/NibbleAndAHalf
base64.h -- Fast base64 encoding and decoding.
version 1.0.0, April 17, 2013 143a
Copyright (C) 2013 William Sherif
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
William Sherif
will.sherif@gmail.com
YWxsIHlvdXIgYmFzZSBhcmUgYmVsb25nIHRvIHVz
*/
#ifndef BASE64_H
#define BASE64_H
#include <stdio.h>
#include <stdlib.h>
static const char* b64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
// maps A=>0,B=>1..
static const unsigned char unb64[]={
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //10
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //20
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //30
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //40
0, 0, 0, 62, 0, 0, 0, 63, 52, 53, //50
54, 55, 56, 57, 58, 59, 60, 61, 0, 0, //60
0, 0, 0, 0, 0, 0, 1, 2, 3, 4, //70
5, 6, 7, 8, 9, 10, 11, 12, 13, 14, //80
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, //90
25, 0, 0, 0, 0, 0, 0, 26, 27, 28, //100
29, 30, 31, 32, 33, 34, 35, 36, 37, 38, //110
39, 40, 41, 42, 43, 44, 45, 46, 47, 48, //120
49, 50, 51, 0, 0, 0, 0, 0, 0, 0, //130
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //140
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //150
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //160
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //170
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //180
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //190
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //200
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //210
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //220
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //230
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //240
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //250
0, 0, 0, 0, 0, 0,
}; // This array has 256 elements
// Converts binary data of length=len to base64 characters.
// Length of the resultant string is stored in flen
// (you must pass pointer flen).
char* base64( const void* binaryData, int len, int *flen )
{
const unsigned char* bin = (const unsigned char*) binaryData;
char* res;
int rc = 0; // result counter
int byteNo; // I need this after the loop
int modulusLen = len % 3;
int pad = ((modulusLen&1)<<1) + ((modulusLen&2)>>1); // 2 gives 1 and 1 gives 2, but 0 gives 0.
*flen = 4*(len + pad)/3;
res = (char*) malloc( *flen + 1 ); // and one for the null
if( !res )
return 0;
for( byteNo = 0; byteNo <= len-3; byteNo+=3 )
{
unsigned char BYTE0=bin[byteNo];
unsigned char BYTE1=bin[byteNo+1];
unsigned char BYTE2=bin[byteNo+2];
res[rc++] = b64[ BYTE0 >> 2 ];
res[rc++] = b64[ ((0x3&BYTE0)<<4) + (BYTE1 >> 4) ];
res[rc++] = b64[ ((0x0f&BYTE1)<<2) + (BYTE2>>6) ];
res[rc++] = b64[ 0x3f&BYTE2 ];
}
if( pad==2 )
{
res[rc++] = b64[ bin[byteNo] >> 2 ];
res[rc++] = b64[ (0x3&bin[byteNo])<<4 ];
res[rc++] = '=';
res[rc++] = '=';
}
else if( pad==1 )
{
res[rc++] = b64[ bin[byteNo] >> 2 ];
res[rc++] = b64[ ((0x3&bin[byteNo])<<4) + (bin[byteNo+1] >> 4) ];
res[rc++] = b64[ (0x0f&bin[byteNo+1])<<2 ];
res[rc++] = '=';
}
res[rc]=0; // NULL TERMINATOR!;)
return res;
}
unsigned char* unbase64( const char* ascii, int len, int *flen )
{
const unsigned char *safeAsciiPtr = (const unsigned char*)ascii;
unsigned char *bin;
int cb=0;
int charNo;
int pad = 0;
if ((len <= 0) || (len % 4 != 0)) { // 2 accesses below would be OOB.
// catch empty string or incorrect padding size, return NULL as result.
*flen=0;
return 0;
}
if( safeAsciiPtr[ len-1 ]=='=' ) ++pad;
if( safeAsciiPtr[ len-2 ]=='=' ) ++pad;
*flen = 3*len/4 - pad;
bin = (unsigned char*)malloc( *flen );
if( !bin )
return 0;
for( charNo=0; charNo <= len - 4 - pad; charNo+=4 )
{
int A=unb64[safeAsciiPtr[charNo]];
int B=unb64[safeAsciiPtr[charNo+1]];
int C=unb64[safeAsciiPtr[charNo+2]];
int D=unb64[safeAsciiPtr[charNo+3]];
bin[cb++] = (A<<2) | (B>>4);
bin[cb++] = (B<<4) | (C>>2);
bin[cb++] = (C<<6) | (D);
}
if( pad==1 )
{
int A=unb64[safeAsciiPtr[charNo]];
int B=unb64[safeAsciiPtr[charNo+1]];
int C=unb64[safeAsciiPtr[charNo+2]];
bin[cb++] = (A<<2) | (B>>4);
bin[cb++] = (B<<4) | (C>>2);
}
else if( pad==2 )
{
int A=unb64[safeAsciiPtr[charNo]];
int B=unb64[safeAsciiPtr[charNo+1]];
bin[cb++] = (A<<2) | (B>>4);
}
return bin;
}
#endif

View File

@ -1,77 +1,112 @@
// Code by blackb0x @ GBAtemp.net /*
// This allows the Wii to download from servers that use SNI. Code by blackb0x @ GBAtemp.net
This allows the Wii to download from servers that use SNI.
#include <stdio.h> */
#include <stdlib.h>
#include <string.h>
#include <network.h> #include <network.h>
#include <ogc/lwp_watchdog.h> #include <ogc/lwp_watchdog.h>
#include <unistd.h>
#include "https.h" #include "base64.h"
#include "gecko/gecko.hpp" #include "gecko/gecko.hpp"
#include "picohttpparser.h" #include "https.h"
#include "memory/mem2.hpp" #include "memory/mem2.hpp"
#include "proxysettings.h"
u8 loop; u8 loop;
WOLFSSL_SESSION *session; WOLFSSL_SESSION *session;
int https_write(HTTP_INFO *httpinfo, char *buffer, int len) int https_write(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy)
{ {
int ret, slen = 0; int ret, pos = 0;
while (1) int rlen = (len > BLOCK_SIZE) ? BLOCK_SIZE : len;
u64 time = gettime();
while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT)
{ {
if (httpinfo->use_https) if (httpinfo->use_https && !proxy)
ret = wolfSSL_write(httpinfo->ssl, &buffer[slen], len - slen); ret = wolfSSL_write(httpinfo->ssl, &buffer[pos], rlen);
else else
ret = net_write(httpinfo->sock, &buffer[slen], len - slen); ret = net_write(httpinfo->sock, &buffer[pos], rlen);
if (ret > 0)
if (ret == 0)
continue;
else if (ret <= 0)
return ret; // Timeout would return -1
slen += ret;
if (slen >= len)
break;
}
return slen;
}
int https_read(HTTP_INFO *httpinfo, char *buffer, int len)
{
struct pollsd fds[1];
fds[0].socket = httpinfo->sock;
fds[0].events = POLLIN;
net_fcntl(httpinfo->sock, F_SETFL, 4);
switch (net_poll(fds, 1, READ_WRITE_TIMEOUT))
{ {
case -1: pos += ret;
rlen = (len - pos > BLOCK_SIZE) ? BLOCK_SIZE : len - pos;
if (pos >= len)
return pos;
time = gettime();
}
usleep(10000);
}
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("net_poll error\n"); gprintf("The connection timed out (write)\n");
#endif
return -1;
case 0:
#ifdef DEBUG_NETWORK
gprintf("The connection timed out\n");
#endif #endif
return -ETIMEDOUT; return -ETIMEDOUT;
default: }
net_fcntl(httpinfo->sock, F_SETFL, 0);
if (len > 8192) int https_read(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy)
len = 8192; // 16KB is the max on a Wii, but 8KB is safe {
if (httpinfo->use_https) int ret = -ETIMEDOUT;
return wolfSSL_read(httpinfo->ssl, buffer, len); u64 time = gettime();
return net_read(httpinfo->sock, buffer, len); if (len > BLOCK_SIZE)
len = BLOCK_SIZE;
while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT)
{
if (httpinfo->use_https && !proxy)
ret = wolfSSL_read(httpinfo->ssl, buffer, len);
else
ret = net_read(httpinfo->sock, buffer, len);
if (ret >= 0)
return ret;
usleep(10000);
} }
#ifdef DEBUG_NETWORK
gprintf("The connection timed out (read)\n");
#endif
return -ETIMEDOUT;
}
int send_callback(__attribute__((unused)) WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int sent = net_write(*(int *)ctx, buf, sz);
if (sent < 0)
{
if (sent == -EAGAIN)
return WOLFSSL_CBIO_ERR_WANT_WRITE;
else if (sent == -ECONNRESET)
return WOLFSSL_CBIO_ERR_CONN_RST;
else if (sent == -EINTR)
return WOLFSSL_CBIO_ERR_ISR;
else if (sent == -EPIPE)
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
else
return WOLFSSL_CBIO_ERR_GENERAL;
}
return sent;
}
int recv_callback(__attribute__((unused)) WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int recvd = net_read(*(int *)ctx, buf, sz);
if (recvd < 0)
{
if (recvd == -EAGAIN)
return WOLFSSL_CBIO_ERR_WANT_READ;
else if (recvd == -ECONNRESET)
return WOLFSSL_CBIO_ERR_CONN_RST;
else if (recvd == -EINTR)
return WOLFSSL_CBIO_ERR_ISR;
else if (recvd == -ECONNABORTED)
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
else
return WOLFSSL_CBIO_ERR_GENERAL;
}
else if (recvd == 0)
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
return recvd;
} }
void https_close(HTTP_INFO *httpinfo) void https_close(HTTP_INFO *httpinfo)
{ {
if (httpinfo->use_https) if (httpinfo->use_https)
{ {
if (wolfSSL_shutdown(httpinfo->ssl) == SSL_SHUTDOWN_NOT_DONE)
wolfSSL_shutdown(httpinfo->ssl); wolfSSL_shutdown(httpinfo->ssl);
wolfSSL_free(httpinfo->ssl); wolfSSL_free(httpinfo->ssl);
wolfSSL_CTX_free(httpinfo->ctx); wolfSSL_CTX_free(httpinfo->ctx);
@ -82,33 +117,42 @@ void https_close(HTTP_INFO *httpinfo)
#endif #endif
} }
u8 get_header_value(struct phr_header *headers, size_t num_headers, char *dst, char *header) bool get_header_value(struct phr_header *headers, size_t num_headers, char *dst, char *header)
{ {
for (size_t i = 0; i != num_headers; ++i) for (size_t i = 0; i != num_headers; ++i)
{ {
if (strncasecmp(header, headers[i].name, headers[i].name_len) == 0) if (strncasecmp(header, headers[i].name, headers[i].name_len) == 0)
{ {
strlcpy(dst, headers[i].value, headers[i].value_len + 1); strlcpy(dst, headers[i].value, headers[i].value_len + 1);
return 1; return true;
} }
} }
return 0; return false;
} }
u8 is_chunked(struct phr_header *headers, size_t num_headers) u64 get_header_value_int(struct phr_header *headers, size_t num_headers, char *header)
{ {
char encoding[10] = {}; char header_value[30];
if (!get_header_value(headers, num_headers, header_value, header))
return 0;
return strtoull(header_value, NULL, 0);
}
bool is_chunked(struct phr_header *headers, size_t num_headers)
{
char encoding[9];
if (!get_header_value(headers, num_headers, encoding, "transfer-encoding")) if (!get_header_value(headers, num_headers, encoding, "transfer-encoding"))
return 0; return false;
return (strcasecmp(encoding, "chunked") == 0) ? 1 : 0; return (strcasecmp(encoding, "chunked") == 0) ? true : false;
} }
u8 read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) bool read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
{ {
struct phr_chunked_decoder decoder = {}; struct phr_chunked_decoder decoder = {0};
size_t capacity = 4096, rsize; size_t rsize, capacity = 4096;
ssize_t rret, pret; ssize_t pret;
decoder.consume_trailer = 1; int ret;
decoder.consume_trailer = true;
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("Data is chunked\n"); gprintf("Data is chunked\n");
#endif #endif
@ -122,39 +166,32 @@ u8 read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
capacity *= 2; capacity *= 2;
buffer->data = MEM2_realloc(buffer->data, capacity); buffer->data = MEM2_realloc(buffer->data, capacity);
} }
while ((rret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos)) == -1 && errno == EINTR) if ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos, false)) < 1)
; return false;
if (rret <= 0) rsize = ret;
{
#ifdef DEBUG_NETWORK
gprintf("IO error\n");
#endif
return 0;
}
rsize = rret;
pret = phr_decode_chunked(&decoder, &buffer->data[start_pos], &rsize); pret = phr_decode_chunked(&decoder, &buffer->data[start_pos], &rsize);
if (pret == -1) if (pret == -1)
{ {
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("Parse error\n"); gprintf("Parse error\n");
#endif #endif
return 0; return false;
} }
start_pos += rsize; start_pos += rsize;
} while (pret == -2); } while (pret == -2);
buffer->size = start_pos; buffer->size = start_pos;
buffer->data = MEM2_realloc(buffer->data, buffer->size); buffer->data = MEM2_realloc(buffer->data, buffer->size);
return 1; return true;
} }
u8 read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) bool read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
{ {
size_t capacity = 4096; size_t capacity = 4096;
ssize_t ret; int ret;
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("Data is not chunked\n"); gprintf("Data is not chunked\n");
#endif #endif
while (1) while (true)
{ {
if (start_pos == capacity) if (start_pos == capacity)
{ {
@ -164,79 +201,133 @@ u8 read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
capacity *= 2; capacity *= 2;
buffer->data = MEM2_realloc(buffer->data, capacity); buffer->data = MEM2_realloc(buffer->data, capacity);
} }
while ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos)) == -1 && errno == EINTR) if ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos, false)) == 0)
;
if (ret == 0)
break; break;
if (ret < 0) if (ret < 0)
return 0; return false;
start_pos += ret; start_pos += ret;
}; };
buffer->size = start_pos; buffer->size = start_pos;
buffer->data = MEM2_realloc(buffer->data, buffer->size); buffer->data = MEM2_realloc(buffer->data, buffer->size);
return 1; return (buffer->content_length > 0 && buffer->content_length == start_pos) ? true : false;
}
bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy)
{
int rret, minor_version;
size_t msg_len, prevbuflen;
const char *msg;
while (true)
{
if ((rret = https_read(httpinfo, &resp->data[resp->buflen], 1, proxy)) < 1)
return false;
prevbuflen = resp->buflen;
resp->buflen += rret;
// Parse the response
resp->num_headers = sizeof(resp->headers) / sizeof(resp->headers[0]);
if ((resp->pret = phr_parse_response(resp->data, resp->buflen, &minor_version, &resp->status, &msg, &msg_len, resp->headers, &resp->num_headers, prevbuflen)) > 0)
return true; // Successfully parsed the response
else if (resp->pret == -1)
{
#ifdef DEBUG_NETWORK
gprintf("pret error %i\n", resp->pret);
#endif
return false;
}
if (resp->buflen == sizeof(resp->data))
{
#ifdef DEBUG_NETWORK
gprintf("buflen error %lu\n", (unsigned long)resp->buflen);
#endif
return false;
}
}
return false;
}
bool check_ip(char *str)
{
int partA, partB, partC, partD;
char extra;
// We avoid using regex because it increases the file size
return (sscanf(str, "%d.%d.%d.%d%c", &partA, &partB, &partC, &partD, &extra) == 4) ? true : false;
}
bool connect_proxy(HTTP_INFO *httpinfo, char *host, char *username, char *password)
{
HTTP_RESPONSE response = {0};
char request[500];
char credentials[65];
char *auth;
int len;
if (username && password)
{
if(!snprintf(credentials, sizeof(credentials), "%s:%s", username, password))
return false;
if(!(auth = base64(credentials, strlen(credentials), &len)))
return false;
len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nProxy-Authorization: Basic %s\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80, auth);
free(auth);
}
else
len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80);
if (len > 0 && https_write(httpinfo, request, len, true) != len)
return false;
if (get_response(httpinfo, &response, true))
{
if (response.status == 200)
return true;
}
return false;
} }
int connect(char *host, u16 port) int connect(char *host, u16 port)
{ {
struct sockaddr_in sin; struct sockaddr_in sin;
s32 sock, ret; s32 sock, ret;
u64 t; u32 ipaddress;
u64 time;
u32 ipaddress = getipbynamecached(host); #ifdef DEBUG_NETWORK
if (ipaddress == 0) gprintf("Connecting to %s", host);
return -1; #endif
if ((ipaddress = check_ip(host) ? inet_addr(host) : getipbynamecached(host)) == 0)
sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP); return -EFAULT;
if (sock < 0)
return sock;
memset(&sin, 0, sizeof(struct sockaddr_in));
sin.sin_family = AF_INET; sin.sin_family = AF_INET;
sin.sin_port = htons(port); sin.sin_port = htons(port);
sin.sin_addr.s_addr = ipaddress; sin.sin_addr.s_addr = ipaddress;
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("Connecting to %s (%s)\n", host, inet_ntoa(sin.sin_addr)); if (!check_ip(host))
gprintf(" (%s)", inet_ntoa(sin.sin_addr));
#endif #endif
if ((sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP)) < 0)
return sock;
net_fcntl(sock, F_SETFL, 4); net_fcntl(sock, F_SETFL, 4);
t = gettime(); time = gettime();
while (1) while (ticks_to_millisecs(diff_ticks(time, gettime())) < CONNECT_TIMEOUT)
{ {
if (ticks_to_millisecs(diff_ticks(t, gettime())) > TCP_CONNECT_TIMEOUT) if ((ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin))) < 0)
{
#ifdef DEBUG_NETWORK
gprintf("The connection timed out\n");
#endif
net_close(sock);
return -ETIMEDOUT;
}
ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin));
if (ret < 0)
{ {
if (ret == -EISCONN) if (ret == -EISCONN)
break; return sock;
if (ret == -EINPROGRESS || ret == -EALREADY) if (ret == -EINPROGRESS || ret == -EALREADY)
{ {
usleep(20 * 1000); usleep(10000);
continue; continue;
} }
net_close(sock); net_close(sock);
return ret; return ret;
} }
break;
} }
net_fcntl(sock, F_SETFL, 0); net_close(sock);
return sock; return -ETIMEDOUT;
} }
void downloadfile(const char *url, struct download *buffer) void downloadfile(const char *url, struct download *buffer)
{ {
HTTP_INFO httpinfo; HTTP_INFO httpinfo = {0};
memset(&httpinfo, 0, sizeof(HTTP_INFO));
// Always reset the size due to the image downloader looping // Always reset the size due to the image downloader looping
buffer->size = 0; buffer->size = 0;
// Check if we're using HTTPS and set the path // Check if we're using HTTPS and set the path
char *path; char *path;
if (strncmp(url, "https://", 8) == 0) if (strncmp(url, "https://", 8) == 0)
@ -250,33 +341,53 @@ void downloadfile(const char *url, struct download *buffer)
path = strchr(url + 7, '/'); path = strchr(url + 7, '/');
} }
else else
return; // Prevents uninitialized warning return;
if (path == NULL) if (path == NULL)
return; return;
// Get the host // Get the host
int domainlength = path - url - 7 - httpinfo.use_https; int domainlength = path - url - 7 - httpinfo.use_https;
char host[domainlength + 1]; char host[domainlength + 1];
strlcpy(host, url + 7 + httpinfo.use_https, domainlength + 1); strlcpy(host, url + 7 + httpinfo.use_https, domainlength + 1);
// Start connecting // Start connecting
if ((httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80)) < 0) if (getProxyAddress() && getProxyPort() > 0)
httpinfo.sock = connect(getProxyAddress(), getProxyPort());
else
httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80);
if (httpinfo.sock < 0)
{ {
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("Failed to connect to %s\n", host); if (httpinfo.sock == -ETIMEDOUT)
gprintf("\nFailed to connect (timed out)\n");
else
gprintf("\nFailed to connect (%i)\n", httpinfo.sock);
#endif #endif
return; return;
} }
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
else gprintf("\nConnected\n");
gprintf("Connected\n");
#endif #endif
// Connect to a web proxy without credentials
if (getProxyAddress() && getProxyPort() > 0)
{
if (!connect_proxy(&httpinfo, host, getProxyUsername(), getProxyPassword()))
{
#ifdef DEBUG_NETWORK
gprintf("Failed to connect to proxy (%s:%i)\n", getProxyAddress(), getProxyPort());
#endif
https_close(&httpinfo);
return;
}
session = NULL; // Resume doesn't work with a proxy
#ifdef DEBUG_NETWORK
gprintf("Proxy is ready to receive\n");
#endif
}
// Setup for HTTPS if it's necessary
if (httpinfo.use_https) if (httpinfo.use_https)
{ {
// Create a new SSL context // Create a new SSL context
// wolfSSLv23_client_method() works, but resume would require further changes // wolfSSLv23_client_method() works but resume would require further changes
if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
{ {
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
@ -296,6 +407,9 @@ void downloadfile(const char *url, struct download *buffer)
https_close(&httpinfo); https_close(&httpinfo);
return; return;
} }
// Custom I/O is essential due to how libogc handles errors
wolfSSL_SetIOSend(httpinfo.ctx, send_callback);
wolfSSL_SetIORecv(httpinfo.ctx, recv_callback);
// Create a new wolfSSL session // Create a new wolfSSL session
if ((httpinfo.ssl = wolfSSL_new(httpinfo.ctx)) == NULL) if ((httpinfo.ssl = wolfSSL_new(httpinfo.ctx)) == NULL)
{ {
@ -323,7 +437,10 @@ void downloadfile(const char *url, struct download *buffer)
session = NULL; session = NULL;
} }
// Initiate a handshake // Initiate a handshake
if (wolfSSL_connect(httpinfo.ssl) != SSL_SUCCESS) u64 time = gettime();
while (true)
{
if (ticks_to_millisecs(diff_ticks(time, gettime())) > CONNECT_TIMEOUT)
{ {
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("SSL handshake failed\n"); gprintf("SSL handshake failed\n");
@ -331,6 +448,10 @@ void downloadfile(const char *url, struct download *buffer)
https_close(&httpinfo); https_close(&httpinfo);
return; return;
} }
if (wolfSSL_connect(httpinfo.ssl) == SSL_SUCCESS)
break;
usleep(10000);
}
// Check if we resumed successfully // Check if we resumed successfully
if (session != NULL && !wolfSSL_session_reused(httpinfo.ssl)) if (session != NULL && !wolfSSL_session_reused(httpinfo.ssl))
{ {
@ -348,15 +469,13 @@ void downloadfile(const char *url, struct download *buffer)
gprintf("Using: %s - %s\n", wolfSSL_get_version(httpinfo.ssl), wolfSSL_CIPHER_get_name(cipher)); gprintf("Using: %s - %s\n", wolfSSL_get_version(httpinfo.ssl), wolfSSL_CIPHER_get_name(cipher));
#endif #endif
} }
// Send our request // Send our request
char request[2200]; char request[2300];
char isgecko[36] = "Cookie: challenge=BitMitigate.com\r\n"; char isgecko[36] = "Cookie: challenge=BitMitigate.com\r\n";
int ret, len; int ret, len;
if (strcmp(host, "www.geckocodes.org") != 0) if (strncmp(host, "www.geckocodes.org", 18) != 0)
memset(isgecko, 0, sizeof(isgecko)); // Not geckocodes, so don't set a cookie memset(isgecko, 0, sizeof(isgecko)); // Not geckocodes, so don't set a cookie
len = snprintf(request, sizeof(request),
len = snprintf(request, 2200,
"GET %s HTTP/1.1\r\n" "GET %s HTTP/1.1\r\n"
"Host: %s\r\n" "Host: %s\r\n"
"User-Agent: WiiFlow-Lite\r\n" "User-Agent: WiiFlow-Lite\r\n"
@ -365,7 +484,7 @@ void downloadfile(const char *url, struct download *buffer)
"Pragma: no-cache\r\n" "Pragma: no-cache\r\n"
"Cache-Control: no-cache\r\n\r\n", "Cache-Control: no-cache\r\n\r\n",
path, host, isgecko); path, host, isgecko);
if ((ret = https_write(&httpinfo, request, len)) != len) if ((ret = https_write(&httpinfo, request, len, false)) != len)
{ {
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("https_write error: %i\n", ret); gprintf("https_write error: %i\n", ret);
@ -373,7 +492,6 @@ void downloadfile(const char *url, struct download *buffer)
https_close(&httpinfo); https_close(&httpinfo);
return; return;
} }
// Check if we want a response // Check if we want a response
if (buffer->skip_response) if (buffer->skip_response)
{ {
@ -383,56 +501,15 @@ void downloadfile(const char *url, struct download *buffer)
https_close(&httpinfo); https_close(&httpinfo);
return; return;
} }
// Get the response // Get the response
char response[4096]; HTTP_RESPONSE response = {0};
struct phr_header headers[100]; if (!get_response(&httpinfo, &response, false))
int pret, minor_version, status, dl_valid;
size_t buflen = 0, prevbuflen = 0, num_headers, msg_len;
ssize_t rret;
const char *msg;
while (1)
{ {
// Read the response
while ((rret = https_read(&httpinfo, &response[buflen], 1)) == -1 && errno == EINTR)
;
if (rret <= 0)
{
#ifdef DEBUG_NETWORK
gprintf("rret error %i\n", rret);
#endif
https_close(&httpinfo); https_close(&httpinfo);
return; return;
} }
prevbuflen = buflen;
buflen += rret;
// Parse the response
num_headers = sizeof(headers) / sizeof(headers[0]);
pret = phr_parse_response(response, buflen, &minor_version, &status, &msg, &msg_len, headers, &num_headers, prevbuflen);
if (pret > 0)
break; // Successfully parsed the response
else if (pret == -1)
{
#ifdef DEBUG_NETWORK
gprintf("pret error %i\n", pret);
#endif
https_close(&httpinfo);
return;
}
// Response is incomplete so continue the loop
if (buflen == sizeof(response))
{
#ifdef DEBUG_NETWORK
gprintf("buflen error %i\n", buflen);
#endif
https_close(&httpinfo);
return;
}
}
// The website wants to redirect us // The website wants to redirect us
if (status == 301 || status == 302) if (response.status == 301 || response.status == 302)
{ {
https_close(&httpinfo); https_close(&httpinfo);
if (loop == REDIRECT_LIMIT) if (loop == REDIRECT_LIMIT)
@ -443,8 +520,8 @@ void downloadfile(const char *url, struct download *buffer)
return; return;
} }
loop++; loop++;
char location[2100] = {}; char location[2049];
if (!get_header_value(headers, num_headers, location, "location")) if (!get_header_value(response.headers, response.num_headers, location, "location"))
return; return;
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("Redirect #%i - %s\n", loop, location); gprintf("Redirect #%i - %s\n", loop, location);
@ -455,17 +532,21 @@ void downloadfile(const char *url, struct download *buffer)
// It's not 301 or 302, so reset the loop // It's not 301 or 302, so reset the loop
loop = 0; loop = 0;
// We got what we wanted // We got what we wanted
if (status == 200) if (response.status == 200)
{ {
buffer->data = MEM2_alloc(4096); buffer->data = MEM2_alloc(4096);
memcpy(buffer->data, &response[pret], buflen - pret); memcpy(buffer->data, &response.data[response.pret], response.buflen - response.pret);
// Determine how to read the data // Determine how to read the data
if (is_chunked(headers, num_headers)) bool dl_valid;
dl_valid = read_chunked(&httpinfo, buffer, buflen - pret); if (is_chunked(response.headers, response.num_headers))
dl_valid = read_chunked(&httpinfo, buffer, response.buflen - response.pret);
else else
dl_valid = read_all(&httpinfo, buffer, buflen - pret); {
buffer->content_length = get_header_value_int(response.headers, response.num_headers, "content-length");
dl_valid = read_all(&httpinfo, buffer, response.buflen - response.pret);
}
// Check if the download is incomplete // Check if the download is incomplete
if (!dl_valid || buffer->size <= 0) if (!dl_valid || buffer->size < 1)
{ {
buffer->size = 0; buffer->size = 0;
MEM2_free(buffer->data); MEM2_free(buffer->data);
@ -481,16 +562,17 @@ void downloadfile(const char *url, struct download *buffer)
// Finished // Finished
https_close(&httpinfo); https_close(&httpinfo);
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("Download size: %llu\n", buffer->size); gprintf("Download size: %llu\n", (long long)buffer->size);
gprintf("Headers:\n"); gprintf("------------- HEADERS -------------\n");
for (size_t i = 0; i != num_headers; ++i) for (size_t i = 0; i != response.num_headers; ++i)
gprintf("%.*s: %.*s\n", (int)headers[i].name_len, headers[i].name, (int)headers[i].value_len, headers[i].value); gprintf("%.*s: %.*s\n", (int)response.headers[i].name_len, response.headers[i].name, (int)response.headers[i].value_len, response.headers[i].value);
gprintf("------------ COMPLETED ------------\n");
#endif #endif
return; return;
} }
// Close on all other status codes // Close on all other status codes
#ifdef DEBUG_NETWORK #ifdef DEBUG_NETWORK
gprintf("Status code: %i - %s\n", status, url); gprintf("Status code: %i - %s\n", response.status, url);
#endif #endif
https_close(&httpinfo); https_close(&httpinfo);
} }

View File

@ -1,11 +1,14 @@
// Code by blackb0x @ GBAtemp.net /*
// This allows the Wii to download from servers that use SNI. Code by blackb0x @ GBAtemp.net
This allows the Wii to download from servers that use SNI.
*/
#ifndef _HTTPS_H_ #ifndef _HTTPS_H_
#define _HTTPS_H_ #define _HTTPS_H_
#include <libwolfssl/ssl.h> #include <libwolfssl/ssl.h>
#include "dns.h" #include "dns.h"
#include "picohttpparser.h"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
@ -14,16 +17,28 @@ extern "C"
// #define DEBUG_NETWORK // #define DEBUG_NETWORK
#define REDIRECT_LIMIT 3 #define REDIRECT_LIMIT 3
#define TCP_CONNECT_TIMEOUT 5000 #define CONNECT_TIMEOUT 10000
#define READ_WRITE_TIMEOUT 5000 #define READ_WRITE_TIMEOUT 20000
#define BLOCK_SIZE 8192
struct download struct download
{ {
u8 skip_response; // Used by WiinnerTag bool skip_response; // Used by WiinnerTag
u64 content_length;
u64 size; u64 size;
char *data; char *data;
}; };
typedef struct
{
int status;
int pret;
size_t num_headers;
size_t buflen;
struct phr_header headers[100];
char data[4096];
} HTTP_RESPONSE;
typedef struct typedef struct
{ {
u8 use_https; u8 use_https;

View File

@ -355,10 +355,12 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
ADVANCE_TOKEN(*method, *method_len); ADVANCE_TOKEN(*method, *method_len);
do { do {
++buf; ++buf;
CHECK_EOF();
} while (*buf == ' '); } while (*buf == ' ');
ADVANCE_TOKEN(*path, *path_len); ADVANCE_TOKEN(*path, *path_len);
do { do {
++buf; ++buf;
CHECK_EOF();
} while (*buf == ' '); } while (*buf == ' ');
if (*method_len == 0 || *path_len == 0) { if (*method_len == 0 || *path_len == 0) {
*ret = -1; *ret = -1;
@ -422,6 +424,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
} }
do { do {
++buf; ++buf;
CHECK_EOF();
} while (*buf == ' '); } while (*buf == ' ');
/* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */ /* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */
if (buf_end - buf < 4) { if (buf_end - buf < 4) {
@ -437,7 +440,8 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
if (*msg_len == 0) { if (*msg_len == 0) {
/* ok */ /* ok */
} else if (**msg == ' ') { } else if (**msg == ' ') {
/* remove preceding space */ /* Remove preceding space. Successful return from `get_token_to_eol` guarantees that we would hit something other than SP
* before running past the end of the given buffer. */
do { do {
++*msg; ++*msg;
--*msg_len; --*msg_len;

View File

@ -0,0 +1,73 @@
#include <ogcsys.h>
#include <ogc/isfs.h>
#include <string.h>
#include "proxysettings.h"
#include "menu/menu.hpp"
#define ALIGN32(x) (((x) + 31) & ~31)
bool proxy_enabled;
char proxy_address[256];
u16 proxy_port;
char proxy_username[33];
char proxy_password[33];
void getProxyInfo()
{
char *buffer;
int fd = ISFS_Open("/shared2/sys/net/02/config.dat", ISFS_OPEN_READ);
if (fd >= 0)
{
fstats stats ATTRIBUTE_ALIGN(32) = {};
if(ISFS_GetFileStats(fd, &stats) >= 0)
{
if (stats.file_length > 0)
{
buffer = (char*)MEM2_alloc(ALIGN32(stats.file_length));
if (buffer)
{
if(ISFS_Read(fd, buffer, stats.file_length) == 7004)
{
proxy_enabled = buffer[44];
strncpy(proxy_address, buffer + 48, sizeof(proxy_address) - 1);
proxy_port = ((buffer[304] & 0xFF) << 8) | (buffer[305] & 0xFF);
strncpy(proxy_username, buffer + 306, sizeof(proxy_username) - 1);
strncpy(proxy_password, buffer + 338, sizeof(proxy_password) - 1);
}
}
MEM2_free(buffer);
}
}
ISFS_Close(fd);
}
}
char* getProxyAddress()
{
if (mainMenu.proxyUseSystem)
return proxy_enabled ? proxy_address : NULL;
return (strlen(mainMenu.proxyAddress) > 6) ? mainMenu.proxyAddress : NULL;
}
u16 getProxyPort()
{
if (mainMenu.proxyUseSystem)
return proxy_enabled ? proxy_port : 0;
return mainMenu.proxyPort;
}
char* getProxyUsername()
{
if (mainMenu.proxyUseSystem)
return proxy_enabled ? proxy_username : NULL;
return (strlen(mainMenu.proxyUsername) > 0) ? mainMenu.proxyUsername : NULL;
}
char* getProxyPassword()
{
if (mainMenu.proxyUseSystem)
return proxy_enabled ? proxy_password : NULL;
return (strlen(mainMenu.proxyPassword) > 0) ? mainMenu.proxyPassword : NULL;
}

View File

@ -0,0 +1,18 @@
#ifndef _PROXYSETTINGS_
#define _PROXYSETTINGS_
#ifdef __cplusplus
extern "C"
{
#endif
void getProxyInfo();
char *getProxyAddress();
u16 getProxyPort();
char *getProxyUsername();
char *getProxyPassword();
#ifdef __cplusplus
}
#endif
#endif /* _PROXYSETTINGS_ */