Add proxy support, fix timeouts & update wolfSSL

This commit is contained in:
wiidev 2020-09-07 21:27:42 +01:00
parent 144e7669ed
commit a80d629859
68 changed files with 3049 additions and 1932 deletions

File diff suppressed because it is too large Load Diff

View File

@ -167,6 +167,8 @@ enum wolfSSL_ErrorCodes {
CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */
SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */
TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */
DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */

View File

@ -72,6 +72,9 @@
#ifndef NO_SHA256
#include <libwolfssl/wolfcrypt/sha256.h>
#endif
#if defined(WOLFSSL_SHA384)
#include <libwolfssl/wolfcrypt/sha512.h>
#endif
#ifdef HAVE_OCSP
#include <libwolfssl/ocsp.h>
#endif
@ -183,9 +186,11 @@
/* do nothing */
#else
#ifndef SINGLE_THREADED
#ifndef WOLFSSL_USER_MUTEX
#define WOLFSSL_PTHREADS
#include <pthread.h>
#endif
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
#include <unistd.h> /* for close of BIO */
#endif
@ -858,11 +863,13 @@
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \
@ -906,7 +913,7 @@
#define BUILD_DES3
#endif
#if defined(NO_AES) || defined(NO_AES_DECRYPT)
#if defined(NO_AES) || !defined(HAVE_AES_DECRYPT)
#define AES_BLOCK_SIZE 16
#undef BUILD_AES
#else
@ -1165,7 +1172,8 @@ enum {
#ifndef MAX_PSK_ID_LEN
/* max psk identity/hint supported */
#if defined(WOLFSSL_TLS13)
#define MAX_PSK_ID_LEN 256
/* OpenSSL has a 1472 byte sessiont ticket */
#define MAX_PSK_ID_LEN 1536
#else
#define MAX_PSK_ID_LEN 128
#endif
@ -1207,19 +1215,6 @@ enum Misc {
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
#ifdef WOLFSSL_TLS13_DRAFT
#ifdef WOLFSSL_TLS13_DRAFT_18
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
#elif defined(WOLFSSL_TLS13_DRAFT_22)
TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */
#elif defined(WOLFSSL_TLS13_DRAFT_23)
TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */
#elif defined(WOLFSSL_TLS13_DRAFT_26)
TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */
#else
TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */
#endif
#endif
OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
NO_COMPRESSION = 0,
@ -1354,11 +1349,22 @@ enum Misc {
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
#else
#if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13)
#if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48
MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE,
#elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32
MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE,
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#else
MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
#endif
#endif
#ifdef HAVE_SELFTEST
#if defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM
AES_IV_SIZE = 16,
@ -1502,7 +1508,7 @@ enum Misc {
/* number of items in the signature algo list */
#ifndef WOLFSSL_MAX_SIGALGO
#define WOLFSSL_MAX_SIGALGO 32
#define WOLFSSL_MAX_SIGALGO 36
#endif
@ -1590,6 +1596,7 @@ enum states {
SERVER_HELLO_COMPLETE,
SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
SERVER_CERT_COMPLETE,
SERVER_CERT_VERIFY_COMPLETE,
SERVER_KEYEXCHANGE_COMPLETE,
SERVER_HELLODONE_COMPLETE,
SERVER_CHANGECIPHERSPEC_COMPLETE,
@ -1657,6 +1664,10 @@ WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
/* for sniffer */
WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 size, word32 totalSz, int sniff);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 size, word32 totalSz, int sniff);
#endif
WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
/* TLS v1.3 needs these */
WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
@ -1688,16 +1699,15 @@ WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
#ifndef NO_CERTS
WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
#ifdef OPENSSL_EXTRA
WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc);
#endif
WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN);
WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc);
#endif
WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* output, int sz);
WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
int ivSz);
WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
#endif
@ -1840,11 +1850,10 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define MAX_DESCRIPTION_SZ 255
#endif
/* wolfSSL Cipher type just points back to SSL */
struct WOLFSSL_CIPHER {
byte cipherSuite0;
byte cipherSuite;
WOLFSSL* ssl;
const WOLFSSL* ssl;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
char description[MAX_DESCRIPTION_SZ];
unsigned long offset;
@ -2015,8 +2024,7 @@ WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
#ifndef NO_CERTS
#if !defined NOCERTS &&\
(!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
typedef struct ProcPeerCertArgs {
buffer* certs;
#ifdef WOLFSSL_TLS13
@ -2132,8 +2140,10 @@ typedef struct Keys {
byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
#endif
#ifdef WOLFSSL_RENESAS_TSIP_TLS
byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret;
tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret;
#endif
} Keys;
@ -2151,13 +2161,14 @@ typedef enum {
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
TLSX_EC_POINT_FORMATS = 0x000b,
#if !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS = 0x000d,
TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */
#endif
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
#endif
TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
TLSX_SESSION_TICKET = 0x0023,
#ifdef WOLFSSL_TLS13
@ -2175,13 +2186,9 @@ typedef enum {
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TLSX_POST_HANDSHAKE_AUTH = 0x0031,
#endif
#if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22)
TLSX_KEY_SHARE = 0x0028,
#else
TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
TLSX_KEY_SHARE = 0x0033,
#endif
#endif
TLSX_RENEGOTIATION_INFO = 0xff01
} TLSX_Type;
@ -2522,7 +2529,6 @@ WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
#ifndef WOLFSSL_TLS13_DRAFT_18
/* Ticket nonce - for deriving PSK.
* Length allowed to be: 1..255. Only support 4 bytes.
*/
@ -2530,7 +2536,6 @@ typedef struct TicketNonce {
byte len;
byte data[MAX_TICKET_NONCE_SZ];
} TicketNonce;
#endif
/* The PreSharedKey extension information - entry in a linked list. */
typedef struct PreSharedKey {
@ -2586,6 +2591,13 @@ enum DeriveKeyType {
update_traffic_key
};
WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl);
WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl);
WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store);
WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl);
WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret);
WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key);
/* The key update request values for KeyUpdate message. */
enum KeyUpdateRequest {
update_not_requested,
@ -2602,6 +2614,14 @@ enum SetCBIO {
};
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
typedef struct {
int keyAlgo;
DerBuffer* key;
} StaticKeyExchangeInfo_t;
#endif
/* wolfSSL context type */
struct WOLFSSL_CTX {
WOLFSSL_METHOD* method;
@ -2710,9 +2730,7 @@ struct WOLFSSL_CTX {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum ECC key size */
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
unsigned long mask; /* store SSL_OP_ flags */
#endif
#ifdef OPENSSL_EXTRA
byte sessionCtx[ID_LEN]; /* app session context ID */
word32 disabledCurves; /* curves disabled by user */
@ -2755,6 +2773,7 @@ struct WOLFSSL_CTX {
wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
#endif
void* psk_ctx;
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
#endif /* HAVE_SESSION_TICKET || !NO_PSK */
#ifdef WOLFSSL_TLS13
@ -2771,7 +2790,7 @@ struct WOLFSSL_CTX {
pem_password_cb* passwd_cb;
void* passwd_userdata;
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
byte readAhead;
@ -2887,6 +2906,9 @@ struct WOLFSSL_CTX {
Srp* srp; /* TLS Secure Remote Password Protocol*/
byte* srp_password;
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
StaticKeyExchangeInfo_t staticKE;
#endif
};
WOLFSSL_LOCAL
@ -2950,7 +2972,6 @@ enum KeyExchangeAlgorithm {
ecc_static_diffie_hellman_kea /* for verify suite only */
};
/* Supported Authentication Schemes */
enum SignatureAlgorithm {
anonymous_sa_algo = 0,
@ -3009,6 +3030,13 @@ enum CipherType { aead };
#define CIPHER_NONCE
#endif
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
enum CipherSrc {
KEYS_NOT_SET = 0,
KEYS, /* keys from ssl->keys are loaded */
SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */
};
#endif
/* cipher for now */
typedef struct Ciphers {
@ -3048,6 +3076,10 @@ typedef struct Ciphers {
#endif
byte state;
byte setup; /* have we set it up flag for detection */
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
enum CipherSrc src; /* DTLS uses this to determine which keys
* are currently loaded */
#endif
} Ciphers;
@ -3149,6 +3181,8 @@ struct WOLFSSL_SESSION {
#ifdef OPENSSL_EXTRA
byte sessionCtxSz; /* sessionCtx length */
byte sessionCtx[ID_LEN]; /* app specific context id */
wolfSSL_Mutex refMutex; /* ref count mutex */
int refCount; /* reference count */
#endif
#ifdef WOLFSSL_TLS13
word16 namedGroup;
@ -3157,10 +3191,8 @@ struct WOLFSSL_SESSION {
#ifdef WOLFSSL_TLS13
word32 ticketSeen; /* Time ticket seen (ms) */
word32 ticketAdd; /* Added by client */
#ifndef WOLFSSL_TLS13_DRAFT_18
TicketNonce ticketNonce; /* Nonce used to derive PSK */
#endif
#endif
#ifdef WOLFSSL_EARLY_DATA
word32 maxEarlyDataSz;
#endif
@ -3171,7 +3203,7 @@ struct WOLFSSL_SESSION {
byte staticTicket[SESSION_TICKET_LEN];
byte isDynamic;
#endif
#ifdef HAVE_EXT_CACHE
#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA)
byte isAlloced;
#endif
#ifdef HAVE_EX_DATA
@ -3185,7 +3217,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
WOLFSSL_LOCAL
int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int);
typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
#ifndef NO_CLIENT_CACHE
WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
@ -3346,8 +3378,9 @@ typedef struct Options {
wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
#endif
void* psk_ctx;
#endif /* NO_PSK */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
unsigned long mask; /* store SSL_OP_ flags */
#endif
@ -3587,15 +3620,15 @@ struct WOLFSSL_X509_NAME {
char staticName[ASN_NAME_MAX];
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_ASN)
DecodedName fullName;
WOLFSSL_X509_NAME_ENTRY cnEntry;
WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
int entrySz; /* number of entries */
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
WOLFSSL_X509* x509; /* x509 that struct belongs to */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
byte raw[ASN_NAME_MAX];
int rawLen;
#endif
void* heap;
};
#ifndef EXTERNAL_SERIAL_SIZE
@ -3741,6 +3774,7 @@ typedef struct DtlsMsg {
byte* msg;
DtlsFrag* fragList;
word32 fragSz; /* Length of fragments received */
word16 epoch; /* Epoch that this message belongs to */
word32 seq; /* Handshake sequence number */
word32 sz; /* Length of whole message */
byte type;
@ -3810,6 +3844,20 @@ typedef struct HS_Hashes {
} HS_Hashes;
#ifndef WOLFSSL_NO_TLS12
/* Persistable BuildMessage arguments */
typedef struct BuildMsgArgs {
word32 digestSz;
word32 sz;
word32 pad;
word32 idx;
word32 headerSz;
word16 size;
word32 ivSz; /* TLSv1.1 IV */
byte* iv;
} BuildMsgArgs;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#define MAX_ASYNC_ARGS 18
typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
@ -3818,6 +3866,7 @@ typedef struct HS_Hashes {
WC_ASYNC_DEV* dev;
FreeArgsCb freeArgs; /* function pointer to cleanup args */
word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
BuildMsgArgs buildArgs; /* holder for current BuildMessage args */
};
#endif
@ -3971,11 +4020,9 @@ struct WOLFSSL {
#endif
word16 pssAlgo;
#ifdef WOLFSSL_TLS13
#if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
* offer */
#endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
#endif
#ifdef HAVE_NTRU
word16 peerNtruKeyLen;
@ -4202,6 +4249,9 @@ struct WOLFSSL {
WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
StaticKeyExchangeInfo_t staticKE;
#endif
};
@ -4221,11 +4271,9 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
int type, WOLFSSL* ssl, int userChain,
WOLFSSL_CRL* crl, int verify);
#ifdef OPENSSL_EXTRA
WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
size_t domainNameLen);
#endif
#endif
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
@ -4333,12 +4381,8 @@ WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
#ifdef WOLFSSL_TLS13
#ifdef WOLFSSL_TLS13_DRAFT_18
WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
#else
WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
#endif
#endif
WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
@ -4464,7 +4508,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
#ifndef WOLFSSL_AEAD_ONLY
WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
word32 sz, int padSz, int content, int verify);
word32 sz, int padSz, int content, int verify, int epochOrder);
#endif
#endif
@ -4486,24 +4530,30 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte,
word32, word32, void*);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,
WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32);
WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32,
byte, word32, word32, void*);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32);
WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType);
WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head);
WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
#endif /* WOLFSSL_DTLS */
#ifndef NO_TLS
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl);
WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order);
#endif
#endif /* NO_TLS */
WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out);
#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
@ -4511,8 +4561,8 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL word32 LowResTimer(void);
#ifndef NO_CERTS
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*);
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
@ -4598,9 +4648,13 @@ WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
#ifndef WOLFSSL_NO_TLS12
WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args);
#endif
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type, int hashOutput,
int sizeOnly, int asyncOkay);
int sizeOnly, int asyncOkay, int epochOrder);
#ifdef WOLFSSL_TLS13
int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,

Binary file not shown.

View File

@ -107,7 +107,7 @@ typedef enum {
} WOLFSSL_ASN1_TYPES;
#define ASN1_SEQUENCE(type) \
static const type __##type##_dummy_struct;\
static type __##type##_dummy_struct;\
static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
#define ASN1_SIMPLE(type, member, member_type) \

View File

@ -33,11 +33,11 @@
#endif
#define BIO_FLAG_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
#define BIO_FLAG_READ WOLFSSL_BIO_FLAG_READ
#define BIO_FLAG_WRITE WOLFSSL_BIO_FLAG_WRITE
#define BIO_FLAG_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL
#define BIO_FLAG_RETRY WOLFSSL_BIO_FLAG_RETRY
#define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
#define BIO_FLAGS_READ WOLFSSL_BIO_FLAG_READ
#define BIO_FLAGS_WRITE WOLFSSL_BIO_FLAG_WRITE
#define BIO_FLAGS_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL
#define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
#define BIO_new_fp wolfSSL_BIO_new_fp
#define BIO_new_file wolfSSL_BIO_new_file

View File

@ -80,6 +80,8 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
unsigned char* sig,
WOLFSSL_DSA* dsa, int *dsacheck);
WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,

View File

@ -148,12 +148,21 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
WOLFSSL_API
int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
WOLFSSL_API
WOLFSSL_EC_KEY *wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY **key, const unsigned char **in,
long len);
WOLFSSL_API
int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
WOLFSSL_API
void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form);
WOLFSSL_API
WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *p,
char form,
WOLFSSL_BIGNUM *in, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_is_on_curve(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *point,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
@ -198,6 +207,8 @@ WOLFSSL_API
int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_dup(const WOLFSSL_EC_GROUP *src);
WOLFSSL_API
int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
WOLFSSL_API
int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
@ -228,11 +239,18 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_BIGNUM *y,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_EC_POINT *p1,
const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_BIGNUM *n,
const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *a,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
WOLFSSL_API
int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
@ -277,6 +295,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name
#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp
#define EC_GROUP_dup wolfSSL_EC_GROUP_dup
#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name
#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree
#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
@ -291,7 +310,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
wolfSSL_EC_POINT_get_affine_coordinates_GFp
#define EC_POINT_set_affine_coordinates_GFp \
wolfSSL_EC_POINT_set_affine_coordinates_GFp
#define EC_POINT_add wolfSSL_EC_POINT_add
#define EC_POINT_mul wolfSSL_EC_POINT_mul
#define EC_POINT_invert wolfSSL_EC_POINT_invert
#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
#define EC_POINT_cmp wolfSSL_EC_POINT_cmp
#define EC_POINT_copy wolfSSL_EC_POINT_copy
@ -304,7 +325,11 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_POINT_point2oct wolfSSL_EC_POINT_point2oct
#define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point
#define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn
#define EC_POINT_is_on_curve wolfSSL_EC_POINT_is_on_curve
#define i2o_ECPublicKey wolfSSL_i2o_ECPublicKey
#define i2d_EC_PUBKEY wolfSSL_i2o_ECPublicKey
#define d2i_ECPrivateKey wolfSSL_d2i_ECPrivateKey
#define i2d_ECPrivateKey wolfSSL_i2d_ECPrivateKey
#define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form
#ifndef HAVE_SELFTEST

View File

@ -356,10 +356,10 @@ struct WOLFSSL_EVP_CIPHER_CTX {
#ifdef HAVE_AESGCM
byte* gcmDecryptBuffer;
int gcmDecryptBufferLen;
#endif
ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
int authTagSz;
#endif
#endif
};
struct WOLFSSL_EVP_PKEY_CTX {
@ -521,6 +521,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key);
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);

View File

@ -72,6 +72,7 @@ WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx,
WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
unsigned int* len);
WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx);
WOLFSSL_API void wolfSSL_HMAC_CTX_cleanup(WOLFSSL_HMAC_CTX* ctx);
WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx);
WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx);
@ -83,6 +84,7 @@ typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
#define HMAC_CTX_init wolfSSL_HMAC_CTX_Init
#define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy
#define HMAC_CTX_free wolfSSL_HMAC_CTX_free
#define HMAC_CTX_cleanup wolfSSL_HMAC_CTX_cleanup
#define HMAC_CTX_reset wolfSSL_HMAC_cleanup
#define HMAC_Init_ex wolfSSL_HMAC_Init_ex
#define HMAC_Init wolfSSL_HMAC_Init

View File

@ -79,6 +79,7 @@ typedef WOLFSSL_X509_NAME X509_NAME;
typedef WOLFSSL_X509_INFO X509_INFO;
typedef WOLFSSL_X509_CHAIN X509_CHAIN;
/* STACK_OF(ASN1_OBJECT) */
typedef WOLFSSL_STACK EXTENDED_KEY_USAGE;
@ -151,6 +152,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data
#define set_ex_data wolfSSL_CRYPTO_set_ex_data
#define get_ex_data wolfSSL_CRYPTO_get_ex_data
#define CRYPTO_memcmp wolfSSL_CRYPTO_memcmp
/* this function was used to set the default malloc, free, and realloc */
#define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */
@ -174,14 +176,15 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio
#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey
#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free
#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp
#define i2d_PUBKEY wolfSSL_i2d_PUBKEY
#define d2i_PUBKEY wolfSSL_d2i_PUBKEY
#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio
#define d2i_PrivateKey wolfSSL_d2i_PrivateKey
#define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey
#define i2d_PrivateKey wolfSSL_i2d_PrivateKey
#define SSL_use_PrivateKey wolfSSL_use_PrivateKey
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
@ -301,6 +304,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_set_connect_state wolfSSL_set_connect_state
#define SSL_set_accept_state wolfSSL_set_accept_state
#define SSL_session_reused wolfSSL_session_reused
#define SSL_SESSION_up_ref wolfSSL_SESSION_up_ref
#define SSL_SESSION_dup wolfSSL_SESSION_dup
#define SSL_SESSION_free wolfSSL_SESSION_free
#define SSL_is_init_finished wolfSSL_is_init_finished
@ -340,8 +344,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define DSA_dup_DH wolfSSL_DSA_dup_DH
/* wolfSSL does not support DSA as the cert public key */
#define EVP_PKEY_get0_DSA(...) NULL
#define DSA_bits(...) 0
#define EVP_PKEY_get0_DSA wolfSSL_EVP_PKEY_get0_DSA
#define DSA_bits wolfSSL_DSA_bits
#define i2d_X509_bio wolfSSL_i2d_X509_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio
@ -374,14 +378,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_digest wolfSSL_X509_digest
#define X509_get_ext_count wolfSSL_X509_get_ext_count
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
#define X509_get_ext wolfSSL_X509_get_ext
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
#define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore
#define X509_get0_notBefore wolfSSL_X509_get_notBefore
#define X509_get_notAfter wolfSSL_X509_get_notAfter
#define X509_get0_notAfter wolfSSL_X509_get_notAfter
#define X509_get_serialNumber wolfSSL_X509_get_serialNumber
#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index
@ -407,9 +416,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_check_private_key wolfSSL_X509_check_private_key
#define X509_check_ca wolfSSL_X509_check_ca
#define X509_check_host wolfSSL_X509_check_host
#define X509_check_ip_asc wolfSSL_X509_check_ip_asc
#define X509_email_free wolfSSL_X509_email_free
#define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup
#define X509_add_ext wolfSSL_X509_add_ext
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
@ -422,7 +433,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_push wolfSSL_sk_X509_push
#define sk_X509_pop wolfSSL_sk_X509_pop
#define sk_X509_pop_free wolfSSL_sk_X509_pop_free
#define sk_X509_dup wolfSSL_sk_X509_dup
#define sk_X509_dup wolfSSL_sk_dup
#define sk_X509_free wolfSSL_sk_X509_free
#define sk_X509_EXTENSION_num wolfSSL_sk_X509_EXTENSION_num
@ -430,7 +441,6 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null
#define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free
#define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push
#define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free
#define X509_INFO_new wolfSSL_X509_INFO_new
#define X509_INFO_free wolfSSL_X509_INFO_free
@ -444,6 +454,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free
#define i2d_X509_NAME wolfSSL_i2d_X509_NAME
#define d2i_X509_NAME wolfSSL_d2i_X509_NAME
#define X509_NAME_new wolfSSL_X509_NAME_new
#define X509_NAME_free wolfSSL_X509_NAME_free
#define X509_NAME_dup wolfSSL_X509_NAME_dup
@ -568,7 +579,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_check_purpose(...) 0
@ -661,6 +671,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
#define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT
#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
@ -850,7 +861,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
/*#if OPENSSL_API_COMPAT < 0x10100000L*/
#define CONF_modules_free()
#define ENGINE_cleanup()
#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup
#define SSL_CTX_need_tmp_RSA(ctx) 0
#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
#define SSL_need_tmp_RSA(ssl) 0
@ -887,14 +897,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find
enum {
GEN_DNS = 0x02, /* ASN_DNS_TYPE */
GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */
GEN_URI = 0x06, /* ASN_URI_TYPE */
GEN_IPADD = 0x07,
GEN_RID = 0x08, /* Registered ID, not supported */
};
#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
@ -910,7 +912,7 @@ enum {
#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero
#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */
#define sk_SSL_CIPHER_dup wolfSSL_sk_SSL_CIPHER_dup
#define sk_SSL_CIPHER_dup wolfSSL_sk_dup
#define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free
#define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find
@ -919,7 +921,6 @@ enum {
#include <libwolfssl/openssl/pem.h>
#define SSL_CTRL_CHAIN 88
#define GEN_IPADD 7
#define ERR_LIB_SSL 20
#define SSL_R_SHORT_READ 10
#define ERR_R_PEM_LIB 9
@ -959,6 +960,7 @@ enum {
#define SSL_num_renegotiations wolfSSL_num_renegotiations
#define SSL_renegotiate wolfSSL_Rehandshake
#define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support
#define SSL_renegotiate_pending wolfSSL_SSL_renegotiate_pending
#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg
#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type
#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts
@ -1227,7 +1229,7 @@ enum {
#define X509_OBJECT_free wolfSSL_X509_OBJECT_free
#define X509_OBJECT_get_type(x) 0
#define OpenSSL_version(x) wolfSSL_lib_version()
#define OpenSSL_version(x) wolfSSL_OpenSSL_version()
#ifdef __cplusplus
} /* extern "C" */

View File

@ -28,6 +28,8 @@
extern "C" {
#endif
#include <libwolfssl/openssl/conf.h>
typedef void (*wolfSSL_sk_freefunc)(void *);
WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);

View File

@ -40,6 +40,7 @@
/* Forward reference */
typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
struct WOLFSSL_v3_ext_method *method,
void *ext, STACK_OF(CONF_VALUE) *extlist);
@ -53,6 +54,7 @@ struct WOLFSSL_v3_ext_method {
int ext_flags;
void *usr_data;
X509V3_EXT_D2I d2i;
X509V3_EXT_I2D i2d;
X509V3_EXT_I2V i2v;
X509V3_EXT_I2S i2s;
X509V3_EXT_I2R i2r;
@ -61,7 +63,7 @@ struct WOLFSSL_v3_ext_method {
struct WOLFSSL_X509_EXTENSION {
WOLFSSL_ASN1_OBJECT *obj;
WOLFSSL_ASN1_BOOLEAN crit;
WOLFSSL_ASN1_STRING value;
ASN1_OCTET_STRING value; /* DER format of extension */
WOLFSSL_v3_ext_method ext_method;
WOLFSSL_STACK* ext_sk; /* For extension specific data */
};
@ -86,7 +88,9 @@ typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;
WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc);
WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void);
WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id);
WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
WOLFSSL_X509_EXTENSION* ex);

View File

@ -49,12 +49,49 @@ SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port,
const char* keyFile, int typeK,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetPrivateKeyBuffer(const char* address, int port,
const char* keyBuf, int keySz,
int typeK, const char* password,
char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name,
const char* address, int port,
const char* keyFile, int typeK,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedPrivateKeyBuffer(const char* name,
const char* address, int port,
const char* keyBuf, int keySz,
int typeK, const char* password,
char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetEphemeralKey(const char* address, int port,
const char* keyFile, int typeKey,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetEphemeralKeyBuffer(const char* address, int port,
const char* keyBuf, int keySz, int typeKey,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedEphemeralKey(const char* name,
const char* address, int port,
const char* keyFile, int typeKey,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_SetNamedEphemeralKeyBuffer(const char* name,
const char* address, int port,
const char* keyBuf, int keySz, int typeKey,
const char* password, char* error);
WOLFSSL_API
SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
unsigned char** data, char* error);

View File

@ -130,6 +130,7 @@
#define NO_DATA_DEST_STR 91
#define STORE_DATA_FAIL_STR 92
#define CHAIN_INPUT_STR 93
#define GOT_ENC_EXT_STR 94
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */

View File

@ -274,7 +274,8 @@ struct WOLFSSL_ASN1_OBJECT {
int ca;
WOLFSSL_ASN1_INTEGER *pathlen;
#endif
unsigned char dynamic; /* if 1 then obj was dynamically created, 0 otherwise */
unsigned char dynamic; /* Use WOLFSSL_ASN1_DYNAMIC and WOLFSSL_ASN1_DYNAMIC_DATA
* to determine what needs to be freed. */
#if defined(WOLFSSL_APACHE_HTTPD)
WOLFSSL_GENERAL_NAME* gn;
@ -506,7 +507,7 @@ struct WOLFSSL_X509_STORE {
int cache; /* stunnel dereference */
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_X509_LOOKUP lookup;
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
int isDynamic;
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
#endif
@ -516,15 +517,15 @@ struct WOLFSSL_X509_STORE {
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
WOLFSSL_X509_CRL *crl;
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL)
WOLFSSL_X509_CRL *crl; /* points to cm->crl */
#endif
};
#ifdef OPENSSL_EXTRA
#define WOLFSSL_NO_WILDCARDS 0x4
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_NO_WILDCARDS 0x4
#define WOLFSSL_HOST_NAME_MAX 256
#define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
struct WOLFSSL_X509_VERIFY_PARAM {
@ -534,7 +535,7 @@ struct WOLFSSL_X509_VERIFY_PARAM {
unsigned int hostFlags;
char ipasc[WOLFSSL_MAX_IPSTR];
};
#endif
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
typedef struct WOLFSSL_ALERT {
int code;
@ -709,11 +710,11 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
#ifdef WOLFSSL_TLS13
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
#endif
@ -861,7 +862,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req);
WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req);
#ifdef WOLFSSL_TLS13
@ -891,10 +892,12 @@ WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
unsigned int sz);
WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*);
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*);
#endif
#endif
WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
int sz, int* outSz);
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
int* outSz);
#endif /* WOLFSSL_EARLY_DATA */
#endif /* WOLFSSL_TLS13 */
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
@ -918,9 +921,11 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
WOLFSSL_BIO**, size_t);
WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM,
WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa,
unsigned char *EM,
const unsigned char *mHash,
const WOLFSSL_EVP_MD *Hash, int saltLen);
const WOLFSSL_EVP_MD *hashAlg,
int saltLen);
WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
const WOLFSSL_EVP_MD *hashAlg,
const unsigned char *EM, int saltLen);
@ -1082,6 +1087,7 @@ typedef int WOLFSSL_LHASH;
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk);
WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
@ -1102,11 +1108,12 @@ typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
WOLFSSL_X509* x509);
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_dup(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void);
WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn);
WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk,
WOLFSSL_API WOLFSSL_GENERAL_NAMES* wolfSSL_GENERAL_NAMES_dup(
WOLFSSL_GENERAL_NAMES* gns);
WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
WOLFSSL_GENERAL_NAME* gn);
WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(
WOLFSSL_STACK* sk, int i);
@ -1129,6 +1136,7 @@ WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
void (*f) (WOLFSSL_X509_EXTENSION*));
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj);
WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void);
WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
@ -1153,11 +1161,13 @@ WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*);
WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL*);
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int);
@ -1312,6 +1322,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
unsigned char** out);
WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
unsigned char **in, long length);
#ifndef NO_RSA
WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset);
#endif
@ -1325,8 +1337,10 @@ WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int);
#endif
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
WOLFSSL_X509*);
WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
WOLFSSL_X509*);
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
@ -1365,6 +1379,7 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID(
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len);
@ -1421,11 +1436,12 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** out);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
const unsigned char** in, long inSz);
WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key,
unsigned char** in, long inSz);
WOLFSSL_API int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key,
WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key,
unsigned char** der);
WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
#ifdef OPENSSL_EXTRA
@ -1571,6 +1587,7 @@ WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
@ -1597,8 +1614,6 @@ enum {
WOLFSSL_CRL_CHECK = 2,
};
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(HAVE_WEBSERVER)
/* Separated out from other enums because of size */
enum {
SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
@ -1645,6 +1660,8 @@ enum {
| SSL_OP_TLS_ROLLBACK_BUG),
};
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(HAVE_WEBSERVER)
/* for compatibility these must be macros */
#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2
#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3
@ -1950,6 +1967,11 @@ enum { /* ssl Constants */
WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*,
wc_psk_server_tls13_callback);
#endif
WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL*);
WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL*, void*);
WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX*, void*);
#define PSK_TYPES_DEFINED
#endif /* NO_PSK */
@ -1992,10 +2014,9 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
#ifndef NO_CERTS
#if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY)
WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
#endif /* !NO_CERTS */
#endif
WOLFSSL_API void wolfSSL_ERR_free_strings(void);
WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
@ -2045,7 +2066,8 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
(defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx);
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
@ -2087,6 +2109,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
/* which library version do we have */
WOLFSSL_API const char* wolfSSL_lib_version(void);
WOLFSSL_API const char* wolfSSL_OpenSSL_version(void);
/* which library version do we have in hex */
WOLFSSL_API word32 wolfSSL_lib_version_hex(void);
@ -2134,6 +2157,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_add_altname_ex(WOLFSSL_X509*, const char*, word32, int);
WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int);
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
@ -2424,6 +2448,7 @@ WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl);
WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
WOLFSSL_API const unsigned char* wolfSSL_GetDtlsMacSecret(WOLFSSL*, int, int);
WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
@ -2527,7 +2552,7 @@ struct DhKey;
typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key,
const unsigned char* priv, unsigned int privSz,
const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz,
unsigned char* out, unsigned int* outlen,
unsigned char* out, word32* outlen,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree);
WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx);
@ -2625,7 +2650,7 @@ WOLFSSL_API void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl);
#ifndef NO_RSA
typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz,
unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
@ -2670,7 +2695,7 @@ WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
/* RSA Public Encrypt cb */
typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz,
unsigned char* out, word32* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
@ -3031,6 +3056,7 @@ enum {
WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
WOLFSSL_ECC_X25519 = 29,
WOLFSSL_ECC_X448 = 30,
WOLFSSL_ECC_MAX = 30,
WOLFSSL_FFDHE_2048 = 256,
WOLFSSL_FFDHE_3072 = 257,
@ -3208,7 +3234,6 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
#include <libwolfssl/openssl/asn1.h>
struct WOLFSSL_X509_NAME_ENTRY {
WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */
WOLFSSL_ASN1_STRING data;
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
int nid; /* i.e. ASN_COMMON_NAME */
int set;
@ -3219,11 +3244,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
const WOLFSSL_ASN1_OBJECT *obj,
int idx);
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
enum {
WOLFSSL_SYS_ACCEPT = 0,
WOLFSSL_SYS_BIND,
@ -3293,12 +3315,23 @@ WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
#endif /* !NO_CERTS */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
int nid, int* c, int* idx);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
#ifndef NO_CERTS
WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert);
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos);
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
void *data);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
char* value);
@ -3335,7 +3368,7 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext);
#endif /* NO_CERTS */
#endif /* !NO_CERTS */
WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
@ -3343,8 +3376,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
unsigned char* out, int outSz);
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#if !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
@ -3353,20 +3384,27 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s
#endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
WOLFSSL_X509** x509);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen);
WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**);
WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
@ -3385,9 +3423,12 @@ WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header,
WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
unsigned char* data, long* len,
pem_password_cb* callback, void* ctx);
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
/*lighttp compatibility */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(OPENSSL_EXTRA_X509_SMALL)
struct WOLFSSL_ASN1_BIT_STRING {
int length;
int type;
@ -3395,6 +3436,11 @@ struct WOLFSSL_ASN1_BIT_STRING {
long flags;
};
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_EXTRA) \
|| defined(OPENSSL_ALL) \
@ -3402,7 +3448,8 @@ struct WOLFSSL_ASN1_BIT_STRING {
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY)
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
@ -3414,7 +3461,6 @@ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
@ -3468,12 +3514,8 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
#endif
#if defined(OPENSSL_ALL) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) \
|| defined(HAVE_LIGHTY)
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
#include <libwolfssl/openssl/crypto.h>
@ -3485,6 +3527,8 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const ch
WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn);
@ -3550,7 +3594,9 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
unsigned long);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void);
WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*);
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
@ -3559,6 +3605,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
const WOLFSSL_ASN1_BIT_STRING*, int);
WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
WOLFSSL_ASN1_BIT_STRING*, int, int);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
@ -3571,17 +3621,22 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, in
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
CRYPTO_free_func*);
WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*,
unsigned int*);
@ -3624,10 +3679,13 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
WOLFSSL_API WOLFSSL_X509_OBJECT*
wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i);
WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a);
WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#include <libwolfssl/openssl/stack.h>
WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names);
WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names);
@ -3688,14 +3746,17 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
void *b, void *c);
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
@ -3715,8 +3776,6 @@ WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*);
#ifndef NO_SESSION_CACHE
WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s);
#endif
WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
size_t chklen, unsigned int flags, char **peername);
WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
const WOLFSSL_ASN1_INTEGER *a);
@ -3745,7 +3804,7 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
#endif /* HAVE_OCSP */
#endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
WOLFSSL_X509 *cert);
@ -3782,8 +3841,14 @@ WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
unsigned *len);
#ifndef NO_ASN
WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
size_t chklen, unsigned int flags, char **peername);
WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
unsigned int flags);
#endif
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
@ -3808,6 +3873,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key);
WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key);
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
@ -3815,8 +3881,6 @@ WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find(
WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_sk_SSL_CIPHER_dup(
WOLF_STACK_OF(WOLFSSL_CIPHER)* in);
WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk);
@ -3843,10 +3907,9 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef HAVE_PK_CALLBACKS
WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl);
@ -3858,6 +3921,15 @@ WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int);
WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int);
#endif
/* This feature is used to set a fixed ephemeral key and is for testing only */
/* Currently allows ECDHE and DHE only */
#ifdef WOLFSSL_STATIC_EPHEMERAL
WOLFSSL_API int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
const char* key, unsigned int keySz, int format);
WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
const char* key, unsigned int keySz, int format);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

View File

@ -55,6 +55,7 @@
#endif
#define SOCKET_T SOCKET
#define SNPRINTF _snprintf
#define XSLEEP_MS(t) Sleep(t)
#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
#include <string.h>
#include "rl_net.h"
@ -69,9 +70,9 @@
return(ret) ;
}
#if defined(HAVE_KEIL_RTX)
#define sleep(t) os_dly_wait(t/1000+1);
#define XSLEEP_MS(t) os_dly_wait(t)
#elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2)
#define sleep(t) osDelay(t/1000+1);
#define XSLEEP_MS(t) osDelay(t)
#endif
#elif defined(WOLFSSL_TIRTOS)
#include <string.h>
@ -88,6 +89,7 @@
char **h_addr_list; /* list of addresses from name server */
};
#define SOCKET_T int
#define XSLEEP_MS(t) Task_sleep(t/1000)
#elif defined(WOLFSSL_VXWORKS)
#include <hostLib.h>
#include <sockLib.h>
@ -148,8 +150,19 @@
#include <signal.h> /* ignore SIGPIPE */
#endif
#define SNPRINTF snprintf
#define XSELECT_WAIT(x,y) do { \
struct timeval tv = {(x),(y)}; \
select(0, NULL, NULL, NULL, &tv); \
} while (0)
#define XSLEEP_US(u) XSELECT_WAIT(0,u)
#define XSLEEP_MS(m) XSELECT_WAIT(0,(m)*1000)
#endif /* USE_WINDOWS_API */
#ifndef XSLEEP_MS
#define XSLEEP_MS(t) sleep(t/1000)
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <libwolfssl/wolfcrypt/async.h>
#endif
@ -409,6 +422,7 @@ typedef struct callback_functions {
ssl_callback ssl_ready;
ssl_callback on_result;
WOLFSSL_CTX* ctx;
unsigned char isSharedCtx:1;
} callback_functions;
typedef struct func_args {
@ -1302,7 +1316,7 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
(void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
strncpy(identity, kIdentityStr, id_max_len);
XSTRNCPY(identity, kIdentityStr, id_max_len);
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
@ -1336,7 +1350,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
(void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
return 0;
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
@ -1370,13 +1384,14 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
{
int i;
int b = 0x01;
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
(void)ssl;
(void)hint;
(void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
strncpy(identity, kIdentityStr, id_max_len);
XSTRNCPY(identity, kIdentityStr, id_max_len);
for (i = 0; i < 32; i++, b += 0x22) {
if (b >= 0x100)
@ -1384,7 +1399,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
key[i] = b;
}
*ciphersuite = "TLS13-AES128-GCM-SHA256";
*ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
return 32; /* length of key in octets or 0 for error */
}
@ -1396,12 +1411,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
{
int i;
int b = 0x01;
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
(void)ssl;
(void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
return 0;
for (i = 0; i < 32; i++, b += 0x22) {
@ -1410,12 +1426,12 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
key[i] = b;
}
*ciphersuite = "TLS13-AES128-GCM-SHA256";
*ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
return 32; /* length of key in octets or 0 for error */
}
#endif /* NO_PSK */
#endif /* !NO_PSK */
#if defined(WOLFSSL_USER_CURRTIME)
@ -1675,7 +1691,13 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
#endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
#endif /* !NO_CERTS */
static int myVerifyFail = 0;
enum {
VERIFY_OVERRIDE_ERROR,
VERIFY_FORCE_FAIL,
VERIFY_USE_PREVERFIY,
VERIFY_OVERRIDE_DATE_ERR,
};
static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
/* The verify callback is called for every certificate only when
* --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and
@ -1762,37 +1784,24 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain);
/* Testing forced fail case by return zero */
if (myVerifyFail) {
if (myVerifyAction == VERIFY_FORCE_FAIL) {
return 0; /* test failure case */
}
if (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR &&
(store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E)) {
printf("Overriding cert date error as example for bad clock testing\n");
return 1;
}
/* If error indicate we are overriding it for testing purposes */
if (store->error != 0) {
if (store->error != 0 && myVerifyAction == VERIFY_OVERRIDE_ERROR) {
printf("\tAllowing failed certificate check, testing only "
"(shouldn't do this in production)\n");
}
/* A non-zero return code indicates failure override */
return 1;
}
static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
{
char buffer[WOLFSSL_MAX_ERROR_SZ];
(void)preverify;
printf("In verification callback, error = %d, %s\n", store->error,
wolfSSL_ERR_error_string(store->error, buffer));
printf("Subject's domain name is %s\n", store->domain);
if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
printf("Overriding cert date error as example for bad clock testing\n");
return 1;
}
printf("Cert error is not date error, not overriding\n");
return 0;
return (myVerifyAction == VERIFY_OVERRIDE_ERROR) ? 1 : preverify;
}
@ -1952,7 +1961,7 @@ static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
int ret, i, used;
void* status;
unsigned char* myStack = NULL;
int stackSize = 1024*152;
int stackSize = 1024*176;
pthread_attr_t myAttr;
pthread_t threadId;
@ -2664,6 +2673,13 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
ret = BAD_FUNC_ARG;
}
#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl));
}
#endif
/* generate shared secret and return it */
if (ret == 0) {
ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
@ -2873,7 +2889,7 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
if (ret == 0) {
ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey);
ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0);
wc_ed448_free(&myKey);
}
@ -2905,7 +2921,8 @@ static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
if (ret == 0) {
ret = wc_ed448_import_public(key, keySz, &myKey);
if (ret == 0) {
ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey);
ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey,
NULL, 0);
}
wc_ed448_free(&myKey);
}
@ -3605,15 +3622,16 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
int enc, byte* ticket, int inLen, int* outLen,
void* userCtx)
{
(void)ssl;
(void)userCtx;
int ret;
word16 sLen = XHTONS(inLen);
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
byte* tmp = aad;
(void)ssl;
(void)userCtx;
/* encrypt */
if (enc) {
XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
@ -3634,8 +3652,9 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
mac);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */
} else {
}
/* decrypt */
else {
/* see if we know this key */
if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
@ -3662,7 +3681,7 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
return WOLFSSL_TICKET_RET_OK;
}
#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
#endif /* HAVE_SESSION_TICKET && HAVE_CHACHA && HAVE_POLY1305 */
static WC_INLINE word16 GetRandomPort(void)
{

View File

@ -28,8 +28,8 @@
extern "C" {
#endif
#define LIBWOLFSSL_VERSION_STRING "4.4.0"
#define LIBWOLFSSL_VERSION_HEX 0x04004000
#define LIBWOLFSSL_VERSION_STRING "4.5.0"
#define LIBWOLFSSL_VERSION_HEX 0x04005000
#ifdef __cplusplus
}

View File

@ -22,8 +22,15 @@
/*!
\file wolfssl/wolfcrypt/aes.h
*/
/*
DESCRIPTION
This library provides the interfaces to the Advanced Encryption Standard (AES)
for encrypting and decrypting data. AES is the standard known for a symmetric
block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
192-bits, and 256-bits of key sizes.
*/
#ifndef WOLF_CRYPT_AES_H
#define WOLF_CRYPT_AES_H

View File

@ -23,6 +23,14 @@
\file wolfssl/wolfcrypt/asn.h
*/
/*
DESCRIPTION
This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
ASN.1 is a standard interface description language for defining data structures
that can be serialized and deserialized in a cross-platform way.
*/
#ifndef WOLF_CRYPT_ASN_H
#define WOLF_CRYPT_ASN_H
@ -233,6 +241,7 @@ enum
NID_jurisdictionStateOrProvinceName = 0xd,
NID_businessCategory = ASN_BUS_CAT,
NID_domainComponent = ASN_DOMAIN_COMPONENT,
NID_userId = 458,
NID_emailAddress = 0x30, /* emailAddress */
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
@ -341,7 +350,8 @@ enum Misc_ASN {
#endif
/* Max total extensions, id + len + others */
#endif
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL)
MAX_OID_SZ = 32, /* Max DER length of OID*/
MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
#endif
@ -356,7 +366,7 @@ enum Misc_ASN {
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */
MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
@ -371,6 +381,8 @@ enum Misc_ASN {
TRAILING_ZERO = 1, /* Used for size of zero pad */
ASN_TAG_SZ = 1, /* single byte ASN.1 tag */
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
MAX_X509_VERSION = 3, /* Max X509 version allowed */
MIN_X509_VERSION = 0, /* Min X509 version allowed */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
@ -609,64 +621,6 @@ struct Base_entry {
byte type; /* Name base type (DNS or RFC822) */
};
#define DOMAIN_COMPONENT_MAX 10
#define DN_NAMES_MAX 9
struct DecodedName {
char* fullName;
int fullNameLen;
int entryCount;
int cnIdx;
int cnLen;
int cnNid;
int snIdx;
int snLen;
int snNid;
int cIdx;
int cLen;
int cNid;
int lIdx;
int lLen;
int lNid;
int stIdx;
int stLen;
int stNid;
int oIdx;
int oLen;
int oNid;
int ouIdx;
int ouLen;
#ifdef WOLFSSL_CERT_EXT
int bcIdx;
int bcLen;
int jcIdx;
int jcLen;
int jsIdx;
int jsLen;
#endif
int ouNid;
int emailIdx;
int emailLen;
int emailNid;
int uidIdx;
int uidLen;
int uidNid;
int serialIdx;
int serialLen;
int serialNid;
int dcIdx[DOMAIN_COMPONENT_MAX];
int dcLen[DOMAIN_COMPONENT_MAX];
int dcNum;
int dcMode;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* hold the location / order with which each of the DN tags was found
*
* example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
*/
int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
int locSz;
#endif
};
enum SignatureState {
SIG_STATE_BEGIN,
@ -784,7 +738,6 @@ struct CertSignCtx {
#endif
typedef struct DecodedCert DecodedCert;
typedef struct DecodedName DecodedName;
typedef struct Signer Signer;
#ifdef WOLFSSL_TRUST_PEER_CERT
typedef struct TrustedPeerCert TrustedPeerCert;
@ -911,8 +864,9 @@ struct DecodedCert {
int subjectEmailLen;
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
DecodedName issuerName;
DecodedName subjectName;
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
void* issuerName;
void* subjectName;
#endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_SEP
int deviceTypeSz;
@ -1052,6 +1006,7 @@ struct TrustedPeerCert {
#endif
WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
word32* derSz);
@ -1118,12 +1073,14 @@ WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len);
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
wolfssl_tm* certTime, int* idx);
WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
/* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
WOLFSSL_LOCAL byte GetCertNameId(int idx);
#endif
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
word32 maxIdx);

View File

@ -23,6 +23,11 @@
\file wolfssl/wolfcrypt/asn_public.h
*/
/*
DESCRIPTION
This library defines the interface APIs for X509 certificates.
*/
#ifndef WOLF_CRYPT_ASN_PUBLIC_H
#define WOLF_CRYPT_ASN_PUBLIC_H

View File

@ -18,7 +18,12 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher.
*/
/*!
\file wolfssl/wolfcrypt/chacha.h
*/
@ -35,9 +40,21 @@
extern "C" {
#endif
/*
Initialization vector starts at 13 with zero being the index origin of a matrix.
Block counter is located at index 12.
0 1 2 3
4 5 6 7
8 9 10 11
12 13 14 15
*/
#define CHACHA_MATRIX_CNT_IV 12
/* Size of the IV */
#define CHACHA_IV_WORDS 3
#define CHACHA_IV_BYTES (CHACHA_IV_WORDS * sizeof(word32))
/* Size of IV in bytes*/
#define CHACHA_IV_BYTES 12
/* Size of ChaCha chunks */
#define CHACHA_CHUNK_WORDS 16
@ -57,10 +74,13 @@ enum {
typedef struct ChaCha {
word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */
word32 left; /* number of bytes leftover */
#ifdef HAVE_INTEL_AVX1
/* vpshufd reads 16 bytes but we only use bottom 4. */
byte extra[12];
#endif
word32 left; /* number of bytes leftover */
#ifdef USE_INTEL_CHACHA_SPEEDUP
word32 over[CHACHA_CHUNK_WORDS];
#endif
} ChaCha;

View File

@ -18,11 +18,13 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the ChaCha20 stream cipher and
the Poly1305 authenticator, both as as combined-mode,
or Authenticated Encryption with Additional Data (AEAD) algorithm.
/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20
* and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10):
* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10
*/
/*!
@ -45,6 +47,7 @@
#define CHACHA20_POLY1305_AEAD_KEYSIZE 32
#define CHACHA20_POLY1305_AEAD_IV_SIZE 12
#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
#define CHACHA20_POLY1305_MAX 4294967295U
enum {
CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */

View File

@ -6,7 +6,7 @@
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,

View File

@ -86,6 +86,10 @@ enum {
EC25519_BIG_ENDIAN=1
};
WOLFSSL_API
int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
const byte* priv);
WOLFSSL_API
int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);

View File

@ -45,6 +45,14 @@
#ifdef WOLFSSL_ASYNC_CRYPT
#include <libwolfssl/wolfcrypt/async.h>
#endif
/* Optional support extended DH public / private keys */
#if !defined(WOLFSSL_DH_EXTRA) && (defined(WOLFSSL_QT) || \
defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
defined(WOLFSSL_STATIC_EPHEMERAL))
#define WOLFSSL_DH_EXTRA
#endif
typedef struct DhParams {
#ifdef HAVE_FFDHE_Q
const byte* q;
@ -59,7 +67,7 @@ typedef struct DhParams {
/* Diffie-Hellman Key */
struct DhKey {
mp_int p, g, q; /* group parameters */
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
#ifdef WOLFSSL_DH_EXTRA
mp_int pub;
mp_int priv;
#endif
@ -101,15 +109,20 @@ WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
word32 pubSz);
WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
word32);
word32); /* wc_DhKeyDecode is in asn.c */
WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
word32 gSz);
WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz);
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz,
const byte* pub_key, word32 pubSz);
#endif
#ifdef WOLFSSL_DH_EXTRA
WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz);
WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
byte* pub, word32* pPubSz);
#endif /* WOLFSSL_DH_EXTRA */
WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz,
int trusted, WC_RNG* rng);
@ -136,4 +149,3 @@ WOLFSSL_API int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
#endif /* NO_DH */
#endif /* WOLF_CRYPT_DH_H */

View File

@ -50,7 +50,7 @@
#endif
#endif
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
#include <libwolfssl/wolfcrypt/port/atmel/atmel.h>
#endif /* WOLFSSL_ATECC508A */
@ -58,6 +58,11 @@
#include <libwolfssl/wolfcrypt/port/arm/cryptoCell.h>
#endif
#ifdef WOLFSSL_HAVE_SP_ECC
#include <libwolfssl/wolfcrypt/sp_int.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
@ -127,7 +132,7 @@ enum {
ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
/* max crypto hardware size */
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
#elif defined(PLUTON_CRYPTO_ECC)
@ -278,14 +283,15 @@ typedef struct ecc_set_type {
* mp_ints for the components of the point. With ALT_ECC_SIZE, the components
* of the point are pointers that are set to each of a three item array of
* alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
* structure, the alt_fp_int will only have 528 bits. A size value was added
* in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
* functions fp_zero() and fp_copy() use the size parameter. An int needs to
* be initialized before using it instead of just fp_zeroing it, the init will
* call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the
* number of bits used in the alternate FP_INT.
* structure, the alt_fp_int will only have 512 bits for ECC 256-bit and
* 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well,
* and is set by mp_init() and alt_fp_init(). The functions fp_zero() and
* fp_copy() use the size parameter. An int needs to be initialized before
* using it instead of just fp_zeroing it, the init will call zero. The
* FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but
* can be set to change the number of bits used in the alternate FP_INT.
*
* Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
* The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH.
*/
#ifndef USE_FAST_MATH
@ -294,20 +300,19 @@ typedef struct ecc_set_type {
/* determine max bits required for ECC math */
#ifndef FP_MAX_BITS_ECC
/* check alignment */
#if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0
/* max bits is double */
#define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2)
#else
/* max bits is doubled, plus one digit of fudge */
#define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT)
/* max bits rounded up by 8 then doubled */
/* (ROUND8(MAX_ECC_BITS) * 2) */
#define FP_MAX_BITS_ECC (2 * \
((MAX_ECC_BITS + DIGIT_BIT - 1) / DIGIT_BIT) * DIGIT_BIT)
/* Note: For ECC verify only FP_MAX_BITS_ECC can be reduced to:
ROUND8(MAX_ECC_BITS) + ROUND8(DIGIT_BIT) */
#endif
#else
/* verify alignment */
#if FP_MAX_BITS_ECC % CHAR_BIT
#error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
#endif
#endif
/* determine buffer size */
#define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT)
@ -353,6 +358,19 @@ enum {
#endif
};
/* ECC non-blocking */
#ifdef WC_ECC_NONBLOCK
typedef struct ecc_nb_ctx {
#if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)
sp_ecc_ctx_t sp_ctx;
#else
/* build configuration not supported */
#error ECC non-blocking only supports SP (--enable-sp=nonblock)
#endif
} ecc_nb_ctx_t;
#endif /* WC_ECC_NONBLOCK */
/* An ECC Key */
struct ecc_key {
int type; /* Public or Private */
@ -369,7 +387,7 @@ struct ecc_key {
void* heap; /* heap hint */
ecc_point pubkey; /* public key */
mp_int k; /* private key */
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
int slot; /* Key Slot Number (-1 unknown) */
byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
#endif
@ -413,6 +431,12 @@ struct ecc_key {
#ifdef WOLFSSL_DSP
remote_handle64 handle;
#endif
#ifdef ECC_TIMING_RESISTANT
WC_RNG* rng;
#endif
#ifdef WC_ECC_NONBLOCK
ecc_nb_ctx_t* nb_ctx;
#endif
};
@ -427,7 +451,7 @@ extern const size_t ecc_sets_count;
WOLFSSL_API
const char* wc_ecc_get_name(int curve_id);
#ifndef WOLFSSL_ATECC508A
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
#define ECC_API WOLFSSL_API
@ -455,6 +479,8 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id);
WOLFSSL_API
int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
WOLFSSL_API
int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng);
WOLFSSL_API
int wc_ecc_check_key(ecc_key* key);
WOLFSSL_API
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
@ -472,7 +498,8 @@ WOLFSSL_API
int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
byte* out, word32 *outlen);
#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret
#else
#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
@ -521,6 +548,12 @@ WOLFSSL_API
int wc_ecc_set_flags(ecc_key* key, word32 flags);
WOLFSSL_API
void wc_ecc_fp_free(void);
WOLFSSL_LOCAL
void wc_ecc_fp_init(void);
#ifdef ECC_TIMING_RESISTANT
WOLFSSL_API
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
#endif
WOLFSSL_API
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
@ -568,14 +601,20 @@ WOLFSSL_API
int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
WOLFSSL_API
int wc_ecc_point_is_at_infinity(ecc_point *p);
WOLFSSL_API
int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx);
#ifndef WOLFSSL_ATECC508A
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
WOLFSSL_API
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* a, mp_int* modulus, int map);
WOLFSSL_LOCAL
int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* a, mp_int* modulus, int map, void* heap);
WOLFSSL_LOCAL
int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
void* heap);
#endif /* !WOLFSSL_ATECC508A */
@ -754,6 +793,10 @@ int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashL
mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
#endif
#ifdef WC_ECC_NONBLOCK
WOLFSSL_API int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

View File

@ -22,6 +22,11 @@
/*!
\file wolfssl/wolfcrypt/error-crypt.h
*/
/*
DESCRIPTION
This library defines error codes and contians routines for setting and examining
the error status.
*/
#ifndef WOLF_CRYPT_ERROR_H
#define WOLF_CRYPT_ERROR_H
@ -227,10 +232,10 @@ enum {
CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */
PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */
PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */
CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
ASN_SELF_SIGNED_E = -274, /* ASN self-signed certificate error */
WC_LAST_E = -274, /* Update this to indicate last error */
WC_LAST_E = -275, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes

View File

@ -40,7 +40,7 @@
#endif
/* default to be faster but take more memory */
#if !defined(CURVE448_SMALL) || !defined(ED448_SMALL)
#if !defined(CURVE448_SMALL) && !defined(ED448_SMALL)
#if defined(CURVED448_128BIT)
typedef int64_t fe448;

View File

@ -79,7 +79,7 @@ Bounds on each t[i] vary depending on context.
#if !defined(FREESCALE_LTC_ECC)
WOLFSSL_LOCAL void fe_init(void);
WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p);
WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p);
#endif
/* default to be faster but take more memory */

View File

@ -131,11 +131,11 @@ typedef union {
#ifdef WOLFSSL_SHA3
wc_Sha3 sha3;
#endif
} Hash;
} wc_Hmac_Hash;
/* Hmac digest */
struct Hmac {
Hash hash;
wc_Hmac_Hash hash;
word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)];
word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];

View File

@ -318,6 +318,7 @@ MP_API int mp_is_bit_set (mp_int * a, mp_digit b);
MP_API int mp_mod (mp_int * a, mp_int * b, mp_int * c);
MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_div_2(mp_int * a, mp_int * b);
MP_API int mp_div_2_mod_ct (mp_int* a, mp_int* b, mp_int* c);
MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c);
int s_mp_add (mp_int * a, mp_int * b, mp_int * c);
int s_mp_sub (mp_int * a, mp_int * b, mp_int * c);
@ -332,6 +333,7 @@ MP_API int mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y);
MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho);
int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
#define mp_montgomery_reduce_ex(x, n, rho, ct) mp_montgomery_reduce (x, n, rho)
MP_API void mp_dr_setup(mp_int *a, mp_digit *d);
MP_API int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k);
MP_API int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
@ -355,6 +357,8 @@ MP_API int mp_sqr (mp_int * a, mp_int * b);
MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
MP_API int mp_2expt (mp_int * a, int b);
MP_API int mp_set_bit (mp_int * a, int b);

View File

@ -110,8 +110,12 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
#elif defined (OPENSSL_EXTRA)
/* extra storage in structs for multiple attributes and order */
#ifndef LARGEST_MEM_BUCKET
#ifdef WOLFSSL_TLS13
#define LARGEST_MEM_BUCKET 30400
#else
#define LARGEST_MEM_BUCKET 25600
#endif
#endif
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\
LARGEST_MEM_BUCKET
#elif defined (WOLFSSL_CERT_EXT)

View File

@ -18,9 +18,13 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This module implements the arithmetic-shift right, left, byte swapping, XOR,
masking and clearing memory logic.
*/
#ifndef WOLF_CRYPT_MISC_H
#define WOLF_CRYPT_MISC_H

View File

@ -6,7 +6,7 @@
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,

View File

@ -154,8 +154,9 @@ enum Pkcs7_Misc {
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)) || defined(HAVE_SELFTEST)
/* In the event of fips cert 3389 or CAVP selftest build, these enums are
(HAVE_FIPS_VERSION >= 2)) || (defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || HAVE_SELFTEST_VERSION < 2))
/* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are
* not in aes.h for use with pkcs7 so enumerate it here outside the fips
* boundary */
GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */

View File

@ -119,9 +119,12 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 data
WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
byte* input, word32 sz, byte* tag, word32 tagSz);
void poly1305_block(Poly1305* ctx, const unsigned char *m);
#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM)
void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
size_t bytes);
void poly1305_block(Poly1305* ctx, const unsigned char *m);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

View File

@ -35,6 +35,13 @@
extern "C" {
#endif
#define TSIP_SESSIONKEY_NONCE_SIZE 8
typedef enum {
WOLFSSL_TSIP_NOERROR = 0,
WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
}wolfssl_tsip_error_number;
typedef enum {
tsip_Key_SESSION = 1,
tsip_Key_AES128 = 2,
@ -52,6 +59,34 @@ enum {
l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
};
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
typedef struct
{
uint8_t *encrypted_provisioning_key;
uint8_t *iv;
uint8_t *encrypted_user_tls_key;
uint32_t encrypted_user_tls_key_type;
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
} tsip_key_data;
void tsip_inform_user_keys_ex(
byte* provisioning_key, /* key got from DLM server */
byte* iv, /* iv used for public key */
byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/
word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */
int tsip_generateMasterSecretEx(
byte cipherSuiteFirst,
byte cipherSuite,
const byte* pr, /* pre-master */
const byte* cr, /* client random */
const byte* sr, /* server random */
byte* ms);
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106)
typedef struct
{
uint8_t *encrypted_session_key;
@ -60,44 +95,80 @@ typedef struct
tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex;
} tsip_key_data;
void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv,
byte *encrypted_user_tls_key);
int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr,
byte *ms);
#endif
struct WOLFSSL;
int tsip_Open();
void tsip_Close();
int tsip_hw_lock();
void tsip_hw_unlock( void );
int tsip_usable(const struct WOLFSSL *ssl);
void tsip_inform_sflash_signedcacert(const byte *ps_flash,
const byte *psigned_ca_cert, word32 len);
void tsip_inform_sflash_signedcacert(
const byte* ps_flash,
const byte* psigned_ca_cert,
word32 len);
void tsip_inform_cert_sign(const byte *sign);
/* set / get key */
void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv,
byte *encrypted_user_tls_key);
byte tsip_rootCAverified();
byte tsip_checkCA(word32 cmIdx);
int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len,
int tsip_tls_RootCertVerify(
const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len,
word32 cm_row);
int tsip_tls_CertVerify(const byte *cert, word32 certSz,
int tsip_tls_CertVerify(
const byte* cert, word32 certSz,
const byte* signature, word32 sigSz,
word32 key_n_start, word32 key_n_len,
word32 key_e_start, word32 key_e_len,
byte* tsip_encRsaKeyIdx);
void tsip_inform_key_position(const word32 key_n_start, const word32 key_n_len,
const word32 key_e_start, const word32 key_e_len);
int tsip_generatePremasterSecret(byte *premaster, word32 preSz);
int tsip_generateEncryptPreMasterSecret(struct WOLFSSL *ssl, byte *out,
void tsip_inform_key_position(
const word32 key_n_start,
const word32 key_n_len,
const word32 key_e_start,
const word32 key_e_len);
int tsip_generatePremasterSecret(
byte* premaster,
word32 preSz);
int tsip_generateEncryptPreMasterSecret(
struct WOLFSSL* ssl,
byte* out,
word32* outSz);
int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr,
byte *ms);
int tsip_generateSeesionKey(struct WOLFSSL *ssl);
int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner,
word32 innerSz, const byte *in, word32 sz, byte *digest,
int tsip_Sha256Hmac(
const struct WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
word32 sz,
byte* digest,
word32 verify);
int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner,
word32 innerSz, const byte *in, word32 sz, byte *digest,
int tsip_Sha1Hmac(
const struct WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
word32 sz,
byte* digest,
word32 verify);
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \

View File

@ -27,14 +27,15 @@
#include <libwolfssl/wolfcrypt/settings.h>
#include <libwolfssl/wolfcrypt/error-crypt.h>
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC_PKCB)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_ATECC_PKCB)
#undef SHA_BLOCK_SIZE
#define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP
#include <cryptoauthlib.h>
#undef SHA_BLOCK_SIZE
#endif
/* ATECC508A only supports ECC P-256 */
/* ATECC508A/608A only supports ECC P-256 */
#define ATECC_KEY_SIZE (32)
#define ATECC_PUBKEY_SIZE (ATECC_KEY_SIZE*2) /* X and Y */
#define ATECC_SIG_SIZE (ATECC_KEY_SIZE*2) /* R and S */
@ -53,12 +54,20 @@
#endif
/* Symmetric encryption key */
#ifndef ATECC_SLOT_I2C_ENC
#ifdef WOLFSSL_ATECC_TNGTLS
#define ATECC_SLOT_I2C_ENC (0x06)
#else
#define ATECC_SLOT_I2C_ENC (0x04)
#endif
#endif
/* Parent encryption key */
#ifndef ATECC_SLOT_ENC_PARENT
#ifdef WOLFSSL_ATECC_TNGTLS
#define ATECC_SLOT_ENC_PARENT (0x6)
#else
#define ATECC_SLOT_ENC_PARENT (0x7)
#endif
#endif
/* ATECC_KEY_SIZE required for ecc.h */
#include <libwolfssl/wolfcrypt/ecc.h>
@ -78,7 +87,7 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out);
#endif
long atmel_get_curr_time_and_date(long* tm);
#ifdef WOLFSSL_ATECC508A
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
enum atmelSlotType {
ATMEL_SLOT_ANY,
@ -100,6 +109,8 @@ int atmel_ecc_translate_err(int status);
int atmel_get_rev_info(word32* revision);
void atmel_show_rev_info(void);
WOLFSSL_API int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg);
/* The macro ATECC_GET_ENC_KEY can be set to override the default
encryption key with your own at build-time */
#ifndef ATECC_GET_ENC_KEY

View File

@ -0,0 +1,74 @@
/* psoc6_crypto.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _PSOC6_CRYPTO_PORT_H_
#define _PSOC6_CRYPTO_PORT_H_
#include <libwolfssl/wolfcrypt/settings.h>
#ifdef USE_FAST_MATH
#include <libwolfssl/wolfcrypt/tfm.h>
#elif defined WOLFSSL_SP_MATH
#include <libwolfssl/wolfcrypt/sp_int.h>
#else
#include <libwolfssl/wolfcrypt/integer.h>
#endif
#include "cy_crypto_core_sha.h"
#include "cy_device_headers.h"
#include "psoc6_02_config.h"
#include "cy_crypto_common.h"
#include "cy_crypto_core.h"
#ifdef WOLFSSL_SHA512
typedef struct wc_Sha512 {
cy_stc_crypto_sha_state_t hash_state;
cy_en_crypto_sha_mode_t sha_mode;
cy_stc_crypto_v2_sha512_buffers_t sha_buffers;
} wc_Sha512;
#define WC_SHA512_TYPE_DEFINED
#include <libwolfssl/wolfcrypt/sha512.h>
#endif
#ifndef NO_SHA256
typedef struct wc_Sha256 {
cy_stc_crypto_sha_state_t hash_state;
cy_en_crypto_sha_mode_t sha_mode;
cy_stc_crypto_v2_sha256_buffers_t sha_buffers;
} wc_Sha256;
#include <libwolfssl/wolfcrypt/sha.h>
#include <libwolfssl/wolfcrypt/sha256.h>
#endif /* !def NO_SHA256 */
#ifdef HAVE_ECC
#include <libwolfssl/wolfcrypt/ecc.h>
int psoc6_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* verif_res, ecc_key* key);
#endif /* HAVE_ECC */
#define PSOC6_CRYPTO_BASE ((CRYPTO_Type*) CRYPTO_BASE)
/* Crypto HW engine initialization */
int psoc6_crypto_port_init(void);
#endif /* _PSOC6_CRYPTO_PORT_H_ */

View File

@ -65,8 +65,8 @@ int ksdk_port_init(void);
int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m);
#ifdef HAVE_CURVE25519
int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
const ECPoint *wc_curve25519_GetBasePoint(void);
int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
const ECPoint *nxp_ltc_curve25519_GetBasePoint(void);
status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint);

View File

@ -28,11 +28,6 @@
#include <libwolfssl/wolfcrypt/settings.h>
#include <libwolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)
#include <libwolfssl/wolfcrypt/integer.h>
#include <libwolfssl/wolfcrypt/ecc.h>
#endif
#ifdef STM32_HASH
#define WOLFSSL_NO_HASH_RAW
@ -54,6 +49,9 @@
#if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b)
#define HASH_DATATYPE_8B HASH_DataType_8b
#endif
#ifndef HASH_STR_NBW
#define HASH_STR_NBW HASH_STR_NBLW
#endif
#ifndef STM32_HASH_TIMEOUT
#define STM32_HASH_TIMEOUT 0xFFFF
@ -93,19 +91,30 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
#ifndef NO_AES
#if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4))
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \
defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7))
/* Hardware supports AES GCM acceleration */
#define STM32_CRYPTO_AES_GCM
#endif
#if defined(WOLFSSL_STM32WB)
#define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
#define CRYP AES1
#define STM32_HAL_V2
#endif
#if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5)
#ifdef WOLFSSL_STM32L4
#define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
#endif
#define CRYP AES
#ifndef CRYP_AES_GCM
#define CRYP_AES_GCM CRYP_AES_GCM_GMAC
#endif
#endif
/* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */
#if !defined(STM32_HAL_V2) && \
defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM)
#if !defined(STM32_HAL_V2) && defined(CRYP_AES_GCM) && \
(defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7))
#define STM32_HAL_V2
#endif
@ -122,7 +131,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
struct Aes;
#ifdef WOLFSSL_STM32_CUBEMX
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp);
#else /* STD_PERI_LIB */
#else /* Standard Peripheral Library */
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit,
CRYP_KeyInitTypeDef* keyInit);
#endif /* WOLFSSL_STM32_CUBEMX */
@ -131,12 +140,25 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
#endif /* STM32_CRYPTO */
#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)
int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* res, ecc_key* key);
int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng,
ecc_key* key, mp_int *r, mp_int *s);
#ifdef WOLFSSL_SP_MATH
struct sp_int;
#define MATH_INT_T struct sp_int
#elif defined(USE_FAST_MATH)
struct fp_int;
#define MATH_INT_T struct fp_int
#else
struct mp_int;
#define MATH_INT_T struct mp_int
#endif
struct ecc_key;
struct WC_RNG;
int stm32_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash,
word32 hashlen, int* res, struct ecc_key* key);
int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, struct WC_RNG* rng,
struct ecc_key* key, MATH_INT_T *r, MATH_INT_T *s);
#endif /* WOLFSSL_STM32_PKA && HAVE_ECC */
#endif /* _WOLFPORT_STM32_H_ */

View File

@ -219,7 +219,7 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*);
#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
#define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
#endif

View File

@ -23,7 +23,13 @@
\file wolfssl/wolfcrypt/rsa.h
*/
/*
DESCRIPTION
This library provides the interface to the RSA.
RSA keys can be used to encrypt, decrypt, sign and verify data.
*/
#ifndef WOLF_CRYPT_RSA_H
#define WOLF_CRYPT_RSA_H
@ -280,8 +286,9 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
RsaKey*, word32);
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
const byte* e, word32 eSz, RsaKey* key);
#ifdef WOLFSSL_KEY_GEN
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
#endif
#ifdef WC_RSA_BLINDING
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);

View File

@ -62,6 +62,9 @@
/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
/* #define MICROCHIP_TCPIP */
/* Uncomment next line if using above Microchip TCP/IP defines with BSD API */
/* #define MICROCHIP_TCPIP_BSD_API */
/* Uncomment next line if using PIC32MZ Crypto Engine */
/* #define WOLFSSL_MICROCHIP_PIC32MZ */
@ -209,10 +212,16 @@
/* Uncomment next line if using RENESAS RX64N */
/* #define WOLFSSL_RENESAS_RX65N */
/* Uncomment next line if using Solaris OS*/
/* #define WOLFSSL_SOLARIS */
#include <libwolfssl/wolfcrypt/visibility.h>
#ifdef WOLFSSL_USER_SETTINGS
#include "user_settings.h"
#elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
/* STM Configuration File (generated by CubeMX) */
#include "wolfSSL.wolfSSL_conf.h"
#endif
@ -292,7 +301,7 @@
#endif
#endif
#if defined(WOLFSSL_RENESAS_RA6M3G)
#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3)
/* settings in user_settings.h */
#endif
@ -337,7 +346,9 @@
/* #define WOLFSSL_MICROCHIP_PIC32MZ */
#define SIZEOF_LONG_LONG 8
#define SINGLE_THREADED
#ifndef MICROCHIP_TCPIP_BSD_API
#define WOLFSSL_USER_IO
#endif
#define NO_WRITEV
#define NO_DEV_RANDOM
#define NO_FILESYSTEM
@ -375,6 +386,16 @@
#endif
#endif
#ifdef WOLFSSL_ATECC508A
/* backwards compatibility */
#ifndef WOLFSSL_ATECC_NO_ECDH_ENC
#define WOLFSSL_ATECC_ECDH_ENC
#endif
#ifdef WOLFSSL_ATECC508A_DEBUG
#define WOLFSSL_ATECC_DEBUG
#endif
#endif
#ifdef MBED
#define WOLFSSL_USER_IO
#define NO_FILESYSTEM
@ -601,7 +622,6 @@
#ifdef WOLFSSL_NRF5x
#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8
#define NO_ASN_TIME
#define NO_DEV_RANDOM
#define NO_FILESYSTEM
#define NO_MAIN_DRIVER
@ -609,7 +629,6 @@
#define SINGLE_THREADED
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define USE_WOLFSSL_MEMORY
#define WOLFSSL_NRF51
#define WOLFSSL_USER_IO
#define NO_SESSION_CACHE
@ -900,6 +919,19 @@ extern void uITRON4_free(void *p) ;
#define TFM_TIMING_RESISTANT
#endif
/* To support storing some of the large constant tables in flash memory rather than SRAM.
Useful for processors that have limited SRAM, such as the AVR family of microtrollers. */
#ifdef WOLFSSL_USE_FLASHMEM
/* This is supported on the avr-gcc compiler, for more information see:
https://gcc.gnu.org/onlinedocs/gcc/Named-Address-Spaces.html */
#define FLASH_QUALIFIER __flash
/* Copy data out of flash memory and into SRAM */
#define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size))
#else
#define FLASH_QUALIFIER
#endif
#ifdef FREESCALE_MQX_5_0
/* use normal Freescale MQX port, but with minor changes for 5.0 */
#define FREESCALE_MQX
@ -1187,7 +1219,8 @@ extern void uITRON4_free(void *p) ;
#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
defined(WOLFSSL_STM32L4)
defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7)
#define SIZEOF_LONG_LONG 8
#ifndef CHAR_BIT
@ -1208,7 +1241,8 @@ extern void uITRON4_free(void *p) ;
#undef STM32_CRYPTO
#define STM32_CRYPTO
#ifdef WOLFSSL_STM32L4
#if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
defined(WOLFSSL_STM32WB)
#define NO_AES_192 /* hardware does not support 192-bit */
#endif
#endif
@ -1221,8 +1255,12 @@ extern void uITRON4_free(void *p) ;
#endif
#define NO_OLD_RNGNAME
#ifdef WOLFSSL_STM32_CUBEMX
#if defined(WOLFSSL_STM32F2)
#if defined(WOLFSSL_STM32F1)
#include "stm32f1xx_hal.h"
#elif defined(WOLFSSL_STM32F2)
#include "stm32f2xx_hal.h"
#elif defined(WOLFSSL_STM32L5)
#include "stm32l5xx_hal.h"
#elif defined(WOLFSSL_STM32L4)
#include "stm32l4xx_hal.h"
#elif defined(WOLFSSL_STM32F4)
@ -1231,6 +1269,10 @@ extern void uITRON4_free(void *p) ;
#include "stm32f7xx_hal.h"
#elif defined(WOLFSSL_STM32F1)
#include "stm32f1xx_hal.h"
#elif defined(WOLFSSL_STM32H7)
#include "stm32h7xx_hal.h"
#elif defined(WOLFSSL_STM32WB)
#include "stm32wbxx_hal.h"
#endif
#if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
#include "stm32l4xx_ll_rng.h"
@ -1256,6 +1298,14 @@ extern void uITRON4_free(void *p) ;
#ifdef STM32_HASH
#include "stm32f4xx_hash.h"
#endif
#elif defined(WOLFSSL_STM32L5)
#include "stm32l5xx.h"
#ifdef STM32_CRYPTO
#include "stm32l5xx_cryp.h"
#endif
#ifdef STM32_HASH
#include "stm32l5xx_hash.h"
#endif
#elif defined(WOLFSSL_STM32L4)
#include "stm32l4xx.h"
#ifdef STM32_CRYPTO
@ -1266,11 +1316,14 @@ extern void uITRON4_free(void *p) ;
#endif
#elif defined(WOLFSSL_STM32F7)
#include "stm32f7xx.h"
#elif defined(WOLFSSL_STM32H7)
#include "stm32h7xx.h"
#elif defined(WOLFSSL_STM32F1)
#include "stm32f1xx.h"
#endif
#endif /* WOLFSSL_STM32_CUBEMX */
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
#ifdef WOLFSSL_DEOS
#include <deos.h>
#include <timeout.h>
@ -1400,6 +1453,22 @@ extern void uITRON4_free(void *p) ;
#endif
#endif /* MICRIUM */
#if defined(sun) || defined(__sun)
# if defined(__SVR4) || defined(__svr4__)
/* Solaris */
#ifndef WOLFSSL_SOLARIS
#define WOLFSSL_SOLARIS
#endif
# else
/* SunOS */
# endif
#endif
#ifdef WOLFSSL_SOLARIS
/* Avoid naming clash with fp_zero from math.h > ieefp.h */
#define WOLFSSL_DH_CONST
#endif
#ifdef WOLFSSL_MCF5441X
#define BIG_ENDIAN_ORDER
#ifndef SIZEOF_LONG
@ -2196,6 +2265,21 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_NO_CONSTCHARCONST
#endif
/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */
#if defined(HAVE_FIPS) && !defined(HAVE_FIPS_VERSION)
#undef WC_RSA_PSS
#undef WOLFSSL_TLS13
#endif
/* For FIPSv2 make sure the ECDSA encoding allows extra bytes
* but make sure users consider enabling it */
#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
/* ECDSA length checks off by default for CAVP testing
* consider enabling strict checks in production */
#define NO_STRICT_ECDSA_LEN
#endif
#ifdef __cplusplus
} /* extern "C" */

View File

@ -101,6 +101,8 @@ enum {
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#elif defined(WOLFSSL_PSOC6_CRYPTO)
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
#else
/* Sha digest */

View File

@ -126,6 +126,8 @@ enum {
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#elif defined(WOLFSSL_PSOC6_CRYPTO)
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
#else
/* wc_Sha256 digest */
@ -142,6 +144,7 @@ struct wc_Sha256 {
word32 loLen; /* length in bytes */
word32 hiLen; /* length in bytes */
void* heap;
#endif
#ifdef WOLFSSL_PIC32MZ_HASH
hashUpdCache cache; /* cache for updates */
#endif
@ -150,7 +153,7 @@ struct wc_Sha256 {
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef WOLFSSL_SMALL_STACK_CACHE
word32* W;
#endif
#endif /* !FREESCALE_LTC_SHA && !STM32_HASH_SHA2 */
#ifdef WOLFSSL_DEVCRYPTO_HASH
WC_CRYPTODEV ctx;
byte* msg;
@ -168,7 +171,6 @@ struct wc_Sha256 {
int devId;
void* devCtx; /* generic crypto callback context */
#endif
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
word32 flags; /* enum wc_HashFlags in hash.h */
#endif

View File

@ -58,7 +58,8 @@ enum {
WC_SHA3_512_DIGEST_SIZE = 64,
WC_SHA3_512_COUNT = 9,
#ifndef HAVE_SELFTEST
#if !defined(HAVE_SELFTEST) || \
defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2)
/* These values are used for HMAC, not SHA-3 directly.
* They come from from FIPS PUB 202. */
WC_SHA3_224_BLOCK_SIZE = 144,

View File

@ -31,6 +31,7 @@
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
#if defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
#include <libwolfssl/wolfcrypt/fips.h>
@ -111,6 +112,8 @@ enum {
#ifdef WOLFSSL_IMX6_CAAM
#include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
#elif defined (WOLFSSL_PSOC6_CRYPTO)
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
#else
/* wc_Sha512 digest */
struct wc_Sha512 {
@ -153,6 +156,7 @@ WOLFSSL_LOCAL void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
#ifdef WOLFSSL_SHA512
WOLFSSL_API int wc_InitSha512(wc_Sha512*);
WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int);
WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32);

View File

@ -37,7 +37,9 @@
#if defined(_MSC_VER)
#define SP_NOINLINE __declspec(noinline)
#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || defined(__KEIL__)
#elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
#define SP_NOINLINE _Pragma("inline = never")
#elif defined(__GNUC__) || defined(__KEIL__)
#define SP_NOINLINE __attribute__((noinline))
#else
#define SP_NOINLINE
@ -141,7 +143,18 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ);
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym);
#endif /*ifdef WOLFSSL_HAVE_SP_ECC */
#ifdef WOLFSSL_SP_NONBLOCK
int sp_ecc_sign_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
mp_int* rm, mp_int* sm, mp_int* km, void* heap);
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY,
mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
int sp_ecc_sign_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
mp_int* rm, mp_int* sm, mp_int* km, void* heap);
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY,
mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
#endif /* WOLFSSL_SP_NONBLOCK */
#endif /* WOLFSSL_HAVE_SP_ECC */
#ifdef __cplusplus

View File

@ -19,7 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides single precision (SP) integer math functions.
*/
#ifndef WOLF_CRYPT_SP_INT_H
#define WOLF_CRYPT_SP_INT_H
@ -60,6 +64,7 @@
typedef int32 sp_digit;
typedef uint32 sp_int_digit;
typedef uint64 sp_int_word;
typedef int64 sp_int_sword;
#undef SP_WORD_SIZE
#define SP_WORD_SIZE 32
#elif !defined(WOLFSSL_SP_ASM)
@ -67,6 +72,7 @@
typedef int32_t sp_digit;
typedef uint32_t sp_int_digit;
typedef uint64_t sp_int_word;
typedef int64_t sp_int_sword;
#elif SP_WORD_SIZE == 64
typedef int64_t sp_digit;
typedef uint64_t sp_int_digit;
@ -78,6 +84,7 @@
typedef long int128_t __attribute__ ((mode(TI)));
#endif
typedef uint128_t sp_int_word;
typedef int128_t sp_int_sword;
#else
#error Word size not defined
#endif
@ -86,6 +93,7 @@
typedef uint32_t sp_digit;
typedef uint32_t sp_int_digit;
typedef uint64_t sp_int_word;
typedef int64_t sp_int_sword;
#elif SP_WORD_SIZE == 64
typedef uint64_t sp_digit;
typedef uint64_t sp_int_digit;
@ -97,6 +105,7 @@
typedef long int128_t __attribute__ ((mode(TI)));
#endif
typedef uint128_t sp_int_word;
typedef int128_t sp_int_sword;
#else
#error Word size not defined
#endif
@ -104,6 +113,17 @@
#define SP_MASK (sp_digit)(-1)
#if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)
typedef struct sp_ecc_ctx {
#ifdef WOLFSSL_SP_384
byte data[48*80]; /* stack data */
#else
byte data[32*80]; /* stack data */
#endif
} sp_ecc_ctx_t;
#endif
#ifdef WOLFSSL_SP_MATH
#include <libwolfssl/wolfcrypt/random.h>
@ -169,9 +189,10 @@ typedef sp_int_digit mp_digit;
MP_API int sp_init(sp_int* a);
MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d,
sp_int* e, sp_int* f);
MP_API void sp_free(sp_int* a);
MP_API void sp_clear(sp_int* a);
MP_API int sp_unsigned_bin_size(sp_int* a);
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz);
MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz);
MP_API int sp_read_radix(sp_int* a, const char* in, int radix);
MP_API int sp_cmp(sp_int* a, sp_int* b);
MP_API int sp_count_bits(sp_int* a);
@ -211,7 +232,6 @@ MP_API void sp_rshb(sp_int* a, int n, sp_int* r);
MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r);
#define MP_OKAY 0
#define MP_NO 0
#define MP_YES 1
@ -221,15 +241,17 @@ MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r);
#define MP_EQ 0
#define MP_LT -1
#define MP_OKAY 0
#define MP_MEM -2
#define MP_VAL -3
#define FP_WOULDBLOCK -4
#define DIGIT_BIT SP_WORD_SIZE
#define MP_MASK SP_MASK
#define CheckFastMathSettings() 1
#define mp_free(a)
#define mp_free sp_free
#define mp_isodd sp_isodd
#define mp_iseven sp_iseven

View File

@ -432,7 +432,7 @@ MP_API void fp_free(fp_int* a);
/* set to a small digit */
void fp_set(fp_int *a, fp_digit b);
void fp_set_int(fp_int *a, unsigned long b);
int fp_set_int(fp_int *a, unsigned long b);
/* check if a bit is set */
int fp_is_bit_set(fp_int *a, fp_digit b);
@ -459,7 +459,7 @@ void fp_rshd(fp_int *a, int x);
void fp_rshb(fp_int *a, int x);
/* left shift x digits */
void fp_lshd(fp_int *a, int x);
int fp_lshd(fp_int *a, int x);
/* signed comparison */
int fp_cmp(fp_int *a, fp_int *b);
@ -470,19 +470,22 @@ int fp_cmp_mag(fp_int *a, fp_int *b);
/* power of 2 operations */
void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d);
void fp_mod_2d(fp_int *a, int b, fp_int *c);
void fp_mul_2d(fp_int *a, int b, fp_int *c);
int fp_mul_2d(fp_int *a, int b, fp_int *c);
void fp_2expt (fp_int *a, int b);
void fp_mul_2(fp_int *a, fp_int *c);
int fp_mul_2(fp_int *a, fp_int *c);
void fp_div_2(fp_int *a, fp_int *c);
/* c = a / 2 (mod b) - constant time (a < b and positive) */
int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c);
/* Counts the number of lsbs which are zero before the first zero bit */
int fp_cnt_lsb(fp_int *a);
/* c = a + b */
void fp_add(fp_int *a, fp_int *b, fp_int *c);
int fp_add(fp_int *a, fp_int *b, fp_int *c);
/* c = a - b */
void fp_sub(fp_int *a, fp_int *b, fp_int *c);
int fp_sub(fp_int *a, fp_int *b, fp_int *c);
/* c = a * b */
int fp_mul(fp_int *a, fp_int *b, fp_int *c);
@ -500,13 +503,13 @@ int fp_mod(fp_int *a, fp_int *b, fp_int *c);
int fp_cmp_d(fp_int *a, fp_digit b);
/* c = a + b */
void fp_add_d(fp_int *a, fp_digit b, fp_int *c);
int fp_add_d(fp_int *a, fp_digit b, fp_int *c);
/* c = a - b */
int fp_sub_d(fp_int *a, fp_digit b, fp_int *c);
/* c = a * b */
void fp_mul_d(fp_int *a, fp_digit b, fp_int *c);
int fp_mul_d(fp_int *a, fp_digit b, fp_int *c);
/* a/b => cb + d == a */
/*int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d);*/
@ -530,6 +533,12 @@ int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* d = a + b (mod c) */
int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* d = a - b (mod c) - constant time (a < c and b < c) */
int fp_submod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* d = a + b (mod c) - constant time (a < c and b < c) */
int fp_addmod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* c = a * a (mod b) */
int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c);
@ -549,10 +558,11 @@ int fp_montgomery_setup(fp_int *a, fp_digit *mp);
/* computes a = B**n mod b without division or multiplication useful for
* normalizing numbers in a Montgomery system.
*/
void fp_montgomery_calc_normalization(fp_int *a, fp_int *b);
int fp_montgomery_calc_normalization(fp_int *a, fp_int *b);
/* computes x/R == x (mod N) via Montgomery Reduction */
int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
int fp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, int ct);
/* d = a**b (mod c) */
int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
@ -637,7 +647,7 @@ int fp_count_bits(fp_int *a);
int fp_leading_bit(fp_int *a);
int fp_unsigned_bin_size(fp_int *a);
void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c);
int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c);
int fp_to_unsigned_bin(fp_int *a, unsigned char *b);
int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c);
int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b);
@ -652,7 +662,7 @@ int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b);
/* VARIOUS LOW LEVEL STUFFS */
void s_fp_add(fp_int *a, fp_int *b, fp_int *c);
int s_fp_add(fp_int *a, fp_int *b, fp_int *c);
void s_fp_sub(fp_int *a, fp_int *b, fp_int *c);
void fp_reverse(unsigned char *s, int len);
@ -728,6 +738,7 @@ int fp_sqr_comba64(fp_int *a, fp_int *b);
#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX)
MP_API int mp_init (mp_int * a);
MP_API int mp_init_copy(fp_int * a, fp_int * b);
MP_API void mp_clear (mp_int * a);
MP_API void mp_free (mp_int * a);
MP_API void mp_forcezero (mp_int * a);
@ -743,6 +754,8 @@ MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c);
MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
MP_API int mp_invmod_mont_ct(mp_int *a, mp_int *b, mp_int *c, fp_digit mp);
@ -791,9 +804,11 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size);
#ifdef HAVE_ECC
MP_API int mp_sqr(fp_int *a, fp_int *b);
MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
MP_API int mp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp,
int ct);
MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho);
MP_API int mp_div_2(fp_int * a, fp_int * b);
MP_API int mp_init_copy(fp_int * a, fp_int * b);
MP_API int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c);
#endif
#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA) || \

View File

@ -22,7 +22,12 @@
/*!
\file wolfssl/wolfcrypt/types.h
*/
/*
DESCRIPTION
This library defines the primitive data types and abstraction macros to
decouple library dependencies with standard string, memory and so on.
*/
#ifndef WOLF_CRYPT_TYPES_H
#define WOLF_CRYPT_TYPES_H
@ -342,9 +347,9 @@
#else
/* just use plain C stdlib stuff if desired */
#include <stdlib.h>
#define XMALLOC(s, h, t) malloc((s))
#define XMALLOC(s, h, t) malloc((size_t)(s))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
#define XREALLOC(p, n, h, t) realloc((p), (n))
#define XREALLOC(p, n, h, t) realloc((p), (size_t)(n))
#endif
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
&& !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \

View File

@ -28,24 +28,33 @@
#define WOLF_CRYPT_ENCRYPT_H
#include <libwolfssl/wolfcrypt/types.h>
#ifndef NO_AES
#include <libwolfssl/wolfcrypt/aes.h>
#endif
#ifdef HAVE_CHACHA
#include <libwolfssl/wolfcrypt/chacha.h>
#endif
#ifndef NO_DES3
#include <libwolfssl/wolfcrypt/des3.h>
#endif
#ifndef NO_RC4
#include <libwolfssl/wolfcrypt/arc4.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* determine max cipher key size */
/* determine max cipher key size - cannot use enum values here, must be define,
* since WC_MAX_SYM_KEY_SIZE is used in if macro logic. */
#ifndef NO_AES
#define WC_MAX_SYM_KEY_SIZE (AES_MAX_KEY_SIZE/8)
#elif defined(HAVE_CHACHA)
#define WC_MAX_SYM_KEY_SIZE CHACHA_MAX_KEY_SZ
#define WC_MAX_SYM_KEY_SIZE 32 /* CHACHA_MAX_KEY_SZ */
#elif !defined(NO_DES3)
#define WC_MAX_SYM_KEY_SIZE DES3_KEY_SIZE
#define WC_MAX_SYM_KEY_SIZE 24 /* DES3_KEY_SIZE */
#elif !defined(NO_RC4)
#define WC_MAX_SYM_KEY_SIZE RC4_KEY_SIZE
#define WC_MAX_SYM_KEY_SIZE 16 /* RC4_KEY_SIZE */
#else
#define WC_MAX_SYM_KEY_SIZE 32
#endif

View File

@ -6,7 +6,7 @@
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,

View File

@ -156,9 +156,11 @@
#else
#ifndef SINGLE_THREADED
#ifndef WOLFSSL_USER_MUTEX
#define WOLFSSL_PTHREADS
#include <pthread.h>
#endif
#endif
#if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \
!defined(NO_FILESYSTEM)
#include <unistd.h> /* for close of BIO */
@ -238,6 +240,8 @@
typedef struct k_mutex wolfSSL_Mutex;
#elif defined(WOLFSSL_TELIT_M2MB)
typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex;
#elif defined(WOLFSSL_USER_MUTEX)
/* typedef User_Mutex wolfSSL_Mutex; */
#else
#error Need a mutex type in multithreaded mode
#endif /* USE_WINDOWS_API */
@ -245,7 +249,7 @@
/* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */
#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \
defined(STM32_CRYPTO)
defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG)
#ifndef WOLFSSL_CRYPT_HW_MUTEX
#define WOLFSSL_CRYPT_HW_MUTEX 1
#endif
@ -451,6 +455,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define MAX_PATH 256
#endif
WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf,
size_t* bufLen, void* heap);
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \
!defined(WOLFSSL_NUCLEUS_1_2)
typedef struct ReadDirCtx {
@ -553,6 +560,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
#include <time.h>
extern time_t pic32_time(time_t* timer);
#define XTIME(t1) pic32_time((t1))
#define XGMTIME(c, t) gmtime((c))
@ -683,7 +691,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#endif
#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE)
#define USE_WOLF_VALIDDATE
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#define XVALIDATE_DATE(d, f, t) wc_ValidateDate((d), (f), (t))
#endif
/* wolf struct tm and time_t */

View File

@ -19,6 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides big integer math functions.
*/
#ifndef __WOLFMATH_H__
#define __WOLFMATH_H__

View File

@ -126,6 +126,8 @@
#include <errno.h>
#elif defined(WOLFSSL_ZEPHYR)
#include <net/socket.h>
#elif defined(MICROCHIP_PIC32)
#include <sys/errno.h>
#elif defined(HAVE_NETX)
#include "nx_api.h"
#include "errno.h"
@ -147,7 +149,6 @@
&& !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
&& !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
#include <network.h>
//#include <sys/socket.h>
//#include <arpa/inet.h>
//#include <netinet/in.h>
//#include <netdb.h>
@ -159,7 +160,7 @@
#endif
#endif
#if defined(WOLFSSL_RENESAS_RA6M3G) /* Uses FREERTOS_TCP */
#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) /* Uses FREERTOS_TCP */
#include <errno.h>
#endif

View File

@ -25,6 +25,7 @@
#include "music/SoundHandler.hpp"
#include "network/gcard.h"
#include "unzip/U8Archive.h"
#include "network/proxysettings.h"
// Sounds
extern const u8 click_wav[];
@ -172,6 +173,16 @@ bool CMenu::init(bool usb_mounted)
/* Init Network if wanted for gamercard if it isn't already inited */
if(has_enabled_providers())
_initAsyncNetwork();
/* Set the proxy settings */
proxyUseSystem = m_cfg.getBool("PROXY", "proxy_use_system", true);
memset(proxyAddress, 0, sizeof(proxyAddress));
strncpy(proxyAddress, m_cfg.getString("PROXY", "proxy_address", "").c_str(), sizeof(proxyAddress) - 1);
proxyPort = m_cfg.getInt("PROXY", "proxy_port", 0);
memset(proxyUsername, 0, sizeof(proxyUsername));
strncpy(proxyUsername, m_cfg.getString("PROXY", "proxy_username", "").c_str(), sizeof(proxyUsername) - 1);
memset(proxyPassword, 0, sizeof(proxyPassword));
strncpy(proxyPassword, m_cfg.getString("PROXY", "proxy_password", "").c_str(), sizeof(proxyPassword) - 1);
getProxyInfo();
/* Set SD only to off if any usb device is attached and format is FAT, NTFS, WBFS, or LINUX */
m_cfg.getBool("GENERAL", "sd_only", true);// will only set it true if this doesn't already exist

View File

@ -1196,6 +1196,13 @@ public:
void _hideWaitMessage();
void GC_Messenger(int message, int info, char *cinfo);
/* proxy settings */
bool proxyUseSystem;
char proxyAddress[256];
u16 proxyPort;
char proxyUsername[34];
char proxyPassword[34];
/* general thread updating stuff */
u64 m_thrdTotal;
void update_pThread(u64 amount, bool add = true);

View File

@ -3,7 +3,7 @@
#include "channel/nand.hpp"
#include "loader/nk.h"
const int CMenu::_nbCfgPages = 13;
const int CMenu::_nbCfgPages = 14;
void CMenu::_hideConfigCommon(bool instant)
{

View File

@ -50,15 +50,18 @@ void CMenu::_showConfig7(int curPage)
m_btnMgr.show(m_config7Lbl1);
m_btnMgr.show(m_config7Btn1);
if(curPage != 14)
{
m_btnMgr.show(m_config7Lbl2);
m_btnMgr.show(m_config7Btn2);
m_btnMgr.show(m_config7Lbl3);
m_btnMgr.show(m_config7Btn3);
m_btnMgr.show(m_config7Lbl4);
}
if(curPage == 7 || curPage == 11 || curPage == 12 || curPage == 13)
m_btnMgr.show(m_config7Btn4);
else
else if(curPage != 14)
{
m_btnMgr.show(m_config7Lbl4Val);
m_btnMgr.show(m_config7Btn4M);
@ -131,7 +134,7 @@ void CMenu::_showConfig7(int curPage)
m_btnMgr.setText(m_config7Lbl4, _t("cfg727", L"Use Plugin Database Titles"));
m_btnMgr.setText(m_config7Btn4, m_cfg.getBool(PLUGIN_DOMAIN, "database_titles", true) ? _t("yes", L"Yes") : _t("no", L"No"));
}
else // page 13
else if(curPage == 13)
{
m_btnMgr.setText(m_config7Lbl1, _t("cfgg49", L"480p Pixel Patch"));
m_btnMgr.setText(m_config7Btn1, m_cfg.getBool(WII_DOMAIN, "fix480p", false) ? _t("on", L"On") : _t("off", L"Off"));
@ -142,6 +145,11 @@ void CMenu::_showConfig7(int curPage)
m_btnMgr.setText(m_config7Lbl4, _t("cfg724", L"Lock coverflow layouts"));
m_btnMgr.setText(m_config7Btn4, m_cfg.getBool("general", "cf_locked") ? _t("yes", L"Yes") : _t("no", L"No"));
}
else // page 14
{
m_btnMgr.setText(m_config7Lbl1, _t("cfg729", L"Use system proxy settings"));
m_btnMgr.setText(m_config7Btn1, m_cfg.getBool("PROXY", "proxy_use_system") ? _t("on", L"On") : _t("off", L"Off"));
}
}
int CMenu::_config7(int curPage)
@ -348,6 +356,16 @@ int CMenu::_config7(int curPage)
CFLocked = val;
}
}
if(curPage == 14)
{
if(m_btnMgr.selected(m_config7Btn1))
{
bool val = !m_cfg.getBool("PROXY", "proxy_use_system");
m_cfg.setBool("PROXY", "proxy_use_system", val);
mainMenu.proxyUseSystem = val;
m_btnMgr.setText(m_config7Btn1, val ? _t("on", L"On") : _t("off", L"Off"));
}
}
}
}
if(rand_music != m_cfg.getBool("GENERAL", "randomize_music"))

171
source/network/base64.h Normal file
View File

@ -0,0 +1,171 @@
/*
https://github.com/superwills/NibbleAndAHalf
base64.h -- Fast base64 encoding and decoding.
version 1.0.0, April 17, 2013 143a
Copyright (C) 2013 William Sherif
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
William Sherif
will.sherif@gmail.com
YWxsIHlvdXIgYmFzZSBhcmUgYmVsb25nIHRvIHVz
*/
#ifndef BASE64_H
#define BASE64_H
#include <stdio.h>
#include <stdlib.h>
static const char* b64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
// maps A=>0,B=>1..
static const unsigned char unb64[]={
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //10
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //20
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //30
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //40
0, 0, 0, 62, 0, 0, 0, 63, 52, 53, //50
54, 55, 56, 57, 58, 59, 60, 61, 0, 0, //60
0, 0, 0, 0, 0, 0, 1, 2, 3, 4, //70
5, 6, 7, 8, 9, 10, 11, 12, 13, 14, //80
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, //90
25, 0, 0, 0, 0, 0, 0, 26, 27, 28, //100
29, 30, 31, 32, 33, 34, 35, 36, 37, 38, //110
39, 40, 41, 42, 43, 44, 45, 46, 47, 48, //120
49, 50, 51, 0, 0, 0, 0, 0, 0, 0, //130
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //140
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //150
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //160
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //170
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //180
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //190
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //200
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //210
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //220
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //230
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //240
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //250
0, 0, 0, 0, 0, 0,
}; // This array has 256 elements
// Converts binary data of length=len to base64 characters.
// Length of the resultant string is stored in flen
// (you must pass pointer flen).
char* base64( const void* binaryData, int len, int *flen )
{
const unsigned char* bin = (const unsigned char*) binaryData;
char* res;
int rc = 0; // result counter
int byteNo; // I need this after the loop
int modulusLen = len % 3;
int pad = ((modulusLen&1)<<1) + ((modulusLen&2)>>1); // 2 gives 1 and 1 gives 2, but 0 gives 0.
*flen = 4*(len + pad)/3;
res = (char*) malloc( *flen + 1 ); // and one for the null
if( !res )
return 0;
for( byteNo = 0; byteNo <= len-3; byteNo+=3 )
{
unsigned char BYTE0=bin[byteNo];
unsigned char BYTE1=bin[byteNo+1];
unsigned char BYTE2=bin[byteNo+2];
res[rc++] = b64[ BYTE0 >> 2 ];
res[rc++] = b64[ ((0x3&BYTE0)<<4) + (BYTE1 >> 4) ];
res[rc++] = b64[ ((0x0f&BYTE1)<<2) + (BYTE2>>6) ];
res[rc++] = b64[ 0x3f&BYTE2 ];
}
if( pad==2 )
{
res[rc++] = b64[ bin[byteNo] >> 2 ];
res[rc++] = b64[ (0x3&bin[byteNo])<<4 ];
res[rc++] = '=';
res[rc++] = '=';
}
else if( pad==1 )
{
res[rc++] = b64[ bin[byteNo] >> 2 ];
res[rc++] = b64[ ((0x3&bin[byteNo])<<4) + (bin[byteNo+1] >> 4) ];
res[rc++] = b64[ (0x0f&bin[byteNo+1])<<2 ];
res[rc++] = '=';
}
res[rc]=0; // NULL TERMINATOR!;)
return res;
}
unsigned char* unbase64( const char* ascii, int len, int *flen )
{
const unsigned char *safeAsciiPtr = (const unsigned char*)ascii;
unsigned char *bin;
int cb=0;
int charNo;
int pad = 0;
if ((len <= 0) || (len % 4 != 0)) { // 2 accesses below would be OOB.
// catch empty string or incorrect padding size, return NULL as result.
*flen=0;
return 0;
}
if( safeAsciiPtr[ len-1 ]=='=' ) ++pad;
if( safeAsciiPtr[ len-2 ]=='=' ) ++pad;
*flen = 3*len/4 - pad;
bin = (unsigned char*)malloc( *flen );
if( !bin )
return 0;
for( charNo=0; charNo <= len - 4 - pad; charNo+=4 )
{
int A=unb64[safeAsciiPtr[charNo]];
int B=unb64[safeAsciiPtr[charNo+1]];
int C=unb64[safeAsciiPtr[charNo+2]];
int D=unb64[safeAsciiPtr[charNo+3]];
bin[cb++] = (A<<2) | (B>>4);
bin[cb++] = (B<<4) | (C>>2);
bin[cb++] = (C<<6) | (D);
}
if( pad==1 )
{
int A=unb64[safeAsciiPtr[charNo]];
int B=unb64[safeAsciiPtr[charNo+1]];
int C=unb64[safeAsciiPtr[charNo+2]];
bin[cb++] = (A<<2) | (B>>4);
bin[cb++] = (B<<4) | (C>>2);
}
else if( pad==2 )
{
int A=unb64[safeAsciiPtr[charNo]];
int B=unb64[safeAsciiPtr[charNo+1]];
bin[cb++] = (A<<2) | (B>>4);
}
return bin;
}
#endif

View File

@ -1,77 +1,112 @@
// Code by blackb0x @ GBAtemp.net
// This allows the Wii to download from servers that use SNI.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/*
Code by blackb0x @ GBAtemp.net
This allows the Wii to download from servers that use SNI.
*/
#include <network.h>
#include <ogc/lwp_watchdog.h>
#include <unistd.h>
#include "https.h"
#include "base64.h"
#include "gecko/gecko.hpp"
#include "picohttpparser.h"
#include "https.h"
#include "memory/mem2.hpp"
#include "proxysettings.h"
u8 loop;
WOLFSSL_SESSION *session;
int https_write(HTTP_INFO *httpinfo, char *buffer, int len)
int https_write(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy)
{
int ret, slen = 0;
while (1)
int ret, pos = 0;
int rlen = (len > BLOCK_SIZE) ? BLOCK_SIZE : len;
u64 time = gettime();
while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT)
{
if (httpinfo->use_https)
ret = wolfSSL_write(httpinfo->ssl, &buffer[slen], len - slen);
if (httpinfo->use_https && !proxy)
ret = wolfSSL_write(httpinfo->ssl, &buffer[pos], rlen);
else
ret = net_write(httpinfo->sock, &buffer[slen], len - slen);
if (ret == 0)
continue;
else if (ret <= 0)
return ret; // Timeout would return -1
slen += ret;
if (slen >= len)
break;
}
return slen;
}
int https_read(HTTP_INFO *httpinfo, char *buffer, int len)
ret = net_write(httpinfo->sock, &buffer[pos], rlen);
if (ret > 0)
{
struct pollsd fds[1];
fds[0].socket = httpinfo->sock;
fds[0].events = POLLIN;
net_fcntl(httpinfo->sock, F_SETFL, 4);
switch (net_poll(fds, 1, READ_WRITE_TIMEOUT))
{
case -1:
pos += ret;
rlen = (len - pos > BLOCK_SIZE) ? BLOCK_SIZE : len - pos;
if (pos >= len)
return pos;
time = gettime();
}
usleep(10000);
}
#ifdef DEBUG_NETWORK
gprintf("net_poll error\n");
#endif
return -1;
case 0:
#ifdef DEBUG_NETWORK
gprintf("The connection timed out\n");
gprintf("The connection timed out (write)\n");
#endif
return -ETIMEDOUT;
default:
net_fcntl(httpinfo->sock, F_SETFL, 0);
if (len > 8192)
len = 8192; // 16KB is the max on a Wii, but 8KB is safe
if (httpinfo->use_https)
return wolfSSL_read(httpinfo->ssl, buffer, len);
return net_read(httpinfo->sock, buffer, len);
}
int https_read(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy)
{
int ret = -ETIMEDOUT;
u64 time = gettime();
if (len > BLOCK_SIZE)
len = BLOCK_SIZE;
while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT)
{
if (httpinfo->use_https && !proxy)
ret = wolfSSL_read(httpinfo->ssl, buffer, len);
else
ret = net_read(httpinfo->sock, buffer, len);
if (ret >= 0)
return ret;
usleep(10000);
}
#ifdef DEBUG_NETWORK
gprintf("The connection timed out (read)\n");
#endif
return -ETIMEDOUT;
}
int send_callback(__attribute__((unused)) WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int sent = net_write(*(int *)ctx, buf, sz);
if (sent < 0)
{
if (sent == -EAGAIN)
return WOLFSSL_CBIO_ERR_WANT_WRITE;
else if (sent == -ECONNRESET)
return WOLFSSL_CBIO_ERR_CONN_RST;
else if (sent == -EINTR)
return WOLFSSL_CBIO_ERR_ISR;
else if (sent == -EPIPE)
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
else
return WOLFSSL_CBIO_ERR_GENERAL;
}
return sent;
}
int recv_callback(__attribute__((unused)) WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int recvd = net_read(*(int *)ctx, buf, sz);
if (recvd < 0)
{
if (recvd == -EAGAIN)
return WOLFSSL_CBIO_ERR_WANT_READ;
else if (recvd == -ECONNRESET)
return WOLFSSL_CBIO_ERR_CONN_RST;
else if (recvd == -EINTR)
return WOLFSSL_CBIO_ERR_ISR;
else if (recvd == -ECONNABORTED)
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
else
return WOLFSSL_CBIO_ERR_GENERAL;
}
else if (recvd == 0)
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
return recvd;
}
void https_close(HTTP_INFO *httpinfo)
{
if (httpinfo->use_https)
{
if (wolfSSL_shutdown(httpinfo->ssl) == SSL_SHUTDOWN_NOT_DONE)
wolfSSL_shutdown(httpinfo->ssl);
wolfSSL_free(httpinfo->ssl);
wolfSSL_CTX_free(httpinfo->ctx);
@ -82,33 +117,42 @@ void https_close(HTTP_INFO *httpinfo)
#endif
}
u8 get_header_value(struct phr_header *headers, size_t num_headers, char *dst, char *header)
bool get_header_value(struct phr_header *headers, size_t num_headers, char *dst, char *header)
{
for (size_t i = 0; i != num_headers; ++i)
{
if (strncasecmp(header, headers[i].name, headers[i].name_len) == 0)
{
strlcpy(dst, headers[i].value, headers[i].value_len + 1);
return 1;
return true;
}
}
return 0;
return false;
}
u8 is_chunked(struct phr_header *headers, size_t num_headers)
u64 get_header_value_int(struct phr_header *headers, size_t num_headers, char *header)
{
char encoding[10] = {};
char header_value[30];
if (!get_header_value(headers, num_headers, header_value, header))
return 0;
return strtoull(header_value, NULL, 0);
}
bool is_chunked(struct phr_header *headers, size_t num_headers)
{
char encoding[9];
if (!get_header_value(headers, num_headers, encoding, "transfer-encoding"))
return 0;
return (strcasecmp(encoding, "chunked") == 0) ? 1 : 0;
return false;
return (strcasecmp(encoding, "chunked") == 0) ? true : false;
}
u8 read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
bool read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
{
struct phr_chunked_decoder decoder = {};
size_t capacity = 4096, rsize;
ssize_t rret, pret;
decoder.consume_trailer = 1;
struct phr_chunked_decoder decoder = {0};
size_t rsize, capacity = 4096;
ssize_t pret;
int ret;
decoder.consume_trailer = true;
#ifdef DEBUG_NETWORK
gprintf("Data is chunked\n");
#endif
@ -122,39 +166,32 @@ u8 read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
capacity *= 2;
buffer->data = MEM2_realloc(buffer->data, capacity);
}
while ((rret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos)) == -1 && errno == EINTR)
;
if (rret <= 0)
{
#ifdef DEBUG_NETWORK
gprintf("IO error\n");
#endif
return 0;
}
rsize = rret;
if ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos, false)) < 1)
return false;
rsize = ret;
pret = phr_decode_chunked(&decoder, &buffer->data[start_pos], &rsize);
if (pret == -1)
{
#ifdef DEBUG_NETWORK
gprintf("Parse error\n");
#endif
return 0;
return false;
}
start_pos += rsize;
} while (pret == -2);
buffer->size = start_pos;
buffer->data = MEM2_realloc(buffer->data, buffer->size);
return 1;
return true;
}
u8 read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
bool read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
{
size_t capacity = 4096;
ssize_t ret;
int ret;
#ifdef DEBUG_NETWORK
gprintf("Data is not chunked\n");
#endif
while (1)
while (true)
{
if (start_pos == capacity)
{
@ -164,79 +201,133 @@ u8 read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
capacity *= 2;
buffer->data = MEM2_realloc(buffer->data, capacity);
}
while ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos)) == -1 && errno == EINTR)
;
if (ret == 0)
if ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos, false)) == 0)
break;
if (ret < 0)
return 0;
return false;
start_pos += ret;
};
buffer->size = start_pos;
buffer->data = MEM2_realloc(buffer->data, buffer->size);
return 1;
return (buffer->content_length > 0 && buffer->content_length == start_pos) ? true : false;
}
bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy)
{
int rret, minor_version;
size_t msg_len, prevbuflen;
const char *msg;
while (true)
{
if ((rret = https_read(httpinfo, &resp->data[resp->buflen], 1, proxy)) < 1)
return false;
prevbuflen = resp->buflen;
resp->buflen += rret;
// Parse the response
resp->num_headers = sizeof(resp->headers) / sizeof(resp->headers[0]);
if ((resp->pret = phr_parse_response(resp->data, resp->buflen, &minor_version, &resp->status, &msg, &msg_len, resp->headers, &resp->num_headers, prevbuflen)) > 0)
return true; // Successfully parsed the response
else if (resp->pret == -1)
{
#ifdef DEBUG_NETWORK
gprintf("pret error %i\n", resp->pret);
#endif
return false;
}
if (resp->buflen == sizeof(resp->data))
{
#ifdef DEBUG_NETWORK
gprintf("buflen error %lu\n", (unsigned long)resp->buflen);
#endif
return false;
}
}
return false;
}
bool check_ip(char *str)
{
int partA, partB, partC, partD;
char extra;
// We avoid using regex because it increases the file size
return (sscanf(str, "%d.%d.%d.%d%c", &partA, &partB, &partC, &partD, &extra) == 4) ? true : false;
}
bool connect_proxy(HTTP_INFO *httpinfo, char *host, char *username, char *password)
{
HTTP_RESPONSE response = {0};
char request[500];
char credentials[65];
char *auth;
int len;
if (username && password)
{
if(!snprintf(credentials, sizeof(credentials), "%s:%s", username, password))
return false;
if(!(auth = base64(credentials, strlen(credentials), &len)))
return false;
len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nProxy-Authorization: Basic %s\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80, auth);
free(auth);
}
else
len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80);
if (len > 0 && https_write(httpinfo, request, len, true) != len)
return false;
if (get_response(httpinfo, &response, true))
{
if (response.status == 200)
return true;
}
return false;
}
int connect(char *host, u16 port)
{
struct sockaddr_in sin;
s32 sock, ret;
u64 t;
u32 ipaddress = getipbynamecached(host);
if (ipaddress == 0)
return -1;
sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
if (sock < 0)
return sock;
memset(&sin, 0, sizeof(struct sockaddr_in));
u32 ipaddress;
u64 time;
#ifdef DEBUG_NETWORK
gprintf("Connecting to %s", host);
#endif
if ((ipaddress = check_ip(host) ? inet_addr(host) : getipbynamecached(host)) == 0)
return -EFAULT;
sin.sin_family = AF_INET;
sin.sin_port = htons(port);
sin.sin_addr.s_addr = ipaddress;
#ifdef DEBUG_NETWORK
gprintf("Connecting to %s (%s)\n", host, inet_ntoa(sin.sin_addr));
if (!check_ip(host))
gprintf(" (%s)", inet_ntoa(sin.sin_addr));
#endif
if ((sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP)) < 0)
return sock;
net_fcntl(sock, F_SETFL, 4);
t = gettime();
while (1)
time = gettime();
while (ticks_to_millisecs(diff_ticks(time, gettime())) < CONNECT_TIMEOUT)
{
if (ticks_to_millisecs(diff_ticks(t, gettime())) > TCP_CONNECT_TIMEOUT)
{
#ifdef DEBUG_NETWORK
gprintf("The connection timed out\n");
#endif
net_close(sock);
return -ETIMEDOUT;
}
ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin));
if (ret < 0)
if ((ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin))) < 0)
{
if (ret == -EISCONN)
break;
return sock;
if (ret == -EINPROGRESS || ret == -EALREADY)
{
usleep(20 * 1000);
usleep(10000);
continue;
}
net_close(sock);
return ret;
}
break;
}
net_fcntl(sock, F_SETFL, 0);
return sock;
net_close(sock);
return -ETIMEDOUT;
}
void downloadfile(const char *url, struct download *buffer)
{
HTTP_INFO httpinfo;
memset(&httpinfo, 0, sizeof(HTTP_INFO));
HTTP_INFO httpinfo = {0};
// Always reset the size due to the image downloader looping
buffer->size = 0;
// Check if we're using HTTPS and set the path
char *path;
if (strncmp(url, "https://", 8) == 0)
@ -250,33 +341,53 @@ void downloadfile(const char *url, struct download *buffer)
path = strchr(url + 7, '/');
}
else
return; // Prevents uninitialized warning
return;
if (path == NULL)
return;
// Get the host
int domainlength = path - url - 7 - httpinfo.use_https;
char host[domainlength + 1];
strlcpy(host, url + 7 + httpinfo.use_https, domainlength + 1);
// Start connecting
if ((httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80)) < 0)
if (getProxyAddress() && getProxyPort() > 0)
httpinfo.sock = connect(getProxyAddress(), getProxyPort());
else
httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80);
if (httpinfo.sock < 0)
{
#ifdef DEBUG_NETWORK
gprintf("Failed to connect to %s\n", host);
if (httpinfo.sock == -ETIMEDOUT)
gprintf("\nFailed to connect (timed out)\n");
else
gprintf("\nFailed to connect (%i)\n", httpinfo.sock);
#endif
return;
}
#ifdef DEBUG_NETWORK
else
gprintf("Connected\n");
gprintf("\nConnected\n");
#endif
// Connect to a web proxy without credentials
if (getProxyAddress() && getProxyPort() > 0)
{
if (!connect_proxy(&httpinfo, host, getProxyUsername(), getProxyPassword()))
{
#ifdef DEBUG_NETWORK
gprintf("Failed to connect to proxy (%s:%i)\n", getProxyAddress(), getProxyPort());
#endif
https_close(&httpinfo);
return;
}
session = NULL; // Resume doesn't work with a proxy
#ifdef DEBUG_NETWORK
gprintf("Proxy is ready to receive\n");
#endif
}
// Setup for HTTPS if it's necessary
if (httpinfo.use_https)
{
// Create a new SSL context
// wolfSSLv23_client_method() works, but resume would require further changes
// wolfSSLv23_client_method() works but resume would require further changes
if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
{
#ifdef DEBUG_NETWORK
@ -296,6 +407,9 @@ void downloadfile(const char *url, struct download *buffer)
https_close(&httpinfo);
return;
}
// Custom I/O is essential due to how libogc handles errors
wolfSSL_SetIOSend(httpinfo.ctx, send_callback);
wolfSSL_SetIORecv(httpinfo.ctx, recv_callback);
// Create a new wolfSSL session
if ((httpinfo.ssl = wolfSSL_new(httpinfo.ctx)) == NULL)
{
@ -323,7 +437,10 @@ void downloadfile(const char *url, struct download *buffer)
session = NULL;
}
// Initiate a handshake
if (wolfSSL_connect(httpinfo.ssl) != SSL_SUCCESS)
u64 time = gettime();
while (true)
{
if (ticks_to_millisecs(diff_ticks(time, gettime())) > CONNECT_TIMEOUT)
{
#ifdef DEBUG_NETWORK
gprintf("SSL handshake failed\n");
@ -331,6 +448,10 @@ void downloadfile(const char *url, struct download *buffer)
https_close(&httpinfo);
return;
}
if (wolfSSL_connect(httpinfo.ssl) == SSL_SUCCESS)
break;
usleep(10000);
}
// Check if we resumed successfully
if (session != NULL && !wolfSSL_session_reused(httpinfo.ssl))
{
@ -348,15 +469,13 @@ void downloadfile(const char *url, struct download *buffer)
gprintf("Using: %s - %s\n", wolfSSL_get_version(httpinfo.ssl), wolfSSL_CIPHER_get_name(cipher));
#endif
}
// Send our request
char request[2200];
char request[2300];
char isgecko[36] = "Cookie: challenge=BitMitigate.com\r\n";
int ret, len;
if (strcmp(host, "www.geckocodes.org") != 0)
if (strncmp(host, "www.geckocodes.org", 18) != 0)
memset(isgecko, 0, sizeof(isgecko)); // Not geckocodes, so don't set a cookie
len = snprintf(request, 2200,
len = snprintf(request, sizeof(request),
"GET %s HTTP/1.1\r\n"
"Host: %s\r\n"
"User-Agent: WiiFlow-Lite\r\n"
@ -365,7 +484,7 @@ void downloadfile(const char *url, struct download *buffer)
"Pragma: no-cache\r\n"
"Cache-Control: no-cache\r\n\r\n",
path, host, isgecko);
if ((ret = https_write(&httpinfo, request, len)) != len)
if ((ret = https_write(&httpinfo, request, len, false)) != len)
{
#ifdef DEBUG_NETWORK
gprintf("https_write error: %i\n", ret);
@ -373,7 +492,6 @@ void downloadfile(const char *url, struct download *buffer)
https_close(&httpinfo);
return;
}
// Check if we want a response
if (buffer->skip_response)
{
@ -383,56 +501,15 @@ void downloadfile(const char *url, struct download *buffer)
https_close(&httpinfo);
return;
}
// Get the response
char response[4096];
struct phr_header headers[100];
int pret, minor_version, status, dl_valid;
size_t buflen = 0, prevbuflen = 0, num_headers, msg_len;
ssize_t rret;
const char *msg;
while (1)
HTTP_RESPONSE response = {0};
if (!get_response(&httpinfo, &response, false))
{
// Read the response
while ((rret = https_read(&httpinfo, &response[buflen], 1)) == -1 && errno == EINTR)
;
if (rret <= 0)
{
#ifdef DEBUG_NETWORK
gprintf("rret error %i\n", rret);
#endif
https_close(&httpinfo);
return;
}
prevbuflen = buflen;
buflen += rret;
// Parse the response
num_headers = sizeof(headers) / sizeof(headers[0]);
pret = phr_parse_response(response, buflen, &minor_version, &status, &msg, &msg_len, headers, &num_headers, prevbuflen);
if (pret > 0)
break; // Successfully parsed the response
else if (pret == -1)
{
#ifdef DEBUG_NETWORK
gprintf("pret error %i\n", pret);
#endif
https_close(&httpinfo);
return;
}
// Response is incomplete so continue the loop
if (buflen == sizeof(response))
{
#ifdef DEBUG_NETWORK
gprintf("buflen error %i\n", buflen);
#endif
https_close(&httpinfo);
return;
}
}
// The website wants to redirect us
if (status == 301 || status == 302)
if (response.status == 301 || response.status == 302)
{
https_close(&httpinfo);
if (loop == REDIRECT_LIMIT)
@ -443,8 +520,8 @@ void downloadfile(const char *url, struct download *buffer)
return;
}
loop++;
char location[2100] = {};
if (!get_header_value(headers, num_headers, location, "location"))
char location[2049];
if (!get_header_value(response.headers, response.num_headers, location, "location"))
return;
#ifdef DEBUG_NETWORK
gprintf("Redirect #%i - %s\n", loop, location);
@ -455,17 +532,21 @@ void downloadfile(const char *url, struct download *buffer)
// It's not 301 or 302, so reset the loop
loop = 0;
// We got what we wanted
if (status == 200)
if (response.status == 200)
{
buffer->data = MEM2_alloc(4096);
memcpy(buffer->data, &response[pret], buflen - pret);
memcpy(buffer->data, &response.data[response.pret], response.buflen - response.pret);
// Determine how to read the data
if (is_chunked(headers, num_headers))
dl_valid = read_chunked(&httpinfo, buffer, buflen - pret);
bool dl_valid;
if (is_chunked(response.headers, response.num_headers))
dl_valid = read_chunked(&httpinfo, buffer, response.buflen - response.pret);
else
dl_valid = read_all(&httpinfo, buffer, buflen - pret);
{
buffer->content_length = get_header_value_int(response.headers, response.num_headers, "content-length");
dl_valid = read_all(&httpinfo, buffer, response.buflen - response.pret);
}
// Check if the download is incomplete
if (!dl_valid || buffer->size <= 0)
if (!dl_valid || buffer->size < 1)
{
buffer->size = 0;
MEM2_free(buffer->data);
@ -481,16 +562,17 @@ void downloadfile(const char *url, struct download *buffer)
// Finished
https_close(&httpinfo);
#ifdef DEBUG_NETWORK
gprintf("Download size: %llu\n", buffer->size);
gprintf("Headers:\n");
for (size_t i = 0; i != num_headers; ++i)
gprintf("%.*s: %.*s\n", (int)headers[i].name_len, headers[i].name, (int)headers[i].value_len, headers[i].value);
gprintf("Download size: %llu\n", (long long)buffer->size);
gprintf("------------- HEADERS -------------\n");
for (size_t i = 0; i != response.num_headers; ++i)
gprintf("%.*s: %.*s\n", (int)response.headers[i].name_len, response.headers[i].name, (int)response.headers[i].value_len, response.headers[i].value);
gprintf("------------ COMPLETED ------------\n");
#endif
return;
}
// Close on all other status codes
#ifdef DEBUG_NETWORK
gprintf("Status code: %i - %s\n", status, url);
gprintf("Status code: %i - %s\n", response.status, url);
#endif
https_close(&httpinfo);
}

View File

@ -1,11 +1,14 @@
// Code by blackb0x @ GBAtemp.net
// This allows the Wii to download from servers that use SNI.
/*
Code by blackb0x @ GBAtemp.net
This allows the Wii to download from servers that use SNI.
*/
#ifndef _HTTPS_H_
#define _HTTPS_H_
#include <libwolfssl/ssl.h>
#include "dns.h"
#include "picohttpparser.h"
#ifdef __cplusplus
extern "C"
@ -14,16 +17,28 @@ extern "C"
// #define DEBUG_NETWORK
#define REDIRECT_LIMIT 3
#define TCP_CONNECT_TIMEOUT 5000
#define READ_WRITE_TIMEOUT 5000
#define CONNECT_TIMEOUT 10000
#define READ_WRITE_TIMEOUT 20000
#define BLOCK_SIZE 8192
struct download
{
u8 skip_response; // Used by WiinnerTag
bool skip_response; // Used by WiinnerTag
u64 content_length;
u64 size;
char *data;
};
typedef struct
{
int status;
int pret;
size_t num_headers;
size_t buflen;
struct phr_header headers[100];
char data[4096];
} HTTP_RESPONSE;
typedef struct
{
u8 use_https;

View File

@ -355,10 +355,12 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
ADVANCE_TOKEN(*method, *method_len);
do {
++buf;
CHECK_EOF();
} while (*buf == ' ');
ADVANCE_TOKEN(*path, *path_len);
do {
++buf;
CHECK_EOF();
} while (*buf == ' ');
if (*method_len == 0 || *path_len == 0) {
*ret = -1;
@ -422,6 +424,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
}
do {
++buf;
CHECK_EOF();
} while (*buf == ' ');
/* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */
if (buf_end - buf < 4) {
@ -437,7 +440,8 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
if (*msg_len == 0) {
/* ok */
} else if (**msg == ' ') {
/* remove preceding space */
/* Remove preceding space. Successful return from `get_token_to_eol` guarantees that we would hit something other than SP
* before running past the end of the given buffer. */
do {
++*msg;
--*msg_len;

View File

@ -0,0 +1,73 @@
#include <ogcsys.h>
#include <ogc/isfs.h>
#include <string.h>
#include "proxysettings.h"
#include "menu/menu.hpp"
#define ALIGN32(x) (((x) + 31) & ~31)
bool proxy_enabled;
char proxy_address[256];
u16 proxy_port;
char proxy_username[33];
char proxy_password[33];
void getProxyInfo()
{
char *buffer;
int fd = ISFS_Open("/shared2/sys/net/02/config.dat", ISFS_OPEN_READ);
if (fd >= 0)
{
fstats stats ATTRIBUTE_ALIGN(32) = {};
if(ISFS_GetFileStats(fd, &stats) >= 0)
{
if (stats.file_length > 0)
{
buffer = (char*)MEM2_alloc(ALIGN32(stats.file_length));
if (buffer)
{
if(ISFS_Read(fd, buffer, stats.file_length) == 7004)
{
proxy_enabled = buffer[44];
strncpy(proxy_address, buffer + 48, sizeof(proxy_address) - 1);
proxy_port = ((buffer[304] & 0xFF) << 8) | (buffer[305] & 0xFF);
strncpy(proxy_username, buffer + 306, sizeof(proxy_username) - 1);
strncpy(proxy_password, buffer + 338, sizeof(proxy_password) - 1);
}
}
MEM2_free(buffer);
}
}
ISFS_Close(fd);
}
}
char* getProxyAddress()
{
if (mainMenu.proxyUseSystem)
return proxy_enabled ? proxy_address : NULL;
return (strlen(mainMenu.proxyAddress) > 6) ? mainMenu.proxyAddress : NULL;
}
u16 getProxyPort()
{
if (mainMenu.proxyUseSystem)
return proxy_enabled ? proxy_port : 0;
return mainMenu.proxyPort;
}
char* getProxyUsername()
{
if (mainMenu.proxyUseSystem)
return proxy_enabled ? proxy_username : NULL;
return (strlen(mainMenu.proxyUsername) > 0) ? mainMenu.proxyUsername : NULL;
}
char* getProxyPassword()
{
if (mainMenu.proxyUseSystem)
return proxy_enabled ? proxy_password : NULL;
return (strlen(mainMenu.proxyPassword) > 0) ? mainMenu.proxyPassword : NULL;
}

View File

@ -0,0 +1,18 @@
#ifndef _PROXYSETTINGS_
#define _PROXYSETTINGS_
#ifdef __cplusplus
extern "C"
{
#endif
void getProxyInfo();
char *getProxyAddress();
u16 getProxyPort();
char *getProxyUsername();
char *getProxyPassword();
#ifdef __cplusplus
}
#endif
#endif /* _PROXYSETTINGS_ */