From cc715cf04acd4efea8d26e6480e33162463447a4 Mon Sep 17 00:00:00 2001 From: wiidev Date: Thu, 24 Oct 2019 23:26:17 +0100 Subject: [PATCH] Add TLS support --- Makefile.main | 4 +- portlibs/include/sys/socket.h | 203 + portlibs/include/sys/uio.h | 27 + source/booter/external_booter.cpp | 6 +- source/libwolfssl/callbacks.h | 91 + source/libwolfssl/certs_test.h | 3207 ++++++++++++ source/libwolfssl/crl.h | 50 + source/libwolfssl/error-ssl.h | 201 + source/libwolfssl/internal.h | 4437 +++++++++++++++++ source/libwolfssl/libwolfssl.a | Bin 0 -> 392892 bytes source/libwolfssl/ocsp.h | 133 + source/libwolfssl/openssl/aes.h | 111 + source/libwolfssl/openssl/asn1.h | 84 + source/libwolfssl/openssl/bio.h | 157 + source/libwolfssl/openssl/bn.h | 213 + source/libwolfssl/openssl/buffer.h | 51 + source/libwolfssl/openssl/conf.h | 48 + source/libwolfssl/openssl/crypto.h | 81 + source/libwolfssl/openssl/des.h | 113 + source/libwolfssl/openssl/dh.h | 93 + source/libwolfssl/openssl/dsa.h | 87 + source/libwolfssl/openssl/ec.h | 236 + source/libwolfssl/openssl/ec25519.h | 44 + source/libwolfssl/openssl/ecdh.h | 49 + source/libwolfssl/openssl/ecdsa.h | 74 + source/libwolfssl/openssl/ed25519.h | 47 + source/libwolfssl/openssl/engine.h | 8 + source/libwolfssl/openssl/err.h | 32 + source/libwolfssl/openssl/evp.h | 728 +++ source/libwolfssl/openssl/hmac.h | 93 + source/libwolfssl/openssl/lhash.h | 2 + source/libwolfssl/openssl/md4.h | 62 + source/libwolfssl/openssl/md5.h | 81 + source/libwolfssl/openssl/objects.h | 62 + source/libwolfssl/openssl/ocsp.h | 82 + source/libwolfssl/openssl/opensslconf.h | 8 + source/libwolfssl/openssl/opensslv.h | 44 + source/libwolfssl/openssl/ossl_typ.h | 2 + source/libwolfssl/openssl/pem.h | 224 + source/libwolfssl/openssl/pkcs12.h | 49 + source/libwolfssl/openssl/pkcs7.h | 79 + source/libwolfssl/openssl/rand.h | 27 + source/libwolfssl/openssl/rc4.h | 59 + source/libwolfssl/openssl/ripemd.h | 58 + source/libwolfssl/openssl/rsa.h | 128 + source/libwolfssl/openssl/sha.h | 203 + source/libwolfssl/openssl/ssl.h | 1117 +++++ source/libwolfssl/openssl/ssl23.h | 1 + source/libwolfssl/openssl/stack.h | 63 + source/libwolfssl/openssl/ui.h | 2 + source/libwolfssl/openssl/x509.h | 20 + source/libwolfssl/openssl/x509_vfy.h | 1 + source/libwolfssl/openssl/x509v3.h | 112 + source/libwolfssl/sniffer.h | 228 + source/libwolfssl/sniffer_error.h | 137 + source/libwolfssl/ssl.h | 3648 ++++++++++++++ source/libwolfssl/test.h | 3437 +++++++++++++ source/libwolfssl/version.h | 40 + source/libwolfssl/wolfcrypt/aes.h | 402 ++ source/libwolfssl/wolfcrypt/arc4.h | 68 + source/libwolfssl/wolfcrypt/asn.h | 1395 ++++++ source/libwolfssl/wolfcrypt/asn_public.h | 577 +++ source/libwolfssl/wolfcrypt/blake2-impl.h | 155 + source/libwolfssl/wolfcrypt/blake2-int.h | 184 + source/libwolfssl/wolfcrypt/blake2.h | 96 + source/libwolfssl/wolfcrypt/camellia.h | 101 + source/libwolfssl/wolfcrypt/chacha.h | 82 + .../libwolfssl/wolfcrypt/chacha20_poly1305.h | 84 + source/libwolfssl/wolfcrypt/cmac.h | 97 + source/libwolfssl/wolfcrypt/coding.h | 88 + source/libwolfssl/wolfcrypt/compress.h | 58 + source/libwolfssl/wolfcrypt/cpuid.h | 62 + source/libwolfssl/wolfcrypt/cryptocb.h | 299 ++ source/libwolfssl/wolfcrypt/curve25519.h | 159 + source/libwolfssl/wolfcrypt/des3.h | 158 + source/libwolfssl/wolfcrypt/dh.h | 131 + source/libwolfssl/wolfcrypt/dsa.h | 97 + source/libwolfssl/wolfcrypt/ecc.h | 720 +++ source/libwolfssl/wolfcrypt/ed25519.h | 169 + source/libwolfssl/wolfcrypt/error-crypt.h | 252 + source/libwolfssl/wolfcrypt/fe_operations.h | 210 + source/libwolfssl/wolfcrypt/fips_test.h | 59 + source/libwolfssl/wolfcrypt/ge_operations.h | 113 + source/libwolfssl/wolfcrypt/hash.h | 242 + source/libwolfssl/wolfcrypt/hc128.h | 67 + source/libwolfssl/wolfcrypt/hmac.h | 216 + source/libwolfssl/wolfcrypt/idea.h | 70 + source/libwolfssl/wolfcrypt/integer.h | 405 ++ source/libwolfssl/wolfcrypt/logging.h | 188 + source/libwolfssl/wolfcrypt/md2.h | 69 + source/libwolfssl/wolfcrypt/md4.h | 67 + source/libwolfssl/wolfcrypt/md5.h | 130 + source/libwolfssl/wolfcrypt/mem_track.h | 401 ++ source/libwolfssl/wolfcrypt/memory.h | 233 + source/libwolfssl/wolfcrypt/misc.h | 116 + source/libwolfssl/wolfcrypt/mpi_class.h | 1021 ++++ source/libwolfssl/wolfcrypt/mpi_superclass.h | 96 + source/libwolfssl/wolfcrypt/pkcs11.h | 537 ++ source/libwolfssl/wolfcrypt/pkcs12.h | 72 + source/libwolfssl/wolfcrypt/pkcs7.h | 483 ++ source/libwolfssl/wolfcrypt/poly1305.h | 127 + .../wolfcrypt/port/Espressif/esp32-crypt.h | 152 + .../port/Renesas/renesas-tsip-crypt.h | 153 + .../wolfcrypt/port/af_alg/afalg_hash.h | 50 + .../wolfcrypt/port/af_alg/wc_afalg.h | 53 + .../wolfcrypt/port/arm/cryptoCell.h | 117 + .../libwolfssl/wolfcrypt/port/atmel/atmel.h | 134 + .../wolfcrypt/port/caam/caam_driver.h | 187 + .../libwolfssl/wolfcrypt/port/caam/wolfcaam.h | 63 + .../wolfcrypt/port/caam/wolfcaam_sha.h | 88 + .../wolfcrypt/port/devcrypto/wc_devcrypto.h | 53 + .../wolfcrypt/port/intel/quickassist_sync.h | 229 + source/libwolfssl/wolfcrypt/port/nrf51.h | 44 + .../libwolfssl/wolfcrypt/port/nxp/ksdk_port.h | 87 + .../wolfcrypt/port/pic32/pic32mz-crypt.h | 224 + source/libwolfssl/wolfcrypt/port/st/stm32.h | 131 + source/libwolfssl/wolfcrypt/port/st/stsafe.h | 94 + source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h | 47 + source/libwolfssl/wolfcrypt/port/ti/ti-hash.h | 63 + .../wolfcrypt/port/xilinx/xil-sha3.h | 45 + source/libwolfssl/wolfcrypt/pwdbased.h | 71 + source/libwolfssl/wolfcrypt/rabbit.h | 73 + source/libwolfssl/wolfcrypt/random.h | 245 + source/libwolfssl/wolfcrypt/ripemd.h | 67 + source/libwolfssl/wolfcrypt/rsa.h | 356 ++ source/libwolfssl/wolfcrypt/selftest.h | 48 + source/libwolfssl/wolfcrypt/settings.h | 2084 ++++++++ source/libwolfssl/wolfcrypt/sha.h | 178 + source/libwolfssl/wolfcrypt/sha256.h | 255 + source/libwolfssl/wolfcrypt/sha3.h | 157 + source/libwolfssl/wolfcrypt/sha512.h | 228 + source/libwolfssl/wolfcrypt/signature.h | 76 + source/libwolfssl/wolfcrypt/sp.h | 122 + source/libwolfssl/wolfcrypt/sp_int.h | 256 + source/libwolfssl/wolfcrypt/srp.h | 311 ++ source/libwolfssl/wolfcrypt/tfm.h | 826 +++ source/libwolfssl/wolfcrypt/types.h | 898 ++++ source/libwolfssl/wolfcrypt/visibility.h | 79 + source/libwolfssl/wolfcrypt/wc_encrypt.h | 101 + source/libwolfssl/wolfcrypt/wc_pkcs11.h | 94 + source/libwolfssl/wolfcrypt/wc_port.h | 739 +++ source/libwolfssl/wolfcrypt/wolfevent.h | 120 + source/libwolfssl/wolfcrypt/wolfmath.h | 96 + source/libwolfssl/wolfio.h | 583 +++ source/menu/menu_cheat.cpp | 21 +- source/menu/menu_download.cpp | 124 +- source/menu/menu_game_boot.cpp | 1 - source/network/gcard.c | 6 +- source/network/http.c | 304 -- source/network/http.h | 33 - source/network/https.c | 448 ++ source/network/https.h | 43 + source/network/picohttpparser.c | 645 +++ source/network/picohttpparser.h | 87 + wiiflow.pnproj | 2 +- 155 files changed, 42418 insertions(+), 413 deletions(-) create mode 100644 portlibs/include/sys/socket.h create mode 100644 portlibs/include/sys/uio.h create mode 100644 source/libwolfssl/callbacks.h create mode 100644 source/libwolfssl/certs_test.h create mode 100644 source/libwolfssl/crl.h create mode 100644 source/libwolfssl/error-ssl.h create mode 100644 source/libwolfssl/internal.h create mode 100644 source/libwolfssl/libwolfssl.a create mode 100644 source/libwolfssl/ocsp.h create mode 100644 source/libwolfssl/openssl/aes.h create mode 100644 source/libwolfssl/openssl/asn1.h create mode 100644 source/libwolfssl/openssl/bio.h create mode 100644 source/libwolfssl/openssl/bn.h create mode 100644 source/libwolfssl/openssl/buffer.h create mode 100644 source/libwolfssl/openssl/conf.h create mode 100644 source/libwolfssl/openssl/crypto.h create mode 100644 source/libwolfssl/openssl/des.h create mode 100644 source/libwolfssl/openssl/dh.h create mode 100644 source/libwolfssl/openssl/dsa.h create mode 100644 source/libwolfssl/openssl/ec.h create mode 100644 source/libwolfssl/openssl/ec25519.h create mode 100644 source/libwolfssl/openssl/ecdh.h create mode 100644 source/libwolfssl/openssl/ecdsa.h create mode 100644 source/libwolfssl/openssl/ed25519.h create mode 100644 source/libwolfssl/openssl/engine.h create mode 100644 source/libwolfssl/openssl/err.h create mode 100644 source/libwolfssl/openssl/evp.h create mode 100644 source/libwolfssl/openssl/hmac.h create mode 100644 source/libwolfssl/openssl/lhash.h create mode 100644 source/libwolfssl/openssl/md4.h create mode 100644 source/libwolfssl/openssl/md5.h create mode 100644 source/libwolfssl/openssl/objects.h create mode 100644 source/libwolfssl/openssl/ocsp.h create mode 100644 source/libwolfssl/openssl/opensslconf.h create mode 100644 source/libwolfssl/openssl/opensslv.h create mode 100644 source/libwolfssl/openssl/ossl_typ.h create mode 100644 source/libwolfssl/openssl/pem.h create mode 100644 source/libwolfssl/openssl/pkcs12.h create mode 100644 source/libwolfssl/openssl/pkcs7.h create mode 100644 source/libwolfssl/openssl/rand.h create mode 100644 source/libwolfssl/openssl/rc4.h create mode 100644 source/libwolfssl/openssl/ripemd.h create mode 100644 source/libwolfssl/openssl/rsa.h create mode 100644 source/libwolfssl/openssl/sha.h create mode 100644 source/libwolfssl/openssl/ssl.h create mode 100644 source/libwolfssl/openssl/ssl23.h create mode 100644 source/libwolfssl/openssl/stack.h create mode 100644 source/libwolfssl/openssl/ui.h create mode 100644 source/libwolfssl/openssl/x509.h create mode 100644 source/libwolfssl/openssl/x509_vfy.h create mode 100644 source/libwolfssl/openssl/x509v3.h create mode 100644 source/libwolfssl/sniffer.h create mode 100644 source/libwolfssl/sniffer_error.h create mode 100644 source/libwolfssl/ssl.h create mode 100644 source/libwolfssl/test.h create mode 100644 source/libwolfssl/version.h create mode 100644 source/libwolfssl/wolfcrypt/aes.h create mode 100644 source/libwolfssl/wolfcrypt/arc4.h create mode 100644 source/libwolfssl/wolfcrypt/asn.h create mode 100644 source/libwolfssl/wolfcrypt/asn_public.h create mode 100644 source/libwolfssl/wolfcrypt/blake2-impl.h create mode 100644 source/libwolfssl/wolfcrypt/blake2-int.h create mode 100644 source/libwolfssl/wolfcrypt/blake2.h create mode 100644 source/libwolfssl/wolfcrypt/camellia.h create mode 100644 source/libwolfssl/wolfcrypt/chacha.h create mode 100644 source/libwolfssl/wolfcrypt/chacha20_poly1305.h create mode 100644 source/libwolfssl/wolfcrypt/cmac.h create mode 100644 source/libwolfssl/wolfcrypt/coding.h create mode 100644 source/libwolfssl/wolfcrypt/compress.h create mode 100644 source/libwolfssl/wolfcrypt/cpuid.h create mode 100644 source/libwolfssl/wolfcrypt/cryptocb.h create mode 100644 source/libwolfssl/wolfcrypt/curve25519.h create mode 100644 source/libwolfssl/wolfcrypt/des3.h create mode 100644 source/libwolfssl/wolfcrypt/dh.h create mode 100644 source/libwolfssl/wolfcrypt/dsa.h create mode 100644 source/libwolfssl/wolfcrypt/ecc.h create mode 100644 source/libwolfssl/wolfcrypt/ed25519.h create mode 100644 source/libwolfssl/wolfcrypt/error-crypt.h create mode 100644 source/libwolfssl/wolfcrypt/fe_operations.h create mode 100644 source/libwolfssl/wolfcrypt/fips_test.h create mode 100644 source/libwolfssl/wolfcrypt/ge_operations.h create mode 100644 source/libwolfssl/wolfcrypt/hash.h create mode 100644 source/libwolfssl/wolfcrypt/hc128.h create mode 100644 source/libwolfssl/wolfcrypt/hmac.h create mode 100644 source/libwolfssl/wolfcrypt/idea.h create mode 100644 source/libwolfssl/wolfcrypt/integer.h create mode 100644 source/libwolfssl/wolfcrypt/logging.h create mode 100644 source/libwolfssl/wolfcrypt/md2.h create mode 100644 source/libwolfssl/wolfcrypt/md4.h create mode 100644 source/libwolfssl/wolfcrypt/md5.h create mode 100644 source/libwolfssl/wolfcrypt/mem_track.h create mode 100644 source/libwolfssl/wolfcrypt/memory.h create mode 100644 source/libwolfssl/wolfcrypt/misc.h create mode 100644 source/libwolfssl/wolfcrypt/mpi_class.h create mode 100644 source/libwolfssl/wolfcrypt/mpi_superclass.h create mode 100644 source/libwolfssl/wolfcrypt/pkcs11.h create mode 100644 source/libwolfssl/wolfcrypt/pkcs12.h create mode 100644 source/libwolfssl/wolfcrypt/pkcs7.h create mode 100644 source/libwolfssl/wolfcrypt/poly1305.h create mode 100644 source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h create mode 100644 source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h create mode 100644 source/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h create mode 100644 source/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h create mode 100644 source/libwolfssl/wolfcrypt/port/arm/cryptoCell.h create mode 100644 source/libwolfssl/wolfcrypt/port/atmel/atmel.h create mode 100644 source/libwolfssl/wolfcrypt/port/caam/caam_driver.h create mode 100644 source/libwolfssl/wolfcrypt/port/caam/wolfcaam.h create mode 100644 source/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h create mode 100644 source/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h create mode 100644 source/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h create mode 100644 source/libwolfssl/wolfcrypt/port/nrf51.h create mode 100644 source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h create mode 100644 source/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h create mode 100644 source/libwolfssl/wolfcrypt/port/st/stm32.h create mode 100644 source/libwolfssl/wolfcrypt/port/st/stsafe.h create mode 100644 source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h create mode 100644 source/libwolfssl/wolfcrypt/port/ti/ti-hash.h create mode 100644 source/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h create mode 100644 source/libwolfssl/wolfcrypt/pwdbased.h create mode 100644 source/libwolfssl/wolfcrypt/rabbit.h create mode 100644 source/libwolfssl/wolfcrypt/random.h create mode 100644 source/libwolfssl/wolfcrypt/ripemd.h create mode 100644 source/libwolfssl/wolfcrypt/rsa.h create mode 100644 source/libwolfssl/wolfcrypt/selftest.h create mode 100644 source/libwolfssl/wolfcrypt/settings.h create mode 100644 source/libwolfssl/wolfcrypt/sha.h create mode 100644 source/libwolfssl/wolfcrypt/sha256.h create mode 100644 source/libwolfssl/wolfcrypt/sha3.h create mode 100644 source/libwolfssl/wolfcrypt/sha512.h create mode 100644 source/libwolfssl/wolfcrypt/signature.h create mode 100644 source/libwolfssl/wolfcrypt/sp.h create mode 100644 source/libwolfssl/wolfcrypt/sp_int.h create mode 100644 source/libwolfssl/wolfcrypt/srp.h create mode 100644 source/libwolfssl/wolfcrypt/tfm.h create mode 100644 source/libwolfssl/wolfcrypt/types.h create mode 100644 source/libwolfssl/wolfcrypt/visibility.h create mode 100644 source/libwolfssl/wolfcrypt/wc_encrypt.h create mode 100644 source/libwolfssl/wolfcrypt/wc_pkcs11.h create mode 100644 source/libwolfssl/wolfcrypt/wc_port.h create mode 100644 source/libwolfssl/wolfcrypt/wolfevent.h create mode 100644 source/libwolfssl/wolfcrypt/wolfmath.h create mode 100644 source/libwolfssl/wolfio.h delete mode 100644 source/network/http.c delete mode 100644 source/network/http.h create mode 100644 source/network/https.c create mode 100644 source/network/https.h create mode 100644 source/network/picohttpparser.c create mode 100644 source/network/picohttpparser.h diff --git a/Makefile.main b/Makefile.main index c8a4de2d..5f3b641d 100644 --- a/Makefile.main +++ b/Makefile.main @@ -67,7 +67,7 @@ endif #--------------------------------------------------------------------------------- # any extra libraries we wish to link with the project #--------------------------------------------------------------------------------- -LIBS := -lcustomfat -lcustomntfs -lcustomext2fs -lpng -lturbojpeg -lm -lz -lwiiuse -lwupc -lwiidrc -lbte -lasnd -logc -lfreetype -lvorbisidec -lmad -lsicksaxis +LIBS := -lwolfssl -lcustomfat -lcustomntfs -lcustomext2fs -lpng -lturbojpeg -lm -lz -lwiiuse -lwupc -lwiidrc -lbte -lasnd -logc -lfreetype -lvorbisidec -lmad -lsicksaxis #--------------------------------------------------------------------------------- # list of directories containing libraries, this must be the top level containing @@ -131,7 +131,7 @@ export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \ #--------------------------------------------------------------------------------- export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib) -L$(CURDIR)/source/libs/libfat/ \ -L$(CURDIR)/source/libs/libntfs/ -L$(CURDIR)/source/libs/libext2fs/ \ - -L$(LIBOGC_LIB) -L$(PORTLIBS)/lib + -L$(CURDIR)/source/libwolfssl/ -L$(LIBOGC_LIB) -L$(PORTLIBS)/lib export OUTPUT := $(CURDIR)/out/$(TARGET) .PHONY: $(BUILD) all clean diff --git a/portlibs/include/sys/socket.h b/portlibs/include/sys/socket.h new file mode 100644 index 00000000..04183061 --- /dev/null +++ b/portlibs/include/sys/socket.h @@ -0,0 +1,203 @@ +/* sys/socket.h + + netport +*/ + +#ifndef _SYS_SOCKET_H +#define _SYS_SOCKET_H + + +#include +#include +#include + +#ifdef __cplusplus +extern "C" +{ +#endif + +#ifndef socklen_t +typedef uint8_t socklen_t; +#define socklen_t socklen_t +#endif + +typedef uint8_t sa_family_t; + +struct sockaddr { + u8 sa_len; + sa_family_t sa_family; /* address family, AF_xxx */ + char sa_data[14]; /* 14 bytes of protocol address */ +}; + +/* Definition of sockaddr_storage according to SUSv3. */ +#define _SS_MAXSIZE 128 /* Maximum size. */ +#define _SS_ALIGNSIZE (sizeof (int64_t))/* Desired alignment. */ +#define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof (sa_family_t)) +#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (sa_family_t) \ + + _SS_PAD1SIZE + _SS_ALIGNSIZE)) + +struct sockaddr_storage { + sa_family_t ss_family; + char _ss_pad1[_SS_PAD1SIZE]; + int64_t __ss_align; + char _ss_pad2[_SS_PAD2SIZE]; +}; + +#include + +struct msghdr +{ + void * msg_name; /* Socket name */ + socklen_t msg_namelen; /* Length of name */ + struct iovec * msg_iov; /* Data blocks */ + int msg_iovlen; /* Number of blocks */ + void * msg_control; /* Ancillary data */ + socklen_t msg_controllen; /* Ancillary data buffer length */ + int msg_flags; /* Received flags on recvmsg */ +}; + +struct cmsghdr +{ + socklen_t cmsg_len; /* Length of cmsghdr + data */ + int cmsg_level; /* Protocol */ + int cmsg_type; /* Protocol type */ +}; + +#define CMSG_ALIGN(len) \ + (((len) + sizeof (size_t) - 1) & ~(sizeof (size_t) - 1)) +#define CMSG_LEN(len) \ + (CMSG_ALIGN (sizeof (struct cmsghdr)) + (len)) +#define CMSG_SPACE(len) \ + (CMSG_ALIGN (sizeof (struct cmsghdr)) + CMSG_ALIGN(len)) +#define CMSG_FIRSTHDR(mhdr) \ + ({ \ + struct msghdr *_m = (struct msghdr *) mhdr; \ + (unsigned) (_m)->msg_controllen >= sizeof (struct cmsghdr) \ + ? (struct cmsghdr *) (_m)->msg_control \ + : (struct cmsghdr *) NULL; \ + }) +#define CMSG_NXTHDR(mhdr,cmsg) \ + ({ \ + struct msghdr *_m = (struct msghdr *) mhdr; \ + struct cmsghdr *_c = (struct cmsghdr *) cmsg; \ + ((char *) _c + CMSG_SPACE (_c->cmsg_len) \ + > (char *) _m->msg_control + _m->msg_controllen) \ + ? (struct cmsghdr *) NULL \ + : (struct cmsghdr *) ((char *) _c + CMSG_ALIGN (_c->cmsg_len)); \ + }) +#define CMSG_DATA(cmsg) \ + ((unsigned char *) ((struct cmsghdr *)(cmsg) + 1)) + +/* "Socket"-level control message types: */ +#define SCM_RIGHTS 0x01 /* access rights (array of int) */ + +/* + * Structure used for manipulating linger option. + */ +struct linger { + int l_onoff; /* option on/off */ + int l_linger; /* linger time */ +}; + + +#define SOCK_STREAM 1 +#define SOCK_DGRAM 2 +#define SOCK_RAW 3 +#if(0) +#define SOCK_SEQPACKET 5 +#endif + +#define SOL_SOCKET 0xffff /* options for socket level */ + +/* + * Option flags per-socket. + */ +#define SO_DEBUG 0x0001 /* turn on debugging info recording */ +#define SO_ACCEPTCONN 0x0002 /* socket has had listen() */ +#define SO_REUSEADDR 0x0004 /* allow local address reuse */ +#define SO_KEEPALIVE 0x0008 /* keep connections alive */ +#define SO_DONTROUTE 0x0010 /* just use interface addresses */ +#define SO_BROADCAST 0x0020 /* permit sending of broadcast msgs */ +#define SO_USELOOPBACK 0x0040 /* bypass hardware when possible */ +#define SO_LINGER 0x0080 /* linger on close if data present */ +#define SO_OOBINLINE 0x0100 /* leave received OOB data in line */ +#define SO_REUSEPORT 0x0200 /* allow local address & port reuse */ + +/* + * Additional options, not kept in so_options. + */ +#define SO_SNDBUF 0x1001 /* send buffer size */ +#define SO_RCVBUF 0x1002 /* receive buffer size */ +#define SO_SNDLOWAT 0x1003 /* send low-water mark */ +#define SO_RCVLOWAT 0x1004 /* receive low-water mark */ +#define SO_SNDTIMEO 0x1005 /* send timeout */ +#define SO_RCVTIMEO 0x1006 /* receive timeout */ +#define SO_ERROR 0x1007 /* get error status and clear */ +#define SO_TYPE 0x1008 /* get socket type */ + +#if(0) +#define SOMAXCONN 0x7fffffff +#endif + + +/* Flags we can use with send/ and recv. */ +// Flags that are made up +#define MSG_OOB 0x1 /* process out-of-band data */ +#define MSG_PEEK 0x2 /* peek at incoming message */ +#define MSG_DONTROUTE 0x4 /* send without using routing tables */ +#define MSG_WINMASK 0x7 /* flags understood by WinSock calls */ +#define MSG_NOSIGNAL 0x20 /* Don't raise SIGPIPE */ +#define MSG_TRUNC 0x0100 /* Normal data truncated */ +#define MSG_CTRUNC 0x0200 /* Control data truncated */ + +// Flag not made up +#define MSG_DONTWAIT 0x40 /* Nonblocking i/o for this operation only */ + + +/* Supported address families. */ +/* + * Address families. + */ +#define AF_UNSPEC 0 +#define AF_INET 2 +#if(0) +#define AF_UNIX 1 /* local to host (pipes, portals) */ +#define AF_INET6 23 /* IP version 6 */ +#endif + + +#if(0) +/* SUS symbolic values for the second parm to shutdown(2) */ +#define SHUT_RD 0 +#define SHUT_WR 1 +#define SHUT_RDWR 2 +#endif + +int accept(int, struct sockaddr *__restrict__, socklen_t *__restrict__); +int bind(int, const struct sockaddr *, socklen_t); +int connect(int, const struct sockaddr *, socklen_t); +int getpeername(int, struct sockaddr *__restrict__, socklen_t *__restrict__); +int getsockname(int, struct sockaddr *__restrict__, socklen_t *__restrict__); +int getsockopt(int, int, int, void *__restrict__, socklen_t *__restrict__); +int listen(int, int); +ssize_t recv(int, void *, size_t, int); +ssize_t recvfrom(int, void *__restrict__, size_t, int, + struct sockaddr *__restrict__, socklen_t *__restrict__); +ssize_t recvmsg(int, struct msghdr *, int); +ssize_t send(int, const void *, size_t, int); +ssize_t sendmsg(int, const struct msghdr *, int); +ssize_t sendto(int, const void *, size_t, int, const struct sockaddr *, + socklen_t); +int setsockopt(int, int, int, const void *, socklen_t); +int close(int); +int shutdown(int, int); +int socket(int, int, int); +int sockatmark(int); +int socketpair(int, int, int, int[2]); + + +#ifdef __cplusplus +}; +#endif + +#endif /* _SYS_SOCKET_H */ diff --git a/portlibs/include/sys/uio.h b/portlibs/include/sys/uio.h new file mode 100644 index 00000000..a345ce9b --- /dev/null +++ b/portlibs/include/sys/uio.h @@ -0,0 +1,27 @@ +/* sys/uio.h + + netport +*/ + +#ifndef _UIO_H_ +#define _UIO_H_ + +/* For size_t */ +#include +/* For ssize_t */ +#include + +/* + * Define the uio buffers used for writev, readv. + */ + +struct iovec +{ + void *iov_base; + size_t iov_len; +}; + +extern ssize_t readv (int filedes, const struct iovec *vector, int count); +extern ssize_t writev(int filedes, const struct iovec *vector, int count); + +#endif /* _UIO_H_ */ diff --git a/source/booter/external_booter.cpp b/source/booter/external_booter.cpp index 214411d6..00edd765 100644 --- a/source/booter/external_booter.cpp +++ b/source/booter/external_booter.cpp @@ -33,7 +33,7 @@ #include "homebrew/homebrew.h" #include "memory/mem2.hpp" //#include "network/FTP_Dir.hpp" -#include "network/http.h" +#include "network/https.h" #include "plugin/crc32.h" /* External WiiFlow Game Booter */ @@ -93,8 +93,6 @@ void WiiFlow_ExternalBooter(u8 vidMode, bool vipatch, bool countryString, u8 pat *EXT_ADDR_CFG = ((u32)lowCFG); /* Unmount devices etc */ ShutdownBeforeExit(); - /* Wii Games will need it */ - net_wc24cleanup(); /* Set proper time */ settime(secs_to_ticks(time(NULL) - 946684800)); /* Copy in booter */ @@ -159,6 +157,8 @@ void ShutdownBeforeExit(void) usleep(50); WiFiDebugger.Close(); //ftp_endTread(); + wolfSSL_Cleanup(); + net_wc24cleanup(); net_deinit(); networkInit = false; } diff --git a/source/libwolfssl/callbacks.h b/source/libwolfssl/callbacks.h new file mode 100644 index 00000000..2e95072e --- /dev/null +++ b/source/libwolfssl/callbacks.h @@ -0,0 +1,91 @@ +/* callbacks.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLFSSL_CALLBACKS_H +#define WOLFSSL_CALLBACKS_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +enum { /* CALLBACK CONTSTANTS */ + MAX_PACKETNAME_SZ = 24, + MAX_CIPHERNAME_SZ = 24, + MAX_TIMEOUT_NAME_SZ = 24, + MAX_PACKETS_HANDSHAKE = 14, /* 12 for client auth plus 2 alerts */ + MAX_VALUE_SZ = 128, /* all handshake packets but Cert should + fit here */ +}; + +struct WOLFSSL; + +typedef struct handShakeInfo_st { + struct WOLFSSL* ssl; + char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated cipher */ + char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1]; + /* SSL packet names */ + int numberPackets; /* actual # of packets */ + int negotiationError; /* cipher/parameter err */ +} HandShakeInfo; + + +#if defined(HAVE_SYS_TIME_H) && !defined(NO_TIMEVAL) + typedef struct timeval Timeval; +#else /* HAVE_SYS_TIME_H */ + /* Define the Timeval explicitly. */ + typedef struct { + long tv_sec; /* Seconds. */ + long tv_usec; /* Microseconds. */ + } Timeval; +#endif /* HAVE_SYS_TIME_H */ + + +typedef struct packetInfo_st { + char packetName[MAX_PACKETNAME_SZ + 1]; /* SSL packet name */ + Timeval timestamp; /* when it occurred */ + unsigned char value[MAX_VALUE_SZ]; /* if fits, it's here */ + unsigned char* bufferValue; /* otherwise here (non 0) */ + int valueSz; /* sz of value or buffer */ +} PacketInfo; + + +typedef struct timeoutInfo_st { + char timeoutName[MAX_TIMEOUT_NAME_SZ + 1]; /* timeout Name */ + int flags; /* for future use */ + int numberPackets; /* actual # of packets */ + PacketInfo packets[MAX_PACKETS_HANDSHAKE]; /* list of all packets */ + Timeval timeoutValue; /* timer that caused it */ +} TimeoutInfo; + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL_CALLBACKS_H */ + diff --git a/source/libwolfssl/certs_test.h b/source/libwolfssl/certs_test.h new file mode 100644 index 00000000..deefb57e --- /dev/null +++ b/source/libwolfssl/certs_test.h @@ -0,0 +1,3207 @@ +/* certs_test.h */ + +#ifndef WOLFSSL_CERTS_TEST_H +#define WOLFSSL_CERTS_TEST_H + +#ifdef USE_CERT_BUFFERS_1024 + +/* ./certs/1024/client-key.der, 1024-bit */ +static const unsigned char client_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5C, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, + 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, + 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, + 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, + 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, + 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, + 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, + 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, + 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, + 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, + 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, + 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, + 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x13, 0x97, 0xEA, + 0xE8, 0x38, 0x78, 0x25, 0xA2, 0x5C, 0x04, 0xCE, 0x0D, 0x40, + 0x7C, 0x31, 0xE5, 0xC4, 0x70, 0xCD, 0x9B, 0x82, 0x3B, 0x58, + 0x09, 0x86, 0x3B, 0x66, 0x5F, 0xDC, 0x31, 0x90, 0xF1, 0x4F, + 0xD5, 0xDB, 0x15, 0xDD, 0xDE, 0xD7, 0x3B, 0x95, 0x93, 0x31, + 0x18, 0x31, 0x0E, 0x5E, 0xA3, 0xD6, 0xA2, 0x1A, 0x71, 0x6E, + 0x81, 0x48, 0x1C, 0x4B, 0xCF, 0xDB, 0x8E, 0x7A, 0x86, 0x61, + 0x32, 0xDC, 0xFB, 0x55, 0xC1, 0x16, 0x6D, 0x27, 0x92, 0x24, + 0x45, 0x8B, 0xF1, 0xB8, 0x48, 0xB1, 0x4B, 0x1D, 0xAC, 0xDE, + 0xDA, 0xDD, 0x8E, 0x2F, 0xC2, 0x91, 0xFB, 0xA5, 0xA9, 0x6E, + 0xF8, 0x3A, 0x6A, 0xF1, 0xFD, 0x50, 0x18, 0xEF, 0x9F, 0xE7, + 0xC3, 0xCA, 0x78, 0xEA, 0x56, 0xD3, 0xD3, 0x72, 0x5B, 0x96, + 0xDD, 0x4E, 0x06, 0x4E, 0x3A, 0xC3, 0xD9, 0xBE, 0x72, 0xB6, + 0x65, 0x07, 0x07, 0x4C, 0x01, 0x02, 0x41, 0x00, 0xFA, 0x47, + 0xD4, 0x7A, 0x7C, 0x92, 0x3C, 0x55, 0xEF, 0x81, 0xF0, 0x41, + 0x30, 0x2D, 0xA3, 0xCF, 0x8F, 0x1C, 0xE6, 0x87, 0x27, 0x05, + 0x70, 0x0D, 0xDF, 0x98, 0x35, 0xD6, 0xF1, 0x8B, 0x38, 0x2F, + 0x24, 0xB5, 0xD0, 0x84, 0xB6, 0x79, 0x4F, 0x71, 0x29, 0x94, + 0x5A, 0xF0, 0x64, 0x6A, 0xAC, 0xE7, 0x72, 0xC6, 0xED, 0x4D, + 0x59, 0x98, 0x3E, 0x67, 0x3A, 0xF3, 0x74, 0x2C, 0xF9, 0x61, + 0x17, 0x69, 0x02, 0x41, 0x00, 0xC0, 0xC1, 0x82, 0x0D, 0x0C, + 0xEB, 0xC6, 0x2F, 0xDC, 0x92, 0xF9, 0x9D, 0x82, 0x1A, 0x31, + 0xE9, 0xE9, 0xF7, 0x4B, 0xF2, 0x82, 0x87, 0x1C, 0xEE, 0x16, + 0x6A, 0xD1, 0x1D, 0x18, 0x82, 0x70, 0xF3, 0xC0, 0xB6, 0x2F, + 0xF6, 0xF3, 0xF7, 0x1D, 0xF1, 0x86, 0x23, 0xC8, 0x4E, 0xEB, + 0x8F, 0x56, 0x8E, 0x8F, 0xF5, 0xBF, 0xF1, 0xF7, 0x2B, 0xB5, + 0xCC, 0x3D, 0xC6, 0x57, 0x39, 0x0C, 0x1B, 0x54, 0x41, 0x02, + 0x41, 0x00, 0x9D, 0x7E, 0x05, 0xDE, 0xED, 0xF4, 0xB7, 0xB2, + 0xFB, 0xFC, 0x30, 0x4B, 0x55, 0x1D, 0xE3, 0x2F, 0x01, 0x47, + 0x96, 0x69, 0x05, 0xCD, 0x0E, 0x2E, 0x2C, 0xBD, 0x83, 0x63, + 0xB6, 0xAB, 0x7C, 0xB7, 0x6D, 0xCA, 0x5B, 0x64, 0xA7, 0xCE, + 0xBE, 0x86, 0xDF, 0x3B, 0x53, 0xDE, 0x61, 0xD2, 0x1E, 0xEB, + 0xA5, 0xF6, 0x37, 0xED, 0xAC, 0xAB, 0x78, 0xD9, 0x4C, 0xE7, + 0x55, 0xFB, 0xD7, 0x11, 0x99, 0xC1, 0x02, 0x40, 0x18, 0x98, + 0x18, 0x29, 0xE6, 0x1E, 0x27, 0x39, 0x70, 0x21, 0x68, 0xAC, + 0x0A, 0x2F, 0xA1, 0x72, 0xC1, 0x21, 0x86, 0x95, 0x38, 0xC6, + 0x58, 0x90, 0xA0, 0x57, 0x9C, 0xBA, 0xE3, 0xA7, 0xB1, 0x15, + 0xC8, 0xDE, 0xF6, 0x1B, 0xC2, 0x61, 0x23, 0x76, 0xEF, 0xB0, + 0x9D, 0x1C, 0x44, 0xBE, 0x13, 0x43, 0x39, 0x67, 0x17, 0xC8, + 0x9D, 0xCA, 0xFB, 0xF5, 0x45, 0x64, 0x8B, 0x38, 0x82, 0x2C, + 0xF2, 0x81, 0x02, 0x40, 0x39, 0x89, 0xE5, 0x9C, 0x19, 0x55, + 0x30, 0xBA, 0xB7, 0x48, 0x8C, 0x48, 0x14, 0x0E, 0xF4, 0x9F, + 0x7E, 0x77, 0x97, 0x43, 0xE1, 0xB4, 0x19, 0x35, 0x31, 0x23, + 0x75, 0x9C, 0x3B, 0x44, 0xAD, 0x69, 0x12, 0x56, 0xEE, 0x00, + 0x61, 0x64, 0x16, 0x66, 0xD3, 0x7C, 0x74, 0x2B, 0x15, 0xB4, + 0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12, + 0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2 +}; +static const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024); + +/* ./certs/1024/client-keyPub.der, 1024-bit */ +static const unsigned char client_keypub_der_1024[] = +{ + 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, + 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xBC, + 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 0xEF, 0x18, + 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, 0xB3, 0x6D, + 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, 0xD1, 0x61, + 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, 0xCA, 0xC1, + 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, 0xC4, 0x61, + 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, 0xBB, 0x8D, + 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, 0x39, 0xA2, + 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, 0x4D, 0x02, + 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, 0xC9, 0x28, + 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, 0xE8, 0xC1, + 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 0xF6, 0x90, + 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 0xC8, 0xDC, + 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 0x03, 0x01, + 0x00, 0x01 +}; +static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); + +/* ./certs/1024/client-cert.der, 1024-bit */ +static const unsigned char client_cert_der_1024[] = +{ + 0x30, 0x82, 0x03, 0xC5, 0x30, 0x82, 0x03, 0x2E, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xBB, 0xD3, 0x10, 0x03, + 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, + 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, + 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, + 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, + 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, + 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, + 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, + 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, + 0x81, 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, + 0xA9, 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, + 0xEC, 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, + 0xEC, 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, + 0x94, 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, + 0x4D, 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, + 0x25, 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, + 0xCC, 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, + 0xDA, 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, + 0x77, 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, + 0x4C, 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, + 0xAE, 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, + 0x67, 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x07, 0x30, + 0x82, 0x01, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, + 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, + 0x10, 0x69, 0x59, 0xEC, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14, + 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, + 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, + 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, + 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, + 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, + 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, + 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0xBB, 0xD3, 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, + 0x00, 0x84, 0x99, 0xD9, 0xE5, 0x37, 0xC4, 0x44, 0x7D, 0xCE, + 0x29, 0xB8, 0xB6, 0x80, 0x0E, 0xEA, 0xA3, 0xE2, 0xFA, 0xA2, + 0x2F, 0x5C, 0xD2, 0x4A, 0x85, 0x67, 0xB9, 0x8B, 0xFA, 0x9F, + 0x7D, 0xDA, 0x6D, 0x85, 0x2A, 0xC2, 0x20, 0xF3, 0x18, 0xC8, + 0xD4, 0x6B, 0x26, 0xB2, 0x7A, 0x68, 0xE7, 0x82, 0x52, 0x87, + 0xE7, 0x0C, 0x5B, 0x08, 0x47, 0x7A, 0x55, 0xA5, 0x0D, 0xFA, + 0x72, 0xCE, 0x6B, 0xA1, 0xB2, 0xAE, 0x5A, 0xA1, 0x63, 0xFF, + 0x68, 0xDB, 0xE5, 0x49, 0xEF, 0xF1, 0x0E, 0x98, 0x96, 0x09, + 0xB5, 0x04, 0x5F, 0xD4, 0x0A, 0x9B, 0x8A, 0xAF, 0xD2, 0x31, + 0x1F, 0x95, 0xE5, 0x0F, 0xA8, 0xCD, 0xBB, 0xA1, 0x2D, 0x64, + 0xB0, 0xB7, 0xEE, 0x47, 0xA7, 0x58, 0xD9, 0xC7, 0xDB, 0xB0, + 0x92, 0xBB, 0xAA, 0xCF, 0xB8, 0x8A, 0x04, 0x5B, 0x0F, 0x9F, + 0x3E, 0xE0, 0xD2, 0x42, 0x52, 0xBD, 0x5D, 0xA7, 0x48 +}; +static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); + +/* ./certs/1024/dh1024.der, 1024-bit */ +static const unsigned char dh_key_der_1024[] = +{ + 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0xA4, 0xD2, 0xB8, + 0x6E, 0x78, 0xF5, 0xD9, 0xED, 0x2D, 0x7C, 0xDD, 0xB6, 0x16, + 0x86, 0x5A, 0x4B, 0x05, 0x76, 0x90, 0xDD, 0x66, 0x61, 0xB9, + 0x6D, 0x52, 0xA7, 0x1C, 0xAF, 0x62, 0xC6, 0x69, 0x47, 0x7B, + 0x39, 0xF2, 0xFB, 0x94, 0xEC, 0xBC, 0x79, 0xFF, 0x24, 0x5E, + 0xEF, 0x79, 0xBB, 0x59, 0xB2, 0xFC, 0xCA, 0x07, 0xD6, 0xF4, + 0xE9, 0x34, 0xF7, 0xE8, 0x38, 0xE7, 0xD7, 0x33, 0x44, 0x1D, + 0xA3, 0x64, 0x76, 0x1A, 0x84, 0x97, 0x54, 0x74, 0x40, 0x84, + 0x1F, 0x15, 0xFE, 0x7C, 0x25, 0x2A, 0x2B, 0x25, 0xFD, 0x9E, + 0xC1, 0x89, 0x33, 0x8C, 0x39, 0x25, 0x2B, 0x40, 0xE6, 0xCD, + 0xF8, 0xA8, 0xA1, 0x8A, 0x53, 0xC6, 0x47, 0xB2, 0xA0, 0xD7, + 0x8F, 0xEB, 0x2E, 0x60, 0x0A, 0x0D, 0x4B, 0xF8, 0xB4, 0x94, + 0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9, + 0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02 +}; +static const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024); + +/* ./certs/1024/dsa1024.der, 1024-bit */ +static const unsigned char dsa_key_der_1024[] = +{ + 0x30, 0x82, 0x01, 0xBC, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xF7, 0x4B, 0xF9, 0xBB, 0x15, 0x98, 0xEB, 0xDD, 0xDE, + 0x1E, 0x4E, 0x71, 0x88, 0x85, 0xF2, 0xB7, 0xBA, 0xE2, 0x4A, + 0xDA, 0x76, 0x40, 0xCD, 0x69, 0x48, 0x9E, 0x83, 0x7C, 0x11, + 0xF7, 0x65, 0x31, 0x78, 0xF5, 0x25, 0x2D, 0xF7, 0xB7, 0xF8, + 0x52, 0x3F, 0xBE, 0xD8, 0xB6, 0xC5, 0xFE, 0x18, 0x15, 0x5B, + 0xB9, 0xD5, 0x92, 0x86, 0xBC, 0xB2, 0x17, 0x7C, 0xD8, 0xB0, + 0xBE, 0xA0, 0x7C, 0xF2, 0xD5, 0x73, 0x7A, 0x58, 0x8F, 0x8D, + 0xE5, 0x4A, 0x00, 0x99, 0x83, 0x4A, 0xC0, 0x9E, 0x16, 0x09, + 0xA1, 0x10, 0x34, 0xD5, 0x19, 0xBB, 0x63, 0xE3, 0xDD, 0x83, + 0x74, 0x7F, 0x10, 0xCA, 0x73, 0x75, 0xEE, 0x31, 0x4A, 0xDD, + 0x9F, 0xE0, 0x02, 0x6A, 0x9D, 0xEE, 0xB2, 0x4B, 0xA7, 0x6B, + 0x2A, 0x6C, 0xC7, 0x86, 0x77, 0xE8, 0x04, 0x15, 0xDC, 0x92, + 0xB4, 0x7A, 0x29, 0x1F, 0x4E, 0x83, 0x63, 0x85, 0x55, 0x02, + 0x15, 0x00, 0xD2, 0x05, 0xE4, 0x73, 0xFB, 0xC1, 0x99, 0xC5, + 0xDC, 0x68, 0xA4, 0x8D, 0x92, 0x27, 0x3D, 0xE2, 0x52, 0x5F, + 0x89, 0x8B, 0x02, 0x81, 0x81, 0x00, 0xAA, 0x21, 0x02, 0x09, + 0x43, 0x6E, 0xFB, 0xA2, 0x54, 0x14, 0x85, 0x0A, 0xF4, 0x28, + 0x7C, 0xCB, 0xCC, 0xDB, 0xF5, 0x1E, 0xA2, 0x18, 0xA9, 0x21, + 0xDE, 0x88, 0x88, 0x33, 0x8C, 0x2E, 0xEB, 0x8D, 0xA3, 0xF0, + 0x1D, 0xC8, 0x8F, 0xF6, 0x7E, 0xF8, 0xCF, 0x12, 0xF5, 0xB4, + 0xA1, 0x11, 0x6F, 0x0C, 0xD4, 0xF0, 0x06, 0xAD, 0xC4, 0xFC, + 0x14, 0x45, 0xC7, 0x94, 0x15, 0xBC, 0x19, 0x4B, 0xAE, 0xEF, + 0x93, 0x6A, 0x4F, 0xCC, 0x14, 0xD8, 0x47, 0x8B, 0x39, 0x66, + 0x87, 0x02, 0xD4, 0x28, 0x0A, 0xB8, 0xEE, 0x09, 0x37, 0xF4, + 0x00, 0xA0, 0x04, 0xA7, 0x79, 0xA7, 0xD2, 0x3C, 0xF7, 0x34, + 0x43, 0x56, 0x8E, 0xD0, 0x7C, 0xC2, 0xD8, 0x4D, 0x0F, 0x89, + 0xED, 0x14, 0xC1, 0x2C, 0x9C, 0x4C, 0x19, 0x9B, 0x9E, 0xDC, + 0x53, 0x09, 0x9F, 0xDF, 0x2D, 0xF0, 0x0C, 0x27, 0x54, 0x3A, + 0x77, 0x14, 0x2D, 0xDE, 0x02, 0x81, 0x81, 0x00, 0xE8, 0x1F, + 0x7C, 0xB7, 0xC0, 0x54, 0x51, 0xA7, 0x28, 0x2D, 0x58, 0x7C, + 0xDE, 0xD4, 0x5C, 0xDD, 0xD5, 0x76, 0x84, 0x3C, 0x36, 0x20, + 0xC0, 0xC3, 0x25, 0xD7, 0x3A, 0x38, 0xE1, 0x54, 0xC8, 0xFD, + 0x40, 0x68, 0x1A, 0x21, 0x54, 0x26, 0x39, 0x14, 0xBF, 0xF6, + 0xA3, 0x9C, 0x5E, 0xD9, 0x2B, 0xF7, 0xC9, 0x25, 0xBA, 0x00, + 0x09, 0xCB, 0x7F, 0x0C, 0x4A, 0x24, 0xFD, 0x15, 0x16, 0x15, + 0x48, 0xCD, 0x0B, 0x52, 0x44, 0x40, 0x7B, 0x90, 0x63, 0x2B, + 0x90, 0x22, 0xC5, 0x18, 0x05, 0x80, 0x53, 0xAF, 0x83, 0x1F, + 0x54, 0xE2, 0xB0, 0xA2, 0x0B, 0x5A, 0x92, 0x24, 0xE1, 0x62, + 0x28, 0x3F, 0xB7, 0xCA, 0xB9, 0x89, 0xD6, 0xA0, 0xB7, 0xAD, + 0xAE, 0x05, 0xE1, 0xC1, 0x59, 0x40, 0xED, 0x4A, 0x1B, 0x68, + 0xA7, 0x7B, 0xFB, 0xC3, 0x20, 0x81, 0xEF, 0x4B, 0xF3, 0x69, + 0x91, 0xB0, 0xCE, 0x3A, 0xB0, 0x38, 0x02, 0x14, 0x25, 0x38, + 0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F, + 0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18 +}; +static const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024); + +/* ./certs/1024/rsa1024.der, 1024-bit */ +static const unsigned char rsa_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xBE, 0x70, 0x70, 0xB8, 0x04, 0x18, 0xE5, 0x28, 0xFE, + 0x66, 0xD8, 0x90, 0x88, 0xE0, 0xF1, 0xB7, 0xC3, 0xD0, 0xD2, + 0x3E, 0xE6, 0x4B, 0x94, 0x74, 0xB0, 0xFF, 0xB0, 0xF7, 0x63, + 0xA5, 0xAB, 0x7E, 0xAF, 0xB6, 0x2B, 0xB7, 0x38, 0x16, 0x1A, + 0x50, 0xBF, 0xF1, 0xCA, 0x87, 0x3A, 0xD5, 0xB0, 0xDA, 0xF8, + 0x43, 0x7A, 0x15, 0xB9, 0x7E, 0xEA, 0x2A, 0x80, 0xD2, 0x51, + 0xB0, 0x35, 0xAF, 0x07, 0xF3, 0xF2, 0x5D, 0x24, 0x3A, 0x4B, + 0x87, 0x56, 0x48, 0x1B, 0x3C, 0x24, 0x9A, 0xDA, 0x70, 0x80, + 0xBD, 0x3C, 0x8B, 0x03, 0x4A, 0x0C, 0x83, 0x71, 0xDE, 0xE3, + 0x03, 0x70, 0xA2, 0xB7, 0x60, 0x09, 0x1B, 0x5E, 0xC7, 0x3D, + 0xA0, 0x64, 0x60, 0xE3, 0xA9, 0x06, 0x8D, 0xD3, 0xFF, 0x42, + 0xBB, 0x0A, 0x94, 0x27, 0x2D, 0x57, 0x42, 0x0D, 0xB0, 0x2D, + 0xE0, 0xBA, 0x18, 0x25, 0x60, 0x92, 0x11, 0x92, 0xF3, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x0E, 0xEE, 0x1D, + 0xC8, 0x2F, 0x7A, 0x0C, 0x2D, 0x44, 0x94, 0xA7, 0x91, 0xDD, + 0x49, 0x55, 0x6A, 0x04, 0xCE, 0x10, 0x4D, 0xA2, 0x1C, 0x76, + 0xCD, 0x17, 0x3B, 0x54, 0x92, 0x70, 0x9B, 0x82, 0x70, 0x72, + 0x32, 0x24, 0x07, 0x3F, 0x3C, 0x6C, 0x5F, 0xBC, 0x4C, 0xA6, + 0x86, 0x27, 0x94, 0xAD, 0x42, 0xDD, 0x87, 0xDC, 0xC0, 0x6B, + 0x44, 0x89, 0xF3, 0x3F, 0x1A, 0x3E, 0x11, 0x44, 0x84, 0x2E, + 0x69, 0x4C, 0xBB, 0x4A, 0x71, 0x1A, 0xBB, 0x9A, 0x52, 0x3C, + 0x6B, 0xDE, 0xBC, 0xB2, 0x7C, 0x51, 0xEF, 0x4F, 0x8F, 0x3A, + 0xDC, 0x50, 0x04, 0x4E, 0xB6, 0x31, 0x66, 0xA8, 0x8E, 0x06, + 0x3B, 0x51, 0xA9, 0xC1, 0x8A, 0xCB, 0xC4, 0x81, 0xCA, 0x2D, + 0x69, 0xEC, 0x88, 0xFC, 0x33, 0x88, 0xD1, 0xD4, 0x29, 0x47, + 0x87, 0x37, 0xF9, 0x6A, 0x22, 0x69, 0xB9, 0xC9, 0xFE, 0xEB, + 0x8C, 0xC5, 0x21, 0x41, 0x71, 0x02, 0x41, 0x00, 0xFD, 0x17, + 0x98, 0x42, 0x54, 0x1C, 0x23, 0xF8, 0xD7, 0x5D, 0xEF, 0x49, + 0x4F, 0xAF, 0xD9, 0x35, 0x6F, 0x08, 0xC6, 0xC7, 0x40, 0x5C, + 0x7E, 0x58, 0x86, 0xC2, 0xB2, 0x16, 0x39, 0x24, 0xC5, 0x06, + 0xB0, 0x3D, 0xAF, 0x02, 0xD2, 0x87, 0x77, 0xD2, 0x76, 0xBA, + 0xE3, 0x59, 0x60, 0x42, 0xF1, 0x16, 0xEF, 0x33, 0x0B, 0xF2, + 0x0B, 0xBA, 0x99, 0xCC, 0xB6, 0x4C, 0x46, 0x3F, 0x33, 0xE4, + 0xD4, 0x67, 0x02, 0x41, 0x00, 0xC0, 0xA0, 0x91, 0x6D, 0xFE, + 0x28, 0xE0, 0x81, 0x5A, 0x15, 0xA7, 0xC9, 0xA8, 0x98, 0xC6, + 0x0A, 0xAB, 0x00, 0xC5, 0x40, 0xC9, 0x21, 0xBB, 0xB2, 0x33, + 0x5A, 0xA7, 0xCB, 0x6E, 0xB8, 0x08, 0x56, 0x4A, 0x76, 0x28, + 0xE8, 0x6D, 0xBD, 0xF5, 0x26, 0x7B, 0xBF, 0xC5, 0x46, 0x45, + 0x0D, 0xEC, 0x7D, 0xEE, 0x82, 0xD6, 0xCA, 0x5F, 0x3D, 0x6E, + 0xCC, 0x94, 0x73, 0xCD, 0xCE, 0x86, 0x6E, 0x95, 0x95, 0x02, + 0x40, 0x38, 0xFD, 0x28, 0x1E, 0xBF, 0x5B, 0xBA, 0xC9, 0xDC, + 0x8C, 0xDD, 0x45, 0xAF, 0xB8, 0xD3, 0xFB, 0x11, 0x2E, 0x73, + 0xBC, 0x08, 0x05, 0x0B, 0xBA, 0x19, 0x56, 0x1B, 0xCD, 0x9F, + 0x3E, 0x65, 0x53, 0x15, 0x3A, 0x3E, 0x7F, 0x2F, 0x32, 0xAB, + 0xCB, 0x6B, 0x4A, 0xB7, 0xC8, 0xB7, 0x41, 0x3B, 0x92, 0x43, + 0x78, 0x46, 0x17, 0x51, 0x86, 0xC9, 0xFC, 0xEB, 0x8B, 0x8F, + 0x41, 0xCA, 0x08, 0x9B, 0xBF, 0x02, 0x41, 0x00, 0xAD, 0x9B, + 0x89, 0xB6, 0xF2, 0x8C, 0x70, 0xDA, 0xE4, 0x10, 0x04, 0x6B, + 0x11, 0x92, 0xAF, 0x5A, 0xCA, 0x08, 0x25, 0xBF, 0x60, 0x07, + 0x11, 0x1D, 0x68, 0x7F, 0x5A, 0x1F, 0x55, 0x28, 0x74, 0x0B, + 0x21, 0x8D, 0x21, 0x0D, 0x6A, 0x6A, 0xFB, 0xD9, 0xB5, 0x4A, + 0x7F, 0x47, 0xF7, 0xD0, 0xB6, 0xC6, 0x41, 0x02, 0x97, 0x07, + 0x49, 0x93, 0x1A, 0x9B, 0x33, 0x68, 0xB3, 0xA2, 0x61, 0x32, + 0xA5, 0x89, 0x02, 0x41, 0x00, 0x8F, 0xEF, 0xAD, 0xB5, 0xB0, + 0xB0, 0x7E, 0x86, 0x03, 0x43, 0x93, 0x6E, 0xDD, 0x3C, 0x2D, + 0x9B, 0x6A, 0x55, 0xFF, 0x6F, 0x3E, 0x70, 0x2A, 0xD4, 0xBF, + 0x1F, 0x8C, 0x93, 0x60, 0x9E, 0x6D, 0x2F, 0x18, 0x6C, 0x11, + 0x36, 0x98, 0x3F, 0x10, 0x78, 0xE8, 0x3E, 0x8F, 0xFE, 0x55, + 0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37, + 0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3 +}; +static const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024); + +/* ./certs/1024/ca-key.der, 1024-bit */ +static const unsigned char ca_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5E, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, 0xC3, + 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, 0x59, + 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, 0x17, + 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, 0x62, + 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, 0x0B, + 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, 0x2E, + 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, 0x80, + 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, 0xDB, + 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, 0x27, + 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, 0x01, + 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, 0x92, + 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, 0x88, + 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x52, 0x35, 0x3D, + 0x01, 0x29, 0xA4, 0x95, 0x29, 0x71, 0x9B, 0x64, 0x6A, 0x2C, + 0xC3, 0xD2, 0xB5, 0xBE, 0x6E, 0x13, 0x9C, 0x8F, 0xB6, 0x26, + 0xD8, 0x76, 0x6B, 0xBD, 0x61, 0xBC, 0x63, 0x2D, 0xD5, 0x4D, + 0xBB, 0xCC, 0xC6, 0x3B, 0x89, 0xC8, 0xCE, 0x7B, 0x9B, 0x97, + 0xE7, 0x51, 0x67, 0x61, 0xDA, 0xA9, 0x83, 0x7B, 0xC8, 0x44, + 0xF5, 0x70, 0x5E, 0x3E, 0xD0, 0x7E, 0x51, 0xB9, 0x6E, 0x13, + 0x57, 0x08, 0x5C, 0xE1, 0x67, 0x4F, 0x61, 0x5E, 0xA5, 0x09, + 0xEC, 0x11, 0xDD, 0xE4, 0xB8, 0xB4, 0xF4, 0xE0, 0x63, 0x34, + 0x4C, 0xDA, 0x32, 0x20, 0x1F, 0x85, 0x41, 0x5D, 0xBC, 0xDB, + 0x24, 0xC5, 0xAF, 0xBE, 0x02, 0x5F, 0x22, 0xF1, 0x7C, 0xCC, + 0x05, 0x56, 0xA6, 0xA6, 0x37, 0x9A, 0xEB, 0xFF, 0x52, 0x2D, + 0xBF, 0x30, 0x4B, 0x9A, 0x1D, 0xEE, 0xAB, 0x9C, 0x2C, 0xE2, + 0xC1, 0xB8, 0x9D, 0xC9, 0x31, 0x02, 0x41, 0x00, 0xE9, 0x89, + 0x16, 0xCD, 0xAC, 0x2E, 0xF2, 0x4D, 0x66, 0x17, 0xBD, 0x78, + 0x12, 0x12, 0x8D, 0x8E, 0x84, 0x24, 0xDE, 0x2D, 0x50, 0x41, + 0x85, 0x8C, 0x34, 0x09, 0xFA, 0xFB, 0x6D, 0x87, 0x51, 0x4C, + 0x13, 0x28, 0xF0, 0x60, 0x11, 0x86, 0x3D, 0xC2, 0xA4, 0xCF, + 0x5E, 0xC5, 0x6F, 0x5B, 0x11, 0x32, 0x0A, 0xB5, 0x28, 0xD0, + 0x82, 0x47, 0x44, 0x26, 0x92, 0xE2, 0x78, 0x59, 0xB4, 0x08, + 0xB3, 0xFD, 0x02, 0x41, 0x00, 0xE1, 0x75, 0xB4, 0x6A, 0xB5, + 0x8C, 0x11, 0xFB, 0xCC, 0x42, 0x02, 0xC5, 0xDA, 0x48, 0xCE, + 0x29, 0x43, 0x14, 0x01, 0x9A, 0x2C, 0xB3, 0xA4, 0xCB, 0x73, + 0xEB, 0xA1, 0x35, 0x57, 0xAD, 0xB5, 0x16, 0x17, 0x80, 0x03, + 0x5F, 0x32, 0x37, 0xBE, 0xA2, 0x6F, 0xF9, 0x31, 0x84, 0xBF, + 0x00, 0x6E, 0x8D, 0x03, 0x0E, 0x30, 0x1C, 0xD0, 0x2F, 0x37, + 0xF0, 0x7E, 0xC2, 0x64, 0xBF, 0xEE, 0x4B, 0xE8, 0xFD, 0x02, + 0x41, 0x00, 0xE1, 0x99, 0x8B, 0x2B, 0xD8, 0x9F, 0xE9, 0x76, + 0x97, 0x9F, 0x6B, 0x6B, 0x28, 0x9A, 0x3F, 0xA1, 0x63, 0x4A, + 0x72, 0x4E, 0xF7, 0xEE, 0xB3, 0xE2, 0x43, 0x0B, 0x39, 0x27, + 0xD6, 0x21, 0x18, 0x8A, 0x13, 0x20, 0x43, 0x45, 0xAA, 0xE8, + 0x31, 0x95, 0x6C, 0xBC, 0xDE, 0xE2, 0x7F, 0xB6, 0x4B, 0xA0, + 0x39, 0xF3, 0xD3, 0x9F, 0xC9, 0x9A, 0xAA, 0xDD, 0x50, 0x9B, + 0xF2, 0x83, 0x45, 0x85, 0xFA, 0xC9, 0x02, 0x41, 0x00, 0xAF, + 0xB0, 0xC7, 0x7C, 0xF8, 0x28, 0x44, 0xC3, 0x50, 0xF2, 0x87, + 0xB2, 0xA2, 0x5D, 0x65, 0xBA, 0x25, 0xB9, 0x6B, 0x5E, 0x37, + 0x43, 0x6E, 0x41, 0xD4, 0xFD, 0x63, 0x4C, 0x6C, 0x1C, 0xC3, + 0x26, 0x89, 0xFD, 0x89, 0xA3, 0x1F, 0x40, 0xED, 0x5F, 0x2B, + 0x9E, 0xA6, 0x85, 0xE9, 0x49, 0x6E, 0xDC, 0x97, 0xEA, 0xF0, + 0x77, 0x23, 0x8C, 0x08, 0x2D, 0x72, 0xBA, 0x0D, 0x44, 0xBB, + 0x6F, 0x90, 0x09, 0x02, 0x41, 0x00, 0x91, 0xE4, 0x2E, 0xCA, + 0x8C, 0x0A, 0x69, 0x2F, 0x62, 0xE2, 0x62, 0x3B, 0xA5, 0x8D, + 0x5A, 0x2C, 0x56, 0x3E, 0x7F, 0x67, 0x42, 0x92, 0x12, 0x92, + 0x5F, 0xF3, 0x97, 0xDD, 0xE1, 0xA9, 0x7F, 0xAD, 0x2E, 0x2D, + 0xF4, 0x4A, 0x57, 0xB3, 0x7A, 0x10, 0xBD, 0xD7, 0xE4, 0xEC, + 0x6A, 0x08, 0x21, 0xE9, 0xF2, 0x46, 0x49, 0xD2, 0x69, 0x47, + 0x8A, 0x20, 0x4B, 0xF2, 0xB1, 0x52, 0x83, 0xAB, 0x6F, 0x10 + +}; +static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024); + +/* ./certs/1024/ca-cert.der, 1024-bit */ +static const unsigned char ca_cert_der_1024[] = +{ + 0x30, 0x82, 0x03, 0xB5, 0x30, 0x82, 0x03, 0x1E, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, + 0xFE, 0xCF, 0x9B, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, + 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, + 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x99, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, + 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, + 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, + 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, + 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, + 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, + 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, + 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, + 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, + 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, + 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, + 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, + 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, + 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, + 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, + 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, + 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x01, 0x30, + 0x81, 0xFE, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, + 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, + 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, 0x1D, + 0x23, 0x04, 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, 0xD3, + 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, + 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1, + 0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, + 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, + 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, + 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, + 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x82, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, + 0x9B, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x03, 0x81, 0x81, 0x00, 0x1D, 0x48, 0xF6, 0x40, 0x41, + 0x04, 0x06, 0xF2, 0xE4, 0x72, 0x2F, 0xEA, 0xFF, 0xC1, 0x67, + 0x6B, 0x15, 0xBB, 0x0A, 0x28, 0x23, 0x28, 0x07, 0xC6, 0xD7, + 0x13, 0x2C, 0xBE, 0x00, 0x00, 0xAC, 0x1D, 0xF7, 0xF4, 0x92, + 0xD3, 0x2B, 0xAF, 0x23, 0xEB, 0x9F, 0x1A, 0xE2, 0x11, 0x3C, + 0x2D, 0x97, 0xF2, 0x0F, 0xAC, 0xAE, 0x97, 0x86, 0x0A, 0xFB, + 0xA8, 0x4F, 0x74, 0x1B, 0xDE, 0x19, 0x51, 0xDB, 0xCD, 0xE2, + 0x11, 0x38, 0xC1, 0xA4, 0x9D, 0x56, 0xAB, 0x47, 0x5C, 0xDE, + 0xBA, 0xEB, 0x27, 0xDF, 0x6D, 0xC8, 0x7E, 0x3A, 0xBD, 0x2E, + 0x9B, 0x2A, 0xAD, 0x22, 0x3B, 0x95, 0xA9, 0xF2, 0x28, 0x03, + 0xBC, 0xE5, 0xEC, 0xCC, 0xF2, 0x08, 0xD4, 0xC8, 0x2F, 0xDB, + 0xEA, 0xFB, 0x2E, 0x52, 0x16, 0x8C, 0x42, 0x02, 0xA4, 0x59, + 0x6D, 0x4C, 0x33, 0xB4, 0x9A, 0xD2, 0x73, 0x4A, 0x1E, 0x9F, + 0xD9, 0xC8, 0x83 +}; +static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024); + +/* ./certs/1024/server-key.der, 1024-bit */ +static const unsigned char server_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xAA, 0x3E, 0xA5, 0x9C, 0xD3, 0x17, 0x49, 0x65, 0x43, + 0xDE, 0xD0, 0xF3, 0x4B, 0x1C, 0xDB, 0x49, 0x0C, 0xFC, 0x7A, + 0x65, 0x05, 0x6D, 0xDE, 0x6A, 0xC4, 0xE4, 0x73, 0x2C, 0x8A, + 0x96, 0x82, 0x8F, 0x23, 0xA5, 0x06, 0x71, 0x1C, 0x06, 0x3E, + 0x2F, 0x92, 0x8D, 0x0B, 0x29, 0x34, 0x45, 0x59, 0xE9, 0xA9, + 0xBC, 0x61, 0xD7, 0x24, 0x37, 0x5D, 0xB5, 0xC4, 0x37, 0x8D, + 0xBA, 0x67, 0xB2, 0xEF, 0x03, 0x27, 0xFA, 0xC1, 0xB4, 0xCD, + 0x6B, 0x00, 0x66, 0xB4, 0xD6, 0x73, 0x70, 0x1F, 0x08, 0x3A, + 0xCC, 0x77, 0xAD, 0xE9, 0xF9, 0x34, 0xD4, 0xF3, 0xA0, 0x2D, + 0xA9, 0xE7, 0x58, 0xA9, 0xC0, 0x61, 0x84, 0xB6, 0xEC, 0x3D, + 0x0A, 0xAD, 0xFD, 0x5C, 0x86, 0x73, 0xAA, 0x6B, 0x47, 0xD8, + 0x8B, 0x2E, 0x58, 0x4B, 0x69, 0x12, 0x82, 0x26, 0x55, 0xE6, + 0x14, 0xBF, 0x55, 0x70, 0x88, 0xFE, 0xF9, 0x75, 0xE1, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x0A, 0x4C, 0xC1, + 0xFE, 0x4B, 0xF3, 0x23, 0xB8, 0xA1, 0xB3, 0x90, 0x56, 0xB7, + 0xDB, 0xA6, 0x14, 0xB4, 0x59, 0x6E, 0x1A, 0x40, 0x8A, 0xD6, + 0x23, 0x05, 0x88, 0x80, 0xC3, 0x58, 0x1B, 0x25, 0x08, 0xFD, + 0xF2, 0x15, 0x02, 0xB0, 0xDC, 0x5B, 0xD4, 0xCA, 0xFC, 0x07, + 0x89, 0xD5, 0xA4, 0xC0, 0x7C, 0xD7, 0x8D, 0x13, 0x2A, 0x4E, + 0x01, 0x9F, 0x84, 0xC8, 0xBB, 0x47, 0xB2, 0xD8, 0x65, 0x45, + 0xFA, 0x84, 0x9F, 0x88, 0xD0, 0xF4, 0xF5, 0x22, 0x35, 0x77, + 0x11, 0x67, 0x1C, 0xDE, 0x5F, 0x85, 0x6D, 0x55, 0xD8, 0xA7, + 0x07, 0x15, 0x8C, 0xE1, 0xB0, 0xA7, 0x79, 0xB4, 0x47, 0x9D, + 0x70, 0xB3, 0xD2, 0xF1, 0x1F, 0x41, 0x4C, 0x65, 0x72, 0x26, + 0xEB, 0x66, 0xC8, 0x95, 0xF6, 0x6D, 0x87, 0x35, 0x53, 0xFE, + 0xB1, 0x52, 0x4D, 0x76, 0x5B, 0x61, 0x53, 0x89, 0xB1, 0x20, + 0x1A, 0x8B, 0xE4, 0x7D, 0xF1, 0x02, 0x41, 0x00, 0xD9, 0x6E, + 0xE1, 0xD9, 0x06, 0x56, 0xA1, 0xF6, 0xDF, 0x54, 0x45, 0xC5, + 0xEC, 0x6A, 0xC8, 0x2A, 0x38, 0x4E, 0x6B, 0xC6, 0xE8, 0xEA, + 0xFB, 0x6F, 0x65, 0x2D, 0xBA, 0xDE, 0x27, 0x63, 0x37, 0x21, + 0x2E, 0xA4, 0x55, 0xAB, 0xE7, 0xDB, 0xCE, 0x71, 0xE1, 0x08, + 0xFC, 0xF2, 0xCA, 0x52, 0x33, 0x55, 0xE8, 0x39, 0xB3, 0xDA, + 0xC5, 0xB0, 0x69, 0x84, 0x6E, 0xE3, 0xCF, 0x47, 0x80, 0xA6, + 0xB6, 0x85, 0x02, 0x41, 0x00, 0xC8, 0x71, 0x0D, 0x37, 0x47, + 0xE1, 0x7B, 0x21, 0x2D, 0x11, 0x2D, 0x95, 0x2E, 0xC7, 0xD0, + 0xB6, 0xD3, 0x7C, 0x5C, 0x93, 0x3C, 0x5B, 0x22, 0xE5, 0xE0, + 0x8B, 0x6D, 0x47, 0xF9, 0x14, 0x0F, 0x9E, 0x08, 0x1B, 0x53, + 0xAB, 0x0A, 0xA9, 0xE4, 0x7F, 0x40, 0xD3, 0xDF, 0x62, 0x74, + 0x10, 0xA2, 0xFE, 0x83, 0x1F, 0xCF, 0x55, 0x66, 0xEB, 0x5D, + 0xC5, 0x83, 0xBA, 0xEC, 0x9F, 0xD2, 0xB5, 0x06, 0xAD, 0x02, + 0x41, 0x00, 0xB7, 0x68, 0x19, 0xA7, 0xC7, 0xF9, 0xF1, 0x9A, + 0xDD, 0x5D, 0x27, 0x91, 0xC1, 0x4F, 0x7D, 0x52, 0x67, 0xB6, + 0x76, 0xA1, 0x0D, 0x3D, 0x91, 0x23, 0xB0, 0xB3, 0xF7, 0x49, + 0x86, 0xED, 0xE0, 0xC5, 0xE3, 0xA3, 0x09, 0x04, 0xFD, 0x89, + 0xE2, 0xC5, 0x1A, 0x6E, 0x4B, 0x77, 0xBD, 0x03, 0xC3, 0x7B, + 0xB6, 0x6C, 0x5D, 0xF2, 0xAF, 0x08, 0x94, 0xA8, 0xFA, 0x24, + 0xBD, 0x66, 0x71, 0xF5, 0xAE, 0x45, 0x02, 0x40, 0x15, 0x52, + 0xD1, 0x91, 0x1B, 0xF8, 0x84, 0xDC, 0xD6, 0xAA, 0x89, 0x2A, + 0xE1, 0xBB, 0x28, 0x1D, 0x0B, 0x0A, 0xA3, 0xDE, 0x96, 0x01, + 0x2C, 0x09, 0x40, 0x86, 0x14, 0xAE, 0x1F, 0x75, 0x5E, 0xE3, + 0xF5, 0x00, 0xD3, 0x39, 0xD2, 0xFC, 0x97, 0xEE, 0x61, 0xBB, + 0x28, 0x7C, 0x94, 0xD4, 0x60, 0x42, 0xAB, 0x38, 0x6B, 0x1A, + 0x2E, 0xC4, 0xC3, 0x49, 0x0B, 0xE6, 0x8A, 0xDD, 0xC5, 0xD0, + 0xB4, 0x51, 0x02, 0x41, 0x00, 0xA9, 0x8B, 0xA7, 0xA9, 0xEE, + 0xAE, 0xBB, 0x17, 0xCB, 0x72, 0xF2, 0x50, 0x22, 0x9D, 0xB3, + 0xDF, 0xE0, 0x40, 0x37, 0x08, 0xD5, 0x7F, 0x19, 0x58, 0x80, + 0x70, 0x79, 0x69, 0x99, 0xDF, 0x62, 0x0D, 0x21, 0xAB, 0xDD, + 0xB2, 0xCE, 0x68, 0xB3, 0x9F, 0x87, 0xAF, 0x55, 0xF4, 0xAA, + 0xE1, 0x00, 0x72, 0xBE, 0x6E, 0xC3, 0x94, 0x49, 0xDC, 0xBB, + 0x8E, 0x1A, 0x78, 0xE5, 0x49, 0x1F, 0x55, 0x41, 0xA1 +}; +static const int sizeof_server_key_der_1024 = sizeof(server_key_der_1024); + +/* ./certs/1024/server-cert.der, 1024-bit */ +static const unsigned char server_cert_der_1024[] = +{ + 0x30, 0x82, 0x03, 0xA9, 0x30, 0x82, 0x03, 0x12, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, + 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, + 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, + 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, + 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, + 0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0C, + 0x53, 0x75, 0x70, 0x70, 0x6F, 0x72, 0x74, 0x5F, 0x31, 0x30, + 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, + 0xAA, 0x3E, 0xA5, 0x9C, 0xD3, 0x17, 0x49, 0x65, 0x43, 0xDE, + 0xD0, 0xF3, 0x4B, 0x1C, 0xDB, 0x49, 0x0C, 0xFC, 0x7A, 0x65, + 0x05, 0x6D, 0xDE, 0x6A, 0xC4, 0xE4, 0x73, 0x2C, 0x8A, 0x96, + 0x82, 0x8F, 0x23, 0xA5, 0x06, 0x71, 0x1C, 0x06, 0x3E, 0x2F, + 0x92, 0x8D, 0x0B, 0x29, 0x34, 0x45, 0x59, 0xE9, 0xA9, 0xBC, + 0x61, 0xD7, 0x24, 0x37, 0x5D, 0xB5, 0xC4, 0x37, 0x8D, 0xBA, + 0x67, 0xB2, 0xEF, 0x03, 0x27, 0xFA, 0xC1, 0xB4, 0xCD, 0x6B, + 0x00, 0x66, 0xB4, 0xD6, 0x73, 0x70, 0x1F, 0x08, 0x3A, 0xCC, + 0x77, 0xAD, 0xE9, 0xF9, 0x34, 0xD4, 0xF3, 0xA0, 0x2D, 0xA9, + 0xE7, 0x58, 0xA9, 0xC0, 0x61, 0x84, 0xB6, 0xEC, 0x3D, 0x0A, + 0xAD, 0xFD, 0x5C, 0x86, 0x73, 0xAA, 0x6B, 0x47, 0xD8, 0x8B, + 0x2E, 0x58, 0x4B, 0x69, 0x12, 0x82, 0x26, 0x55, 0xE6, 0x14, + 0xBF, 0x55, 0x70, 0x88, 0xFE, 0xF9, 0x75, 0xE1, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x01, 0x30, 0x81, 0xFE, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, + 0x14, 0xD9, 0x3C, 0x35, 0xEA, 0x74, 0x0E, 0x23, 0xBE, 0x9C, + 0xFC, 0xFA, 0x29, 0x90, 0x09, 0xC1, 0xE7, 0x84, 0x16, 0x9F, + 0x7C, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, 0xD3, 0x22, 0x8F, + 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, + 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1, 0x81, 0x9F, + 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, + 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, + 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, + 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, 0x9B, 0x47, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x81, 0x81, 0x00, 0x0B, 0xC3, 0xAF, 0x43, 0x85, 0x64, 0x61, + 0xE7, 0xAB, 0x5A, 0x2A, 0x1B, 0xB2, 0x29, 0xD5, 0x66, 0x68, + 0x44, 0x1A, 0x6D, 0x66, 0xFC, 0x3D, 0xB1, 0x88, 0xEC, 0xA5, + 0x41, 0x18, 0x67, 0x62, 0x34, 0xA4, 0x5E, 0xC9, 0x69, 0xCD, + 0x40, 0xC8, 0x56, 0x7E, 0xBF, 0xEB, 0xBC, 0x61, 0x1F, 0x33, + 0x34, 0x58, 0xBE, 0x57, 0xFD, 0xE6, 0x98, 0xDD, 0x51, 0x27, + 0x7C, 0xB7, 0x2C, 0xBC, 0xC9, 0x39, 0xE5, 0xE5, 0x95, 0x82, + 0xE1, 0x3F, 0xD9, 0xB9, 0x97, 0x30, 0x4E, 0x33, 0x2C, 0xEF, + 0xF8, 0xDB, 0xB4, 0xEE, 0x35, 0x75, 0x9E, 0x7A, 0x3F, 0x22, + 0x8F, 0xA5, 0x71, 0xD4, 0x01, 0x64, 0x6C, 0xF2, 0x85, 0xF7, + 0x72, 0x99, 0x2C, 0x80, 0x0F, 0xA4, 0x31, 0x1D, 0xD4, 0x0B, + 0x1E, 0xA5, 0x0F, 0xE7, 0x53, 0x0A, 0xDE, 0x15, 0x0D, 0xB2, + 0xD0, 0x6B, 0xF4, 0xD6, 0x2F, 0xE2, 0x0B, 0xA3, 0x8A, 0x5A, + 0x6E +}; +static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024); + +#endif /* USE_CERT_BUFFERS_1024 */ + +#ifdef USE_CERT_BUFFERS_2048 + +/* ./certs/client-key.der, 2048-bit */ +static const unsigned char client_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, + 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, + 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, + 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, + 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, + 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, + 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, + 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, + 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, + 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, + 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, + 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, + 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, + 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, + 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, + 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, + 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, + 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, + 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, + 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, + 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, + 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, + 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, + 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, + 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, + 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, + 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, + 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, + 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, + 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, + 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, + 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, + 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, + 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, + 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, + 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, + 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, + 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, + 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, + 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, + 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, + 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, + 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, + 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, + 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, + 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, + 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, + 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, + 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, + 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, + 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, + 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, + 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, + 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, + 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, + 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, + 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, + 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, + 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, + 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, + 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, + 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, + 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, + 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, + 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, + 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, + 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, + 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, + 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, + 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, + 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, + 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, + 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, + 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, + 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, + 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, + 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, + 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, + 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, + 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, + 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, + 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, + 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, + 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, + 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, + 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, + 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, + 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, + 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, + 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, + 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, + 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, + 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, + 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, + 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, + 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, + 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, + 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, + 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, + 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, + 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, + 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, + 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, + 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, + 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, + 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, + 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, + 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, + 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, + 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, + 0xF5, 0xBF +}; +static const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048); + +/* ./certs/client-keyPub.der, 2048-bit */ +static const unsigned char client_keypub_der_2048[] = +{ + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, + 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, + 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, + 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, + 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, + 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, + 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, + 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, + 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, + 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, + 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, + 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, + 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, + 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, + 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, + 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, + 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, + 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, + 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, + 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, + 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, + 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, + 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, + 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, + 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, + 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, + 0x03, 0x01, 0x00, 0x01 +}; +static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); + +/* ./certs/client-cert.der, 2048-bit */ +static const unsigned char client_cert_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0xC4, 0xBF, 0x4C, + 0x50, 0xBD, 0x55, 0x77, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, + 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, + 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, + 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, + 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, + 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, + 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, + 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, + 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, + 0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, + 0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, + 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, + 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, + 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, + 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, + 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, + 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, + 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, + 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, + 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, + 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, + 0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, + 0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, + 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, + 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, + 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, + 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, + 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, + 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, + 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, + 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, + 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, + 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, + 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, + 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, + 0x07, 0x30, 0x82, 0x01, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, + 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, + 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, + 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xD3, 0x06, + 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, + 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, + 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, + 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, + 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, + 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, + 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, + 0x09, 0x00, 0xAA, 0xC4, 0xBF, 0x4C, 0x50, 0xBD, 0x55, 0x77, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x80, 0x52, 0x54, 0x61, 0x2A, 0x77, + 0x80, 0x53, 0x44, 0xA9, 0x80, 0x6D, 0x45, 0xFF, 0x0D, 0x25, + 0x7D, 0x1A, 0x8F, 0x23, 0x93, 0x53, 0x74, 0x35, 0x12, 0x6F, + 0xF0, 0x2E, 0x20, 0xEA, 0xED, 0x80, 0x63, 0x69, 0x88, 0xE6, + 0x0C, 0xA1, 0x49, 0x30, 0xE0, 0x82, 0xDB, 0x68, 0x0F, 0x7E, + 0x84, 0xAC, 0xFF, 0xFF, 0x7B, 0x42, 0xFA, 0x7E, 0x2F, 0xB2, + 0x52, 0x9F, 0xD2, 0x79, 0x5E, 0x35, 0x12, 0x27, 0x36, 0xBC, + 0xDF, 0x96, 0x58, 0x44, 0x96, 0x55, 0xC8, 0x4A, 0x94, 0x02, + 0x5F, 0x4A, 0x9D, 0xDC, 0xD3, 0x3A, 0xF7, 0x6D, 0xAC, 0x8B, + 0x79, 0x6E, 0xFC, 0xBE, 0x8F, 0x23, 0x58, 0x6A, 0x8A, 0xF5, + 0x38, 0x0A, 0x42, 0xF6, 0x98, 0x74, 0x88, 0x53, 0x2E, 0x02, + 0xAF, 0xE1, 0x0E, 0xBE, 0x6F, 0xCC, 0x74, 0x33, 0x7C, 0xEC, + 0xB4, 0xCB, 0xA7, 0x49, 0x6D, 0x82, 0x42, 0x4F, 0xEB, 0x73, + 0x29, 0xC3, 0x32, 0x00, 0x2B, 0x15, 0xF8, 0x88, 0x7A, 0x8F, + 0x6D, 0x20, 0x1B, 0xAE, 0x65, 0x5F, 0xC5, 0xD0, 0x8A, 0xD1, + 0xE2, 0x64, 0x6D, 0xA3, 0xA8, 0xFE, 0x64, 0xE1, 0xA9, 0x5B, + 0xE6, 0xD0, 0x23, 0xD6, 0x02, 0x72, 0x5A, 0xEC, 0x03, 0x8E, + 0x87, 0x67, 0x19, 0x8D, 0xE4, 0xA8, 0x99, 0x15, 0xC1, 0x3D, + 0x91, 0x48, 0x99, 0x8D, 0xFE, 0xAE, 0x1C, 0xBF, 0xF6, 0x28, + 0x1B, 0x45, 0xBE, 0xAD, 0xEF, 0x72, 0x83, 0x9A, 0xF6, 0xC7, + 0x3B, 0x51, 0xA3, 0x6E, 0x7A, 0x73, 0xBD, 0x83, 0xAA, 0x97, + 0xFD, 0x63, 0xB4, 0xF4, 0x6B, 0x1C, 0x14, 0x81, 0x9A, 0xEF, + 0x14, 0x24, 0xD3, 0xE1, 0x8B, 0xF4, 0x04, 0x04, 0x84, 0x54, + 0x0F, 0x61, 0xA2, 0xA8, 0xF2, 0x50, 0x37, 0x0C, 0x17, 0x0C, + 0xBC, 0xE0, 0xC2, 0x84, 0x85, 0xF4, 0x0B, 0xAE, 0x00, 0xCA, + 0x9F, 0x27, 0xE2, 0x44, 0x4F, 0x15, 0x0B, 0x8B, 0x1D, 0xB4 + +}; +static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); + +/* ./certs/dh2048.der, 2048-bit */ +static const unsigned char dh_key_der_2048[] = +{ + 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0, + 0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, + 0xBC, 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, + 0xEF, 0x4A, 0xC6, 0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53, + 0x0A, 0x5C, 0x91, 0xDD, 0xA2, 0xC2, 0x94, 0x84, 0xBF, 0x7D, + 0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A, 0xC5, 0xBE, 0x72, + 0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07, 0x85, + 0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9, + 0x3D, 0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69, + 0xD1, 0x17, 0x46, 0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17, + 0x39, 0x6D, 0x30, 0x8D, 0x2A, 0xF3, 0x94, 0xD3, 0x75, 0xCF, + 0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A, 0x70, 0x05, 0xAA, + 0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38, 0x50, + 0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09, + 0xAE, 0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9, + 0x12, 0x7E, 0x5A, 0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76, + 0xCC, 0x16, 0x30, 0xDB, 0x0C, 0xFC, 0xC5, 0x62, 0xA7, 0x35, + 0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36, 0xF6, 0xD9, 0xC9, + 0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA, 0x6C, + 0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4, + 0x48, 0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6, + 0x30, 0x07, 0x48, 0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1, + 0xE3, 0x48, 0xD3, 0x58, 0x4B, 0xA6, 0xB9, 0xCD, 0x29, 0xBF, + 0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F, 0x5C, 0x6B, 0xD6, + 0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B, 0xBB, + 0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, + 0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02 +}; +static const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048); + +/* ./certs/dsa2048.der, 2048-bit */ +static const unsigned char dsa_key_der_2048[] = +{ + 0x30, 0x82, 0x03, 0x3F, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xCC, 0x8E, 0xC9, 0xA0, 0xD5, 0x9A, 0x27, 0x1C, + 0xDA, 0x52, 0xDF, 0xC7, 0xC0, 0xE6, 0x06, 0xA4, 0x3E, 0x8A, + 0x66, 0x49, 0xD0, 0x59, 0x33, 0x51, 0x69, 0xC4, 0x9C, 0x5E, + 0x64, 0x85, 0xC7, 0xF1, 0xAB, 0xD5, 0xD9, 0x62, 0xAC, 0xFD, + 0xA1, 0xE0, 0x1B, 0x57, 0xFF, 0x96, 0xEF, 0x0C, 0x9F, 0xC8, + 0x44, 0x87, 0xEB, 0x5C, 0x91, 0xD0, 0x46, 0x42, 0x09, 0x50, + 0x6A, 0x23, 0xCB, 0x89, 0x6F, 0x55, 0xE9, 0x6A, 0x11, 0xA9, + 0xA8, 0x32, 0xAB, 0x33, 0x0D, 0x51, 0xB5, 0x79, 0x51, 0xB4, + 0xAB, 0xA2, 0x25, 0x11, 0x8D, 0xE5, 0x24, 0xBE, 0xD8, 0xF1, + 0x9D, 0x4E, 0x12, 0x6F, 0xAC, 0x44, 0x54, 0x80, 0xA9, 0xB4, + 0x81, 0x68, 0x4E, 0x44, 0x0E, 0xB8, 0x39, 0xF3, 0xBE, 0x83, + 0x08, 0x74, 0xA2, 0xC6, 0x7A, 0xD7, 0x6A, 0x7D, 0x0A, 0x88, + 0x57, 0x83, 0x48, 0xDC, 0xCF, 0x5E, 0x6F, 0xEE, 0x68, 0x0C, + 0xF7, 0xFF, 0x03, 0x04, 0x90, 0xAA, 0xF7, 0x07, 0x98, 0xF8, + 0x67, 0x5A, 0x83, 0x23, 0x66, 0x47, 0x60, 0xC3, 0x43, 0x6E, + 0x03, 0x91, 0xAC, 0x28, 0x66, 0xCB, 0xF0, 0xD3, 0x05, 0xC8, + 0x09, 0x97, 0xB5, 0xAE, 0x01, 0x5E, 0x80, 0x3B, 0x9D, 0x4F, + 0xDE, 0x3E, 0x94, 0xFE, 0xCB, 0x82, 0xB0, 0xB1, 0xFC, 0x91, + 0x8B, 0x1D, 0x8A, 0xEE, 0xC6, 0x06, 0x1F, 0x37, 0x91, 0x48, + 0xD2, 0xF8, 0x6C, 0x5D, 0x60, 0x13, 0x83, 0xA7, 0x81, 0xAC, + 0xCA, 0x8D, 0xD0, 0x6A, 0x04, 0x0A, 0xEA, 0x3E, 0x22, 0x4E, + 0x13, 0xF1, 0x0D, 0xBB, 0x60, 0x6B, 0xCD, 0xBC, 0x5C, 0x87, + 0xA3, 0x67, 0x2B, 0x42, 0xA1, 0x9F, 0xCD, 0x39, 0x58, 0xBE, + 0x55, 0xB1, 0x93, 0x84, 0xCE, 0xB2, 0x10, 0x4E, 0xE4, 0xC3, + 0x9F, 0xB2, 0x53, 0x61, 0x01, 0x29, 0xAA, 0x96, 0xCB, 0x20, + 0x60, 0x42, 0x1D, 0xBA, 0x75, 0x4B, 0x63, 0xC1, 0x02, 0x15, + 0x00, 0xE7, 0xA5, 0x39, 0xD4, 0x6A, 0x37, 0x5E, 0x95, 0x06, + 0x39, 0x07, 0x77, 0x0A, 0xEB, 0xA0, 0x03, 0xEB, 0x78, 0x82, + 0x9B, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD4, 0x4C, 0x71, + 0x2F, 0xEC, 0xFA, 0x32, 0xB2, 0x80, 0x7E, 0x61, 0x4A, 0x6B, + 0x5F, 0x18, 0x76, 0x43, 0xC3, 0x69, 0xBA, 0x41, 0xC7, 0xA7, + 0x1D, 0x79, 0x01, 0xEC, 0xAF, 0x34, 0x87, 0x67, 0x4F, 0x29, + 0x80, 0xA8, 0x3B, 0x87, 0xF6, 0xE8, 0xA1, 0xE8, 0xCD, 0x1B, + 0x1C, 0x86, 0x38, 0xF6, 0xD1, 0x0C, 0x46, 0x2E, 0xC8, 0xE0, + 0xC9, 0x30, 0x26, 0xD5, 0x2C, 0x7F, 0xC1, 0x08, 0xBF, 0xCC, + 0x5A, 0x82, 0x8E, 0xD4, 0xD4, 0x49, 0xAA, 0xA2, 0xFA, 0xE6, + 0xC1, 0x9D, 0xF0, 0xD9, 0x96, 0xB0, 0xFF, 0x0C, 0x5B, 0x33, + 0x8E, 0x06, 0xDD, 0x9D, 0x28, 0xA9, 0xE9, 0x80, 0x41, 0x3B, + 0xD8, 0x7A, 0x94, 0x21, 0x8F, 0x56, 0xF1, 0xA2, 0xB4, 0x2B, + 0x89, 0x1C, 0x74, 0xFF, 0x7E, 0x91, 0xDC, 0x1F, 0x91, 0x13, + 0x98, 0xAF, 0xC7, 0x06, 0xD2, 0x4C, 0x90, 0xA2, 0xBD, 0xDA, + 0x16, 0xBA, 0x65, 0xB0, 0x2D, 0x68, 0x87, 0x3C, 0x6E, 0x25, + 0x8D, 0x90, 0xC7, 0xBC, 0x0D, 0xA9, 0x43, 0x03, 0xC9, 0xBE, + 0xCF, 0x85, 0x6F, 0xDB, 0x07, 0x7B, 0x8C, 0xF8, 0xB1, 0xC2, + 0x49, 0x10, 0x69, 0x63, 0x56, 0x37, 0xC5, 0x30, 0xD2, 0xFB, + 0x71, 0x9A, 0xE8, 0x82, 0x07, 0x2E, 0x3E, 0x95, 0x50, 0xF3, + 0x73, 0xCF, 0x34, 0x5B, 0xD5, 0xAB, 0x02, 0x15, 0xF2, 0xCC, + 0xD7, 0x52, 0xC5, 0x28, 0xD8, 0x41, 0x19, 0x55, 0x6F, 0xB8, + 0x5F, 0xF1, 0x99, 0xB3, 0xC7, 0xD9, 0xB3, 0x71, 0xF4, 0x2D, + 0xDF, 0x22, 0x59, 0x35, 0x86, 0xDB, 0x39, 0xCA, 0x1B, 0x4D, + 0x35, 0x90, 0x19, 0x6B, 0x31, 0xE3, 0xC8, 0xC6, 0x09, 0xBF, + 0x7C, 0xED, 0x01, 0xB4, 0xB2, 0xF5, 0x6E, 0xDA, 0x63, 0x41, + 0x3C, 0xE6, 0x3A, 0x72, 0x2D, 0x65, 0x48, 0xF6, 0x07, 0xCD, + 0x92, 0x84, 0x8B, 0x1D, 0xA7, 0x31, 0x6B, 0xD6, 0xF0, 0xFB, + 0xD9, 0xF4, 0x02, 0x82, 0x01, 0x00, 0x66, 0x4B, 0xBB, 0xB7, + 0xC9, 0x48, 0x95, 0x0D, 0x5A, 0xA6, 0x2D, 0xA1, 0x7F, 0xDF, + 0x1F, 0x67, 0x6D, 0xED, 0x52, 0x4B, 0x16, 0x6C, 0x17, 0xC6, + 0xAE, 0xF8, 0x6A, 0xC4, 0x57, 0xED, 0x2F, 0xB3, 0xF0, 0x2A, + 0x55, 0xAB, 0xBA, 0xCA, 0xEA, 0x17, 0xE8, 0x35, 0x7C, 0xE5, + 0x31, 0x0D, 0x4A, 0x95, 0xFC, 0x43, 0x6F, 0x97, 0x3C, 0x5C, + 0x67, 0xAC, 0xBE, 0x67, 0x7F, 0xE9, 0x4E, 0xAA, 0x48, 0xB3, + 0x92, 0xA1, 0x76, 0x75, 0xEA, 0x04, 0x34, 0x7F, 0x87, 0x33, + 0x2D, 0x24, 0xB6, 0x29, 0x97, 0xE3, 0x04, 0x77, 0x93, 0x89, + 0x13, 0xDB, 0x1B, 0x93, 0xB8, 0x2C, 0x90, 0x1A, 0x09, 0x3B, + 0x26, 0xD9, 0x59, 0xF3, 0x2A, 0x09, 0x58, 0xDC, 0xAC, 0x25, + 0xB4, 0xA9, 0x45, 0x3B, 0xA2, 0x3A, 0x6C, 0x61, 0x84, 0xBF, + 0x68, 0xD4, 0xEA, 0x9B, 0xC5, 0x29, 0x48, 0x60, 0x15, 0x10, + 0x35, 0x2C, 0x44, 0x1D, 0xB5, 0x9A, 0xEE, 0xAC, 0xC1, 0x68, + 0xE8, 0x47, 0xB7, 0x41, 0x34, 0x39, 0x9A, 0xF8, 0xA5, 0x20, + 0xE9, 0x24, 0xC4, 0x2C, 0x58, 0x3F, 0x4C, 0x41, 0x30, 0x3A, + 0x14, 0x6E, 0x8D, 0xEA, 0xAD, 0xBA, 0x9B, 0x43, 0xD3, 0x98, + 0x2F, 0x83, 0xD8, 0x14, 0x67, 0xE8, 0xF8, 0xD5, 0x4F, 0xAC, + 0xE0, 0x3B, 0xBF, 0xA7, 0x54, 0x16, 0x5E, 0x49, 0x64, 0x26, + 0x54, 0xA4, 0x6B, 0x69, 0x7C, 0xBA, 0x8A, 0x83, 0xD9, 0x2E, + 0x65, 0x0A, 0xA2, 0x27, 0xEF, 0x99, 0x99, 0x08, 0xD7, 0xB5, + 0x9F, 0xA0, 0x01, 0xEF, 0x7E, 0x17, 0xBF, 0x83, 0x6B, 0x2E, + 0xDD, 0xC0, 0x39, 0x38, 0x23, 0x68, 0xB4, 0x76, 0x6B, 0xE5, + 0xCA, 0xF7, 0x7C, 0xEE, 0xC0, 0x52, 0xE2, 0xDD, 0xAD, 0x59, + 0x3A, 0x42, 0x06, 0x45, 0xB0, 0xC7, 0xC1, 0x77, 0x05, 0xB2, + 0x0C, 0x32, 0x40, 0x46, 0xAA, 0xDA, 0x79, 0x77, 0x04, 0x71, + 0xDF, 0x7A, 0x02, 0x15, 0x00, 0x98, 0xEE, 0xB9, 0x51, 0x37, + 0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9, + 0x00, 0xCB, 0x62, 0x6D, 0x9A +}; +static const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048); + +/* ./certs/rsa2048.der, 2048-bit */ +static const unsigned char rsa_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xE9, 0x8A, 0x5D, 0x15, 0xA4, 0xD4, 0x34, 0xB9, + 0x59, 0xA2, 0xDA, 0xAF, 0x74, 0xC8, 0xC9, 0x03, 0x26, 0x38, + 0xFA, 0x48, 0xFC, 0x4D, 0x30, 0x6E, 0xEA, 0x76, 0x89, 0xCE, + 0x4F, 0xF6, 0x87, 0xDE, 0x32, 0x3A, 0x46, 0x6E, 0x38, 0x12, + 0x58, 0x37, 0x22, 0x0D, 0x80, 0xAC, 0x2D, 0xAF, 0x2F, 0x12, + 0x3E, 0x62, 0x73, 0x60, 0x66, 0x68, 0x90, 0xB2, 0x6F, 0x47, + 0x17, 0x04, 0x2B, 0xCA, 0xB7, 0x26, 0xB7, 0x10, 0xC2, 0x13, + 0xF9, 0x7A, 0x62, 0x0A, 0x93, 0x32, 0x90, 0x42, 0x0D, 0x16, + 0x2E, 0xFA, 0xD7, 0x29, 0xD7, 0x9F, 0x54, 0xE4, 0xFC, 0x65, + 0x74, 0xF8, 0xF6, 0x43, 0x6B, 0x4E, 0x9E, 0x34, 0x7F, 0xCB, + 0x6B, 0x1C, 0x1A, 0xDE, 0x82, 0x81, 0xBF, 0x08, 0x5D, 0x3F, + 0xC0, 0xB6, 0xB1, 0xA8, 0xA5, 0x9C, 0x81, 0x70, 0xA7, 0x4E, + 0x32, 0x87, 0x15, 0x1C, 0x78, 0x0E, 0xF0, 0x18, 0xFE, 0xEB, + 0x4B, 0x37, 0x2B, 0xE9, 0xE1, 0xF7, 0xFA, 0x51, 0xC6, 0x58, + 0xB9, 0xD8, 0x06, 0x03, 0xED, 0xC0, 0x03, 0x18, 0x55, 0x8B, + 0x98, 0xFE, 0xB1, 0xF6, 0xD0, 0x3D, 0xFA, 0x63, 0xC0, 0x38, + 0x19, 0xC7, 0x00, 0xEF, 0x4D, 0x99, 0x60, 0xB4, 0xBA, 0xCE, + 0xE3, 0xCE, 0xD9, 0x6B, 0x2D, 0x76, 0x94, 0xFF, 0xFB, 0x77, + 0x18, 0x4A, 0xFE, 0x65, 0xF0, 0x0A, 0x91, 0x5C, 0x3B, 0x22, + 0x94, 0x85, 0xD0, 0x20, 0x18, 0x59, 0x2E, 0xA5, 0x33, 0x03, + 0xAC, 0x1B, 0x5F, 0x78, 0x32, 0x11, 0x25, 0xEE, 0x7F, 0x96, + 0x21, 0xA9, 0xD6, 0x76, 0x97, 0x8D, 0x66, 0x7E, 0xB2, 0x91, + 0xD0, 0x36, 0x2E, 0xA3, 0x1D, 0xBF, 0xF1, 0x85, 0xED, 0xC0, + 0x3E, 0x60, 0xB8, 0x5A, 0x9F, 0xAB, 0x80, 0xE0, 0xEA, 0x5D, + 0x5F, 0x75, 0x56, 0xC7, 0x4D, 0x51, 0x8E, 0xD4, 0x1F, 0x34, + 0xA6, 0x36, 0xF1, 0x30, 0x1F, 0x51, 0x99, 0x2F, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x52, 0x11, 0x33, + 0x40, 0xC5, 0xD9, 0x64, 0x65, 0xB5, 0xE0, 0x0A, 0xA5, 0x19, + 0x8E, 0xED, 0x44, 0x54, 0x0C, 0x35, 0xB7, 0xAC, 0x21, 0x9B, + 0xE1, 0x7E, 0x37, 0x05, 0x9A, 0x20, 0x73, 0x6B, 0xAF, 0x63, + 0x4B, 0x23, 0x30, 0xDC, 0x37, 0x66, 0x14, 0x89, 0xBC, 0xE0, + 0xF8, 0xA0, 0x5D, 0x2D, 0x57, 0x65, 0xE0, 0xC6, 0xD6, 0x9B, + 0x66, 0x27, 0x62, 0xEC, 0xC3, 0xB8, 0x8C, 0xD8, 0xAE, 0xB5, + 0xC9, 0xBF, 0x0E, 0xFE, 0x84, 0x72, 0x68, 0xD5, 0x47, 0x0E, + 0x0E, 0xF8, 0xAE, 0x9D, 0x56, 0xAC, 0x4F, 0xAD, 0x88, 0xA0, + 0xA2, 0xF6, 0xFC, 0x38, 0xCD, 0x96, 0x5B, 0x5E, 0x7E, 0xB6, + 0x98, 0xBB, 0xF3, 0x8A, 0xEC, 0xFA, 0xC8, 0xB7, 0x90, 0x75, + 0xA0, 0x0E, 0x77, 0x6B, 0xFD, 0x59, 0x45, 0x5A, 0x0C, 0xFF, + 0x95, 0x8D, 0xCE, 0xFE, 0x9B, 0xF6, 0x19, 0x8E, 0x0B, 0xA1, + 0x0C, 0xEE, 0xC6, 0x79, 0xDD, 0x9D, 0x61, 0x85, 0x5C, 0x19, + 0x6C, 0x47, 0xCC, 0x08, 0xFF, 0xA5, 0x62, 0xDB, 0xE4, 0x2D, + 0x2D, 0xDD, 0x14, 0x67, 0xD6, 0x4A, 0x64, 0x2A, 0x66, 0x49, + 0x54, 0x9C, 0xE3, 0x85, 0x18, 0xE7, 0x31, 0x42, 0xE2, 0xD0, + 0x2C, 0x20, 0xA0, 0x74, 0x0F, 0x1F, 0x20, 0x89, 0xBA, 0xAB, + 0x80, 0xD8, 0x38, 0xD9, 0x46, 0x69, 0xBB, 0xEF, 0xCC, 0x8B, + 0xA1, 0x73, 0xA7, 0xF2, 0xE4, 0x38, 0x5D, 0xD6, 0x75, 0x9F, + 0x88, 0x0E, 0x56, 0xCD, 0xD8, 0x84, 0x59, 0x29, 0x73, 0xF5, + 0xA1, 0x79, 0xDA, 0x7A, 0x1F, 0xBF, 0x73, 0x83, 0xC0, 0x6D, + 0x9F, 0x8B, 0x34, 0x15, 0xC0, 0x6D, 0x69, 0x6A, 0x20, 0xE6, + 0x51, 0xCF, 0x45, 0x6E, 0xCC, 0x05, 0xC4, 0x3A, 0xC0, 0x9E, + 0xAA, 0xC1, 0x06, 0x2F, 0xAB, 0x99, 0x30, 0xE1, 0x6E, 0x9D, + 0x45, 0x7A, 0xFF, 0xA9, 0xCE, 0x70, 0xB8, 0x16, 0x1A, 0x0E, + 0x20, 0xFA, 0xC1, 0x02, 0x81, 0x81, 0x00, 0xFF, 0x30, 0x11, + 0xC2, 0x3C, 0x6B, 0xB4, 0xD6, 0x9E, 0x6B, 0xC1, 0x93, 0xD1, + 0x48, 0xCE, 0x80, 0x2D, 0xBE, 0xAF, 0xF7, 0xBA, 0xB2, 0xD7, + 0xC3, 0xC4, 0x53, 0x6E, 0x15, 0x02, 0xAA, 0x61, 0xB9, 0xEA, + 0x05, 0x9B, 0x79, 0x67, 0x0B, 0xCE, 0xD9, 0xFB, 0x98, 0x8C, + 0x1D, 0x6B, 0xF4, 0x5A, 0xA7, 0xA0, 0x5E, 0x54, 0x18, 0xE9, + 0x31, 0x44, 0x7C, 0xC7, 0x52, 0xD8, 0x6D, 0xA0, 0x3E, 0xD6, + 0x14, 0x2D, 0x7B, 0x15, 0x9D, 0x1E, 0x39, 0x87, 0x96, 0xDD, + 0xA8, 0x33, 0x55, 0x2A, 0x8E, 0x32, 0xC0, 0xC4, 0xE5, 0xB8, + 0xCB, 0xCD, 0x32, 0x8D, 0xAD, 0x7B, 0xE5, 0xC6, 0x7E, 0x4D, + 0x6F, 0xF3, 0xA4, 0xC5, 0xA6, 0x40, 0xBE, 0x90, 0x3A, 0x33, + 0x6A, 0x24, 0xB2, 0x80, 0x81, 0x12, 0xAC, 0xE3, 0x7B, 0x26, + 0x63, 0xCF, 0x88, 0xB9, 0xFF, 0x74, 0x23, 0x37, 0x52, 0xF0, + 0xC4, 0x27, 0x5D, 0x45, 0x1F, 0x02, 0x81, 0x81, 0x00, 0xEA, + 0x48, 0xA7, 0xDD, 0x73, 0x41, 0x56, 0x21, 0x15, 0xF7, 0x42, + 0x45, 0x4D, 0xA9, 0xE1, 0x66, 0x5B, 0xBD, 0x25, 0x7D, 0xF7, + 0xA8, 0x65, 0x13, 0xAE, 0x2D, 0x38, 0x11, 0xCD, 0x93, 0xFC, + 0x30, 0xA3, 0x2C, 0x44, 0xBB, 0xCF, 0xD0, 0x21, 0x8F, 0xFB, + 0xC1, 0xF9, 0xAD, 0x1D, 0xEE, 0x96, 0xCF, 0x97, 0x49, 0x60, + 0x53, 0x80, 0xA5, 0xA2, 0xF8, 0xEE, 0xB9, 0xD5, 0x77, 0x44, + 0xDD, 0xFD, 0x19, 0x2A, 0xF1, 0x81, 0xF4, 0xD9, 0x3C, 0xEC, + 0x73, 0xD0, 0x2A, 0xD8, 0x3C, 0x27, 0x87, 0x79, 0x12, 0x86, + 0xE7, 0x57, 0x0C, 0x59, 0xD1, 0x44, 0x55, 0xAE, 0xC3, 0x4D, + 0x42, 0xAD, 0xA9, 0xB3, 0x28, 0x61, 0xB4, 0x9C, 0xA6, 0x63, + 0xD3, 0x96, 0xB1, 0x75, 0x9F, 0x2A, 0x78, 0x99, 0xE3, 0x1E, + 0x71, 0x47, 0x39, 0xF4, 0x52, 0xE3, 0x66, 0xF1, 0xEB, 0x7F, + 0xEF, 0xC6, 0x81, 0x93, 0x4C, 0x99, 0xF1, 0x02, 0x81, 0x81, + 0x00, 0xC5, 0xB6, 0x20, 0x8C, 0x34, 0xF3, 0xDD, 0xF0, 0x4A, + 0x5D, 0x82, 0x65, 0x5C, 0x48, 0xE4, 0x75, 0x3A, 0xFB, 0xFA, + 0xAA, 0x1C, 0xE4, 0x63, 0x77, 0x31, 0xAC, 0xD2, 0x25, 0x45, + 0x23, 0x6D, 0x03, 0xF5, 0xE4, 0xD2, 0x48, 0x85, 0x26, 0x08, + 0xE5, 0xAA, 0xA0, 0xCE, 0x2E, 0x1D, 0x6D, 0xFC, 0xAE, 0xD2, + 0xF9, 0x42, 0x7E, 0xEA, 0x6D, 0x59, 0x7A, 0xB3, 0x93, 0xE4, + 0x4B, 0x4B, 0x54, 0x63, 0xD8, 0xCE, 0x44, 0x06, 0xC2, 0xEC, + 0x9F, 0xF6, 0x05, 0x55, 0x46, 0xF4, 0x3E, 0x8F, 0xF2, 0x0C, + 0x30, 0x7E, 0x5C, 0xDD, 0x88, 0x49, 0x3B, 0x59, 0xB9, 0x87, + 0xBC, 0xC6, 0xC5, 0x24, 0x8A, 0x10, 0x63, 0x21, 0x1F, 0x66, + 0x1A, 0x3E, 0xF4, 0x58, 0xD1, 0x6C, 0x0D, 0x40, 0xB2, 0xC0, + 0x1D, 0x63, 0x42, 0x0E, 0xC4, 0x56, 0x0E, 0xC0, 0xCC, 0xC2, + 0xD6, 0x66, 0x0E, 0xC4, 0xAB, 0xB5, 0x33, 0xF6, 0x51, 0x02, + 0x81, 0x80, 0x19, 0x7E, 0xE6, 0xA5, 0xB6, 0xD1, 0x39, 0x6A, + 0x48, 0x55, 0xAC, 0x24, 0x96, 0x9B, 0x12, 0x28, 0x6D, 0x7B, + 0x5C, 0x05, 0x25, 0x5A, 0x72, 0x05, 0x7E, 0x42, 0xF5, 0x83, + 0x1A, 0x78, 0x2C, 0x4D, 0xAE, 0xB4, 0x36, 0x96, 0xA9, 0xBA, + 0xE0, 0xAC, 0x26, 0x9D, 0xA9, 0x6A, 0x29, 0x83, 0xB9, 0x6D, + 0xC5, 0xEC, 0xFA, 0x4A, 0x9C, 0x09, 0x6A, 0x7E, 0xE4, 0x9B, + 0xDC, 0x9B, 0x2A, 0x27, 0x6E, 0x4F, 0xBA, 0xD8, 0xA5, 0x67, + 0xDB, 0xEC, 0x41, 0x5F, 0x29, 0x1C, 0x40, 0x83, 0xEB, 0x59, + 0x56, 0xD7, 0xA9, 0x4E, 0xAB, 0xAE, 0x70, 0x67, 0xD1, 0xA3, + 0xF1, 0x6C, 0xD7, 0x8F, 0x96, 0x0E, 0x8D, 0xAC, 0xAB, 0x55, + 0x58, 0x66, 0xD3, 0x1E, 0x47, 0x9B, 0xF0, 0x4C, 0xED, 0xF6, + 0x49, 0xE8, 0xE9, 0x7B, 0x32, 0x61, 0x20, 0x31, 0x95, 0x05, + 0xB2, 0xF6, 0x09, 0xEA, 0x32, 0x14, 0x0F, 0xCF, 0x9A, 0x41, + 0x02, 0x81, 0x80, 0x77, 0x3F, 0xB6, 0x14, 0x8D, 0xC5, 0x13, + 0x08, 0x7E, 0xC9, 0xC4, 0xEA, 0xD4, 0xBA, 0x0D, 0xA4, 0x9E, + 0xB3, 0x6E, 0xDE, 0x1A, 0x7A, 0xF8, 0x89, 0x88, 0xEF, 0x36, + 0x3C, 0x11, 0xBC, 0x83, 0xE8, 0x30, 0x6C, 0x81, 0x7C, 0x47, + 0xF3, 0x4D, 0xCA, 0xEA, 0x56, 0x01, 0x62, 0x55, 0x2E, 0x4B, + 0x89, 0xA9, 0xBD, 0x6F, 0x01, 0xF6, 0x74, 0x02, 0xAA, 0xE3, + 0x84, 0x66, 0x06, 0x95, 0x34, 0xA1, 0xE2, 0xCA, 0x65, 0xFE, + 0xA3, 0x2D, 0x43, 0x97, 0x95, 0x6C, 0x6F, 0xD5, 0xB4, 0x38, + 0xF6, 0xF9, 0x95, 0x30, 0xFA, 0xF8, 0x9C, 0x25, 0x2B, 0xB6, + 0x14, 0x51, 0xCC, 0x2E, 0xB3, 0x5B, 0xD6, 0xDC, 0x1A, 0xEC, + 0x2D, 0x09, 0x5B, 0x3F, 0x3A, 0xD0, 0xB8, 0x4E, 0x27, 0x1F, + 0xDC, 0x2A, 0xEE, 0xAC, 0xA9, 0x59, 0x5D, 0x07, 0x63, 0x11, + 0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF, + 0x56 +}; +static const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048); + +/* ./certs/ca-key.der, 2048-bit */ +static const unsigned char ca_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D, 0x14, 0xB2, 0x1E, 0x84, + 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A, 0xF2, 0x4D, 0x75, 0x10, + 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA, 0x7D, 0x03, 0x98, 0xD3, + 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A, 0xF1, 0xD8, 0xB0, 0x7D, + 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98, 0x21, 0x4D, 0x80, 0xCB, + 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE, 0x45, 0x7D, 0xC9, 0x72, + 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB, 0x69, 0x52, 0x10, 0x03, + 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1, 0x8B, 0x62, 0x56, 0x1B, + 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41, 0x95, 0xAD, 0x0A, 0x9B, + 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70, 0x76, 0x50, 0x30, 0x5B, + 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED, 0xA7, 0xA2, 0x7A, 0x8D, + 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED, 0xF2, 0x7C, 0x95, 0xB0, + 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38, 0xCD, 0x77, 0x25, 0xEF, + 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C, 0x3D, 0xCA, 0x63, 0x5B, + 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13, 0x2F, 0x19, 0xD1, 0x3C, + 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D, 0xC9, 0xE5, 0xC2, 0xD7, + 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC, 0x73, 0x1B, 0x42, 0x2D, + 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D, 0xAB, 0x7A, 0x36, 0x3F, + 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67, 0xCE, 0x6A, 0x14, 0x38, + 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68, 0xCB, 0x68, 0x7F, 0x71, + 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5, 0x56, 0x2F, 0xA3, 0x26, + 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17, 0xD7, 0x38, 0x99, 0x08, + 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3, 0x13, 0x49, 0x08, 0x16, + 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4E, + 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, 0x04, 0xD9, 0x0B, 0xEC, + 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, 0x36, 0x79, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x3D, 0x6E, 0x4E, + 0x60, 0x1A, 0x84, 0x7F, 0x9D, 0x85, 0x7C, 0xE1, 0x4B, 0x07, + 0x7C, 0xE0, 0xD6, 0x99, 0x2A, 0xDE, 0x9D, 0xF9, 0x36, 0x34, + 0x0E, 0x77, 0x0E, 0x3E, 0x08, 0xEA, 0x4F, 0xE5, 0x06, 0x26, + 0xD4, 0xF6, 0x38, 0xF7, 0xDF, 0x0D, 0x0F, 0x1C, 0x2E, 0x06, + 0xA2, 0xF4, 0x2A, 0x68, 0x9C, 0x63, 0x72, 0xE3, 0x35, 0xE6, + 0x04, 0x91, 0x91, 0xB5, 0xC1, 0xB1, 0xA4, 0x54, 0xAC, 0xD7, + 0xC6, 0xFB, 0x41, 0xA0, 0xD6, 0x75, 0x6F, 0xBD, 0x0B, 0x4E, + 0xBF, 0xB1, 0x52, 0xE8, 0x5F, 0x49, 0x26, 0x98, 0x56, 0x47, + 0xC7, 0xDE, 0xE9, 0xEA, 0x3C, 0x60, 0x01, 0xBF, 0x28, 0xDC, + 0x31, 0xBF, 0x49, 0x5F, 0x93, 0x49, 0x87, 0x7A, 0x81, 0x5B, + 0x96, 0x4B, 0x4D, 0xCA, 0x5C, 0x38, 0x4F, 0xB7, 0xE1, 0xB2, + 0xD3, 0xC7, 0x21, 0xDA, 0x3C, 0x12, 0x87, 0x07, 0xE4, 0x1B, + 0xDC, 0x43, 0xEC, 0xE8, 0xEC, 0x54, 0x61, 0xE7, 0xF6, 0xED, + 0xA6, 0x0B, 0x2E, 0xF5, 0xDF, 0x82, 0x7F, 0xC6, 0x1F, 0x61, + 0x19, 0x9C, 0xA4, 0x83, 0x39, 0xDF, 0x21, 0x85, 0x89, 0x6F, + 0x77, 0xAF, 0x86, 0x15, 0x32, 0x08, 0xA2, 0x5A, 0x0B, 0x26, + 0x61, 0xFB, 0x70, 0x0C, 0xCA, 0x9C, 0x38, 0x7D, 0xBC, 0x22, + 0xEE, 0xEB, 0xA3, 0xA8, 0x16, 0x00, 0xF9, 0x8A, 0x80, 0x1E, + 0x00, 0x84, 0xA8, 0x4A, 0x41, 0xF8, 0x84, 0x03, 0x67, 0x2F, + 0x23, 0x5B, 0x2F, 0x9B, 0x6B, 0x26, 0xC3, 0x07, 0x34, 0x94, + 0xA3, 0x03, 0x3B, 0x72, 0xD5, 0x9F, 0x72, 0xE0, 0xAD, 0xCC, + 0x34, 0xAB, 0xBD, 0xC7, 0xD5, 0xF5, 0x26, 0x30, 0x85, 0x0F, + 0x30, 0x23, 0x39, 0x52, 0xFF, 0x3C, 0xCB, 0x99, 0x21, 0x4D, + 0x88, 0xA5, 0xAB, 0xEE, 0x62, 0xB9, 0xC7, 0xE0, 0xBB, 0x47, + 0x87, 0xC1, 0x69, 0xCF, 0x73, 0xF3, 0x30, 0xBE, 0xCE, 0x39, + 0x04, 0x9C, 0xE5, 0x02, 0x81, 0x81, 0x00, 0xE1, 0x76, 0x45, + 0x80, 0x59, 0xB6, 0xD3, 0x49, 0xDF, 0x0A, 0xEF, 0x12, 0xD6, + 0x0F, 0xF0, 0xB7, 0xCB, 0x2A, 0x37, 0xBF, 0xA7, 0xF8, 0xB5, + 0x4D, 0xF5, 0x31, 0x35, 0xAD, 0xE4, 0xA3, 0x94, 0xA1, 0xDB, + 0xF1, 0x96, 0xAD, 0xB5, 0x05, 0x64, 0x85, 0x83, 0xFC, 0x1B, + 0x5B, 0x29, 0xAA, 0xBE, 0xF8, 0x26, 0x3F, 0x76, 0x7E, 0xAD, + 0x1C, 0xF0, 0xCB, 0xD7, 0x26, 0xB4, 0x1B, 0x05, 0x8E, 0x56, + 0x86, 0x7E, 0x08, 0x62, 0x21, 0xC1, 0x86, 0xD6, 0x47, 0x79, + 0x3E, 0xB7, 0x5D, 0xA4, 0xC6, 0x3A, 0xD7, 0xB1, 0x74, 0x20, + 0xF6, 0x50, 0x97, 0x41, 0x04, 0x53, 0xED, 0x3F, 0x26, 0xD6, + 0x6F, 0x91, 0xFA, 0x68, 0x26, 0xEC, 0x2A, 0xDC, 0x9A, 0xF1, + 0xE7, 0xDC, 0xFB, 0x73, 0xF0, 0x79, 0x43, 0x1B, 0x21, 0xA3, + 0x59, 0x04, 0x63, 0x52, 0x07, 0xC9, 0xD7, 0xE6, 0xD1, 0x1B, + 0x5D, 0x5E, 0x96, 0xFA, 0x53, 0x02, 0x81, 0x81, 0x00, 0xD8, + 0xED, 0x4E, 0x64, 0x61, 0x6B, 0x91, 0x0C, 0x61, 0x01, 0xB5, + 0x0F, 0xBB, 0x44, 0x67, 0x53, 0x1E, 0xDC, 0x07, 0xC4, 0x24, + 0x7E, 0x9E, 0x6C, 0x84, 0x23, 0x91, 0x0C, 0xE4, 0x12, 0x04, + 0x16, 0x4D, 0x78, 0x98, 0xCC, 0x96, 0x3D, 0x20, 0x4E, 0x0F, + 0x45, 0x9A, 0xB6, 0xF8, 0xB3, 0x93, 0x0D, 0xB2, 0xA2, 0x1B, + 0x29, 0xF2, 0x26, 0x79, 0xC8, 0xC5, 0xD2, 0x78, 0x7E, 0x5E, + 0x73, 0xF2, 0xD7, 0x70, 0x61, 0xBB, 0x40, 0xCE, 0x61, 0x05, + 0xFE, 0x69, 0x1E, 0x82, 0x29, 0xE6, 0x14, 0xB8, 0xA1, 0xE7, + 0x96, 0xD0, 0x23, 0x3F, 0x05, 0x93, 0x00, 0xF2, 0xE1, 0x4D, + 0x7E, 0xED, 0xB7, 0x96, 0x6C, 0xF7, 0xF0, 0xE4, 0xD1, 0xCF, + 0x01, 0x98, 0x4F, 0xDC, 0x74, 0x54, 0xAA, 0x6D, 0x5E, 0x5A, + 0x41, 0x31, 0xFE, 0xFF, 0x9A, 0xB6, 0xA0, 0x05, 0xDD, 0xA9, + 0x10, 0x54, 0xF8, 0x6B, 0xD0, 0xAA, 0x83, 0x02, 0x81, 0x80, + 0x21, 0xD3, 0x04, 0x8A, 0x44, 0xEB, 0x50, 0xB7, 0x7C, 0x66, + 0xBF, 0x87, 0x2B, 0xE6, 0x28, 0x4E, 0xEA, 0x83, 0xE2, 0xE9, + 0x35, 0xE1, 0xF2, 0x11, 0x47, 0xFF, 0xA1, 0xF5, 0xFC, 0x9F, + 0x2D, 0xE5, 0x3A, 0x81, 0xFC, 0x01, 0x03, 0x6F, 0x53, 0xAD, + 0x54, 0x27, 0xB6, 0x52, 0xEE, 0xE5, 0x56, 0xD1, 0x13, 0xAB, + 0xE1, 0xB3, 0x0F, 0x75, 0x90, 0x0A, 0x84, 0xB4, 0xA1, 0xC0, + 0x8C, 0x0C, 0xD6, 0x9E, 0x46, 0xBA, 0x2B, 0x3E, 0xB5, 0x31, + 0xED, 0x63, 0xBB, 0xA4, 0xD5, 0x0D, 0x8F, 0x72, 0xCD, 0xD1, + 0x1E, 0x26, 0x35, 0xEB, 0xBE, 0x1B, 0x72, 0xFD, 0x9B, 0x39, + 0xB4, 0x87, 0xB7, 0x13, 0xF5, 0xEA, 0x83, 0x45, 0x93, 0x98, + 0xBA, 0x8F, 0xE4, 0x4A, 0xCC, 0xB4, 0x4C, 0xA8, 0x7F, 0x08, + 0xBA, 0x41, 0x49, 0xA8, 0x49, 0x28, 0x3D, 0x5E, 0x3D, 0xC1, + 0xCE, 0x37, 0x00, 0xCB, 0xF9, 0x2C, 0xDD, 0x51, 0x02, 0x81, + 0x81, 0x00, 0xA1, 0x57, 0x9F, 0x3E, 0xB9, 0xD6, 0xAF, 0x83, + 0x6D, 0x83, 0x3F, 0x8F, 0xFB, 0xD0, 0xDC, 0xA8, 0xCE, 0x03, + 0x09, 0x23, 0xB1, 0xA1, 0x1B, 0x63, 0xCA, 0xC4, 0x49, 0x56, + 0x35, 0x2B, 0xD1, 0x2E, 0x65, 0x60, 0x95, 0x05, 0x55, 0x99, + 0x11, 0x35, 0xFD, 0xD5, 0xDF, 0x44, 0xC7, 0xA5, 0x88, 0x72, + 0x5F, 0xB2, 0x82, 0x51, 0xA8, 0x71, 0x45, 0x93, 0x36, 0xCF, + 0x5C, 0x1F, 0x61, 0x51, 0x0C, 0x05, 0x80, 0xE8, 0xAF, 0xC5, + 0x7B, 0xBA, 0x5E, 0x22, 0xE3, 0x3C, 0x75, 0xC3, 0x84, 0x05, + 0x55, 0x6D, 0xD6, 0x3A, 0x2D, 0x84, 0x89, 0x93, 0x33, 0xCB, + 0x38, 0xDA, 0xAA, 0x31, 0x05, 0xCD, 0xCE, 0x6C, 0x2D, 0xDD, + 0x55, 0xD3, 0x57, 0x0B, 0xF0, 0xA5, 0x35, 0x6A, 0xB0, 0xAE, + 0x31, 0xBA, 0x43, 0x96, 0xCA, 0x00, 0xC7, 0x4B, 0xE3, 0x19, + 0x12, 0x43, 0xD3, 0x42, 0xFA, 0x6F, 0xEA, 0x80, 0xC0, 0xD1, + 0x02, 0x81, 0x81, 0x00, 0xB9, 0xDB, 0x89, 0x20, 0x34, 0x27, + 0x70, 0x62, 0x34, 0xEA, 0x5F, 0x25, 0x62, 0x12, 0xF3, 0x9D, + 0x81, 0xBF, 0x48, 0xEE, 0x9A, 0x0E, 0xC1, 0x8D, 0x10, 0xFF, + 0x65, 0x9A, 0x9D, 0x2D, 0x1A, 0x8A, 0x94, 0x5A, 0xC8, 0xC0, + 0xA5, 0xA5, 0x84, 0x61, 0x9E, 0xD4, 0x24, 0xB9, 0xEF, 0xA9, + 0x9D, 0xC9, 0x77, 0x0B, 0xC7, 0x70, 0x66, 0x3D, 0xBA, 0xC8, + 0x54, 0xDF, 0xD2, 0x33, 0xE1, 0xF5, 0x7F, 0xF9, 0x27, 0x61, + 0xBE, 0x57, 0x45, 0xDD, 0xB7, 0x45, 0x17, 0x24, 0xF5, 0x23, + 0xE4, 0x38, 0x0E, 0x91, 0x27, 0xEE, 0xE3, 0x20, 0xD8, 0x14, + 0xC8, 0x94, 0x47, 0x77, 0x40, 0x77, 0x45, 0x18, 0x9E, 0x0D, + 0xCE, 0x79, 0x3F, 0x57, 0x31, 0x56, 0x09, 0x49, 0x67, 0xBE, + 0x94, 0x58, 0x4F, 0xF6, 0xC4, 0xAB, 0xE2, 0x89, 0xE3, 0xE3, + 0x8A, 0xC0, 0x05, 0x55, 0x2C, 0x24, 0xC0, 0x4A, 0x97, 0x04, + 0x27, 0x9A +}; +static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048); + +/* ./certs/ca-cert.der, 2048-bit */ +static const unsigned char ca_cert_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x86, 0xFF, 0xF5, 0x8E, + 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, + 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, + 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, + 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, + 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, + 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D, + 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A, + 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA, + 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A, + 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98, + 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE, + 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB, + 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1, + 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41, + 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70, + 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED, + 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED, + 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38, + 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C, + 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13, + 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D, + 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC, + 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D, + 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67, + 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68, + 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5, + 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17, + 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3, + 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, + 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, + 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, + 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, + 0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, + 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, + 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, + 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, + 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, + 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, + 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, + 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0x86, 0xFF, 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x9E, 0x28, 0x88, 0x72, 0x00, 0xCA, 0xE6, 0xE7, + 0x97, 0xCA, 0xC1, 0xF1, 0x1F, 0x9E, 0x12, 0xB2, 0xB8, 0xC7, + 0x51, 0xEA, 0x28, 0xE1, 0x36, 0xB5, 0x2D, 0xE6, 0x2F, 0x08, + 0x23, 0xCB, 0xA9, 0x4A, 0x87, 0x25, 0xC6, 0x5D, 0x89, 0x45, + 0xEA, 0xF5, 0x00, 0x98, 0xAC, 0x76, 0xFB, 0x1B, 0xAF, 0xF0, + 0xCE, 0x64, 0x9E, 0xDA, 0x08, 0xBF, 0xB6, 0xEB, 0xB4, 0xB5, + 0x0C, 0xA0, 0xE7, 0xF6, 0x47, 0x59, 0x1C, 0x61, 0xCF, 0x2E, + 0x0E, 0x58, 0xA4, 0x82, 0xAC, 0x0F, 0x3F, 0xEC, 0xC4, 0xAE, + 0x80, 0xF7, 0xB0, 0x8A, 0x1E, 0x85, 0x41, 0xE8, 0xFF, 0xFE, + 0xFE, 0x4F, 0x1A, 0x24, 0xD5, 0x49, 0xFA, 0xFB, 0xFE, 0x5E, + 0xE5, 0xD3, 0x91, 0x0E, 0x4F, 0x4E, 0x0C, 0x21, 0x51, 0x71, + 0x83, 0x04, 0x6B, 0x62, 0x7B, 0x4F, 0x59, 0x76, 0x48, 0x81, + 0x1E, 0xB4, 0xF7, 0x04, 0x47, 0x8A, 0x91, 0x57, 0xA3, 0x11, + 0xA9, 0xF2, 0x20, 0xB4, 0x78, 0x33, 0x62, 0x3D, 0xB0, 0x5E, + 0x0D, 0xF9, 0x86, 0x38, 0x82, 0xDA, 0xA1, 0x98, 0x8D, 0x19, + 0x06, 0x87, 0x21, 0x39, 0xB7, 0x02, 0xF7, 0xDA, 0x7D, 0x58, + 0xBA, 0x52, 0x15, 0xD8, 0x3B, 0xC9, 0x7B, 0x58, 0x34, 0xA0, + 0xC7, 0xE2, 0x7C, 0xA9, 0x83, 0x13, 0xE1, 0xB6, 0xEC, 0x01, + 0xBF, 0x52, 0x33, 0x0B, 0xC4, 0xFE, 0x43, 0xD3, 0xC6, 0xA4, + 0x8E, 0x2F, 0x87, 0x7F, 0x7A, 0x44, 0xEA, 0xCA, 0x53, 0x6C, + 0x85, 0xED, 0x65, 0x76, 0x73, 0x31, 0x03, 0x4E, 0xEA, 0xBD, + 0x35, 0x54, 0x13, 0xF3, 0x64, 0x87, 0x6B, 0xDF, 0x34, 0xDD, + 0x34, 0xA1, 0x88, 0x3B, 0xDB, 0x4D, 0xAF, 0x1B, 0x64, 0x90, + 0x92, 0x71, 0x30, 0x8E, 0xC8, 0xCC, 0xE5, 0x60, 0x24, 0xAF, + 0x31, 0x16, 0x39, 0x33, 0x91, 0x50, 0xF9, 0xAB, 0x68, 0x42, + 0x74, 0x7A, 0x35, 0xD9, 0xDD, 0xC8, 0xC4, 0x52 +}; +static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); + +/* ./certs/ca-cert-chain.der, 2048-bit */ +static const unsigned char ca_cert_chain_der[] = +{ + 0x30, 0x82, 0x03, 0xB5, 0x30, 0x82, 0x03, 0x1E, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, + 0xFE, 0xCF, 0x9B, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, + 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, + 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x99, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, + 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, + 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, + 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, + 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, + 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, + 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, + 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, + 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, + 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, + 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, + 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, + 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, + 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, + 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, + 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, + 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x01, 0x30, + 0x81, 0xFE, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, + 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, + 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, 0x1D, + 0x23, 0x04, 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, 0xD3, + 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, + 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1, + 0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, + 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, + 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, + 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, + 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x82, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, + 0x9B, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x03, 0x81, 0x81, 0x00, 0x1D, 0x48, 0xF6, 0x40, 0x41, + 0x04, 0x06, 0xF2, 0xE4, 0x72, 0x2F, 0xEA, 0xFF, 0xC1, 0x67, + 0x6B, 0x15, 0xBB, 0x0A, 0x28, 0x23, 0x28, 0x07, 0xC6, 0xD7, + 0x13, 0x2C, 0xBE, 0x00, 0x00, 0xAC, 0x1D, 0xF7, 0xF4, 0x92, + 0xD3, 0x2B, 0xAF, 0x23, 0xEB, 0x9F, 0x1A, 0xE2, 0x11, 0x3C, + 0x2D, 0x97, 0xF2, 0x0F, 0xAC, 0xAE, 0x97, 0x86, 0x0A, 0xFB, + 0xA8, 0x4F, 0x74, 0x1B, 0xDE, 0x19, 0x51, 0xDB, 0xCD, 0xE2, + 0x11, 0x38, 0xC1, 0xA4, 0x9D, 0x56, 0xAB, 0x47, 0x5C, 0xDE, + 0xBA, 0xEB, 0x27, 0xDF, 0x6D, 0xC8, 0x7E, 0x3A, 0xBD, 0x2E, + 0x9B, 0x2A, 0xAD, 0x22, 0x3B, 0x95, 0xA9, 0xF2, 0x28, 0x03, + 0xBC, 0xE5, 0xEC, 0xCC, 0xF2, 0x08, 0xD4, 0xC8, 0x2F, 0xDB, + 0xEA, 0xFB, 0x2E, 0x52, 0x16, 0x8C, 0x42, 0x02, 0xA4, 0x59, + 0x6D, 0x4C, 0x33, 0xB4, 0x9A, 0xD2, 0x73, 0x4A, 0x1E, 0x9F, + 0xD9, 0xC8, 0x83, 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, + 0x92, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x86, + 0xFF, 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, + 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, + 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, + 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, + 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, + 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, + 0x32, 0x33, 0x30, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, + 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, + 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, + 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, + 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, + 0x0C, 0xCA, 0x2D, 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, + 0x38, 0x1F, 0x4A, 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, + 0x9F, 0xDF, 0xCA, 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, + 0x66, 0xEE, 0x2A, 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, + 0x0B, 0x10, 0x98, 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, + 0xCC, 0x4F, 0xDE, 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, + 0xCA, 0x90, 0xBB, 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, + 0x95, 0xC5, 0xF1, 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, + 0xA4, 0x10, 0x41, 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, + 0xB0, 0xD2, 0x70, 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, + 0x2C, 0x7C, 0xED, 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, + 0xAC, 0xC7, 0xED, 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, + 0x49, 0x5C, 0x38, 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, + 0x53, 0x94, 0x3C, 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, + 0xD3, 0x1D, 0x13, 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, + 0xCC, 0xB8, 0x7D, 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, + 0xD8, 0x21, 0xDC, 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, + 0x1A, 0xFC, 0x7D, 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, + 0x7C, 0x05, 0x67, 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, + 0x8C, 0xB5, 0x68, 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, + 0xA0, 0x63, 0xF5, 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, + 0xB1, 0x5A, 0x17, 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, + 0x6F, 0xFE, 0xC3, 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, + 0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, + 0x45, 0x1D, 0xB9, 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, + 0x4B, 0xBD, 0xED, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, + 0xA3, 0x81, 0xFC, 0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, + 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, + 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, + 0xBE, 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, + 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, + 0xE5, 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, + 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x82, 0x09, 0x00, 0x86, 0xFF, 0xF5, 0x8E, 0x10, 0xDE, 0xB8, + 0xFB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x9E, 0x28, 0x88, 0x72, 0x00, + 0xCA, 0xE6, 0xE7, 0x97, 0xCA, 0xC1, 0xF1, 0x1F, 0x9E, 0x12, + 0xB2, 0xB8, 0xC7, 0x51, 0xEA, 0x28, 0xE1, 0x36, 0xB5, 0x2D, + 0xE6, 0x2F, 0x08, 0x23, 0xCB, 0xA9, 0x4A, 0x87, 0x25, 0xC6, + 0x5D, 0x89, 0x45, 0xEA, 0xF5, 0x00, 0x98, 0xAC, 0x76, 0xFB, + 0x1B, 0xAF, 0xF0, 0xCE, 0x64, 0x9E, 0xDA, 0x08, 0xBF, 0xB6, + 0xEB, 0xB4, 0xB5, 0x0C, 0xA0, 0xE7, 0xF6, 0x47, 0x59, 0x1C, + 0x61, 0xCF, 0x2E, 0x0E, 0x58, 0xA4, 0x82, 0xAC, 0x0F, 0x3F, + 0xEC, 0xC4, 0xAE, 0x80, 0xF7, 0xB0, 0x8A, 0x1E, 0x85, 0x41, + 0xE8, 0xFF, 0xFE, 0xFE, 0x4F, 0x1A, 0x24, 0xD5, 0x49, 0xFA, + 0xFB, 0xFE, 0x5E, 0xE5, 0xD3, 0x91, 0x0E, 0x4F, 0x4E, 0x0C, + 0x21, 0x51, 0x71, 0x83, 0x04, 0x6B, 0x62, 0x7B, 0x4F, 0x59, + 0x76, 0x48, 0x81, 0x1E, 0xB4, 0xF7, 0x04, 0x47, 0x8A, 0x91, + 0x57, 0xA3, 0x11, 0xA9, 0xF2, 0x20, 0xB4, 0x78, 0x33, 0x62, + 0x3D, 0xB0, 0x5E, 0x0D, 0xF9, 0x86, 0x38, 0x82, 0xDA, 0xA1, + 0x98, 0x8D, 0x19, 0x06, 0x87, 0x21, 0x39, 0xB7, 0x02, 0xF7, + 0xDA, 0x7D, 0x58, 0xBA, 0x52, 0x15, 0xD8, 0x3B, 0xC9, 0x7B, + 0x58, 0x34, 0xA0, 0xC7, 0xE2, 0x7C, 0xA9, 0x83, 0x13, 0xE1, + 0xB6, 0xEC, 0x01, 0xBF, 0x52, 0x33, 0x0B, 0xC4, 0xFE, 0x43, + 0xD3, 0xC6, 0xA4, 0x8E, 0x2F, 0x87, 0x7F, 0x7A, 0x44, 0xEA, + 0xCA, 0x53, 0x6C, 0x85, 0xED, 0x65, 0x76, 0x73, 0x31, 0x03, + 0x4E, 0xEA, 0xBD, 0x35, 0x54, 0x13, 0xF3, 0x64, 0x87, 0x6B, + 0xDF, 0x34, 0xDD, 0x34, 0xA1, 0x88, 0x3B, 0xDB, 0x4D, 0xAF, + 0x1B, 0x64, 0x90, 0x92, 0x71, 0x30, 0x8E, 0xC8, 0xCC, 0xE5, + 0x60, 0x24, 0xAF, 0x31, 0x16, 0x39, 0x33, 0x91, 0x50, 0xF9, + 0xAB, 0x68, 0x42, 0x74, 0x7A, 0x35, 0xD9, 0xDD, 0xC8, 0xC4, + 0x52 +}; +static const int sizeof_ca_cert_chain_der = sizeof(ca_cert_chain_der); + +/* ./certs/server-key.der, 2048-bit */ +static const unsigned char server_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, + 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45, + 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E, + 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, + 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, + 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, + 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0, + 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, + 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, + 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, + 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00, + 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, + 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, + 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, + 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3, + 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD, + 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, + 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, + 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1, + 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F, + 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, + 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, + 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, + 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, + 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, + 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, + 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50, 0x01, 0xEF, 0x9F, 0xED, + 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7, 0x92, + 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, + 0xC6, 0x79, 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, + 0x95, 0x77, 0xCB, 0xC3, 0x9A, 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, + 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA, 0x67, 0x16, + 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, + 0xFB, 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, + 0x98, 0x6B, 0x65, 0x9A, 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, + 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22, 0x60, 0x2A, 0x73, + 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4, + 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, + 0x25, 0x4E, 0x9F, 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, + 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64, 0xCA, 0x9A, 0x5B, 0x05, + 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32, 0x22, + 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, + 0x74, 0xD3, 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, + 0x7A, 0x97, 0x2E, 0xD6, 0xB6, 0x19, 0xC6, 0x92, 0x26, 0xE4, + 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9, 0x78, 0x0D, + 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, + 0x41, 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, + 0xD2, 0x60, 0xF2, 0x9F, 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, + 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C, 0xE6, 0x55, 0x34, + 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A, + 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, + 0xF1, 0x58, 0x58, 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, + 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9, 0x10, 0x32, 0xB7, 0x93, + 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6, 0xB5, + 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, + 0x1B, 0xAC, 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, + 0x19, 0xB8, 0xC3, 0x60, 0xB1, 0x57, 0x48, 0x5F, 0x52, 0x4F, + 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43, 0x50, 0x3F, + 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, + 0xAD, 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, + 0x70, 0x9C, 0x0A, 0x7C, 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, + 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD, 0x15, 0x73, 0xDA, + 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0, + 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, + 0xC6, 0xB1, 0x53, 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, + 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D, 0xB7, 0x5C, 0x5C, 0x7C, + 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63, 0xB3, + 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, + 0x8E, 0x7B, 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, + 0x7D, 0xEA, 0xFE, 0x76, 0xA1, 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, + 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B, 0x5B, 0x0F, + 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, + 0xED, 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, + 0x13, 0x23, 0x4C, 0xCB, 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, + 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C, 0xC1, 0x85, 0x5F, + 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3, + 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, + 0x5F, 0x53, 0xA4, 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, + 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB, 0xD5, 0xFE, 0xF9, 0x52, + 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52, 0x2F, + 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, + 0x52, 0xDA, 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, + 0xD3, 0x18, 0x14, 0x72, 0x77, 0x5E, 0xC7, 0xA3, 0x04, 0x1F, + 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3, 0xF2, 0xB5, + 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, + 0x5F, 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, + 0x56, 0xC0, 0xD4, 0x22, 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, + 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95, 0x92, 0x31, 0x41, + 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39, + 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, + 0x22, 0x00, 0xFE, 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, + 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41, 0x56, 0x28, 0x51, 0x9E, + 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2, 0x6C, + 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, + 0xD4, 0x0C, 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, + 0xD4, 0xE6, 0xDC, 0x4C, 0xED, 0xD7, 0x16, 0x11, 0xC3, 0x3E, + 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE, 0xBB, 0x75, + 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, + 0xC5, 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, + 0x6E, 0x99, 0x87, 0xF8, 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, + 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF, 0x16, 0xCA, 0x8B, + 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC, + 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, + 0x9D, 0xE0, 0x63, 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, + 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D, 0x45, 0xF9, 0x40, 0x8C, + 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C, 0xAC, + 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, + 0xE5, 0x8A, 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, + 0x86, 0x09, 0xB8, 0xD8, 0x76, 0xA7, 0xC9, 0x1C, 0x71, 0x52, + 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD, 0x61, 0x1B, + 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, + 0x43, 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, + 0x5E, 0xCF, 0x4F, 0xFC, 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, + 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5, 0x29, 0xD0, 0x44, + 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2, + 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, + 0x7C, 0x9A, 0x1F, 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, + 0x3B, 0xF1, 0xB0 +}; +static const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048); + +/* ./certs/server-cert.der, 2048-bit */ +static const unsigned char server_cert_der_2048[] = +{ + 0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, + 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, + 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, + 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6F, + 0x72, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, + 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, + 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, + 0x2F, 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, + 0xA8, 0x67, 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, + 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, + 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, + 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, + 0x95, 0x73, 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, + 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, + 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, + 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, + 0x78, 0x73, 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, + 0x19, 0x01, 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, + 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, + 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, + 0xB5, 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, + 0x5F, 0x1C, 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, + 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, + 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, + 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, + 0x95, 0xA1, 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, + 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, + 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, + 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, + 0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 0x30, 0x81, + 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, 0x84, 0xE2, + 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, 0x1F, 0x0E, + 0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, + 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, + 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, + 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, + 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, + 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x86, 0xFF, + 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0xB4, 0x54, 0x60, 0xAD, 0xA0, 0x03, 0x32, 0xDE, 0x02, 0x7F, + 0x21, 0x4A, 0x81, 0xC6, 0xED, 0xCD, 0xCD, 0xD8, 0x12, 0x8A, + 0xC0, 0xBA, 0x82, 0x5B, 0x75, 0xAD, 0x54, 0xE3, 0x7C, 0x80, + 0x6A, 0xAC, 0x2E, 0x6C, 0x20, 0x4E, 0xBE, 0x4D, 0x82, 0xA7, + 0x47, 0x13, 0x5C, 0xF4, 0xC6, 0x6A, 0x2B, 0x10, 0x99, 0x58, + 0xDE, 0xAB, 0x6B, 0x7C, 0x22, 0x05, 0xC1, 0x83, 0x9D, 0xCB, + 0xFF, 0x3C, 0xE4, 0x2D, 0x57, 0x6A, 0xA6, 0x96, 0xDF, 0xD3, + 0xC1, 0x68, 0xE3, 0xD2, 0xC6, 0x83, 0x4B, 0x97, 0xE2, 0xC6, + 0x32, 0x0E, 0xBE, 0xC4, 0x03, 0xB9, 0x07, 0x8A, 0x5B, 0xB8, + 0x84, 0xBA, 0xC5, 0x39, 0x3F, 0x1C, 0x58, 0xA7, 0x55, 0xD7, + 0xF0, 0x9B, 0xE8, 0xD2, 0x45, 0xB9, 0xE3, 0x83, 0x2E, 0xEE, + 0xB6, 0x71, 0x56, 0xB9, 0x3A, 0xEE, 0x3F, 0x27, 0xD8, 0x77, + 0xE8, 0xFB, 0x44, 0x48, 0x65, 0x27, 0x47, 0x4C, 0xFB, 0xFE, + 0x72, 0xC3, 0xAC, 0x05, 0x7B, 0x1D, 0xCB, 0xEB, 0x5E, 0x65, + 0x9A, 0xAB, 0x02, 0xE4, 0x88, 0x5B, 0x3B, 0x8B, 0x0B, 0xC7, + 0xCC, 0xA9, 0xA6, 0x8B, 0xE1, 0x87, 0xB0, 0x19, 0x1A, 0x0C, + 0x28, 0x58, 0x6F, 0x99, 0x52, 0x7E, 0xED, 0xB0, 0x3A, 0x68, + 0x3B, 0x8C, 0x0A, 0x08, 0x74, 0x72, 0xAB, 0xB9, 0x09, 0xC5, + 0xED, 0x04, 0x7E, 0x6F, 0x0B, 0x1C, 0x09, 0x21, 0xD0, 0xCD, + 0x7F, 0xF9, 0xC4, 0x5E, 0x27, 0x20, 0xE4, 0x85, 0x73, 0x52, + 0x05, 0xD2, 0xBA, 0xF8, 0xD5, 0x8F, 0x41, 0xCC, 0x23, 0x2E, + 0x12, 0x6D, 0xBC, 0x31, 0x98, 0xE7, 0x63, 0xA3, 0x8E, 0x26, + 0xCD, 0xE8, 0x2B, 0x88, 0xEE, 0xE2, 0xFE, 0x3A, 0x74, 0x52, + 0x34, 0x0E, 0xFD, 0x12, 0xE5, 0x5E, 0x69, 0x50, 0x20, 0x31, + 0x34, 0xE4, 0x31, 0xF1, 0xE7, 0xE4, 0x5B, 0x03, 0x13, 0xDA, + 0xAC, 0x41, 0x6C, 0xE7, 0xCF, 0x2B +}; +static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); + +#endif /* USE_CERT_BUFFERS_2048 */ + +#ifdef USE_CERT_BUFFERS_3072 + +/* ./certs/dh3072.der, 3072-bit */ +static const unsigned char dh_key_der_3072[] = +{ + 0x30, 0x82, 0x01, 0x88, 0x02, 0x82, 0x01, 0x81, 0x00, 0x89, + 0x1B, 0x75, 0x3F, 0x84, 0xB6, 0x11, 0xED, 0x21, 0xF1, 0x08, + 0x0F, 0xB8, 0x06, 0xC9, 0xA3, 0xC9, 0x41, 0xDB, 0x5A, 0xC8, + 0xF8, 0x82, 0x73, 0x0F, 0xEB, 0x89, 0x1E, 0x54, 0x18, 0xBE, + 0xE6, 0x48, 0x41, 0x9E, 0xFA, 0xC2, 0x0C, 0x50, 0x67, 0xC3, + 0x5D, 0xB5, 0xF5, 0x0F, 0x23, 0x6A, 0x43, 0x33, 0x91, 0xD9, + 0x40, 0xF3, 0x66, 0xC6, 0x99, 0xFF, 0x97, 0xB6, 0x7B, 0xAF, + 0x27, 0x72, 0x3B, 0x9F, 0x7E, 0x58, 0x18, 0x14, 0x9F, 0x91, + 0x6E, 0x2B, 0x11, 0xC1, 0x57, 0x49, 0x27, 0x36, 0x78, 0xE1, + 0x09, 0x68, 0x9C, 0x05, 0x5A, 0xAC, 0xE6, 0x00, 0x38, 0xBE, + 0x95, 0x74, 0x81, 0x53, 0x28, 0xF0, 0xAD, 0xDF, 0xB5, 0x87, + 0x1C, 0x72, 0x17, 0x4E, 0xEC, 0x00, 0x91, 0x22, 0xAA, 0xE4, + 0x88, 0xD7, 0xF5, 0x3D, 0x1F, 0x03, 0x13, 0x2D, 0x1C, 0xFB, + 0xDE, 0x59, 0x68, 0xAD, 0xE0, 0x17, 0xA1, 0xEE, 0x8D, 0xCC, + 0xBF, 0xFE, 0xCF, 0x24, 0x42, 0xED, 0x26, 0xDD, 0x29, 0xD0, + 0x4E, 0x62, 0x3C, 0x85, 0x36, 0x1B, 0x5F, 0x6A, 0x47, 0x88, + 0x21, 0xE5, 0x1B, 0x85, 0x0A, 0x2C, 0xE9, 0x2F, 0xE0, 0x20, + 0xFC, 0x1D, 0xCD, 0x55, 0x66, 0xF5, 0xAC, 0x32, 0x00, 0x8E, + 0xA3, 0xE9, 0xED, 0xFB, 0x35, 0xA7, 0xE6, 0x76, 0x53, 0x42, + 0xC6, 0x77, 0x77, 0xAB, 0x90, 0x99, 0x7C, 0xC2, 0xEC, 0xC9, + 0x18, 0x4A, 0x3C, 0xF4, 0x11, 0x75, 0x27, 0x83, 0xBD, 0x9E, + 0xC2, 0x8F, 0x23, 0xAB, 0x52, 0x46, 0xE2, 0x52, 0x5D, 0x9A, + 0x04, 0xC3, 0x15, 0x1F, 0x69, 0x9C, 0x72, 0x69, 0x59, 0x52, + 0xD4, 0x69, 0x3D, 0x19, 0x77, 0x36, 0x25, 0xAF, 0x07, 0x71, + 0x82, 0xDE, 0xB7, 0x24, 0x60, 0x82, 0x6A, 0x72, 0xBB, 0xED, + 0xB6, 0x76, 0xAE, 0x7E, 0xBC, 0x7D, 0x2F, 0x73, 0x4B, 0x04, + 0x16, 0xD5, 0xA4, 0xF3, 0x03, 0x26, 0xFB, 0xF3, 0xCD, 0x7B, + 0x77, 0x7E, 0x7C, 0x8D, 0x65, 0xAE, 0xA5, 0xDC, 0x6C, 0xE3, + 0x70, 0xD2, 0x29, 0x6B, 0xF2, 0xEB, 0x76, 0xC9, 0xE5, 0x46, + 0x18, 0x12, 0x57, 0xB0, 0x55, 0xA5, 0x7C, 0xCD, 0x41, 0x93, + 0x26, 0x99, 0xF7, 0xA5, 0xC5, 0x34, 0xBE, 0x59, 0x79, 0xDE, + 0x0A, 0x57, 0x5F, 0x21, 0xF8, 0x98, 0x52, 0xF0, 0x2F, 0x7B, + 0x57, 0xB6, 0x9D, 0xFC, 0x40, 0xA6, 0x55, 0xFB, 0xAF, 0xD9, + 0x16, 0x9B, 0x20, 0x4F, 0xA8, 0xA3, 0x0B, 0x04, 0x48, 0xE3, + 0x77, 0x22, 0xC4, 0xCC, 0x57, 0x14, 0x33, 0xA2, 0xF0, 0x9A, + 0xE3, 0x12, 0xBD, 0xFF, 0x72, 0x8B, 0xEE, 0x52, 0xF3, 0xC9, + 0x59, 0xC2, 0xA2, 0x6B, 0xA5, 0x75, 0x48, 0x51, 0x82, 0x0E, + 0x7A, 0xFF, 0xFE, 0x41, 0xCD, 0x7C, 0x63, 0xD2, 0x53, 0xA8, + 0x11, 0x03, 0xB9, 0x03, 0x07, 0xFE, 0x66, 0x38, 0x5F, 0xA2, + 0x3E, 0x9C, 0x1B, 0x02, 0x01, 0x02 +}; +static const int sizeof_dh_key_der_3072 = sizeof(dh_key_der_3072); + +/* ./certs/dsa3072.der, 3072-bit */ +static const unsigned char dsa_key_der_3072[] = +{ + 0x30, 0x82, 0x04, 0xD7, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x81, 0x00, 0xB5, 0xD0, 0x2F, 0x55, 0xC1, 0x27, 0x4C, 0x5B, + 0x28, 0x81, 0x4E, 0xA4, 0x32, 0x0D, 0x73, 0x54, 0x68, 0x4F, + 0x0A, 0x36, 0x68, 0x4A, 0x51, 0xBE, 0xDE, 0x49, 0xD4, 0x9D, + 0xCE, 0xC6, 0xF7, 0x01, 0x70, 0xD2, 0x88, 0x90, 0x1D, 0x60, + 0x30, 0x9B, 0x0A, 0x9C, 0x23, 0xDA, 0xE0, 0x74, 0x46, 0x5B, + 0xC7, 0x41, 0x40, 0x5C, 0xD9, 0x7A, 0xBE, 0x78, 0xCA, 0x49, + 0xF5, 0x2D, 0x7B, 0xD7, 0xBF, 0x67, 0x0D, 0x84, 0x28, 0xBB, + 0x9D, 0xC2, 0xAB, 0x23, 0x06, 0x28, 0x0C, 0x98, 0x46, 0x43, + 0xCE, 0x6F, 0x9E, 0xD0, 0xE9, 0x0E, 0xF3, 0x7E, 0x30, 0x5D, + 0xD3, 0x45, 0x44, 0x7B, 0x0C, 0x7A, 0x73, 0xA6, 0x95, 0x65, + 0xAA, 0x8B, 0xD8, 0x75, 0x6A, 0x11, 0xB3, 0x10, 0x7C, 0x57, + 0xAF, 0xCE, 0xBE, 0x5B, 0xF7, 0xC8, 0xFE, 0x42, 0xA3, 0x77, + 0xB7, 0x0B, 0x3D, 0x66, 0xB5, 0x08, 0x74, 0x22, 0x74, 0x26, + 0xE6, 0xDB, 0x8E, 0xEF, 0xA3, 0x99, 0xAE, 0x0B, 0x42, 0x8C, + 0x5F, 0x7E, 0x48, 0xE9, 0x19, 0x90, 0xA8, 0x35, 0xA9, 0xFC, + 0x48, 0x0D, 0xC8, 0xB8, 0xE4, 0x1A, 0x0C, 0x26, 0xC7, 0x1A, + 0x20, 0x02, 0xEB, 0x72, 0x2E, 0x94, 0xD6, 0x19, 0x34, 0x39, + 0x55, 0x4E, 0xFC, 0x53, 0x48, 0xD8, 0x10, 0x89, 0xA1, 0x6E, + 0x22, 0x39, 0x71, 0x15, 0xA6, 0x13, 0xBC, 0x77, 0x49, 0x53, + 0xCB, 0x16, 0x4B, 0x56, 0x3D, 0x08, 0xA2, 0x71, 0x0E, 0x06, + 0x0C, 0x3A, 0xDE, 0x82, 0xC0, 0xDF, 0xE7, 0x96, 0x57, 0xD7, + 0x3F, 0x6B, 0xF0, 0xAE, 0xD1, 0x38, 0xB8, 0x5B, 0x83, 0x77, + 0x8B, 0xEB, 0x2B, 0xDA, 0x38, 0xC8, 0x4C, 0xA9, 0x48, 0x52, + 0xD8, 0x41, 0x03, 0xD3, 0x11, 0x1C, 0x66, 0x9E, 0xDE, 0xC9, + 0x78, 0x5A, 0xE1, 0x7B, 0xEA, 0x6F, 0xD6, 0xCA, 0x6A, 0x2F, + 0x01, 0xB2, 0x83, 0x37, 0x25, 0xD9, 0x9C, 0xD4, 0xB0, 0x21, + 0xD9, 0x8F, 0xA6, 0xF8, 0xD6, 0x21, 0x82, 0xBB, 0x08, 0x64, + 0x28, 0x0E, 0x0C, 0x26, 0xE6, 0xA5, 0x69, 0xE0, 0x23, 0xE9, + 0xB3, 0xC4, 0xF9, 0xDE, 0xC6, 0xD6, 0x32, 0x00, 0x66, 0x9B, + 0x8A, 0x0B, 0x6F, 0xDE, 0xB8, 0xDD, 0x68, 0x7F, 0x9D, 0x68, + 0x59, 0x6B, 0x55, 0xD9, 0x53, 0x01, 0x7B, 0x1A, 0x1C, 0x8D, + 0xBF, 0xAF, 0xC0, 0xB1, 0x14, 0x9E, 0xC1, 0x8D, 0x3E, 0x1E, + 0xFB, 0x40, 0xF9, 0x6D, 0x48, 0x43, 0xCD, 0x6C, 0xE8, 0xBC, + 0x3C, 0x7C, 0x35, 0x3C, 0x65, 0x6D, 0xA0, 0x25, 0x87, 0xBF, + 0xEC, 0x9B, 0x12, 0x74, 0x48, 0xC8, 0xE4, 0xBF, 0x53, 0x53, + 0x47, 0x78, 0xD9, 0x9B, 0x1A, 0xA5, 0x07, 0x46, 0x15, 0x16, + 0xD2, 0x33, 0x93, 0xCC, 0x41, 0x9B, 0xB7, 0x22, 0xDF, 0x07, + 0xDD, 0x72, 0xC6, 0x1A, 0x9B, 0x92, 0xE7, 0x32, 0x04, 0xAB, + 0x94, 0x80, 0xBD, 0x58, 0xF2, 0x35, 0x02, 0x21, 0x00, 0x9A, + 0xDD, 0x98, 0x1A, 0x6F, 0xEA, 0xB5, 0x8B, 0xC9, 0x68, 0x18, + 0x81, 0xE4, 0x4C, 0xFD, 0x8E, 0x45, 0xCF, 0x5F, 0x0E, 0x62, + 0x1E, 0x7D, 0x2D, 0x4A, 0x4C, 0x5D, 0x7F, 0xF8, 0xD8, 0x52, + 0xD7, 0x02, 0x82, 0x01, 0x81, 0x00, 0x84, 0xDF, 0xAB, 0x91, + 0x61, 0xE4, 0x2B, 0x07, 0x0A, 0x1C, 0xC7, 0x9C, 0xD7, 0xAC, + 0x8D, 0xA5, 0xAA, 0x41, 0x65, 0x9E, 0x4A, 0xED, 0x21, 0x45, + 0x96, 0xF7, 0xF7, 0xCB, 0x7A, 0x88, 0x19, 0x0F, 0x36, 0x80, + 0x25, 0x2F, 0x23, 0x0D, 0xFF, 0x6C, 0x0D, 0x02, 0xBB, 0x6A, + 0x79, 0x6A, 0xCB, 0x05, 0x00, 0x9B, 0x77, 0xED, 0x6B, 0xF3, + 0xC2, 0xEA, 0x1A, 0xDF, 0xB8, 0x15, 0xA8, 0x92, 0x19, 0x5A, + 0x51, 0x3B, 0x76, 0x06, 0x98, 0x47, 0xC7, 0x6F, 0x76, 0x99, + 0xAD, 0x50, 0xC5, 0x98, 0xE7, 0xFF, 0x88, 0xBC, 0x49, 0x77, + 0xEF, 0x96, 0x75, 0xE2, 0x36, 0x66, 0x1F, 0x0C, 0xFA, 0x57, + 0x1E, 0x11, 0xFF, 0x8F, 0x3C, 0xD0, 0xEA, 0x97, 0x25, 0x3F, + 0xFA, 0xD1, 0x4F, 0xBA, 0xDF, 0xE3, 0x35, 0xFB, 0x6E, 0x5C, + 0x65, 0xF9, 0xA2, 0x26, 0x43, 0xF2, 0xF4, 0xE0, 0x05, 0x3D, + 0xC6, 0x5B, 0xC4, 0x21, 0xE7, 0xB1, 0x02, 0xEB, 0xF2, 0xA9, + 0x06, 0x5E, 0xB7, 0x1B, 0xC1, 0xD8, 0x86, 0x34, 0xED, 0x84, + 0x89, 0xCE, 0xCE, 0xC2, 0x63, 0x78, 0x67, 0xF8, 0xC3, 0xAA, + 0x7C, 0x1C, 0x59, 0x32, 0xE4, 0x77, 0xA2, 0x36, 0x31, 0xFE, + 0x4B, 0x9C, 0x98, 0xCE, 0x01, 0x55, 0x61, 0xCE, 0x23, 0xAE, + 0x0F, 0x7E, 0x24, 0x8B, 0x54, 0x8A, 0xE4, 0xCB, 0x8E, 0xDC, + 0x7A, 0x94, 0x4C, 0xF9, 0x3C, 0xF8, 0x67, 0x68, 0x9D, 0x7A, + 0x82, 0xA1, 0xA0, 0x01, 0xC7, 0x1B, 0x8D, 0xA0, 0xC0, 0x53, + 0x1E, 0x93, 0xC7, 0x86, 0x12, 0xD3, 0x16, 0xDC, 0x28, 0xA0, + 0xD1, 0x0D, 0x1E, 0x42, 0x9A, 0xCB, 0x55, 0x8C, 0x22, 0x7F, + 0x41, 0xC3, 0xC9, 0x14, 0xF2, 0xB0, 0x73, 0xA1, 0x4D, 0x72, + 0xFD, 0x88, 0xB6, 0xDE, 0xE5, 0xF0, 0x3C, 0x3A, 0x7E, 0x68, + 0x3E, 0x82, 0x58, 0x60, 0xCD, 0xB4, 0x08, 0x64, 0x18, 0xB2, + 0x24, 0x97, 0x13, 0xA6, 0x07, 0x75, 0xBE, 0xE0, 0x14, 0x92, + 0x9A, 0x98, 0x6C, 0x08, 0x94, 0xD1, 0x0D, 0x48, 0x44, 0xC3, + 0xE3, 0xD5, 0xC0, 0x93, 0x49, 0x79, 0x2F, 0x67, 0x15, 0x76, + 0xD8, 0x90, 0x11, 0xDB, 0xEC, 0xA7, 0xE2, 0xDB, 0xD4, 0x4F, + 0x49, 0x5E, 0xEF, 0xC5, 0xB9, 0x77, 0x69, 0xDA, 0x02, 0xB7, + 0x23, 0xBC, 0xEA, 0xDC, 0x84, 0xD4, 0xA5, 0x5C, 0xA2, 0x6C, + 0xAD, 0x4A, 0x9F, 0xF0, 0x65, 0x48, 0xE9, 0xBF, 0xDF, 0xA5, + 0xB3, 0x99, 0xD6, 0x76, 0x08, 0x87, 0x2C, 0xF2, 0x29, 0x79, + 0xB2, 0x20, 0x7C, 0x6F, 0xC1, 0xC5, 0x3C, 0xB0, 0x50, 0x3F, + 0x72, 0xA5, 0x57, 0xE3, 0xB0, 0x62, 0x18, 0x80, 0x71, 0xB9, + 0x3F, 0x4D, 0x4E, 0x7C, 0xF6, 0x29, 0xDB, 0xB8, 0xAD, 0xF6, + 0x41, 0x69, 0x06, 0x90, 0x45, 0x7B, 0x95, 0x03, 0xE1, 0x9E, + 0xA5, 0xA1, 0x5A, 0xE3, 0x08, 0x26, 0x73, 0xFC, 0x2B, 0x20, + 0x02, 0x82, 0x01, 0x81, 0x00, 0xA5, 0x52, 0x8F, 0x53, 0xF0, + 0xB9, 0x4F, 0x06, 0xB9, 0xC8, 0xB4, 0x50, 0xA4, 0x39, 0xBA, + 0x12, 0x92, 0x75, 0x27, 0x43, 0xA8, 0x30, 0xA9, 0xF2, 0x2A, + 0xC6, 0x93, 0x26, 0x3C, 0x8C, 0x9F, 0xA2, 0x6F, 0x53, 0xD9, + 0x14, 0xAB, 0x3F, 0x00, 0xC6, 0x11, 0x13, 0x90, 0x6A, 0x42, + 0xF2, 0x9D, 0xA3, 0x8F, 0x31, 0x32, 0x46, 0x73, 0xA3, 0x93, + 0x57, 0x5D, 0x76, 0x45, 0x49, 0x6C, 0xBD, 0xEA, 0xAF, 0xAA, + 0xB3, 0x55, 0x25, 0x11, 0x8E, 0xA5, 0x2A, 0xB1, 0xBA, 0xA5, + 0x06, 0x4A, 0x66, 0xAA, 0x78, 0x9E, 0xF6, 0x5C, 0x1E, 0xB1, + 0x4A, 0xCA, 0x5C, 0x3F, 0x1D, 0x33, 0x75, 0x91, 0xF2, 0xF9, + 0x53, 0x14, 0x2F, 0xDC, 0xF0, 0x4C, 0xA4, 0xF4, 0x50, 0x04, + 0x1F, 0xFF, 0xC9, 0x0C, 0xC6, 0x8A, 0x04, 0x8B, 0x80, 0x87, + 0xA7, 0x70, 0x49, 0xD7, 0xE4, 0xE7, 0x83, 0xF1, 0x86, 0x1A, + 0xB0, 0x85, 0x3C, 0x59, 0x04, 0x96, 0xD1, 0x85, 0x47, 0xA1, + 0x57, 0x7D, 0xC6, 0x8E, 0x60, 0x7D, 0xC6, 0xE8, 0x18, 0xB3, + 0x1F, 0xB8, 0x99, 0xF0, 0xC4, 0xE5, 0x1E, 0xBC, 0x34, 0x07, + 0x8E, 0x40, 0x57, 0xA5, 0x8D, 0x3A, 0xA3, 0x88, 0x96, 0xF1, + 0xB3, 0x61, 0xF1, 0x1C, 0x96, 0x8A, 0xA4, 0x9E, 0xCD, 0x21, + 0xA2, 0x94, 0xAE, 0x5E, 0x1F, 0xCD, 0x5B, 0x5B, 0xE3, 0x88, + 0x1E, 0x17, 0x4A, 0x46, 0xAB, 0x9C, 0xE0, 0x59, 0x03, 0x4A, + 0xB8, 0xC8, 0x83, 0xE7, 0xFF, 0x39, 0x27, 0x68, 0x80, 0xA0, + 0x8E, 0xB3, 0xA2, 0x00, 0xC6, 0x2D, 0x2C, 0x76, 0xBA, 0x90, + 0x7C, 0x03, 0x1B, 0x19, 0xC8, 0x33, 0xB2, 0x12, 0x3A, 0xC8, + 0x8D, 0x32, 0xFE, 0xC0, 0xF9, 0xA5, 0x6A, 0x63, 0xE2, 0xA4, + 0x12, 0x43, 0x19, 0xF5, 0x14, 0xF2, 0x27, 0xF8, 0x0B, 0xBD, + 0x1A, 0x22, 0x64, 0x2D, 0xC9, 0x05, 0xFA, 0xD8, 0xDD, 0x11, + 0x1A, 0xD3, 0xF2, 0xBC, 0x99, 0x3A, 0xCD, 0x21, 0xCF, 0x10, + 0x14, 0x36, 0xDF, 0xED, 0x66, 0x02, 0x03, 0x4A, 0x42, 0x70, + 0x71, 0x22, 0xAD, 0xE7, 0x53, 0x91, 0xF4, 0x40, 0x8F, 0x72, + 0x7E, 0x54, 0xA0, 0x5D, 0x58, 0x93, 0xD6, 0xF6, 0xBC, 0x87, + 0x1A, 0x68, 0x0F, 0xAB, 0x94, 0x20, 0x70, 0xC2, 0x11, 0xA1, + 0x14, 0xBC, 0x06, 0xA8, 0x44, 0xB9, 0x1F, 0x04, 0x49, 0x7E, + 0xB3, 0x9A, 0x53, 0x46, 0x05, 0x75, 0x5D, 0x29, 0x77, 0x28, + 0xA9, 0xB1, 0xDC, 0xF1, 0x0D, 0x8A, 0x1C, 0x5E, 0xCD, 0xD7, + 0x4C, 0x16, 0x6F, 0x88, 0xBF, 0xB3, 0x34, 0xE2, 0xAD, 0x9A, + 0xC4, 0x89, 0xE2, 0x2E, 0x5C, 0x20, 0xE1, 0x5F, 0x39, 0xBF, + 0xB7, 0x45, 0xD3, 0x0F, 0x98, 0xB0, 0xD8, 0xC9, 0x18, 0x91, + 0x17, 0x25, 0xBC, 0x53, 0x62, 0xFF, 0x27, 0x85, 0xBD, 0xE2, + 0xE3, 0x9C, 0xA8, 0x06, 0x7A, 0x54, 0xEA, 0xFD, 0xEA, 0x02, + 0x20, 0x4C, 0xAC, 0x69, 0x62, 0x08, 0xE5, 0xCD, 0x14, 0xC8, + 0x2D, 0x4E, 0xDF, 0x1F, 0x60, 0x1D, 0x93, 0x44, 0x86, 0x5D, + 0x73, 0x99, 0x40, 0x1B, 0xDC, 0xA9, 0xBA, 0xC4, 0x1B, 0x12, + 0x6C, 0xFF, 0x53 +}; +static const int sizeof_dsa_key_der_3072 = sizeof(dsa_key_der_3072); + +/* ./certs/rsa3072.der, 3072-bit */ +static const unsigned char rsa_key_der_3072[] = +{ + 0x30, 0x82, 0x06, 0xE4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x81, 0x00, 0xBC, 0x6D, 0x68, 0xFF, 0xC0, 0x07, 0x0E, 0x0C, + 0x4A, 0xE6, 0x76, 0x1F, 0x7A, 0x25, 0x3A, 0x75, 0xA7, 0xE2, + 0xF1, 0x17, 0x00, 0xF8, 0x85, 0xE6, 0x8F, 0x59, 0x14, 0xA7, + 0xDE, 0x8C, 0x74, 0x4B, 0xEB, 0x85, 0xEC, 0x49, 0x9B, 0xFF, + 0x4B, 0x43, 0x0A, 0x08, 0xA1, 0xEC, 0x64, 0x58, 0x47, 0x28, + 0xD5, 0xCE, 0x48, 0xE9, 0xCF, 0x34, 0xDF, 0x15, 0x20, 0x37, + 0x99, 0x0E, 0x3C, 0x81, 0xBE, 0x2E, 0xE4, 0x6C, 0xBB, 0xDE, + 0xD1, 0x93, 0xC5, 0xEC, 0x6C, 0xCC, 0x40, 0x0B, 0x46, 0xA1, + 0xE6, 0xCA, 0xA0, 0xD5, 0x3B, 0x44, 0x48, 0x79, 0x67, 0x52, + 0x6F, 0xDA, 0xED, 0x73, 0x8B, 0x7C, 0x33, 0xDA, 0x17, 0x96, + 0xE8, 0xA2, 0x91, 0x3C, 0x57, 0xDD, 0xC9, 0x2E, 0x01, 0x74, + 0x87, 0x33, 0xA0, 0x12, 0x7C, 0xBB, 0xF9, 0x53, 0xF4, 0xC4, + 0x31, 0x48, 0x53, 0xCB, 0xBB, 0x3C, 0x42, 0x43, 0x0C, 0x7A, + 0x7B, 0xB8, 0x2A, 0xFC, 0xDC, 0x70, 0xD5, 0x64, 0x16, 0x74, + 0xA8, 0x80, 0xDE, 0x16, 0xE0, 0xB2, 0x6C, 0x04, 0x47, 0x6C, + 0x25, 0xA6, 0x7F, 0xB4, 0x73, 0x49, 0xBC, 0xF3, 0xAE, 0xE3, + 0x93, 0x36, 0x87, 0x2B, 0xB7, 0x8F, 0xB5, 0x88, 0x88, 0x22, + 0x47, 0xDF, 0xBF, 0x4D, 0x3C, 0x2A, 0xBD, 0x3F, 0x2F, 0x11, + 0x29, 0xCC, 0x1C, 0x33, 0x40, 0x4E, 0x23, 0xF6, 0x25, 0xF0, + 0xAF, 0x02, 0x16, 0x48, 0xED, 0x1C, 0xD8, 0xC9, 0x92, 0x2F, + 0x5B, 0xAF, 0xBA, 0xDB, 0x60, 0x1E, 0x0E, 0xE1, 0x65, 0x91, + 0x96, 0xF8, 0x7D, 0x73, 0x4C, 0x72, 0x23, 0x33, 0xD5, 0x32, + 0x2B, 0x0F, 0x4F, 0xBC, 0x81, 0x45, 0x9E, 0x31, 0x76, 0xEF, + 0xE1, 0x76, 0x2D, 0x3F, 0x8F, 0xC4, 0x19, 0x8F, 0x27, 0x2A, + 0x8F, 0x6E, 0x76, 0xCC, 0xE0, 0x5D, 0xB0, 0x86, 0x66, 0xFE, + 0x72, 0xD9, 0x06, 0x40, 0xB6, 0xCE, 0x85, 0xC6, 0x2D, 0x34, + 0x33, 0xAA, 0x8E, 0xE5, 0x54, 0x8E, 0xB8, 0xBA, 0xEE, 0x92, + 0x07, 0x5D, 0xB5, 0xF1, 0x67, 0xBF, 0xCA, 0xE4, 0xCA, 0xCB, + 0xD9, 0x01, 0x73, 0x22, 0x01, 0x32, 0x39, 0xF4, 0x0A, 0xEC, + 0x5F, 0x4A, 0x00, 0x10, 0x3F, 0x01, 0x3D, 0x15, 0xBB, 0x55, + 0x91, 0x80, 0xBE, 0xD8, 0xD3, 0x59, 0xCC, 0xB0, 0x7C, 0x56, + 0xF7, 0xFF, 0xE0, 0x28, 0x40, 0x02, 0xB3, 0x98, 0x8A, 0x54, + 0x52, 0x60, 0xA5, 0x0B, 0x95, 0x53, 0x86, 0x6B, 0xA4, 0x35, + 0xCA, 0x04, 0xC7, 0xFB, 0x0A, 0xC8, 0x9D, 0x5A, 0x11, 0x40, + 0xF7, 0x60, 0x07, 0xB1, 0xB3, 0x42, 0xB6, 0x80, 0x8F, 0xE4, + 0x25, 0xC9, 0xE8, 0xBC, 0x8E, 0x21, 0x0D, 0x47, 0xCF, 0xB8, + 0x37, 0x09, 0xAF, 0xBF, 0x2C, 0x34, 0x09, 0x22, 0xC2, 0x6E, + 0x0D, 0x06, 0x30, 0x80, 0x1E, 0xA5, 0x8A, 0x46, 0x2D, 0xDC, + 0x57, 0xD4, 0x57, 0x82, 0x6A, 0x11, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAD, 0x99, 0xAF, 0xCF, + 0x51, 0x40, 0x2E, 0xB5, 0x2C, 0x9C, 0xBF, 0xDF, 0xA8, 0x4D, + 0x7C, 0x5A, 0xC1, 0xDE, 0xD8, 0x78, 0x75, 0x30, 0x83, 0x4D, + 0x34, 0x6C, 0xC2, 0x17, 0x17, 0x77, 0x17, 0xFE, 0x8A, 0x73, + 0xCC, 0x8A, 0xD4, 0xEA, 0x94, 0x90, 0xA3, 0x41, 0xE8, 0xCD, + 0x3E, 0x76, 0x06, 0xB9, 0x9C, 0xA2, 0x7D, 0x92, 0xCC, 0x90, + 0xCD, 0xA7, 0x4D, 0x13, 0x6C, 0x34, 0x2D, 0x92, 0xEB, 0x81, + 0x90, 0x7A, 0x8D, 0x6C, 0x70, 0x72, 0x51, 0x3B, 0xCD, 0xD1, + 0x30, 0x80, 0x33, 0x07, 0x1E, 0xF7, 0x38, 0xCE, 0xBB, 0xD7, + 0xE1, 0x5D, 0xD8, 0xCF, 0x9E, 0xB6, 0x79, 0x66, 0xA6, 0xF0, + 0x3B, 0x65, 0x87, 0xAE, 0x45, 0x8E, 0xE1, 0x78, 0x53, 0x0B, + 0xC7, 0x3A, 0x57, 0xA4, 0xE0, 0x9B, 0xB3, 0xB2, 0xD4, 0xB0, + 0xEA, 0xB9, 0x6B, 0x1D, 0x06, 0xBA, 0xB8, 0x59, 0x4F, 0x9B, + 0xE9, 0x00, 0x95, 0x12, 0x93, 0xC1, 0xCD, 0xF9, 0x41, 0xAF, + 0xC3, 0x2A, 0x7F, 0x75, 0xE3, 0x79, 0x37, 0x24, 0xA4, 0xC8, + 0x3D, 0xB4, 0x83, 0x89, 0x23, 0xF7, 0x0E, 0x59, 0x56, 0x8E, + 0x6D, 0x43, 0xA5, 0xB1, 0x8E, 0x04, 0x02, 0xED, 0x48, 0x25, + 0x62, 0xFE, 0xF3, 0x4D, 0x82, 0x22, 0xA6, 0xC1, 0xA5, 0xD9, + 0x4A, 0x9A, 0x57, 0xE6, 0xDC, 0x37, 0x6D, 0x13, 0xDA, 0xFF, + 0x23, 0x2A, 0xB9, 0x31, 0xD2, 0x4B, 0x7D, 0xF3, 0x02, 0x90, + 0xF6, 0x28, 0x3D, 0x98, 0x3C, 0xF6, 0x43, 0x45, 0xAE, 0xAB, + 0x91, 0x15, 0xC7, 0xC4, 0x90, 0x9C, 0x3E, 0xDA, 0xD4, 0x20, + 0x12, 0xB2, 0xE1, 0x2B, 0x56, 0xE2, 0x38, 0x32, 0x9C, 0xE6, + 0xA9, 0x1D, 0xFE, 0xA5, 0xEE, 0xD7, 0x52, 0xB4, 0xE3, 0xE4, + 0x65, 0xEA, 0x41, 0x9D, 0xD4, 0x91, 0x83, 0x5D, 0xFF, 0x52, + 0xA7, 0xC3, 0x42, 0x9F, 0x14, 0x70, 0x9F, 0x98, 0x14, 0xB2, + 0x33, 0xEE, 0x4C, 0x5A, 0xC9, 0x5F, 0x16, 0xF6, 0x06, 0xE9, + 0xF3, 0x39, 0xD2, 0xC5, 0x31, 0x53, 0x2A, 0x39, 0xED, 0x3A, + 0x4D, 0x2A, 0xC1, 0x4C, 0x87, 0x82, 0xC6, 0xCA, 0xCF, 0xF5, + 0x9A, 0x71, 0x27, 0xAE, 0xFB, 0xFE, 0xD0, 0x66, 0xDB, 0xAA, + 0x03, 0x16, 0x4B, 0xEF, 0xB4, 0x28, 0xAB, 0xCF, 0xBE, 0x9B, + 0x58, 0xCF, 0xA4, 0x58, 0x82, 0xD2, 0x37, 0x8C, 0xEA, 0x3D, + 0x75, 0x4D, 0x0B, 0x46, 0x7A, 0x04, 0xDE, 0xF1, 0x6E, 0xBB, + 0x03, 0xBF, 0xF7, 0x8E, 0xE6, 0xF4, 0x9A, 0xE1, 0xCA, 0x26, + 0x2C, 0x41, 0x08, 0xAD, 0x21, 0xA7, 0xC2, 0x40, 0xF5, 0x9C, + 0xDD, 0xAB, 0xC5, 0x5A, 0x4C, 0xF4, 0xE6, 0x9A, 0x50, 0xFD, + 0xAA, 0x47, 0xD6, 0xA6, 0x07, 0x25, 0xB2, 0x4B, 0x9C, 0x1D, + 0x90, 0xA2, 0x4A, 0x98, 0xE0, 0x05, 0x8A, 0x5C, 0xD1, 0x2C, + 0xC0, 0x28, 0xD1, 0x84, 0x3C, 0x72, 0xFF, 0x83, 0xEA, 0xB1, + 0x02, 0x81, 0xC1, 0x00, 0xF8, 0xA0, 0x5F, 0x25, 0x2E, 0x23, + 0x73, 0x30, 0xB6, 0x97, 0xAF, 0x08, 0xE7, 0xD2, 0xD8, 0xC3, + 0x95, 0xEA, 0x9D, 0x8E, 0x9F, 0xF1, 0x36, 0x81, 0xD7, 0x7A, + 0x21, 0x2B, 0x90, 0x38, 0x9C, 0xA6, 0x08, 0x40, 0xEA, 0xD2, + 0x6E, 0x29, 0xB5, 0x0B, 0x3E, 0x91, 0xB2, 0x04, 0x92, 0xCF, + 0x94, 0xFF, 0xA6, 0xA7, 0x1A, 0x5F, 0x93, 0x0C, 0x86, 0xE6, + 0x4B, 0x61, 0xD4, 0x5E, 0xD7, 0xE3, 0x66, 0x0B, 0x83, 0xDB, + 0x16, 0x49, 0x27, 0xD5, 0xA3, 0xB3, 0xF5, 0x5D, 0x8F, 0xC9, + 0x48, 0x10, 0xD7, 0x77, 0x1E, 0x7B, 0x01, 0xC4, 0xFD, 0x14, + 0x0C, 0xAB, 0x40, 0xF7, 0x9B, 0x07, 0xDE, 0x55, 0xEF, 0x36, + 0x4C, 0x22, 0x37, 0x37, 0x09, 0x9D, 0x2A, 0x73, 0xA6, 0xA5, + 0xF4, 0xAF, 0x39, 0x2B, 0x87, 0xB4, 0xB2, 0x28, 0x9E, 0x08, + 0xA6, 0xCA, 0xB4, 0x39, 0x5A, 0x3A, 0xFB, 0x41, 0x93, 0xEC, + 0x44, 0xBB, 0xD2, 0x7C, 0x3B, 0x27, 0x3E, 0x26, 0xFD, 0x7B, + 0x20, 0xFC, 0x44, 0x67, 0xC0, 0x84, 0xD1, 0xA0, 0xCC, 0xBB, + 0x26, 0xC7, 0x32, 0x0E, 0x01, 0x9B, 0x2B, 0x1F, 0x58, 0x85, + 0x5A, 0x6C, 0xD0, 0xC1, 0xAC, 0x14, 0x5E, 0x06, 0x07, 0xCA, + 0x69, 0x52, 0xF5, 0xA6, 0x16, 0x75, 0x42, 0x8A, 0xE1, 0xBA, + 0x8B, 0x46, 0x38, 0x17, 0x7B, 0xF1, 0x7D, 0x79, 0x1F, 0x7E, + 0x4C, 0x6A, 0x75, 0xDC, 0xA8, 0x3B, 0x02, 0x81, 0xC1, 0x00, + 0xC2, 0x03, 0xFE, 0x57, 0xDF, 0x26, 0xD8, 0x79, 0xDC, 0x2C, + 0x47, 0x9B, 0x92, 0x9B, 0x53, 0x40, 0x82, 0xEC, 0xBD, 0x0B, + 0xC0, 0x96, 0x89, 0x21, 0xC5, 0x26, 0x7E, 0x7A, 0x59, 0xA7, + 0x85, 0x11, 0xCC, 0x39, 0x33, 0xA7, 0xE6, 0x42, 0x9C, 0x12, + 0x81, 0xA0, 0x87, 0xBC, 0x57, 0x07, 0xC4, 0x51, 0x93, 0x59, + 0xC6, 0xAB, 0x11, 0xCC, 0xCB, 0xC8, 0xC1, 0x40, 0xDF, 0xCB, + 0xE8, 0x45, 0x31, 0x20, 0x91, 0x88, 0x5F, 0x76, 0x76, 0xEE, + 0x30, 0x37, 0xFA, 0xA7, 0x22, 0x72, 0x82, 0x50, 0x31, 0xE9, + 0xA0, 0x44, 0xCA, 0xDD, 0xD6, 0xAC, 0xEC, 0x82, 0xE8, 0x62, + 0xD8, 0x43, 0xFD, 0x77, 0x0F, 0x1C, 0x23, 0x12, 0x91, 0x1C, + 0xFE, 0x93, 0x2C, 0x87, 0x52, 0xBF, 0x96, 0x79, 0x5E, 0x3A, + 0x5A, 0x33, 0x28, 0x27, 0x3F, 0x20, 0x2C, 0xB3, 0x26, 0xE2, + 0x0D, 0x44, 0xA9, 0x2F, 0x39, 0x7B, 0x7B, 0xAD, 0xA3, 0x21, + 0xD2, 0x7F, 0x3C, 0x89, 0x63, 0xDD, 0x13, 0xB1, 0x2E, 0xD6, + 0x34, 0xFB, 0x2A, 0x83, 0x29, 0xE7, 0x8A, 0x88, 0xD7, 0xA3, + 0x38, 0x3C, 0x43, 0x62, 0x8F, 0x69, 0xFA, 0x4B, 0x15, 0xB5, + 0xF6, 0x59, 0x90, 0x62, 0x7D, 0xCF, 0x1D, 0xDD, 0x49, 0x43, + 0x33, 0x96, 0xA9, 0xF7, 0x76, 0x9F, 0xE4, 0x0D, 0x6E, 0x1C, + 0xEA, 0x18, 0x5B, 0xBD, 0x5C, 0x98, 0x90, 0x09, 0xCA, 0x59, + 0x9E, 0x23, 0x02, 0x81, 0xC0, 0x66, 0xFF, 0x99, 0x2A, 0xFF, + 0xF8, 0x33, 0xAA, 0x44, 0x9A, 0x86, 0x2A, 0xBC, 0x4F, 0x3E, + 0xF9, 0x97, 0xCB, 0xC0, 0x45, 0xEB, 0xC0, 0xB4, 0x02, 0x0A, + 0x50, 0x50, 0x19, 0x89, 0xFF, 0xC9, 0xF5, 0x86, 0x89, 0xCE, + 0x3E, 0x2A, 0xE1, 0x20, 0x5D, 0x6E, 0x28, 0x51, 0x85, 0x4F, + 0x84, 0xAB, 0x87, 0x55, 0x74, 0xF8, 0x9A, 0x0B, 0x83, 0x2F, + 0x07, 0x8C, 0xC7, 0x14, 0x81, 0xCE, 0x12, 0x28, 0x9E, 0x30, + 0x9B, 0xBC, 0x99, 0xC5, 0xE4, 0xDD, 0x92, 0x99, 0xDD, 0x8E, + 0xC9, 0xA6, 0x0F, 0x44, 0x13, 0xD7, 0x0E, 0xC2, 0x66, 0xE7, + 0x29, 0x3D, 0x2E, 0x5D, 0x15, 0xB6, 0xA6, 0x05, 0xD7, 0xB7, + 0xE7, 0xD8, 0x96, 0x7C, 0x25, 0x52, 0xD8, 0x47, 0x53, 0xED, + 0xFF, 0xE6, 0x64, 0x08, 0xDD, 0x1D, 0xB5, 0x1F, 0xF1, 0x6F, + 0xB6, 0xC9, 0xD2, 0x43, 0xE3, 0x56, 0x9C, 0x04, 0xA6, 0xE0, + 0x2F, 0x0B, 0x32, 0x7C, 0x3A, 0x77, 0x0F, 0x04, 0xD2, 0x86, + 0x44, 0x52, 0x1F, 0xEF, 0xFE, 0xC3, 0x64, 0xC2, 0xAB, 0x48, + 0xE5, 0x67, 0x65, 0x32, 0x39, 0x57, 0x34, 0xFF, 0x22, 0x57, + 0x3B, 0xB7, 0x80, 0x48, 0xE3, 0x52, 0xF4, 0x85, 0x17, 0x1E, + 0x77, 0x1E, 0x36, 0xFE, 0x09, 0x36, 0x58, 0x91, 0x9E, 0x93, + 0x71, 0x02, 0x6D, 0xAE, 0xA3, 0x1B, 0xF7, 0xA9, 0x31, 0x5A, + 0x78, 0xAA, 0x13, 0x98, 0x8C, 0x37, 0x2D, 0x02, 0x81, 0xC1, + 0x00, 0xBE, 0x01, 0xD9, 0x3A, 0xC7, 0x81, 0xAC, 0xAA, 0x13, + 0x75, 0x8E, 0x1F, 0x8F, 0x41, 0xED, 0x13, 0x95, 0xE5, 0x31, + 0xF3, 0x6B, 0x86, 0x42, 0x00, 0xBF, 0xAA, 0xC6, 0x5D, 0x1E, + 0xA6, 0x90, 0x0C, 0xF1, 0x1B, 0xE8, 0x39, 0xFB, 0xA8, 0xAA, + 0x5E, 0xF9, 0x72, 0x74, 0xDC, 0x7F, 0xC3, 0x4C, 0x81, 0xB3, + 0xB4, 0x4D, 0x7B, 0xC6, 0x2F, 0xF2, 0x37, 0xC7, 0x03, 0xB8, + 0xE9, 0x62, 0xAD, 0x38, 0xC2, 0xB3, 0xA4, 0x82, 0x11, 0x6B, + 0xC2, 0x33, 0x98, 0xEF, 0x32, 0x75, 0xEA, 0xFD, 0x32, 0x7A, + 0xDF, 0x59, 0xA5, 0x65, 0xA4, 0x42, 0x95, 0x11, 0xFF, 0xD6, + 0x84, 0xCF, 0x56, 0x2E, 0xCA, 0x46, 0x13, 0x01, 0x4A, 0x32, + 0xB1, 0xD9, 0xA3, 0xDB, 0x0D, 0x20, 0x7E, 0x1F, 0x68, 0xF7, + 0x5E, 0x60, 0x6E, 0x0F, 0x59, 0xF8, 0x59, 0x93, 0x4D, 0x54, + 0xBC, 0x37, 0xD0, 0x51, 0x7C, 0xBD, 0x67, 0xF0, 0xA5, 0x09, + 0xC9, 0x9A, 0xF4, 0x1F, 0x1E, 0x52, 0x9D, 0xF5, 0xA6, 0x25, + 0xBF, 0x85, 0x1D, 0xA1, 0xF1, 0xD8, 0xBD, 0x39, 0x10, 0x71, + 0x57, 0x19, 0x40, 0xF3, 0xA1, 0x77, 0xE0, 0x8B, 0x4E, 0xB3, + 0x91, 0x84, 0x15, 0x0C, 0xF1, 0x58, 0x52, 0xD9, 0xE5, 0x98, + 0xD5, 0x66, 0x95, 0x9C, 0x19, 0x8D, 0xA4, 0x63, 0x5C, 0xBF, + 0xC5, 0x33, 0x81, 0xED, 0x7E, 0x93, 0x4B, 0x9A, 0x6C, 0xEC, + 0x2E, 0x3E, 0x4F, 0x02, 0x81, 0xC0, 0x34, 0xF8, 0xDF, 0x74, + 0xC6, 0xC1, 0xD9, 0x03, 0x9B, 0x3B, 0x53, 0x19, 0xEB, 0x43, + 0xC4, 0xAA, 0x1E, 0x73, 0xE3, 0x13, 0x25, 0x32, 0x04, 0x22, + 0x79, 0x4A, 0x07, 0xF0, 0x06, 0x38, 0xBD, 0x57, 0xE6, 0x01, + 0x33, 0x8C, 0xF1, 0x02, 0xCC, 0x34, 0x2C, 0x60, 0x32, 0xA4, + 0x22, 0x1D, 0x0E, 0x39, 0x6B, 0xAB, 0xF7, 0xCE, 0xDB, 0xA7, + 0xC3, 0xD8, 0xA2, 0x3B, 0x70, 0x31, 0x91, 0x68, 0xB9, 0xBF, + 0xE0, 0xA1, 0x39, 0x80, 0xFE, 0x47, 0x99, 0x56, 0x6D, 0x76, + 0x90, 0x17, 0xF5, 0x67, 0x41, 0x44, 0x27, 0x10, 0x07, 0x98, + 0x4D, 0x4C, 0x53, 0xD4, 0x15, 0xDC, 0x0A, 0x2F, 0xE0, 0x83, + 0x28, 0x22, 0x8D, 0x61, 0x3B, 0xE4, 0x8E, 0xE5, 0xE7, 0x24, + 0x98, 0x19, 0xA8, 0xA3, 0xED, 0x70, 0x59, 0x06, 0x86, 0x76, + 0xC2, 0x4B, 0xCB, 0x17, 0xC5, 0x77, 0x12, 0x07, 0xB8, 0xAB, + 0x1A, 0x91, 0xFC, 0x72, 0x8E, 0xB7, 0xB1, 0xE6, 0x74, 0xDD, + 0x3D, 0x92, 0xA7, 0xDE, 0x6C, 0x6E, 0xCB, 0x50, 0x44, 0x2F, + 0xAC, 0x99, 0xF7, 0x36, 0x4D, 0x62, 0xC7, 0xAC, 0xCE, 0x7D, + 0x26, 0xC9, 0xD2, 0x4E, 0x49, 0xD7, 0x8E, 0x66, 0x6C, 0xC1, + 0x53, 0xDF, 0x31, 0xAB, 0x25, 0x35, 0xCA, 0xD6, 0xC4, 0xA3, + 0xA6, 0x9F, 0x7E, 0x3D, 0x2D, 0x1A, 0x44, 0x31, 0x3D, 0x81, + 0x91, 0xB8, 0x36, 0x08, 0x27, 0x42, 0x9E, 0x08 +}; +static const int sizeof_rsa_key_der_3072 = sizeof(rsa_key_der_3072); + +#endif /* USE_CERT_BUFFERS_3072 */ + +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + +/* ./certs/ecc-client-key.der, ECC */ +static const unsigned char ecc_clikey_der_256[] = +{ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xF8, 0xCF, 0x92, + 0x6B, 0xBD, 0x1E, 0x28, 0xF1, 0xA8, 0xAB, 0xA1, 0x23, 0x4F, + 0x32, 0x74, 0x18, 0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92, + 0xF8, 0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7, 0xA0, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, + 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, + 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, + 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, + 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, + 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, + 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, + 0xB4 +}; +static const int sizeof_ecc_clikey_der_256 = sizeof(ecc_clikey_der_256); + +/* ./certs/ecc-client-keyPub.der, ECC */ +static const unsigned char ecc_clikeypub_der_256[] = +{ + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, + 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, + 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, + 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, + 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, + 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, + 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, + 0xB4 +}; +static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256); + +/* ./certs/client-ecc-cert.der, ECC */ +static const unsigned char cliecc_cert_der_256[] = +{ + 0x30, 0x82, 0x03, 0x08, 0x30, 0x82, 0x02, 0xAF, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x93, 0xBF, 0x6A, 0xDE, + 0x9B, 0x41, 0x9D, 0xAD, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, + 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, + 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, + 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, + 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, + 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, + 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, + 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, + 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A, + 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B, + 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, + 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, + 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, + 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, + 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x81, 0xF5, + 0x30, 0x81, 0xF2, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, + 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, + 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xC2, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xBA, 0x30, 0x81, 0xB7, 0x80, 0x14, + 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, + 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, + 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81, 0x8D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, + 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, + 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x82, 0x09, 0x00, 0x93, 0xBF, 0x6A, 0xDE, 0x9B, 0x41, 0x9D, + 0xAD, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, + 0x30, 0x44, 0x02, 0x20, 0x61, 0xBC, 0x9D, 0x4D, 0x88, 0x64, + 0x86, 0xB8, 0x71, 0xAA, 0x35, 0x59, 0x68, 0xB8, 0xEE, 0x2C, + 0xF3, 0x23, 0xB5, 0x1A, 0xB9, 0xBA, 0x41, 0x50, 0xA8, 0xC6, + 0xC3, 0x58, 0xEB, 0x58, 0xBD, 0x60, 0x02, 0x20, 0x61, 0xAA, + 0xEB, 0xB5, 0x73, 0x0D, 0x01, 0xDB, 0x69, 0x8F, 0x52, 0xF5, + 0x72, 0x6D, 0x37, 0x42, 0xB5, 0xFD, 0x94, 0xB6, 0x6E, 0xB1, + 0xC4, 0x25, 0x2E, 0x96, 0x96, 0xF3, 0x39, 0xB2, 0x5D, 0xEA + +}; +static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256); + +/* ./certs/ecc-key.der, ECC */ +static const unsigned char ecc_key_der_256[] = +{ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xB6, 0x69, + 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38, 0x5B, 0x72, 0xE8, + 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, + 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8 +}; +static const int sizeof_ecc_key_der_256 = sizeof(ecc_key_der_256); + +/* ./certs/ecc-keyPub.der, ECC */ +static const unsigned char ecc_key_pub_der_256[] = +{ + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8 +}; +static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256); + +/* ./certs/server-ecc-comp.der, ECC */ +static const unsigned char serv_ecc_comp_der_256[] = +{ + 0x30, 0x82, 0x03, 0x23, 0x30, 0x82, 0x02, 0xCA, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x80, 0x78, 0xC9, 0xB7, + 0x06, 0x5A, 0xC5, 0x83, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, + 0x6C, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, + 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, + 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, + 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, + 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, + 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, 0x69, 0x70, 0x74, + 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, 0x6D, 0x70, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x45, 0x43, 0x43, + 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x39, 0x30, 0x13, 0x06, 0x07, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, + 0x02, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, + 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, + 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, + 0x16, 0xE8, 0x61, 0xA3, 0x82, 0x01, 0x09, 0x30, 0x82, 0x01, + 0x05, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x8C, 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, + 0x6E, 0xF4, 0x59, 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, + 0x5A, 0x18, 0x30, 0x81, 0xD5, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xCD, 0x30, 0x81, 0xCA, 0x80, 0x14, 0x8C, 0x38, + 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, 0x6E, 0xF4, 0x59, 0xAC, + 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, 0x5A, 0x18, 0xA1, 0x81, + 0xA6, 0xA4, 0x81, 0xA3, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, + 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, + 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, + 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0x80, 0x78, 0xC9, 0xB7, 0x06, 0x5A, 0xC5, 0x83, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, + 0x20, 0x31, 0x44, 0xD0, 0x4E, 0xD7, 0xC4, 0xB4, 0x96, 0xA3, + 0xE6, 0x25, 0xFD, 0xFA, 0xD6, 0x28, 0xA8, 0x67, 0x51, 0x72, + 0x90, 0x95, 0x31, 0xF9, 0xCD, 0x10, 0xBF, 0x11, 0xE4, 0xEC, + 0xB7, 0x42, 0x5B, 0x02, 0x20, 0x45, 0xDB, 0x45, 0x0A, 0x24, + 0x58, 0x8E, 0x2E, 0xE6, 0xEA, 0x0C, 0x6C, 0xBC, 0x72, 0x4F, + 0x0A, 0x1B, 0xF3, 0x2D, 0x97, 0xE9, 0xC2, 0x19, 0xF9, 0x97, + 0x3A, 0x60, 0xDD, 0x08, 0xD3, 0x52, 0x3E +}; +static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256); + +/* ./certs/server-ecc-rsa.der, ECC */ +static const unsigned char serv_ecc_rsa_der_256[] = +{ + 0x30, 0x82, 0x03, 0xE0, 0x30, 0x82, 0x02, 0xC8, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, + 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, + 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x1A, 0x30, 0x18, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x11, 0x45, 0x6C, 0x6C, + 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x52, 0x53, + 0x41, 0x73, 0x69, 0x67, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x45, 0x43, 0x43, 0x2D, 0x52, + 0x53, 0x41, 0x73, 0x69, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, + 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, + 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, + 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, + 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, + 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, + 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, + 0x0B, 0x80, 0x34, 0x89, 0xD8, 0xA3, 0x81, 0xFC, 0x30, 0x81, + 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, + 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, + 0x89, 0x30, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, + 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, + 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, + 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, + 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, + 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x86, 0xFF, + 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x0C, 0xBB, 0x67, 0xBD, 0xFC, 0xCD, 0x53, 0x6C, 0xFB, 0x4E, + 0x58, 0xC8, 0xEA, 0x52, 0x92, 0xEB, 0xE4, 0xC8, 0xBC, 0x57, + 0x0F, 0x08, 0x20, 0xC8, 0x83, 0xB0, 0xD5, 0xEA, 0x57, 0x27, + 0xBD, 0x68, 0x91, 0xFB, 0x99, 0x84, 0x8D, 0x15, 0x9E, 0x4F, + 0x8F, 0xC4, 0xCB, 0x34, 0x61, 0xC0, 0x59, 0x12, 0x9B, 0xC8, + 0x82, 0x17, 0x38, 0x4F, 0x9E, 0x53, 0x08, 0xA3, 0x69, 0x2E, + 0x2F, 0xC0, 0xB4, 0x2F, 0xA2, 0x4E, 0x10, 0x64, 0xB0, 0x07, + 0xA1, 0x51, 0x08, 0x1D, 0x91, 0x53, 0xA2, 0x79, 0x55, 0x20, + 0x41, 0x65, 0x35, 0x3E, 0x0B, 0x38, 0x01, 0x57, 0x02, 0x8C, + 0x25, 0xE7, 0xAB, 0x4F, 0x8B, 0x59, 0xF0, 0xED, 0x8E, 0x4A, + 0x15, 0x0B, 0x32, 0xFB, 0x7A, 0x8B, 0x02, 0xEA, 0x9D, 0xE1, + 0xAB, 0xC4, 0x07, 0xCC, 0xDA, 0x0F, 0xA3, 0x16, 0xDB, 0x8E, + 0x5B, 0xBC, 0x96, 0xAB, 0x10, 0xB8, 0xDE, 0x09, 0x8B, 0xF7, + 0xCB, 0xA7, 0x78, 0x66, 0x17, 0xE3, 0x25, 0x6E, 0x57, 0x9D, + 0x13, 0x61, 0x7B, 0x55, 0x1A, 0xDF, 0x8F, 0x39, 0x15, 0x4E, + 0x42, 0x22, 0x00, 0x85, 0xC4, 0x51, 0x0B, 0x6B, 0xA6, 0x67, + 0xC0, 0xFB, 0xEA, 0x22, 0x77, 0x7D, 0x48, 0x76, 0xAB, 0x39, + 0x20, 0x09, 0xD5, 0x52, 0x89, 0x3E, 0x6B, 0x30, 0x7B, 0x50, + 0x18, 0xE8, 0x62, 0x05, 0xBE, 0xBB, 0x7F, 0x16, 0x77, 0x9C, + 0xBB, 0x5A, 0x22, 0x96, 0x99, 0xB0, 0x96, 0x83, 0xB7, 0x43, + 0x31, 0x97, 0xCF, 0xFD, 0x85, 0x52, 0xD8, 0x52, 0xC8, 0x67, + 0x5C, 0xF8, 0x22, 0x72, 0x35, 0x93, 0x92, 0x6C, 0xEC, 0x3C, + 0x6A, 0xC6, 0x81, 0x20, 0xA5, 0xCD, 0x50, 0xF9, 0x21, 0x7A, + 0xA6, 0x7A, 0x1E, 0xE7, 0x59, 0x22, 0x5D, 0x8A, 0x93, 0x51, + 0x8E, 0xFB, 0x29, 0x56, 0xFB, 0xBE, 0x9B, 0x87, 0x48, 0x5F, + 0xA5, 0x72, 0xE7, 0x4E, 0xFE, 0x5E +}; +static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256); + +/* ./certs/server-ecc.der, ECC */ +static const unsigned char serv_ecc_der_256[] = +{ + 0x30, 0x82, 0x03, 0x50, 0x30, 0x82, 0x02, 0xF5, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x02, 0x10, 0x00, 0x30, 0x0A, 0x06, + 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, + 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, + 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, + 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, + 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31, + 0x30, 0x32, 0x30, 0x31, 0x38, 0x31, 0x39, 0x30, 0x36, 0x5A, + 0x17, 0x0D, 0x32, 0x37, 0x31, 0x30, 0x31, 0x38, 0x31, 0x38, + 0x31, 0x39, 0x30, 0x36, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, + 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, + 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, + 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, + 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, + 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, + 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, + 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, + 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, + 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, + 0x89, 0xD8, 0xA3, 0x82, 0x01, 0x35, 0x30, 0x82, 0x01, 0x31, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, + 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, + 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, + 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, + 0x30, 0x30, 0x81, 0xCC, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x81, 0xC4, 0x30, 0x81, 0xC1, 0x80, 0x14, 0x56, 0x8E, 0x9A, + 0xC3, 0xF0, 0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, + 0x93, 0xCF, 0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0xA1, 0x81, 0x9D, + 0xA4, 0x81, 0x9A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, + 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, + 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0x97, 0xB4, 0xBD, 0x16, 0x78, 0xF8, 0x47, 0xF2, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, + 0x03, 0x02, 0x03, 0xA8, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, + 0x30, 0x46, 0x02, 0x21, 0x00, 0xBE, 0xB8, 0x58, 0xF0, 0xE4, + 0x15, 0x01, 0x1F, 0xDF, 0x70, 0x54, 0x73, 0x4A, 0x6C, 0x40, + 0x1F, 0x77, 0xA8, 0xB4, 0xEB, 0x52, 0x1E, 0xBF, 0xF5, 0x0D, + 0xB1, 0x33, 0xCA, 0x6A, 0xC4, 0x76, 0xB9, 0x02, 0x21, 0x00, + 0x97, 0x08, 0xDE, 0x2C, 0x28, 0xC1, 0x45, 0x71, 0xB6, 0x2C, + 0x54, 0x87, 0x98, 0x63, 0x76, 0xA8, 0x21, 0x34, 0x90, 0xA8, + 0xF7, 0x9E, 0x3F, 0xFC, 0x02, 0xB0, 0xE7, 0xD3, 0x09, 0x31, + 0x27, 0xE4 +}; +static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256); + +/* ./certs/ca-ecc-key.der, ECC */ +static const unsigned char ca_ecc_key_der_256[] = +{ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x02, 0xE1, 0x33, + 0x98, 0x77, 0x97, 0xAC, 0x4A, 0x59, 0x6D, 0x28, 0x9B, 0x6E, + 0xA0, 0x93, 0x9B, 0x07, 0x71, 0x8B, 0x4D, 0x60, 0x63, 0x85, + 0x99, 0xE6, 0xBB, 0x16, 0x70, 0xE9, 0x0A, 0xF6, 0x80, 0xA0, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9, + 0x6E, 0xD6, 0x01, 0x8E, 0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5, + 0xC0, 0x4C, 0xE3, 0x9E, 0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10, + 0xD6, 0xE9, 0x09, 0x2A, 0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9, + 0x8A, 0xBF, 0x33, 0x83, 0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77, + 0x40, 0xB5, 0x3B, 0x43, 0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C, + 0x37, 0x44, 0xC1, 0xCB, 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA, + 0xA7 +}; +static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256); + +/* ./certs/ca-ecc-cert.der, ECC */ +static const unsigned char ca_ecc_cert_der_256[] = +{ + 0x30, 0x82, 0x02, 0x8B, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFD, 0x0E, 0x29, 0x21, + 0x66, 0xCB, 0x48, 0xA3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, + 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, + 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, + 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, + 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, + 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, + 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, + 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, + 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, + 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, + 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9, 0x6E, 0xD6, 0x01, 0x8E, + 0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5, 0xC0, 0x4C, 0xE3, 0x9E, + 0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10, 0xD6, 0xE9, 0x09, 0x2A, + 0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9, 0x8A, 0xBF, 0x33, 0x83, + 0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77, 0x40, 0xB5, 0x3B, 0x43, + 0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C, 0x37, 0x44, 0xC1, 0xCB, + 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA, 0xA7, 0xA3, 0x63, 0x30, + 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, 0x18, + 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, 0xF3, + 0xA5, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x18, 0x30, 0x16, 0x80, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, + 0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, + 0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, + 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, + 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF0, 0x7B, + 0xCC, 0x24, 0x73, 0x19, 0x3F, 0x61, 0x68, 0xED, 0xC8, 0x0A, + 0x54, 0x4A, 0xB8, 0xAC, 0x79, 0xEF, 0x10, 0x32, 0x91, 0x52, + 0x2C, 0x3E, 0xBF, 0x50, 0xAA, 0x5F, 0x18, 0xC1, 0x97, 0xF5, + 0x02, 0x21, 0x00, 0xD9, 0x4B, 0x63, 0x67, 0x6F, 0x9B, 0x29, + 0xA9, 0xD7, 0x6B, 0x63, 0x9B, 0x98, 0x9F, 0x32, 0x82, 0x36, + 0xDA, 0xF0, 0xA9, 0xF7, 0x51, 0xB4, 0x97, 0xAA, 0xFA, 0xFA, + 0xDD, 0xEF, 0xEF, 0x4A, 0xAE +}; +static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256); + +/* ./certs/ca-ecc384-key.der, ECC */ +static const unsigned char ca_ecc_key_der_384[] = +{ + 0x30, 0x81, 0xA4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x7B, 0x16, + 0xE3, 0xD6, 0xD2, 0x81, 0x94, 0x6C, 0x8A, 0xDD, 0xA8, 0x78, + 0xEE, 0xC7, 0x7E, 0xB3, 0xC5, 0xD1, 0xDB, 0x2E, 0xF3, 0xED, + 0x0E, 0x48, 0x85, 0xB1, 0xF2, 0xE1, 0x7A, 0x39, 0x56, 0xC0, + 0xF1, 0x62, 0x12, 0x0F, 0x35, 0xB7, 0x39, 0xBC, 0x9C, 0x25, + 0xC0, 0x76, 0xEB, 0xFE, 0x55, 0x70, 0xA0, 0x07, 0x06, 0x05, + 0x2B, 0x81, 0x04, 0x00, 0x22, 0xA1, 0x64, 0x03, 0x62, 0x00, + 0x04, 0xEE, 0x82, 0xD4, 0x39, 0x9A, 0xB1, 0x27, 0x82, 0xF4, + 0xD7, 0xEA, 0xC6, 0xBC, 0x03, 0x1D, 0x4D, 0x83, 0x61, 0xF4, + 0x03, 0xAE, 0x7E, 0xBD, 0xD8, 0x5A, 0xA5, 0xB9, 0xF0, 0x8E, + 0xA2, 0xA5, 0xDA, 0xCE, 0x87, 0x3B, 0x5A, 0xAB, 0x44, 0x16, + 0x9C, 0xF5, 0x9F, 0x62, 0xDD, 0xF6, 0x20, 0xCD, 0x9C, 0x76, + 0x3C, 0x40, 0xB1, 0x3F, 0x97, 0x17, 0xDF, 0x59, 0xF6, 0xCD, + 0xDE, 0xCD, 0x46, 0x35, 0xC0, 0xED, 0x5E, 0x2E, 0x48, 0xB6, + 0x66, 0x91, 0x71, 0x74, 0xB7, 0x0C, 0x3F, 0xB9, 0x9A, 0xB7, + 0x83, 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE, + 0x35, 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0 +}; +static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384); + +/* ./certs/ca-ecc384-cert.der, ECC */ +static const unsigned char ca_ecc_cert_der_384[] = +{ + 0x30, 0x82, 0x02, 0xC7, 0x30, 0x82, 0x02, 0x4D, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFC, 0x39, 0x04, 0xA4, + 0x0E, 0xA5, 0x6C, 0x87, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, + 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, + 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, + 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, + 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, + 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, + 0x30, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, + 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, + 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, + 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, + 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x76, 0x30, 0x10, + 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, + 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, + 0xEE, 0x82, 0xD4, 0x39, 0x9A, 0xB1, 0x27, 0x82, 0xF4, 0xD7, + 0xEA, 0xC6, 0xBC, 0x03, 0x1D, 0x4D, 0x83, 0x61, 0xF4, 0x03, + 0xAE, 0x7E, 0xBD, 0xD8, 0x5A, 0xA5, 0xB9, 0xF0, 0x8E, 0xA2, + 0xA5, 0xDA, 0xCE, 0x87, 0x3B, 0x5A, 0xAB, 0x44, 0x16, 0x9C, + 0xF5, 0x9F, 0x62, 0xDD, 0xF6, 0x20, 0xCD, 0x9C, 0x76, 0x3C, + 0x40, 0xB1, 0x3F, 0x97, 0x17, 0xDF, 0x59, 0xF6, 0xCD, 0xDE, + 0xCD, 0x46, 0x35, 0xC0, 0xED, 0x5E, 0x2E, 0x48, 0xB6, 0x66, + 0x91, 0x71, 0x74, 0xB7, 0x0C, 0x3F, 0xB9, 0x9A, 0xB7, 0x83, + 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE, 0x35, + 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0, 0xA3, 0x63, 0x30, 0x61, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, + 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, 0xD4, 0x72, 0xBB, + 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, 0x80, 0x12, 0x53, + 0x52, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, + 0xD4, 0x72, 0xBB, 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, + 0x80, 0x12, 0x53, 0x52, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, + 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, + 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, + 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x03, + 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x0D, 0x0A, 0x62, 0xFB, + 0xE6, 0x3A, 0xFE, 0x71, 0xD8, 0x2B, 0x44, 0xE5, 0x97, 0x34, + 0x04, 0xA9, 0x8C, 0x0A, 0x99, 0x88, 0xA0, 0xBD, 0x1F, 0xB0, + 0xDF, 0x94, 0x59, 0x27, 0xBB, 0x2B, 0xC6, 0x2A, 0xBE, 0xA4, + 0x69, 0x1B, 0xCF, 0x97, 0x78, 0x2A, 0x28, 0x96, 0xEE, 0xBA, + 0xD4, 0x87, 0x45, 0xFD, 0x02, 0x31, 0x00, 0xC0, 0x73, 0x19, + 0x66, 0x76, 0x5E, 0x9F, 0xA3, 0x65, 0x85, 0x41, 0xEF, 0xB7, + 0x7B, 0x3D, 0x63, 0x6D, 0x98, 0x71, 0x99, 0x6F, 0x9C, 0xDB, + 0xA8, 0x5E, 0x53, 0x6E, 0xA0, 0x68, 0x11, 0x65, 0xBC, 0x78, + 0x74, 0x28, 0x69, 0xC7, 0x64, 0x9D, 0x88, 0xF2, 0xD8, 0xC2, + 0x3D, 0x29, 0x03, 0x83, 0x23 +}; +static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384); + +#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ + +/* dh1024 p */ +static const unsigned char dh_p[] = +{ + 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, + 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, + 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, + 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, + 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, + 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, + 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, + 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, + 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, + 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, + 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, +}; + +/* dh1024 g */ +static const unsigned char dh_g[] = +{ + 0x02, +}; + +#if defined(HAVE_ED25519) + +/* ./certs/ed25519/server-ed25519.der, ED25519 */ +static const unsigned char server_ed25519_cert[] = +{ + 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x02, 0x04, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x10, 0x00, 0xCD, 0xF2, 0x2F, 0xBE, + 0xDC, 0x07, 0xFA, 0xBB, 0x65, 0x03, 0xE2, 0xFF, 0xEA, 0x6A, + 0x99, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, + 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, + 0x02, 0x43, 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, + 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x22, + 0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, 0x30, 0x34, 0x31, 0x32, + 0x31, 0x36, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x18, 0x0F, 0x32, + 0x30, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, + 0x32, 0x31, 0x37, 0x5A, 0x30, 0x81, 0x9F, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0D, 0x30, 0x0B, + 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x04, 0x4C, 0x65, 0x61, + 0x66, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, + 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0x61, 0x5D, + 0xEC, 0xB7, 0x45, 0x93, 0xC9, 0x84, 0x7B, 0x68, 0x21, 0x4A, + 0x4D, 0xF4, 0x04, 0x8B, 0xBD, 0xCD, 0x6C, 0x5D, 0x3D, 0xB7, + 0x62, 0x2C, 0x2D, 0x25, 0xC3, 0x22, 0x49, 0xC8, 0x86, 0xF2, + 0xA3, 0x52, 0x30, 0x50, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xC8, 0x28, 0x63, 0x8C, + 0xF4, 0x57, 0xEE, 0x1E, 0xB0, 0xC7, 0x12, 0x12, 0x76, 0x8A, + 0x80, 0x30, 0x3A, 0xCB, 0x10, 0x30, 0x1F, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x92, 0x3F, + 0x96, 0x72, 0x02, 0xFA, 0x61, 0x1C, 0x21, 0x6D, 0x88, 0xDD, + 0xEB, 0xDD, 0x3C, 0x9B, 0x17, 0xC4, 0x9F, 0xB7, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, + 0x03, 0x02, 0x06, 0xC0, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, + 0x70, 0x03, 0x41, 0x00, 0x15, 0x88, 0x86, 0xFC, 0x66, 0xD1, + 0xE0, 0xF6, 0xCF, 0xC9, 0x09, 0x46, 0xD0, 0x50, 0xE2, 0x01, + 0x5D, 0xF7, 0xCF, 0x57, 0xB8, 0xBA, 0x90, 0x84, 0xCB, 0xF1, + 0x24, 0x4B, 0xEF, 0xA5, 0x95, 0x7D, 0x69, 0x92, 0x88, 0xA8, + 0x89, 0x63, 0xCC, 0x90, 0x40, 0xC2, 0x41, 0x3A, 0x40, 0x76, + 0xB1, 0x2D, 0xA8, 0xA8, 0x97, 0xC9, 0x73, 0xC7, 0x82, 0x30, + 0x24, 0x61, 0xB0, 0xAA, 0xCA, 0xAA, 0x68, 0x00 +}; +static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert); + +/* ./certs/ed25519/server-ed25519-key.der, ED25519 */ +static const unsigned char server_ed25519_key[] = +{ + 0x30, 0x52, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, + 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x02, 0x2F, 0xC5, 0xFF, + 0xBA, 0x8E, 0xD0, 0xD2, 0xBF, 0x03, 0x8E, 0x76, 0x8F, 0xC8, + 0x86, 0x80, 0x71, 0x87, 0x97, 0x31, 0xE2, 0x40, 0xAC, 0xDF, + 0xBB, 0x90, 0x15, 0x52, 0x6E, 0x24, 0xA1, 0x39, 0xA1, 0x22, + 0x04, 0x20, 0x61, 0x5D, 0xEC, 0xB7, 0x45, 0x93, 0xC9, 0x84, + 0x7B, 0x68, 0x21, 0x4A, 0x4D, 0xF4, 0x04, 0x8B, 0xBD, 0xCD, + 0x6C, 0x5D, 0x3D, 0xB7, 0x62, 0x2C, 0x2D, 0x25, 0xC3, 0x22, + 0x49, 0xC8, 0x86, 0xF2 +}; +static const int sizeof_server_ed25519_key = sizeof(server_ed25519_key); + +/* ./certs/ed25519/ca-ed25519.der, ED25519 */ +static const unsigned char ca_ed25519_cert[] = +{ + 0x30, 0x82, 0x02, 0x60, 0x30, 0x82, 0x02, 0x12, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x10, 0x00, 0x80, 0xBA, 0x68, 0x77, + 0xEF, 0xA5, 0xE5, 0x42, 0x7D, 0xC6, 0x73, 0x2C, 0x54, 0x85, + 0xB8, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, + 0x9F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, + 0x04, 0x52, 0x6F, 0x6F, 0x74, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, + 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, 0x30, 0x34, + 0x31, 0x32, 0x31, 0x36, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x18, + 0x0F, 0x32, 0x30, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, + 0x35, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x30, 0x81, 0x9D, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, 0x02, 0x43, + 0x41, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, + 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x21, 0x00, 0x65, 0xAA, + 0x7F, 0x05, 0xA4, 0x04, 0x34, 0xA0, 0xEA, 0xAD, 0x1F, 0xA9, + 0x86, 0xF0, 0xD8, 0x7F, 0x72, 0xDF, 0xA9, 0x0E, 0x13, 0xA0, + 0x38, 0x66, 0x26, 0x5E, 0xEB, 0x48, 0x30, 0x80, 0x48, 0x49, + 0xA3, 0x60, 0x30, 0x5E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, + 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, + 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x92, + 0x3F, 0x96, 0x72, 0x02, 0xFA, 0x61, 0x1C, 0x21, 0x6D, 0x88, + 0xDD, 0xEB, 0xDD, 0x3C, 0x9B, 0x17, 0xC4, 0x9F, 0xB7, 0x30, + 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, + 0x80, 0x14, 0xFE, 0x01, 0x46, 0x7F, 0x6F, 0x2B, 0x3E, 0x1C, + 0xB0, 0x6F, 0xE1, 0xCC, 0x4D, 0x02, 0x25, 0xF7, 0x4D, 0x0A, + 0x95, 0xB8, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, + 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x05, + 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x4C, 0x40, + 0xD0, 0x7F, 0xBC, 0xFB, 0xF4, 0xA2, 0x1A, 0x58, 0xF6, 0x72, + 0xE3, 0xE8, 0xDA, 0x18, 0x0D, 0x94, 0xDC, 0x0E, 0xFD, 0xC1, + 0xE7, 0x02, 0xA5, 0x7A, 0xEE, 0xCB, 0xC2, 0x7E, 0xFA, 0xA1, + 0xFC, 0x15, 0x9A, 0xFE, 0x1E, 0xE0, 0x37, 0xDF, 0x7F, 0xAB, + 0x76, 0x50, 0x06, 0xD4, 0x3D, 0x1A, 0x65, 0x73, 0x3F, 0x92, + 0xD4, 0x44, 0x62, 0xA7, 0x4C, 0xB3, 0x2A, 0x01, 0x87, 0xE3, + 0x06, 0x06 +}; +static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert); + +/* ./certs/ed25519/client-ed25519.der, ED25519 */ +static const unsigned char client_ed25519_cert[] = +{ + 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x02, 0x0A, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x10, 0x00, 0x8F, 0x2F, 0x35, 0xB2, + 0x53, 0xBD, 0x4F, 0x92, 0xD1, 0xFF, 0x1D, 0x4B, 0x40, 0xA5, + 0x49, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, + 0xA1, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, + 0x06, 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, + 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, + 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, + 0x30, 0x34, 0x31, 0x32, 0x31, 0x36, 0x32, 0x32, 0x31, 0x37, + 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x32, 0x31, 0x30, 0x31, 0x30, + 0x37, 0x31, 0x35, 0x32, 0x32, 0x31, 0x37, 0x5A, 0x30, 0x81, + 0xA1, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x04, 0x0C, + 0x06, 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, + 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x45, 0x44, 0x32, 0x35, + 0x35, 0x31, 0x39, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, + 0x70, 0x03, 0x21, 0x00, 0xA2, 0xF1, 0x26, 0x40, 0x9B, 0xA2, + 0x59, 0xDA, 0xDB, 0xE6, 0x15, 0x7F, 0x9A, 0x11, 0xB5, 0x48, + 0x5F, 0x55, 0xBA, 0x5E, 0xED, 0x46, 0xF7, 0x98, 0x67, 0xBE, + 0x0C, 0x93, 0xE3, 0xA4, 0x8E, 0x18, 0xA3, 0x52, 0x30, 0x50, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, + 0x14, 0xFE, 0x01, 0x46, 0x7F, 0x6F, 0x2B, 0x3E, 0x1C, 0xB0, + 0x6F, 0xE1, 0xCC, 0x4D, 0x02, 0x25, 0xF7, 0x4D, 0x0A, 0x95, + 0xB8, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0xFE, 0x01, 0x46, 0x7F, 0x6F, 0x2B, + 0x3E, 0x1C, 0xB0, 0x6F, 0xE1, 0xCC, 0x4D, 0x02, 0x25, 0xF7, + 0x4D, 0x0A, 0x95, 0xB8, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, + 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x06, 0xC0, + 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, + 0x29, 0xF6, 0x69, 0xE2, 0xB9, 0x73, 0x12, 0xD1, 0x64, 0xEB, + 0x8F, 0xE9, 0x6B, 0x61, 0xDB, 0x5F, 0xE9, 0xA7, 0x62, 0x6C, + 0x10, 0x89, 0x41, 0x80, 0xE3, 0xE8, 0xFD, 0x1F, 0xD0, 0x13, + 0xAE, 0x95, 0x00, 0xAF, 0xF7, 0x77, 0xE1, 0x22, 0x32, 0xAD, + 0x46, 0x4F, 0xDC, 0x7E, 0xFE, 0xAE, 0xBC, 0x8A, 0x1F, 0x96, + 0x0A, 0xDA, 0x9F, 0xC9, 0x93, 0x52, 0x27, 0x18, 0xB0, 0x8B, + 0xDA, 0xBE, 0x81, 0x09 +}; +static const int sizeof_client_ed25519_cert = sizeof(client_ed25519_cert); + +/* ./certs/ed25519/client-ed25519-key.der, ED25519 */ +static const unsigned char client_ed25519_key[] = +{ + 0x30, 0x52, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, + 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x27, 0xA3, 0x34, 0x2A, + 0x35, 0xD4, 0xBB, 0xB8, 0xE1, 0xDC, 0xD8, 0xEC, 0x0F, 0xC1, + 0xA0, 0xD1, 0xA2, 0x5C, 0xF9, 0x06, 0xF0, 0x44, 0x5D, 0x3B, + 0x97, 0x4D, 0xBD, 0xDF, 0x4A, 0x3B, 0xA3, 0x4E, 0xA1, 0x22, + 0x04, 0x20, 0xA2, 0xF1, 0x26, 0x40, 0x9B, 0xA2, 0x59, 0xDA, + 0xDB, 0xE6, 0x15, 0x7F, 0x9A, 0x11, 0xB5, 0x48, 0x5F, 0x55, + 0xBA, 0x5E, 0xED, 0x46, 0xF7, 0x98, 0x67, 0xBE, 0x0C, 0x93, + 0xE3, 0xA4, 0x8E, 0x18 +}; +static const int sizeof_client_ed25519_key = sizeof(client_ed25519_key); + +#endif /* HAVE_ED25519 */ + +#endif /* WOLFSSL_CERTS_TEST_H */ + diff --git a/source/libwolfssl/crl.h b/source/libwolfssl/crl.h new file mode 100644 index 00000000..3ea9e62e --- /dev/null +++ b/source/libwolfssl/crl.h @@ -0,0 +1,50 @@ +/* crl.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLFSSL_CRL_H +#define WOLFSSL_CRL_H + + +#ifdef HAVE_CRL + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +WOLFSSL_LOCAL int InitCRL(WOLFSSL_CRL*, WOLFSSL_CERT_MANAGER*); +WOLFSSL_LOCAL void FreeCRL(WOLFSSL_CRL*, int dynamic); + +WOLFSSL_LOCAL int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int mon); +WOLFSSL_LOCAL int BufferLoadCRL(WOLFSSL_CRL*, const byte*, long, int, int); +WOLFSSL_LOCAL int CheckCertCRL(WOLFSSL_CRL*, DecodedCert*); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_CRL */ +#endif /* WOLFSSL_CRL_H */ diff --git a/source/libwolfssl/error-ssl.h b/source/libwolfssl/error-ssl.h new file mode 100644 index 00000000..1e321e69 --- /dev/null +++ b/source/libwolfssl/error-ssl.h @@ -0,0 +1,201 @@ +/* error-ssl.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLFSSL_ERROR_H +#define WOLFSSL_ERROR_H + +#include /* pull in wolfCrypt errors */ + +#ifdef __cplusplus + extern "C" { +#endif + +enum wolfSSL_ErrorCodes { + INPUT_CASE_ERROR = -301, /* process input state error */ + PREFIX_ERROR = -302, /* bad index to key rounds */ + MEMORY_ERROR = -303, /* out of memory */ + VERIFY_FINISHED_ERROR = -304, /* verify problem on finished */ + VERIFY_MAC_ERROR = -305, /* verify mac problem */ + PARSE_ERROR = -306, /* parse error on header */ + UNKNOWN_HANDSHAKE_TYPE = -307, /* weird handshake type */ + SOCKET_ERROR_E = -308, /* error state on socket */ + SOCKET_NODATA = -309, /* expected data, not there */ + INCOMPLETE_DATA = -310, /* don't have enough data to + complete task */ + UNKNOWN_RECORD_TYPE = -311, /* unknown type in record hdr */ + DECRYPT_ERROR = -312, /* error during decryption */ + FATAL_ERROR = -313, /* recvd alert fatal error */ + ENCRYPT_ERROR = -314, /* error during encryption */ + FREAD_ERROR = -315, /* fread problem */ + NO_PEER_KEY = -316, /* need peer's key */ + NO_PRIVATE_KEY = -317, /* need the private key */ + RSA_PRIVATE_ERROR = -318, /* error during rsa priv op */ + NO_DH_PARAMS = -319, /* server missing DH params */ + BUILD_MSG_ERROR = -320, /* build message failure */ + + BAD_HELLO = -321, /* client hello malformed */ + DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */ + WANT_READ = -323, /* want read, call again */ + NOT_READY_ERROR = -324, /* handshake layer not ready */ + + VERSION_ERROR = -326, /* record layer version error */ + WANT_WRITE = -327, /* want write, call again */ + BUFFER_ERROR = -328, /* malformed buffer input */ + VERIFY_CERT_ERROR = -329, /* verify cert error */ + VERIFY_SIGN_ERROR = -330, /* verify sign error */ + CLIENT_ID_ERROR = -331, /* psk client identity error */ + SERVER_HINT_ERROR = -332, /* psk server hint error */ + PSK_KEY_ERROR = -333, /* psk key error */ + + GETTIME_ERROR = -337, /* gettimeofday failed ??? */ + GETITIMER_ERROR = -338, /* getitimer failed ??? */ + SIGACT_ERROR = -339, /* sigaction failed ??? */ + SETITIMER_ERROR = -340, /* setitimer failed ??? */ + LENGTH_ERROR = -341, /* record layer length error */ + PEER_KEY_ERROR = -342, /* can't decode peer key */ + ZERO_RETURN = -343, /* peer sent close notify */ + SIDE_ERROR = -344, /* wrong client/server type */ + NO_PEER_CERT = -345, /* peer didn't send key */ + NTRU_KEY_ERROR = -346, /* NTRU key error */ + NTRU_DRBG_ERROR = -347, /* NTRU drbg error */ + NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */ + NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */ + ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */ + ECC_CURVE_ERROR = -351, /* Bad ECC Curve */ + ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */ + ECC_MAKEKEY_ERROR = -353, /* Bad Make ECC Key */ + ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */ + ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */ + NOT_CA_ERROR = -357, /* Not a CA cert error */ + + BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */ + OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */ + CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */ + CRL_MISSING = -362, /* CRL Not loaded */ + MONITOR_SETUP_E = -363, /* CRL Monitor setup error */ + THREAD_CREATE_E = -364, /* Thread Create Error */ + OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */ + OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */ + OCSP_LOOKUP_FAIL = -367, /* OCSP lookup not successful */ + MAX_CHAIN_ERROR = -368, /* max chain depth exceeded */ + COOKIE_ERROR = -369, /* dtls cookie error */ + SEQUENCE_ERROR = -370, /* dtls sequence error */ + SUITES_ERROR = -371, /* suites pointer error */ + + OUT_OF_ORDER_E = -373, /* out of order message */ + BAD_KEA_TYPE_E = -374, /* bad KEA type found */ + SANITY_CIPHER_E = -375, /* sanity check on cipher error */ + RECV_OVERFLOW_E = -376, /* RXCB returned more than rqed */ + GEN_COOKIE_E = -377, /* Generate Cookie Error */ + NO_PEER_VERIFY = -378, /* Need peer cert verify Error */ + FWRITE_ERROR = -379, /* fwrite problem */ + CACHE_MATCH_ERROR = -380, /* chache hdr match error */ + UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */ + UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */ + KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */ + KEYUSE_ENCIPHER_E = -385, /* KeyUse keyEncipher error */ + EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */ + SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */ + SECURE_RENEGOTIATION_E = -388, /* Invalid Renegotiation Info */ + SESSION_TICKET_LEN_E = -389, /* Session Ticket too large */ + SESSION_TICKET_EXPECT_E = -390, /* Session Ticket missing */ + SCR_DIFFERENT_CERT_E = -391, /* SCR Different cert error */ + SESSION_SECRET_CB_E = -392, /* Session secret Cb fcn failure */ + NO_CHANGE_CIPHER_E = -393, /* Finished before change cipher */ + SANITY_MSG_E = -394, /* Sanity check on msg order error */ + DUPLICATE_MSG_E = -395, /* Duplicate message error */ + SNI_UNSUPPORTED = -396, /* SSL 3.0 does not support SNI */ + SOCKET_PEER_CLOSED_E = -397, /* Underlying transport closed */ + BAD_TICKET_KEY_CB_SZ = -398, /* Bad session ticket key cb size */ + BAD_TICKET_MSG_SZ = -399, /* Bad session ticket msg size */ + BAD_TICKET_ENCRYPT = -400, /* Bad user ticket encrypt */ + DH_KEY_SIZE_E = -401, /* DH Key too small */ + SNI_ABSENT_ERROR = -402, /* No SNI request. */ + RSA_SIGN_FAULT = -403, /* RSA Sign fault */ + HANDSHAKE_SIZE_ERROR = -404, /* Handshake message too large */ + UNKNOWN_ALPN_PROTOCOL_NAME_E = -405, /* Unrecognized protocol name Error*/ + BAD_CERTIFICATE_STATUS_ERROR = -406, /* Bad certificate status message */ + OCSP_INVALID_STATUS = -407, /* Invalid OCSP Status */ + OCSP_WANT_READ = -408, /* OCSP callback response WOLFSSL_CBIO_ERR_WANT_READ */ + RSA_KEY_SIZE_E = -409, /* RSA key too small */ + ECC_KEY_SIZE_E = -410, /* ECC key too small */ + DTLS_EXPORT_VER_E = -411, /* export version error */ + INPUT_SIZE_E = -412, /* input size too big error */ + CTX_INIT_MUTEX_E = -413, /* initialize ctx mutex error */ + EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */ + DTLS_POOL_SZ_E = -415, /* exceeded DTLS pool size */ + DECODE_E = -416, /* decode handshake message error */ + HTTP_TIMEOUT = -417, /* HTTP timeout for OCSP or CRL req */ + WRITE_DUP_READ_E = -418, /* Write dup write side can't read */ + WRITE_DUP_WRITE_E = -419, /* Write dup read side can't write */ + INVALID_CERT_CTX_E = -420, /* TLS cert ctx not matching */ + BAD_KEY_SHARE_DATA = -421, /* Key Share data invalid */ + MISSING_HANDSHAKE_DATA = -422, /* Handshake message missing data */ + BAD_BINDER = -423, /* Binder does not match */ + EXT_NOT_ALLOWED = -424, /* Extension not allowed in msg */ + INVALID_PARAMETER = -425, /* Security parameter invalid */ + MCAST_HIGHWATER_CB_E = -426, /* Multicast highwater cb err */ + ALERT_COUNT_E = -427, /* Alert Count exceeded err */ + EXT_MISSING = -428, /* Required extension not found */ + UNSUPPORTED_EXTENSION = -429, /* TLSX not requested by client */ + PRF_MISSING = -430, /* PRF not compiled in */ + DTLS_RETX_OVER_TX = -431, /* Retransmit DTLS flight over */ + DH_PARAMS_NOT_FFDHE_E = -432, /* DH params from server not FFDHE */ + TCA_INVALID_ID_TYPE = -433, /* TLSX TCA ID type invalid */ + TCA_ABSENT_ERROR = -434, /* TLSX TCA ID no response */ + TSIP_MAC_DIGSZ_E = -435, /* Invalid MAC size for TSIP */ + CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */ + /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ + + /* begin negotiation parameter errors */ + UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */ + MATCH_SUITE_ERROR = -501, /* can't match cipher suite */ + COMPRESSION_ERROR = -502, /* compression mismatch */ + KEY_SHARE_ERROR = -503, /* key share mismatch */ + POST_HAND_AUTH_ERROR = -504, /* client won't do post-hand auth */ + HRR_COOKIE_ERROR = -505 /* HRR msg cookie mismatch */ + /* end negotiation parameter errors only 10 for now */ + /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ + + /* no error stings go down here, add above negotiation errors !!!! */ +}; + + +#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) + enum { + MIN_PARAM_ERR = UNSUPPORTED_SUITE, + MAX_PARAM_ERR = MIN_PARAM_ERR - 10 + }; +#endif + + +WOLFSSL_LOCAL +void SetErrorString(int err, char* buff); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* wolfSSL_ERROR_H */ diff --git a/source/libwolfssl/internal.h b/source/libwolfssl/internal.h new file mode 100644 index 00000000..5722e181 --- /dev/null +++ b/source/libwolfssl/internal.h @@ -0,0 +1,4437 @@ +/* internal.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLFSSL_INT_H +#define WOLFSSL_INT_H + + +#include +#include +#ifdef HAVE_CRL + #include +#endif +#include +#ifndef NO_DES3 + #include +#endif +#ifndef NO_HC128 + #include +#endif +#ifndef NO_RABBIT + #include +#endif +#ifdef HAVE_CHACHA + #include +#endif +#ifndef NO_ASN + #include + #include +#endif +#ifndef NO_MD5 + #include +#endif +#ifndef NO_SHA + #include +#endif +#ifndef NO_AES + #include +#endif +#ifdef HAVE_POLY1305 + #include +#endif +#ifdef HAVE_CAMELLIA + #include +#endif +#include +#ifndef NO_HMAC + #include +#endif +#ifndef NO_RC4 + #include +#endif +#ifndef NO_SHA256 + #include +#endif +#ifdef HAVE_OCSP + #include +#endif +#ifdef WOLFSSL_SHA384 + #include +#endif +#ifdef WOLFSSL_SHA512 + #include +#endif +#ifdef HAVE_AESGCM + #include +#endif +#ifdef WOLFSSL_RIPEMD + #include +#endif +#ifdef HAVE_IDEA + #include +#endif +#ifndef NO_RSA + #include +#endif +#ifdef HAVE_ECC + #include +#endif +#ifndef NO_DH + #include +#endif +#ifdef HAVE_ED25519 + #include +#endif +#ifdef HAVE_CURVE25519 + #include +#endif + +#include +#include + +#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) + #include +#endif +#ifdef WOLFSSL_CALLBACKS + #include +#endif + +#ifdef USE_WINDOWS_API + #ifdef WOLFSSL_GAME_BUILD + #include "system/xtl.h" + #else + #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) + /* On WinCE winsock2.h must be included before windows.h */ + #include + #endif + #include + #endif +#elif defined(THREADX) + #ifndef SINGLE_THREADED + #include "tx_api.h" + #endif + +#elif defined(WOLFSSL_DEOS) + /* do nothing, just don't pick Unix */ +#elif defined(MICRIUM) + /* do nothing, just don't pick Unix */ +#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) + /* do nothing */ +#elif defined(EBSNET) + /* do nothing */ +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + /* do nothing */ +#elif defined(FREESCALE_FREE_RTOS) + #include "fsl_os_abstraction.h" +#elif defined(WOLFSSL_uITRON4) + /* do nothing */ +#elif defined(WOLFSSL_uTKERNEL2) + /* do nothing */ +#elif defined(WOLFSSL_CMSIS_RTOS) + #include "cmsis_os.h" +#elif defined(WOLFSSL_CMSIS_RTOSv2) + #include "cmsis_os2.h" +#elif defined(WOLFSSL_MDK_ARM) + #if defined(WOLFSSL_MDK5) + #include "cmsis_os.h" + #else + #include + #endif +#elif defined(MBED) +#elif defined(WOLFSSL_TIRTOS) + /* do nothing */ +#elif defined(INTIME_RTOS) + #include +#elif defined(WOLFSSL_NUCLEUS_1_2) + /* do nothing */ +#elif defined(WOLFSSL_APACHE_MYNEWT) + #if !defined(WOLFSSL_LWIP) + void mynewt_ctx_clear(void *ctx); + void* mynewt_ctx_new(); + #endif +#elif defined(WOLFSSL_ZEPHYR) + #ifndef SINGLE_THREADED + #include + #endif +#elif defined(WOLFSSL_TELIT_M2MB) + /* do nothing */ +#else + #ifndef SINGLE_THREADED + #define WOLFSSL_PTHREADS + #include + #endif + #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) + #include /* for close of BIO */ + #endif +#endif + +#ifndef CHAR_BIT + /* Needed for DTLS without big math */ + #include +#endif + + +#ifdef HAVE_LIBZ + #include "zlib.h" +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +#ifdef OPENSSL_EXTRA + #ifdef WOLFCRYPT_HAVE_SRP + #include + #endif +#endif + +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable: 4996) +#endif + +#ifdef NO_SHA + #define WC_SHA_DIGEST_SIZE 20 +#endif + +#ifdef NO_SHA256 + #define WC_SHA256_DIGEST_SIZE 32 +#endif + +#ifdef NO_MD5 + #define WC_MD5_DIGEST_SIZE 16 +#endif + + +#ifdef __cplusplus + extern "C" { +#endif + +/* Define or comment out the cipher suites you'd like to be compiled in + make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined + + When adding cipher suites, add name to cipher_names, idx to cipher_name_idx + + Now that there is a maximum strength crypto build, the following BUILD_XXX + flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. + Those that do not use Perfect Forward Security and do not use AEAD ciphers + need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or + CHACHA-POLY. +*/ + +/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are + * not turned off. */ +#if defined(WOLFSSL_MAX_STRENGTH) && \ + ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ + (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ + (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ + (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ + !defined(NO_OLD_TLS)) + + #error "You are trying to build max strength with requirements disabled." +#endif + +/* Have QSH : Quantum-safe Handshake */ +#if defined(HAVE_QSH) + #define BUILD_TLS_QSH +#endif + +#ifndef WOLFSSL_NO_TLS12 + +#ifndef WOLFSSL_MAX_STRENGTH + +#ifdef WOLFSSL_AEAD_ONLY + /* AES CBC ciphers are not allowed in AEAD only mode */ + #undef HAVE_AES_CBC +#endif + +#ifndef WOLFSSL_AEAD_ONLY + #if !defined(NO_RSA) && !defined(NO_RC4) + #if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_SHA) + #define BUILD_SSL_RSA_WITH_RC4_128_SHA + #endif + #if !defined(NO_MD5) + #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #endif + #endif + #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \ + && defined(WOLFSSL_STATIC_RSA) + #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA + #endif + #endif + + #if !defined(NO_RSA) && !defined(NO_DES3) + #if !defined(NO_SHA) + #if defined(WOLFSSL_STATIC_RSA) + #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA + #endif + #if !defined(NO_TLS) && defined(HAVE_NTRU) \ + && defined(WOLFSSL_STATIC_RSA) + #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA + #endif + #endif + #endif + + #if !defined(NO_RSA) && defined(HAVE_IDEA) + #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA) + #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA + #endif + #endif +#endif /* !WOLFSSL_AEAD_ONLY */ + + #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) + #if !defined(NO_SHA) && defined(HAVE_AES_CBC) + #if defined(WOLFSSL_STATIC_RSA) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #endif + #endif + #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA + #endif + #endif + #endif + #if defined(WOLFSSL_STATIC_RSA) + #if !defined (NO_SHA256) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + #endif + #endif + #if defined (HAVE_AESGCM) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 + #endif + #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #if defined (HAVE_AESCCM) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 + #endif + #endif + #if defined(HAVE_BLAKE2) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + #endif + #endif + #endif + #endif + + #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC) + #ifndef NO_RSA + #if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + #endif + #endif + #if !defined(NO_DH) + #if !defined(NO_SHA) + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + #endif + #endif + #endif + #endif + +#if defined(WOLFSSL_STATIC_PSK) + #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) + #if !defined(NO_SHA) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA + #endif + #endif + #ifndef NO_SHA256 + #ifdef WOLFSSL_AES_128 + #ifdef HAVE_AES_CBC + #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 + #endif + #ifdef HAVE_AESGCM + #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + #endif + #endif /* WOLFSSL_AES_128 */ + #ifdef HAVE_AESCCM + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 + #define BUILD_TLS_PSK_WITH_AES_128_CCM + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 + #define BUILD_TLS_PSK_WITH_AES_256_CCM + #endif + #endif + #endif + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #ifdef HAVE_AES_CBC + #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + #endif + #ifdef HAVE_AESGCM + #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + #endif + #endif + #endif +#endif + + #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) + #if !defined(NO_RSA) + #if defined(WOLFSSL_STATIC_RSA) + #ifndef NO_MD5 + #define BUILD_TLS_RSA_WITH_NULL_MD5 + #endif + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_NULL_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_RSA_WITH_NULL_SHA256 + #endif + #endif + #endif + #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) + #if !defined(NO_SHA) + #define BUILD_TLS_PSK_WITH_NULL_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_PSK_WITH_NULL_SHA256 + #endif + #ifdef WOLFSSL_SHA384 + #define BUILD_TLS_PSK_WITH_NULL_SHA384 + #endif + #endif + #endif + +#if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) + #ifndef NO_MD5 + #define BUILD_TLS_RSA_WITH_HC_128_MD5 + #endif + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_HC_128_SHA + #endif + #if defined(HAVE_BLAKE2) + #define BUILD_TLS_RSA_WITH_HC_128_B2B256 + #endif + #endif + + #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_RABBIT_SHA + #endif + #endif +#endif + + #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ + !defined(NO_RSA) + + #if !defined(NO_SHA) + #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) + #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + #endif + #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) + #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + #endif + #if !defined(NO_DES3) + #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + #endif + #endif + #if !defined(NO_SHA256) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + #endif + #endif + #endif + + #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ + !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) + #ifdef HAVE_AES_CBC + #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA + #endif + + #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) + #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 + #endif + #endif + + #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) + #ifndef NO_SHA256 + #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_CBC) + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + #endif + #ifdef HAVE_NULL_CIPHER + #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + #endif + #endif + #ifdef WOLFSSL_SHA384 + #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_CBC) + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + #endif + #ifdef HAVE_NULL_CIPHER + #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + #endif + #endif + #endif + + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) + #if !defined(NO_AES) + #if !defined(NO_SHA) && defined(HAVE_AES_CBC) + #if !defined(NO_RSA) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #endif + #endif + #endif + + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + #endif + #endif + + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #endif + #endif + #endif /* NO_SHA */ + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_CBC) + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + #endif + #endif + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + #endif + #endif + + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_CBC) + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + #endif + #endif + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + #endif + #endif + + #if defined (HAVE_AESGCM) + #if !defined(NO_RSA) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + #endif + #endif + #if defined(WOLFSSL_SHA384) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #endif + #endif + + #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_ECC) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + #endif + + #if defined(WOLFSSL_SHA384) + #if defined(WOLFSSL_STATIC_DH) && \ + defined(WOLFSSL_AES_256) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #endif + #endif /* NO_AES */ + #if !defined(NO_RC4) + #if !defined(NO_SHA) + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA + #endif + #endif + + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA + #endif + #endif + #endif + #if !defined(NO_DES3) + #ifndef NO_SHA + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + #endif + #endif + + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) + #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + #endif + #endif /* NO_SHA */ + #endif + #if defined(HAVE_NULL_CIPHER) + #if !defined(NO_SHA) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA + #endif + #endif + #if !defined(NO_PSK) && !defined(NO_SHA256) + #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 + #endif + #endif + #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ + defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) + #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + #endif + #endif + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) + #if !defined(NO_OLD_POLY1305) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 + #endif + #if !defined(NO_RSA) && defined(HAVE_ECC) + #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 + #endif + #if !defined(NO_DH) && !defined(NO_RSA) + #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 + #endif + #endif /* NO_OLD_POLY1305 */ + #if !defined(NO_PSK) + #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 + #if defined(HAVE_ECC) || defined(HAVE_ED25519) + #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + #endif + #ifndef NO_DH + #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + #endif + #endif /* !NO_PSK */ + #endif + +#endif /* !WOLFSSL_MAX_STRENGTH */ + +#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ + !defined(NO_RSA) && defined(HAVE_AESGCM) + + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + #endif + + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + #endif +#endif + +#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) + #ifndef NO_SHA256 + #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) + #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + #endif + #ifdef HAVE_AESCCM + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + #endif + #endif + #endif + #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AES_256) + #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + #endif +#endif + +#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \ + !defined(NO_AES) + #ifdef HAVE_AESGCM + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + #endif + #ifndef NO_RSA + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + #endif + #endif + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + #endif + #ifndef NO_RSA + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #endif + #if defined(HAVE_AESCCM) && !defined(NO_SHA256) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 + #endif + #endif + #endif +#endif + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + #endif + #ifndef NO_RSA + #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + #endif + #endif + #if !defined(NO_DH) && !defined(NO_RSA) + #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + #endif +#endif + +#endif + +#if defined(WOLFSSL_TLS13) + #ifdef HAVE_AESGCM + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + #define BUILD_TLS_AES_128_GCM_SHA256 + #endif + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #define BUILD_TLS_AES_256_GCM_SHA384 + #endif + #endif + + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + #ifndef NO_SHA256 + #define BUILD_TLS_CHACHA20_POLY1305_SHA256 + #endif + #endif + + #ifdef HAVE_AESCCM + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + #define BUILD_TLS_AES_128_CCM_SHA256 + #define BUILD_TLS_AES_128_CCM_8_SHA256 + #endif + #endif + #ifdef HAVE_NULL_CIPHER + #ifndef NO_SHA256 + #define BUILD_TLS_SHA256_SHA256 + #endif + #ifdef WOLFSSL_SHA384 + #define BUILD_TLS_SHA384_SHA384 + #endif + #endif +#endif + +#ifdef WOLFSSL_MULTICAST + #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) + #define BUILD_WDM_WITH_NULL_SHA256 + #endif +#endif + +#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ + defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) + #define BUILD_ARC4 +#endif + +#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) + #define BUILD_DES3 +#endif + +#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ + defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) + #undef BUILD_AES + #define BUILD_AES +#endif + +#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ + defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ + defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \ + defined(BUILD_TLS_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_AES_256_GCM_SHA384) + #define BUILD_AESGCM +#else + /* No AES-GCM cipher suites available with build */ + #define NO_AESGCM_AEAD +#endif + +#if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \ + defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \ + defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) + /* Have an available ChaCha Poly cipher suite */ +#else + /* No ChaCha Poly cipher suites available with build */ + #define NO_CHAPOL_AEAD +#endif + +#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ + defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ + defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) + #define BUILD_HC128 +#endif + +#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) + #define BUILD_RABBIT +#endif + +#ifdef NO_DES3 + #define DES_BLOCK_SIZE 8 +#else + #undef BUILD_DES3 + #define BUILD_DES3 +#endif + +#if defined(NO_AES) || defined(NO_AES_DECRYPT) + #define AES_BLOCK_SIZE 16 + #undef BUILD_AES +#else + #undef BUILD_AES + #define BUILD_AES +#endif + +#ifndef NO_RC4 + #undef BUILD_ARC4 + #define BUILD_ARC4 +#endif + +#ifdef HAVE_CHACHA + #define CHACHA20_BLOCK_SIZE 16 +#endif + +#if defined(WOLFSSL_MAX_STRENGTH) || \ + (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \ + defined(HAVE_AESCCM) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + !defined(NO_CHAPOL_AEAD)) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)) + + #define HAVE_AEAD +#endif + +#if defined(WOLFSSL_MAX_STRENGTH) || \ + defined(HAVE_ECC) || !defined(NO_DH) + + #define HAVE_PFS +#endif + +#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA) + #define BUILD_IDEA +#endif + +/* actual cipher values, 2nd byte */ +enum { + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, + TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, + TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, + TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, + TLS_RSA_WITH_NULL_MD5 = 0x01, + TLS_RSA_WITH_NULL_SHA = 0x02, + TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, + TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, + TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, + TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, + TLS_PSK_WITH_NULL_SHA256 = 0xb0, + TLS_PSK_WITH_NULL_SHA384 = 0xb1, + TLS_PSK_WITH_NULL_SHA = 0x2c, + SSL_RSA_WITH_RC4_128_SHA = 0x05, + SSL_RSA_WITH_RC4_128_MD5 = 0x04, + SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, + SSL_RSA_WITH_IDEA_CBC_SHA = 0x07, + + /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, + TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, + TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06, + TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37, + + /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, + TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, + + /* wolfSSL extension - eSTREAM */ + TLS_RSA_WITH_HC_128_MD5 = 0xFB, + TLS_RSA_WITH_HC_128_SHA = 0xFC, + TLS_RSA_WITH_RABBIT_SHA = 0xFD, + WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */ + + /* wolfSSL extension - Blake2b 256 */ + TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, + TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, + TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ + + /* wolfSSL extension - NTRU */ + TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, + TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, + TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ + TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, + + /* wolfSSL extension - NTRU , Quantum-safe Handshake + first byte is 0xD0 (QSH_BYTE) */ + TLS_QSH = 0x01, + + /* SHA256 */ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, + TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, + TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, + TLS_RSA_WITH_NULL_SHA256 = 0x3b, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, + TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, + + /* SHA384 */ + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, + TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, + + /* AES-GCM */ + TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, + TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, + TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7, + TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, + TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, + + /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, + + /* AES-CCM, first byte is 0xC0 but isn't ECC, + * also, in some of the other AES-CCM suites + * there will be second byte number conflicts + * with non-ECC AES-GCM */ + TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, + TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, + TLS_PSK_WITH_AES_128_CCM = 0xa4, + TLS_PSK_WITH_AES_256_CCM = 0xa5, + TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, + TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, + TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, + TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, + + /* Camellia */ + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, + + /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa, + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac, + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab, + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad, + + /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ + TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13, + TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14, + TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15, + + /* TLS v1.3 cipher suites */ + TLS_AES_128_GCM_SHA256 = 0x01, + TLS_AES_256_GCM_SHA384 = 0x02, + TLS_CHACHA20_POLY1305_SHA256 = 0x03, + TLS_AES_128_CCM_SHA256 = 0x04, + TLS_AES_128_CCM_8_SHA256 = 0x05, + + /* TLS v1.3 Integity only cipher suites - 0xC0 (ECC) first byte */ + TLS_SHA256_SHA256 = 0xB4, + TLS_SHA384_SHA384 = 0xB5, + + /* Fallback SCSV (Signaling Cipher Suite Value) */ + TLS_FALLBACK_SCSV = 0x56, + /* Renegotiation Indication Extension Special Suite */ + TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff +}; + + +#ifndef WOLFSSL_SESSION_TIMEOUT + #define WOLFSSL_SESSION_TIMEOUT 500 + /* default session resumption cache timeout in seconds */ +#endif + + +#ifndef WOLFSSL_DTLS_WINDOW_WORDS + #define WOLFSSL_DTLS_WINDOW_WORDS 2 +#endif /* WOLFSSL_DTLS_WINDOW_WORDS */ +#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT) +#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS) +#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS) + +#ifndef WOLFSSL_MULTICAST + #define WOLFSSL_DTLS_PEERSEQ_SZ 1 +#else + #ifndef WOLFSSL_MULTICAST_PEERS + /* max allowed multicast group peers */ + #define WOLFSSL_MULTICAST_PEERS 100 + #endif + #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS +#endif /* WOLFSSL_MULTICAST */ + +#ifndef WOLFSSL_MAX_MTU + #define WOLFSSL_MAX_MTU 1500 +#endif /* WOLFSSL_MAX_MTU */ + + +/* set minimum DH key size allowed */ +#ifndef WOLFSSL_MIN_DHKEY_BITS + #ifdef WOLFSSL_MAX_STRENGTH + #define WOLFSSL_MIN_DHKEY_BITS 2048 + #else + #define WOLFSSL_MIN_DHKEY_BITS 1024 + #endif +#endif +#if (WOLFSSL_MIN_DHKEY_BITS % 8) + #error DH minimum bit size must be multiple of 8 +#endif +#if (WOLFSSL_MIN_DHKEY_BITS > 16000) + #error DH minimum bit size must not be greater than 16000 +#endif +#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) +/* set maximum DH key size allowed */ +#ifndef WOLFSSL_MAX_DHKEY_BITS + #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) + #define WOLFSSL_MAX_DHKEY_BITS 8192 + #else + #define WOLFSSL_MAX_DHKEY_BITS 4096 + #endif +#endif +#if (WOLFSSL_MAX_DHKEY_BITS % 8) + #error DH maximum bit size must be multiple of 8 +#endif +#if (WOLFSSL_MAX_DHKEY_BITS > 16000) + #error DH maximum bit size must not be greater than 16000 +#endif +#define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8) + +#ifndef MAX_PSK_ID_LEN + /* max psk identity/hint supported */ + #if defined(WOLFSSL_TLS13) + #define MAX_PSK_ID_LEN 256 + #else + #define MAX_PSK_ID_LEN 128 + #endif +#endif + +#ifndef MAX_EARLY_DATA_SZ + /* maximum early data size */ + #define MAX_EARLY_DATA_SZ 4096 +#endif + +enum Misc { + CIPHER_BYTE = 0x00, /* Default ciphers */ + ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ + QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */ + CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ + TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */ + + SEND_CERT = 1, + SEND_BLANK_CERT = 2, + + DTLS_MAJOR = 0xfe, /* DTLS major version number */ + DTLS_MINOR = 0xff, /* DTLS minor version number */ + DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ + SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ + SSLv3_MINOR = 0, /* TLSv1 minor version number */ + TLSv1_MINOR = 1, /* TLSv1 minor version number */ + TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ + TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ + TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ + TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ +#ifdef WOLFSSL_TLS13_DRAFT +#ifdef WOLFSSL_TLS13_DRAFT_18 + TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ +#elif defined(WOLFSSL_TLS13_DRAFT_22) + TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */ +#elif defined(WOLFSSL_TLS13_DRAFT_23) + TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */ +#elif defined(WOLFSSL_TLS13_DRAFT_26) + TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */ +#else + TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */ +#endif +#endif + OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ + INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ + NO_COMPRESSION = 0, + ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ + HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ + HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */ + SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH, + /* pre RSA and all master */ +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192) +#ifndef NO_PSK + ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */ +#else + ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ +#endif +#else +#ifndef NO_PSK + ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */ +#else + ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ +#endif +#endif + SIZEOF_SENDER = 4, /* clnt or srvr */ + FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ + MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ + MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */ + MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */ +#ifdef WOLFSSL_TLS13 + MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */ + MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */ +#endif + MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE, + /* max added to msg, mac + pad from */ + /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max + digest sz + BLOC_SZ (iv) + pad byte (1) */ + MAX_COMP_EXTRA = 1024, /* max compression extra */ + MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */ + MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ + MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */ + /* 4096 p, pub, g + 2 byte size for each */ + MAX_STR_VERSION = 8, /* string rep of protocol version */ + + PAD_MD5 = 48, /* pad length for finished */ + PAD_SHA = 40, /* pad length for finished */ + MAX_PAD_SIZE = 256, /* maximum length of padding */ + + LENGTH_SZ = 2, /* length field for HMAC, data only */ + VERSION_SZ = 2, /* length of proctocol version */ + SEQ_SZ = 8, /* 64 bit sequence number */ + ALERT_SIZE = 2, /* level + description */ + VERIFY_HEADER = 2, /* always use 2 bytes */ + EXTS_SZ = 2, /* always use 2 bytes */ + EXT_ID_SZ = 2, /* always use 2 bytes */ + MAX_DH_SIZE = MAX_DHKEY_SZ+1, + /* Max size plus possible leading 0 */ + NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */ + MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */ + MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */ + SESSION_HINT_SZ = 4, /* session timeout hint */ + SESSION_ADD_SZ = 4, /* session age add */ + TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */ + DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */ + MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */ + MAX_LIFETIME = 604800, /* maximum ticket lifetime */ + + RAN_LEN = 32, /* random length */ + SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ + ID_LEN = 32, /* session id length */ + COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */ + MAX_COOKIE_LEN = 32, /* max dtls cookie size */ + COOKIE_SZ = 20, /* use a 20 byte cookie */ + SUITE_LEN = 2, /* cipher suite sz length */ + ENUM_LEN = 1, /* always a byte */ + OPAQUE8_LEN = 1, /* 1 byte */ + OPAQUE16_LEN = 2, /* 2 bytes */ + OPAQUE24_LEN = 3, /* 3 bytes */ + OPAQUE32_LEN = 4, /* 4 bytes */ + OPAQUE64_LEN = 8, /* 8 bytes */ + COMP_LEN = 1, /* compression length */ + CURVE_LEN = 2, /* ecc named curve length */ + KE_GROUP_LEN = 2, /* key exchange group length */ + SERVER_ID_LEN = 20, /* server session id length */ + + HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ + RECORD_HEADER_SZ = 5, /* type + version + len(2) */ + CERT_HEADER_SZ = 3, /* always 3 bytes */ + REQ_HEADER_SZ = 2, /* cert request header sz */ + HINT_LEN_SZ = 2, /* length of hint size field */ + TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ + HELLO_EXT_SZ = 4, /* base length of a hello extension */ + HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ + HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */ + HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */ + + DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ + DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ + DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ + DTLS_RECORD_EXTRA = 8, /* diff from normal */ + DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ + DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ + DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */ + DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ + DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */ + DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */ + DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */ + DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ + DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */ + DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), + /* max amount of bytes used from Keys */ + DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2), + /* min amount of bytes used from Keys */ + DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ + DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ + DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ + MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ + MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN), + /* max size of buffer for exporting state */ + FINISHED_LABEL_SZ = 15, /* TLS finished label size */ + TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ + EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */ + MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ + KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ + PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */ + MAX_LABEL_SZ = 34, /* Maximum length of a label */ + MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + + OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ + + OPAQUE8_LEN + WC_MAX_DIGEST_SIZE, + MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ + SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ + TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, +#else + MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, +#endif + +#ifdef HAVE_SELFTEST + #define WOLFSSL_AES_KEY_SIZE_ENUM + AES_IV_SIZE = 16, + AES_128_KEY_SIZE = 16, + AES_192_KEY_SIZE = 24, + AES_256_KEY_SIZE = 32, +#endif + + MAX_IV_SZ = AES_BLOCK_SIZE, + + AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ + AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ + AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ + AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ + AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ + AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ + AEAD_NONCE_SZ = 12, + AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */ + AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */ + AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ, + + CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ + CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ + CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ + + /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ + + AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ + AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ + AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ + AESCCM_NONCE_SZ = 12, + + CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ + CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ + CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ + CAMELLIA_IV_SIZE = 16, /* always block size */ + + CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ + CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ + CHACHA20_IV_SIZE = 12, /* 96 bits for iv */ + + POLY1305_AUTH_SZ = 16, /* 128 bits */ + + HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */ + + HC_128_KEY_SIZE = 16, /* 128 bits */ + HC_128_IV_SIZE = 16, /* also 128 bits */ + + RABBIT_KEY_SIZE = 16, /* 128 bits */ + RABBIT_IV_SIZE = 8, /* 64 bits for iv */ + + EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ + +#ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */ + ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ +#endif + MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ + MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */ + + NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ + ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ + ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ + ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ + ED448_SA_MINOR = 8, /* Least significant byte for ED448 */ + + MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ + MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ + +#ifndef NO_RSA + MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */ +#elif defined(HAVE_ECC) + MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */ +#elif defined(HAVE_ED25519) + MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */ +#else + MAX_CERT_VERIFY_SZ = 1024, /* max default */ +#endif + CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ + MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ + + DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ + DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ + DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ + + NULL_TERM_LEN = 1, /* length of null '\0' termination character */ + MAX_PSK_KEY_LEN = 64, /* max psk key supported */ + MIN_PSK_ID_LEN = 6, /* min length of identities */ + MIN_PSK_BINDERS_LEN= 33, /* min length of binders */ + MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */ + + MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */ + + MAX_X509_SIZE = 2048, /* max static x509 buffer size */ + CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ + + MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ + MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ + MAX_NTRU_BITS = 256, /* max symmetric bit strength */ + NO_SNIFF = 0, /* not sniffing */ + SNIFF = 1, /* currently sniffing */ + + HASH_SIG_SIZE = 2, /* default SHA1 RSA */ + + NO_COPY = 0, /* should we copy static buffer for write */ + COPY = 1, /* should we copy static buffer for write */ + + INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */ + + PREV_ORDER = -1, /* Sequence number is in previous epoch. */ + PEER_ORDER = 1, /* Peer sequence number for verify. */ + CUR_ORDER = 0, /* Current sequence number. */ + WRITE_PROTO = 1, /* writing a protocol message */ + READ_PROTO = 0 /* reading a protocol message */ +}; + +/* minimum Downgrade Minor version */ +#ifndef WOLFSSL_MIN_DOWNGRADE + #ifndef NO_OLD_TLS + #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR + #else + #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR + #endif +#endif + +/* Set max implicit IV size for AEAD cipher suites */ +#define AEAD_MAX_IMP_SZ 12 + +/* Set max explicit IV size for AEAD cipher suites */ +#define AEAD_MAX_EXP_SZ 8 + + +#ifndef WOLFSSL_MAX_SUITE_SZ + #define WOLFSSL_MAX_SUITE_SZ 300 + /* 150 suites for now! */ +#endif + +/* number of items in the signature algo list */ +#ifndef WOLFSSL_MAX_SIGALGO + #define WOLFSSL_MAX_SIGALGO 32 +#endif + + +/* set minimum ECC key size allowed */ +#ifndef WOLFSSL_MIN_ECC_BITS + #ifdef WOLFSSL_MAX_STRENGTH + #define WOLFSSL_MIN_ECC_BITS 256 + #else + #define WOLFSSL_MIN_ECC_BITS 224 + #endif +#endif /* WOLFSSL_MIN_ECC_BITS */ +#if (WOLFSSL_MIN_ECC_BITS % 8) + /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1. + In these cases round down to the nearest value divisible by 8. The + restriction of being divisible by 8 is in place to match wc_ecc_size + function from wolfSSL. + */ + #error ECC minimum bit size must be a multiple of 8 +#endif +#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) + +/* set minimum RSA key size allowed */ +#ifndef WOLFSSL_MIN_RSA_BITS + #ifdef WOLFSSL_MAX_STRENGTH + #define WOLFSSL_MIN_RSA_BITS 2048 + #else + #define WOLFSSL_MIN_RSA_BITS 1024 + #endif +#endif /* WOLFSSL_MIN_RSA_BITS */ +#if (WOLFSSL_MIN_RSA_BITS % 8) + /* This is to account for the example case of a min size of 2050 bits but + still allows 2049 bit key. So we need the measurement to be in bytes. */ + #error RSA minimum bit size must be a multiple of 8 +#endif +#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8) + +#ifdef SESSION_INDEX +/* Shift values for making a session index */ +#define SESSIDX_ROW_SHIFT 4 +#define SESSIDX_IDX_MASK 0x0F +#endif + + +/* max cert chain peer depth */ +#ifndef MAX_CHAIN_DEPTH + #define MAX_CHAIN_DEPTH 9 +#endif + +/* max size of a certificate message payload */ +/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ +#ifndef MAX_CERTIFICATE_SZ + #define MAX_CERTIFICATE_SZ \ + CERT_HEADER_SZ + \ + (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH +#endif + +/* max size of a handshake message, currently set to the certificate */ +#ifndef MAX_HANDSHAKE_SZ + #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ +#endif + +#ifndef SESSION_TICKET_LEN + #define SESSION_TICKET_LEN 256 +#endif + +#ifndef SESSION_TICKET_HINT_DEFAULT + #define SESSION_TICKET_HINT_DEFAULT 300 +#endif + + +/* don't use extra 3/4k stack space unless need to */ +#ifdef HAVE_NTRU + #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ +#else + #define MAX_ENCRYPT_SZ ENCRYPT_LEN +#endif + + +/* states */ +enum states { + NULL_STATE = 0, + + SERVER_HELLOVERIFYREQUEST_COMPLETE, + SERVER_HELLO_RETRY_REQUEST_COMPLETE, + SERVER_HELLO_COMPLETE, + SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, + SERVER_CERT_COMPLETE, + SERVER_KEYEXCHANGE_COMPLETE, + SERVER_HELLODONE_COMPLETE, + SERVER_CHANGECIPHERSPEC_COMPLETE, + SERVER_FINISHED_COMPLETE, + + CLIENT_HELLO_RETRY, + CLIENT_HELLO_COMPLETE, + CLIENT_KEYEXCHANGE_COMPLETE, + CLIENT_CHANGECIPHERSPEC_COMPLETE, + CLIENT_FINISHED_COMPLETE, + + HANDSHAKE_DONE +}; + +/* SSL Version */ +typedef struct ProtocolVersion { + byte major; + byte minor; +} WOLFSSL_PACK ProtocolVersion; + + +WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); +WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); +WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); +WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); +WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); + +#ifdef WOLFSSL_DTLS + WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); + WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); + + #ifdef WOLFSSL_SESSION_EXPORT + WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, + word32 sz); + WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, + word32 sz); + WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, + byte* buf, word32 sz); + WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, + byte* buf, word32 sz); + WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); + #endif +#endif + + +/* wolfSSL method type */ +struct WOLFSSL_METHOD { + ProtocolVersion version; + byte side; /* connection side, server or client */ + byte downgrade; /* whether to downgrade version, default no */ +}; + +/* wolfSSL buffer type - internal uses "buffer" type */ +typedef WOLFSSL_BUFFER_INFO buffer; + +typedef struct Suites Suites; + + +/* defaults to client */ +WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); + +WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl); +WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side); + +/* for sniffer */ +WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + word32 size, word32 totalSz, int sniff); +WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); +/* TLS v1.3 needs these */ +WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, + Suites* clSuites); +#ifdef WOLFSSL_TLS13 +WOLFSSL_LOCAL int FindSuite(Suites* suites, byte first, byte second); +#endif +WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, + word32); +#ifdef WOLFSSL_TLS13 +WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, + word32* inOutIdx, word32 helloSz); +#endif +WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, + word32); +WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); +WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); +WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, + word32 hashSigAlgoSz); +WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); +#ifdef HAVE_PK_CALLBACKS +WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); +#ifndef NO_ASN + WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); +#endif +#endif +WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); +WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); +WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); +WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); +#ifndef NO_CERTS +WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); +#endif +WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); +WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); +WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, + int ivSz); +WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); +#endif +#ifdef WOLFSSL_TLS13 +WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, + word16 sz, const byte* aad, word16 aadSz); +WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, + word32* inOutIdx, byte type, + word32 size, word32 totalSz); +WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, + word32* inOutIdx, word32 totalSz); +WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, + word32* inOutIdx, word32 helloSz, + byte* extMsgType); +#endif +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, + int pLen, int content); + + +enum { + FORCED_FREE = 1, + NO_FORCED_FREE = 0 +}; + + +/* only use compression extra if using compression */ +#ifdef HAVE_LIBZ + #define COMP_EXTRA MAX_COMP_EXTRA +#else + #define COMP_EXTRA 0 +#endif + +/* only the sniffer needs space in the buffer for extra MTU record(s) */ +#ifdef WOLFSSL_SNIFFER + #define MTU_EXTRA MAX_MTU * 3 +#else + #define MTU_EXTRA 0 +#endif + + +/* embedded callbacks require large static buffers, make sure on */ +#ifdef WOLFSSL_CALLBACKS + #undef LARGE_STATIC_BUFFERS + #define LARGE_STATIC_BUFFERS +#endif + + +/* give user option to use 16K static buffers */ +#if defined(LARGE_STATIC_BUFFERS) + #define RECORD_SIZE MAX_RECORD_SIZE +#else + #ifdef WOLFSSL_DTLS + #define RECORD_SIZE MAX_MTU + #else + #define RECORD_SIZE 128 + #endif +#endif + + +/* user option to turn off 16K output option */ +/* if using small static buffers (default) and SSL_write tries to write data + larger than the record we have, dynamically get it, unless user says only + write in static buffer chunks */ +#ifndef STATIC_CHUNKS_ONLY + #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE +#else + #define OUTPUT_RECORD_SIZE RECORD_SIZE +#endif + +/* wolfSSL input buffer + + RFC 2246: + + length + The length (in bytes) of the following TLSPlaintext.fragment. + The length should not exceed 2^14. +*/ +#if defined(LARGE_STATIC_BUFFERS) + #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ + MTU_EXTRA + MAX_MSG_EXTRA +#else + /* don't fragment memory from the record header */ + #define STATIC_BUFFER_LEN RECORD_HEADER_SZ +#endif + +typedef struct { + ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; + byte* buffer; /* place holder for static or dynamic buffer */ + word32 length; /* total buffer length used */ + word32 idx; /* idx to part of length already consumed */ + word32 bufferSize; /* current buffer size */ + byte dynamicFlag; /* dynamic memory currently in use */ + byte offset; /* alignment offset attempt */ +} bufferStatic; + +/* Cipher Suites holder */ +struct Suites { + word16 suiteSz; /* suite length in bytes */ + word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ + byte suites[WOLFSSL_MAX_SUITE_SZ]; + byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */ + byte setSuites; /* user set suites from default */ + byte hashAlgo; /* selected hash algorithm */ + byte sigAlgo; /* selected sig algorithm */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */ +#endif +}; + + +WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, + int haveRSAsig, int haveAnon, + int tls1_2, int keySz); +WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16, + word16, word16, word16, word16, word16, int); +WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); +WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); + +#ifndef PSK_TYPES_DEFINED + typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, + unsigned int, unsigned char*, unsigned int); + typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, + unsigned char*, unsigned int); +#ifdef WOLFSSL_TLS13 + typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*, + char*, unsigned int, unsigned char*, unsigned int, + const char**); + typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*, + unsigned char*, unsigned int, const char**); +#endif +#endif /* PSK_TYPES_DEFINED */ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ + !defined(WOLFSSL_DTLS_EXPORT_TYPES) + typedef int (*wc_dtls_export)(WOLFSSL* ssl, + unsigned char* exportBuffer, unsigned int sz, void* userCtx); +#define WOLFSSL_DTLS_EXPORT_TYPES +#endif /* WOLFSSL_DTLS_EXPORT_TYPES */ + + +/* wolfSSL Cipher type just points back to SSL */ +struct WOLFSSL_CIPHER { + byte cipherSuite0; + byte cipherSuite; + WOLFSSL* ssl; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + char description[MAX_CIPHERNAME_SZ]; + unsigned long offset; + unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */ + int bits; +#endif +}; + + +#ifdef NO_ASN + /* no_asn won't have */ + typedef struct CertStatus CertStatus; +#endif + +#ifndef HAVE_OCSP + typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; +#endif + +/* wolfSSL OCSP controller */ +#ifdef HAVE_OCSP +struct WOLFSSL_OCSP { + WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ + OcspEntry* ocspList; /* OCSP response list */ + wolfSSL_Mutex ocspLock; /* OCSP list lock */ + int error; +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + int(*statusCb)(WOLFSSL*, void*); +#endif +}; +#endif + +#ifndef MAX_DATE_SIZE +#define MAX_DATE_SIZE 32 +#endif + +typedef struct CRL_Entry CRL_Entry; + +#ifdef NO_SHA + #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#else + #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE +#endif + +#ifdef NO_ASN + typedef struct RevokedCert RevokedCert; +#endif + +/* Complete CRL */ +struct CRL_Entry { + CRL_Entry* next; /* next entry */ + byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ + /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ + /* restore the hash here if needed for optimized comparisons */ + byte lastDate[MAX_DATE_SIZE]; /* last date updated */ + byte nextDate[MAX_DATE_SIZE]; /* next update date */ + byte lastDateFormat; /* last date format */ + byte nextDateFormat; /* next date format */ + RevokedCert* certs; /* revoked cert list */ + int totalCerts; /* number on list */ + int verified; + byte* toBeSigned; + word32 tbsSz; + byte* signature; + word32 signatureSz; + word32 signatureOID; +#if !defined(NO_SKID) && defined(CRL_SKID_READY) + byte extAuthKeyIdSet; + byte extAuthKeyId[KEYID_SIZE]; +#endif +}; + + +typedef struct CRL_Monitor CRL_Monitor; + +/* CRL directory monitor */ +struct CRL_Monitor { + char* path; /* full dir path, if valid pointer we're using */ + int type; /* PEM or ASN1 type */ +}; + + +#if defined(HAVE_CRL) && defined(NO_FILESYSTEM) + #undef HAVE_CRL_MONITOR +#endif + +/* wolfSSL CRL controller */ +struct WOLFSSL_CRL { + WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ + CRL_Entry* crlList; /* our CRL list */ +#ifdef HAVE_CRL_IO + CbCrlIO crlIOCb; +#endif + wolfSSL_Mutex crlLock; /* CRL list lock */ + CRL_Monitor monitors[2]; /* PEM and DER possible */ +#ifdef HAVE_CRL_MONITOR + pthread_cond_t cond; /* condition to signal setup */ + pthread_t tid; /* monitoring thread */ + int mfd; /* monitor fd, -1 if no init yet */ + int setup; /* thread is setup predicate */ +#endif + void* heap; /* heap hint for dynamic memory */ +}; + + +#ifdef NO_ASN + typedef struct Signer Signer; +#ifdef WOLFSSL_TRUST_PEER_CERT + typedef struct TrustedPeerCert TrustedPeerCert; +#endif +#endif + + +#ifndef CA_TABLE_SIZE + #define CA_TABLE_SIZE 11 +#endif +#ifdef WOLFSSL_TRUST_PEER_CERT + #define TP_TABLE_SIZE 11 +#endif + +/* wolfSSL Certificate Manager */ +struct WOLFSSL_CERT_MANAGER { + Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ + void* heap; /* heap helper */ +#ifdef WOLFSSL_TRUST_PEER_CERT + TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */ + wolfSSL_Mutex tpLock; /* trusted peer list lock */ +#endif + WOLFSSL_CRL* crl; /* CRL checker */ + WOLFSSL_OCSP* ocsp; /* OCSP checker */ +#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) + WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */ +#endif + char* ocspOverrideURL; /* use this responder */ + void* ocspIOCtx; /* I/O callback CTX */ + CallbackCACache caCacheCallback; /* CA cache addition callback */ + CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ + CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ + CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ + wolfSSL_Mutex caLock; /* CA list lock */ + byte crlEnabled; /* is CRL on ? */ + byte crlCheckAll; /* always leaf, but all ? */ + byte ocspEnabled; /* is OCSP on ? */ + byte ocspCheckAll; /* always leaf, but all ? */ + byte ocspSendNonce; /* send the OCSP nonce ? */ + byte ocspUseOverrideURL; /* ignore cert's responder, override */ + byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ + +#ifndef NO_RSA + short minRsaKeySz; /* minimum allowed RSA key size */ +#endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + short minEccKeySz; /* minimum allowed ECC key size */ +#endif +}; + +WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); +WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); +WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); +WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); +WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); + +/* wolfSSL Sock Addr */ +struct WOLFSSL_SOCKADDR { + unsigned int sz; /* sockaddr size */ + void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ +}; + +typedef struct WOLFSSL_DTLS_CTX { + WOLFSSL_SOCKADDR peer; + int rfd; + int wfd; +} WOLFSSL_DTLS_CTX; + + +typedef struct WOLFSSL_DTLS_PEERSEQ { + word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; + /* Sliding window for current epoch */ + word16 nextEpoch; /* Expected epoch in next record */ + word16 nextSeq_hi; /* Expected sequence in next record */ + word32 nextSeq_lo; + + word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS]; + /* Sliding window for old epoch */ + word32 prevSeq_lo; + word16 prevSeq_hi; /* Next sequence in allowed old epoch */ + +#ifdef WOLFSSL_MULTICAST + word16 peerId; + word32 highwaterMark; +#endif +} WOLFSSL_DTLS_PEERSEQ; + + +#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ + +/* keys and secrets + * keep as a constant size (no additional ifdefs) for session export */ +typedef struct Keys { +#if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13) + byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */ + byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE]; +#endif + byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */ + byte server_write_key[MAX_SYM_KEY_SIZE]; + byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ + byte server_write_IV[MAX_WRITE_IV_SZ]; +#if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT) + byte aead_exp_IV[AEAD_MAX_EXP_SZ]; + byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; + byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; +#endif + + word32 peer_sequence_number_hi; + word32 peer_sequence_number_lo; + word32 sequence_number_hi; + word32 sequence_number_lo; + +#ifdef WOLFSSL_DTLS + word16 curEpoch; /* Received epoch in current record */ + word16 curSeq_hi; /* Received sequence in current record */ + word32 curSeq_lo; +#ifdef WOLFSSL_MULTICAST + byte curPeerId; /* Received peer group ID in current record */ +#endif + WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ]; + + word16 dtls_peer_handshake_number; + word16 dtls_expected_peer_handshake_number; + + word16 dtls_epoch; /* Current epoch */ + word16 dtls_sequence_number_hi; /* Current epoch */ + word32 dtls_sequence_number_lo; + word16 dtls_prev_sequence_number_hi; /* Previous epoch */ + word32 dtls_prev_sequence_number_lo; + word16 dtls_handshake_number; /* Current tx handshake seq */ +#endif + + word32 encryptSz; /* last size of encrypted data */ + word32 padSz; /* how much to advance after decrypt part */ + byte encryptionOn; /* true after change cipher spec */ + byte decryptedCur; /* only decrypt current record once */ +#ifdef WOLFSSL_TLS13 + byte updateResponseReq:1; /* KeyUpdate response from peer required. */ + byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ +#endif +#ifdef WOLFSSL_RENESAS_TSIP_TLS + byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; + byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; +#endif +} Keys; + + + +/** TLS Extensions - RFC 6066 */ +#ifdef HAVE_TLS_EXTENSIONS + +typedef enum { + TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ + TLSX_MAX_FRAGMENT_LENGTH = 0x0001, + TLSX_TRUSTED_CA_KEYS = 0x0003, + TLSX_TRUNCATED_HMAC = 0x0004, + TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ + TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ + TLSX_EC_POINT_FORMATS = 0x000b, +#if !defined(WOLFSSL_NO_SIGALG) + TLSX_SIGNATURE_ALGORITHMS = 0x000d, +#endif + TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ + TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ +#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) + TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ +#endif + TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ + TLSX_SESSION_TICKET = 0x0023, +#ifdef WOLFSSL_TLS13 + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + TLSX_PRE_SHARED_KEY = 0x0029, + #endif + #ifdef WOLFSSL_EARLY_DATA + TLSX_EARLY_DATA = 0x002a, + #endif + TLSX_SUPPORTED_VERSIONS = 0x002b, + TLSX_COOKIE = 0x002c, + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, + #endif + #ifdef WOLFSSL_POST_HANDSHAKE_AUTH + TLSX_POST_HANDSHAKE_AUTH = 0x0031, + #endif + #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22) + TLSX_KEY_SHARE = 0x0028, + #else + TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, + TLSX_KEY_SHARE = 0x0033, + #endif +#endif + TLSX_RENEGOTIATION_INFO = 0xff01 +} TLSX_Type; + +typedef struct TLSX { + TLSX_Type type; /* Extension Type */ + void* data; /* Extension Data */ + word32 val; /* Extension Value */ + byte resp; /* IsResponse Flag */ + struct TLSX* next; /* List Behavior */ +} TLSX; + +WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); +WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap); +WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); +WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); + +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) +WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, + word16* pLength); +WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, + byte msgType, word16* pOffset); +#endif + +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) +/* TLS 1.3 Certificate messages have extensions. */ +WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, + word16* pLength); +WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, + word16* pOffset); +#endif + +WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length, + byte msgType, int* found); +WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, + byte msgType, Suites *suites); + +#elif defined(HAVE_SNI) \ + || defined(HAVE_MAX_FRAGMENT) \ + || defined(HAVE_TRUSTED_CA) \ + || defined(HAVE_TRUNCATED_HMAC) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ + || defined(HAVE_SUPPORTED_CURVES) \ + || defined(HAVE_ALPN) \ + || defined(HAVE_QSH) \ + || defined(HAVE_SESSION_TICKET) \ + || defined(HAVE_SECURE_RENEGOTIATION) \ + || defined(HAVE_SERVER_RENEGOTIATION_INFO) + +#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. + +#endif /* HAVE_TLS_EXTENSIONS */ + +/** Server Name Indication - RFC 6066 (session 3) */ +#ifdef HAVE_SNI + +typedef struct SNI { + byte type; /* SNI Type */ + union { char* host_name; } data; /* SNI Data */ + struct SNI* next; /* List Behavior */ + byte status; /* Matching result */ +#ifndef NO_WOLFSSL_SERVER + byte options; /* Behavior options */ +#endif +} SNI; + +WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, + word16 size, void* heap); +WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); +WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, + void** data); + +#ifndef NO_WOLFSSL_SERVER +WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, + byte options); +WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, + byte type, byte* sni, word32* inOutSz); +#endif + +#endif /* HAVE_SNI */ + +/* Trusted CA Key Indication - RFC 6066 (section 6) */ +#ifdef HAVE_TRUSTED_CA + +typedef struct TCA { + byte type; /* TCA Type */ + byte* id; /* TCA identifier */ + word16 idSz; /* TCA identifier size */ + struct TCA* next; /* List Behavior */ +} TCA; + +WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type, + const byte* id, word16 idSz, void* heap); + +#endif /* HAVE_TRUSTED_CA */ + +/* Application-Layer Protocol Negotiation - RFC 7301 */ +#ifdef HAVE_ALPN +typedef struct ALPN { + char* protocol_name; /* ALPN protocol name */ + struct ALPN* next; /* List Behavior */ + byte options; /* Behavior options */ + byte negotiated; /* ALPN protocol negotiated or not */ +} ALPN; + +WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, + void** data, word16 *dataSz); + +WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, + word16 size, byte options, void* heap); + +WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); + +#endif /* HAVE_ALPN */ + +/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */ +#ifdef HAVE_MAX_FRAGMENT + +WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap); + +#endif /* HAVE_MAX_FRAGMENT */ + +/** Truncated HMAC - RFC 6066 (session 7) */ +#ifdef HAVE_TRUNCATED_HMAC + +WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap); + +#endif /* HAVE_TRUNCATED_HMAC */ + +/** Certificate Status Request - RFC 6066 (session 8) */ +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST + +typedef struct { + byte status_type; + byte options; + WOLFSSL* ssl; + union { + OcspRequest ocsp; + } request; +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) + buffer response; +#endif +} CertificateStatusRequest; + +WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, + byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId); +#ifndef NO_CERTS +WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, + void* heap); +#endif +WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); +WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); + +#endif + +/** Certificate Status Request v2 - RFC 6961 */ +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +typedef struct CSRIv2 { + byte status_type; + byte options; + word16 requests; + union { + OcspRequest ocsp[1 + MAX_CHAIN_DEPTH]; + } request; + struct CSRIv2* next; +} CertificateStatusRequestItemV2; + +WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, + byte status_type, byte options, void* heap, int devId); +#ifndef NO_CERTS +WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, + byte isPeer, void* heap); +#endif +WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, + byte index); +WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); + +#endif + +/** Supported Elliptic Curves - RFC 4492 (session 4) */ +#ifdef HAVE_SUPPORTED_CURVES + +typedef struct SupportedCurve { + word16 name; /* Curve Names */ + struct SupportedCurve* next; /* List Behavior */ +} SupportedCurve; + +typedef struct PointFormat { + byte format; /* PointFormat */ + struct PointFormat* next; /* List Behavior */ +} PointFormat; + +WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, + void* heap); + +WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, + void* heap); + +#ifndef NO_WOLFSSL_SERVER +WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, + byte second); +WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl); +#endif +WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, + int checkSupported); + +#endif /* HAVE_SUPPORTED_CURVES */ + +/** Renegotiation Indication - RFC 5746 */ +#if defined(HAVE_SECURE_RENEGOTIATION) \ + || defined(HAVE_SERVER_RENEGOTIATION_INFO) + +enum key_cache_state { + SCR_CACHE_NULL = 0, /* empty / begin state */ + SCR_CACHE_NEEDED, /* need to cache keys */ + SCR_CACHE_COPY, /* we have a cached copy */ + SCR_CACHE_PARTIAL, /* partial restore to real keys */ + SCR_CACHE_COMPLETE /* complete restore to real keys */ +}; + +/* Additional Connection State according to rfc5746 section 3.1 */ +typedef struct SecureRenegotiation { + byte enabled; /* secure_renegotiation flag in rfc */ + byte verifySet; + byte startScr; /* server requested client to start scr */ + enum key_cache_state cache_status; /* track key cache state */ + byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ + byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ + byte subject_hash_set; /* if peer cert hash is set */ + byte subject_hash[KEYID_SIZE]; /* peer cert hash */ + Keys tmp_keys; /* can't overwrite real keys yet */ +} SecureRenegotiation; + +WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap); + +#ifdef HAVE_SERVER_RENEGOTIATION_INFO +WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap); +#endif + +#endif /* HAVE_SECURE_RENEGOTIATION */ + +/** Session Ticket - RFC 5077 (session 3.2) */ +#ifdef HAVE_SESSION_TICKET + +typedef struct SessionTicket { + word32 lifetime; +#ifdef WOLFSSL_TLS13 + word64 seen; + word32 ageAdd; +#endif + byte* data; + word16 size; +} SessionTicket; + +WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, + SessionTicket* ticket, void* heap); +WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, + byte* data, word16 size, void* heap); +WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap); + +#endif /* HAVE_SESSION_TICKET */ + +/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */ +#ifdef HAVE_QSH + +typedef struct QSHScheme { + struct QSHScheme* next; /* List Behavior */ + byte* PK; + word16 name; /* QSHScheme Names */ + word16 PKLen; +} QSHScheme; + +typedef struct QSHkey { + struct QSHKey* next; + word16 name; + buffer pub; + buffer pri; +} QSHKey; + +typedef struct QSHSecret { + QSHScheme* list; + buffer* SerSi; + buffer* CliSi; +} QSHSecret; + +/* used in key exchange during handshake */ +WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, + word16 length, byte isServer); +WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output); +WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest); + +/* used by api for setting a specific QSH scheme */ +WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name, + byte* pKey, word16 pKeySz, void* heap); + +/* used when parsing in QSHCipher structs */ +WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, + byte* out, word16* szOut); +#ifndef NO_WOLFSSL_SERVER +WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name); +#endif + +#endif /* HAVE_QSH */ + +#ifdef WOLFSSL_TLS13 +/* Cookie extension information - cookie data. */ +typedef struct Cookie { + word16 len; + byte data; +} Cookie; + +WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, + byte* mac, byte macSz, int resp); + + +/* Key Share - TLS v1.3 Specification */ + +/* The KeyShare extension information - entry in a linked list. */ +typedef struct KeyShareEntry { + word16 group; /* NamedGroup */ + byte* ke; /* Key exchange data */ + word32 keLen; /* Key exchange data length */ + void* key; /* Private key */ + word32 keyLen; /* Private key length */ + byte* pubKey; /* Public key */ + word32 pubKeyLen; /* Public key length */ + struct KeyShareEntry* next; /* List pointer */ +} KeyShareEntry; + +WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, + byte* data, KeyShareEntry **kse); +WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl); +WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl); + + +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) +#ifndef WOLFSSL_TLS13_DRAFT_18 +/* Ticket nonce - for deriving PSK. + * Length allowed to be: 1..255. Only support 4 bytes. + */ +typedef struct TicketNonce { + byte len; + byte data[MAX_TICKET_NONCE_SZ]; +} TicketNonce; +#endif + +/* The PreSharedKey extension information - entry in a linked list. */ +typedef struct PreSharedKey { + word16 identityLen; /* Length of identity */ + byte* identity; /* PSK identity */ + word32 ticketAge; /* Age of the ticket */ + byte cipherSuite0; /* Cipher Suite */ + byte cipherSuite; /* Cipher Suite */ + word32 binderLen; /* Length of HMAC */ + byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */ + byte hmac; /* HMAC algorithm */ + byte resumption:1; /* Resumption PSK */ + byte chosen:1; /* Server's choice */ + struct PreSharedKey* next; /* List pointer */ +} PreSharedKey; + +WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, + byte* output, byte msgType, + word16* pSz); +WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, + byte msgType, word16* pSz); +WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, + word16 len, word32 age, byte hmac, + byte cipherSuite0, byte cipherSuite, + byte resumption, + PreSharedKey **preSharedKey); + +/* The possible Pre-Shared Key key exchange modes. */ +enum PskKeyExchangeMode { + PSK_KE, + PSK_DHE_KE +}; + +/* User can define this. */ +#ifndef WOLFSSL_DEF_PSK_CIPHER +#define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256 +#endif + +WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes); + +#ifdef WOLFSSL_EARLY_DATA +WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max); +#endif +#endif /* HAVE_SESSION_TICKET || !NO_PSK */ + + +/* The types of keys to derive for. */ +enum DeriveKeyType { + no_key, + early_data_key, + handshake_key, + traffic_key, + update_traffic_key +}; + +/* The key update request values for KeyUpdate message. */ +enum KeyUpdateRequest { + update_not_requested, + update_requested +}; +#endif /* WOLFSSL_TLS13 */ + + +#ifdef OPENSSL_EXTRA +enum SetCBIO { + WOLFSSL_CBIO_NONE = 0, + WOLFSSL_CBIO_RECV = 0x1, + WOLFSSL_CBIO_SEND = 0x2, +}; +#endif + +/* wolfSSL context type */ +struct WOLFSSL_CTX { + WOLFSSL_METHOD* method; +#ifdef SINGLE_THREADED + WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */ +#endif + wolfSSL_Mutex countMutex; /* reference count mutex */ + int refCount; /* reference count */ + int err; /* error code in case of mutex not created */ +#ifndef NO_DH + buffer serverDH_P; + buffer serverDH_G; +#endif +#ifndef NO_CERTS + DerBuffer* certificate; + DerBuffer* certChain; + /* chain after self, in DER, with leading size for each cert */ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) + WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; + #endif + #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) + WOLF_STACK_OF(WOLFSSL_X509)* x509Chain; + client_cert_cb CBClientCert; /* client certificate callback */ + #endif +#ifdef WOLFSSL_TLS13 + int certChainCnt; +#endif + DerBuffer* privateKey; + byte privateKeyType:7; + byte privateKeyId:1; + int privateKeySz; + int privateKeyDevId; + WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ +#endif +#ifdef KEEP_OUR_CERT + WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */ + int ownOurCert; /* Dispose of certificate if we own */ +#endif + Suites* suites; /* make dynamic, user may not need/set */ + void* heap; /* for user memory overrides */ + byte verifyDepth; + byte verifyPeer:1; + byte verifyNone:1; + byte failNoCert:1; + byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/ + byte sessionCacheOff:1; + byte sessionCacheFlushOff:1; +#ifdef HAVE_EXT_CACHE + byte internalCacheOff:1; +#endif + byte sendVerify:2; /* for client side (can not be single bit) */ + byte haveRSA:1; /* RSA available */ + byte haveECC:1; /* ECC available */ + byte haveDH:1; /* server DH parms set by user */ + byte haveNTRU:1; /* server private NTRU key loaded */ + byte haveECDSAsig:1; /* server cert signed w/ ECDSA */ + byte haveStaticECC:1; /* static server ECC private key */ + byte partialWrite:1; /* only one msg per write call */ + byte quietShutdown:1; /* don't send close notify */ + byte groupMessages:1; /* group handshake messages before sending */ + byte minDowngrade; /* minimum downgrade version */ + byte haveEMS:1; /* have extended master secret extension */ + byte useClientOrder:1; /* Use client's cipher preference order */ +#ifdef WOLFSSL_TLS13 + byte noTicketTls13:1; /* Server won't create new Ticket */ + byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ +#endif +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + byte postHandshakeAuth:1; /* Post-handshake auth supported. */ +#endif +#ifndef NO_DH + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + byte dhKeyTested:1; /* Set when key has been tested. */ + #endif +#endif +#ifdef HAVE_SECURE_RENEGOTIATION + byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */ +#endif +#ifdef HAVE_ENCRYPT_THEN_MAC + byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ +#endif +#ifdef WOLFSSL_STATIC_MEMORY + byte onHeap:1; /* whether the ctx/method is put on heap hint */ +#endif +#ifdef WOLFSSL_MULTICAST + byte haveMcast; /* multicast requested */ + byte mcastID; /* multicast group ID */ +#endif +#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) + byte dtlsSctp; /* DTLS-over-SCTP mode */ + word16 dtlsMtuSz; /* DTLS MTU size */ +#endif +#ifndef NO_DH + word16 minDhKeySz; /* minimum DH key size */ + word16 maxDhKeySz; /* maximum DH key size */ +#endif +#ifndef NO_RSA + short minRsaKeySz; /* minimum RSA key size */ +#endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + short minEccKeySz; /* minimum ECC key size */ +#endif +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + unsigned long mask; /* store SSL_OP_ flags */ +#endif +#ifdef OPENSSL_EXTRA + byte sessionCtx[ID_LEN]; /* app session context ID */ + word32 disabledCurves; /* curves disabled by user */ + const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ + unsigned int alpn_cli_protos_len; + byte sessionCtxSz; + byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ + CallbackInfoState* CBIS; /* used to get info about SSL state */ +#endif + CallbackIORecv CBIORecv; + CallbackIOSend CBIOSend; +#ifdef WOLFSSL_DTLS + CallbackGenCookie CBIOCookie; /* gen cookie callback */ +#ifdef WOLFSSL_SESSION_EXPORT + wc_dtls_export dtls_export; /* export function for DTLS session */ + CallbackGetPeer CBGetPeer; + CallbackSetPeer CBSetPeer; +#endif +#endif /* WOLFSSL_DTLS */ + VerifyCallback verifyCallback; /* cert verification callback */ + word32 timeout; /* session timeout */ +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) + word32 ecdhCurveOID; /* curve Ecc_Sum */ +#endif +#ifdef HAVE_ECC + word16 eccTempKeySz; /* in octets 20 - 66 */ +#endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + word32 pkCurveOID; /* curve Ecc_Sum */ +#endif +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + byte havePSK; /* psk key set by user */ + wc_psk_client_callback client_psk_cb; /* client callback */ + wc_psk_server_callback server_psk_cb; /* server callback */ +#ifdef WOLFSSL_TLS13 + wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ + wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ +#endif + char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; +#endif /* HAVE_SESSION_TICKET || !NO_PSK */ +#ifdef WOLFSSL_TLS13 + word16 group[WOLFSSL_MAX_GROUP_COUNT]; + byte numGroups; +#endif +#ifdef WOLFSSL_EARLY_DATA + word32 maxEarlyDataSz; +#endif +#ifdef HAVE_ANON + byte haveAnon; /* User wants to allow Anon suites */ +#endif /* HAVE_ANON */ +#ifdef WOLFSSL_ENCRYPTED_KEYS + pem_password_cb* passwd_cb; + void* passwd_userdata; +#endif +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ + WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ + byte readAhead; + void* userPRFArg; /* passed to prf callback */ +#endif +#ifdef HAVE_EX_DATA + void* ex_data[MAX_EX_DATA]; +#endif +#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) + CallbackALPNSelect alpnSelect; + void* alpnSelectArg; +#endif +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_HAPROXY))) + CallbackSniRecv sniRecvCb; + void* sniRecvCbArg; +#endif +#if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS) + CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */ + word32 mcastFirstSeq; /* first trigger level */ + word32 mcastSecondSeq; /* second trigger level */ + word32 mcastMaxSeq; /* max level */ +#endif +#ifdef HAVE_OCSP + WOLFSSL_OCSP ocsp; +#endif + int devId; /* async device id to use */ +#ifdef HAVE_TLS_EXTENSIONS + TLSX* extensions; /* RFC 6066 TLS Extensions data */ + #ifndef NO_WOLFSSL_SERVER + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + OcspRequest* certOcspRequest; + #endif + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH]; + #endif + #endif + #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) + SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ + void* ticketEncCtx; /* session encrypt context */ + int ticketHint; /* ticket hint in seconds */ + #endif + #ifdef HAVE_SUPPORTED_CURVES + byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */ + #endif +#endif +#ifdef ATOMIC_USER + CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ + CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ + #ifdef HAVE_ENCRYPT_THEN_MAC + CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */ + CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */ + #endif +#endif +#ifdef HAVE_PK_CALLBACKS + #ifdef HAVE_ECC + CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */ + CallbackEccSign EccSignCb; /* User EccSign Callback handler */ + CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ + CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */ + #ifdef HAVE_ED25519 + /* User Ed25519Sign Callback handler */ + CallbackEd25519Sign Ed25519SignCb; + /* User Ed25519Verify Callback handler */ + CallbackEd25519Verify Ed25519VerifyCb; + #endif + #ifdef HAVE_CURVE25519 + /* User X25519 KeyGen Callback Handler */ + CallbackX25519KeyGen X25519KeyGenCb; + /* User X25519 SharedSecret Callback handler */ + CallbackX25519SharedSecret X25519SharedSecretCb; + #endif + #endif /* HAVE_ECC */ + #ifndef NO_DH + CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ + #endif + #ifndef NO_RSA + CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */ + CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */ + CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */ + #ifdef WC_RSA_PSS + CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */ + CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */ + CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */ + #endif + CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ + CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ + #endif /* NO_RSA */ +#endif /* HAVE_PK_CALLBACKS */ +#ifdef HAVE_WOLF_EVENT + WOLF_EVENT_QUEUE event_queue; +#endif /* HAVE_WOLF_EVENT */ +#ifdef HAVE_EXT_CACHE + WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*); + int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); + void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); +#endif +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) + Srp* srp; /* TLS Secure Remote Password Protocol*/ + byte* srp_password; +#endif +}; + +WOLFSSL_LOCAL +int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap); +WOLFSSL_LOCAL +void FreeSSL_Ctx(WOLFSSL_CTX*); +WOLFSSL_LOCAL +void SSL_CtxResourceFree(WOLFSSL_CTX*); + +WOLFSSL_LOCAL +int DeriveTlsKeys(WOLFSSL* ssl); +WOLFSSL_LOCAL +int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + word32 inSz, word16 sz); + +#ifndef NO_CERTS + WOLFSSL_LOCAL + int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); + WOLFSSL_LOCAL + int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); +#ifdef WOLFSSL_TRUST_PEER_CERT + WOLFSSL_LOCAL + int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); + WOLFSSL_LOCAL + int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash); +#endif +#endif + +/* All cipher suite related info + * Keep as a constant size (no ifdefs) for session export */ +typedef struct CipherSpecs { + word16 key_size; + word16 iv_size; + word16 block_size; + word16 aead_mac_size; + byte bulk_cipher_algorithm; + byte cipher_type; /* block, stream, or aead */ + byte mac_algorithm; + byte kea; /* key exchange algo */ + byte sig_algo; + byte hash_size; + byte pad_size; + byte static_ecdh; +} CipherSpecs; + + +void InitCipherSpecs(CipherSpecs* cs); + + +/* Supported Key Exchange Protocols */ +enum KeyExchangeAlgorithm { + no_kea, + rsa_kea, + diffie_hellman_kea, + fortezza_kea, + psk_kea, + dhe_psk_kea, + ecdhe_psk_kea, + ntru_kea, + ecc_diffie_hellman_kea, + ecc_static_diffie_hellman_kea /* for verify suite only */ +}; + + +/* Supported Authentication Schemes */ +enum SignatureAlgorithm { + anonymous_sa_algo = 0, + rsa_sa_algo = 1, + dsa_sa_algo = 2, + ecc_dsa_sa_algo = 3, + rsa_pss_sa_algo = 8, + ed25519_sa_algo = 9, + rsa_pss_pss_algo = 10 +}; + +#define PSS_RSAE_TO_PSS_PSS(macAlgo) \ + (macAlgo + (pss_sha256 - sha256_mac)) + +#define PSS_PSS_HASH_TO_MAC(macAlgo) \ + (macAlgo - (pss_sha256 - sha256_mac)) + +enum SigAlgRsaPss { + pss_sha256 = 0x09, + pss_sha384 = 0x0a, + pss_sha512 = 0x0b, +}; + + +/* Supprted ECC Curve Types */ +enum EccCurves { + named_curve = 3 +}; + + +/* Valid client certificate request types from page 27 */ +enum ClientCertificateType { + rsa_sign = 1, + dss_sign = 2, + rsa_fixed_dh = 3, + dss_fixed_dh = 4, + rsa_ephemeral_dh = 5, + dss_ephemeral_dh = 6, + fortezza_kea_cert = 20, + ecdsa_sign = 64, + rsa_fixed_ecdh = 65, + ecdsa_fixed_ecdh = 66 +}; + + +#ifndef WOLFSSL_AEAD_ONLY +enum CipherType { stream, block, aead }; +#else +enum CipherType { aead }; +#endif + + +#if defined(BUILD_AES) || defined(BUILD_AESGCM) || (defined(HAVE_CHACHA) && \ + defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13) + #define CIPHER_NONCE +#endif + + +/* cipher for now */ +typedef struct Ciphers { +#ifdef BUILD_ARC4 + Arc4* arc4; +#endif +#ifdef BUILD_DES3 + Des3* des3; +#endif +#if defined(BUILD_AES) || defined(BUILD_AESGCM) + Aes* aes; + #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \ + !defined(WOLFSSL_NO_TLS12) + byte* additional; + #endif +#endif +#ifdef CIPHER_NONCE + byte* nonce; +#endif +#ifdef HAVE_CAMELLIA + Camellia* cam; +#endif +#ifdef HAVE_CHACHA + ChaCha* chacha; +#endif +#ifdef HAVE_HC128 + HC128* hc128; +#endif +#ifdef BUILD_RABBIT + Rabbit* rabbit; +#endif +#ifdef HAVE_IDEA + Idea* idea; +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) + Hmac* hmac; +#endif + byte state; + byte setup; /* have we set it up flag for detection */ +} Ciphers; + + +#ifdef HAVE_ONE_TIME_AUTH +/* Ciphers for one time authentication such as poly1305 */ +typedef struct OneTimeAuth { +#ifdef HAVE_POLY1305 + Poly1305* poly1305; +#endif + byte setup; /* flag for if a cipher has been set */ + +} OneTimeAuth; +#endif + + +WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); +WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); + + +/* hashes type */ +typedef struct Hashes { + #if !defined(NO_MD5) && !defined(NO_OLD_TLS) + byte md5[WC_MD5_DIGEST_SIZE]; + #endif + #if !defined(NO_SHA) + byte sha[WC_SHA_DIGEST_SIZE]; + #endif + #ifndef NO_SHA256 + byte sha256[WC_SHA256_DIGEST_SIZE]; + #endif + #ifdef WOLFSSL_SHA384 + byte sha384[WC_SHA384_DIGEST_SIZE]; + #endif + #ifdef WOLFSSL_SHA512 + byte sha512[WC_SHA512_DIGEST_SIZE]; + #endif +} Hashes; + +WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); + +#ifdef WOLFSSL_TLS13 +typedef union Digest { +#ifndef NO_WOLFSSL_SHA256 + wc_Sha256 sha256; +#endif +#ifdef WOLFSSL_SHA384 + wc_Sha384 sha384; +#endif +#ifdef WOLFSSL_SHA512 + wc_Sha512 sha512; +#endif +} Digest; +#endif + +/* Static x509 buffer */ +typedef struct x509_buffer { + int length; /* actual size */ + byte buffer[MAX_X509_SIZE]; /* max static cert size */ +} x509_buffer; + + +/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ +struct WOLFSSL_X509_CHAIN { + int count; /* total number in chain */ + x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ +}; + + +/* wolfSSL session type */ +struct WOLFSSL_SESSION { + word32 bornOn; /* create time in seconds */ + word32 timeout; /* timeout in seconds */ + byte sessionID[ID_LEN]; /* id for protocol */ + byte sessionIDSz; + byte masterSecret[SECRET_LEN]; /* stored secret */ + word16 haveEMS; /* ext master secret flag */ +#ifdef SESSION_CERTS + WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ + #ifdef WOLFSSL_ALT_CERT_CHAINS + WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */ + #endif +#endif +#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET)) + ProtocolVersion version; /* which version was used */ +#endif +#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) + byte cipherSuite0; /* first byte, normally 0 */ + byte cipherSuite; /* 2nd byte, actual suite */ +#endif +#ifndef NO_CLIENT_CACHE + word16 idLen; /* serverID length */ + byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ +#endif +#ifdef OPENSSL_EXTRA + byte sessionCtxSz; /* sessionCtx length */ + byte sessionCtx[ID_LEN]; /* app specific context id */ +#endif +#ifdef WOLFSSL_TLS13 + word16 namedGroup; +#endif +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + #ifdef WOLFSSL_TLS13 + word32 ticketSeen; /* Time ticket seen (ms) */ + word32 ticketAdd; /* Added by client */ + #ifndef WOLFSSL_TLS13_DRAFT_18 + TicketNonce ticketNonce; /* Nonce used to derive PSK */ + #endif + #endif + #ifdef WOLFSSL_EARLY_DATA + word32 maxEarlyDataSz; + #endif +#endif +#ifdef HAVE_SESSION_TICKET + byte* ticket; + word16 ticketLen; + byte staticTicket[SESSION_TICKET_LEN]; + byte isDynamic; +#endif +#ifdef HAVE_EXT_CACHE + byte isAlloced; +#endif +#ifdef HAVE_EX_DATA + void* ex_data[MAX_EX_DATA]; +#endif +}; + + +WOLFSSL_LOCAL +WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); +WOLFSSL_LOCAL +int SetSession(WOLFSSL*, WOLFSSL_SESSION*); + +typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); + +#ifndef NO_CLIENT_CACHE + WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); +#endif + +/* client connect state for nonblocking restart */ +enum ConnectState { + CONNECT_BEGIN = 0, + CLIENT_HELLO_SENT, + HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ + HELLO_AGAIN_REPLY, + FIRST_REPLY_DONE, + FIRST_REPLY_FIRST, + FIRST_REPLY_SECOND, + FIRST_REPLY_THIRD, + FIRST_REPLY_FOURTH, + FINISHED_DONE, + SECOND_REPLY_DONE +}; + + +/* server accept state for nonblocking restart */ +enum AcceptState { + ACCEPT_BEGIN = 0, + ACCEPT_BEGIN_RENEG, + ACCEPT_CLIENT_HELLO_DONE, + ACCEPT_HELLO_RETRY_REQUEST_DONE, + ACCEPT_FIRST_REPLY_DONE, + SERVER_HELLO_SENT, + SERVER_EXTENSIONS_SENT, + CERT_SENT, + CERT_VERIFY_SENT, + CERT_STATUS_SENT, + KEY_EXCHANGE_SENT, + CERT_REQ_SENT, + SERVER_HELLO_DONE, + ACCEPT_SECOND_REPLY_DONE, + TICKET_SENT, + CHANGE_CIPHER_SENT, + ACCEPT_FINISHED_DONE, + ACCEPT_THIRD_REPLY_DONE +}; + +/* TLS 1.3 server accept state for nonblocking restart */ +enum AcceptStateTls13 { + TLS13_ACCEPT_BEGIN = 0, + TLS13_ACCEPT_BEGIN_RENEG, + TLS13_ACCEPT_CLIENT_HELLO_DONE, + TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE, + TLS13_ACCEPT_FIRST_REPLY_DONE, + TLS13_ACCEPT_SECOND_REPLY_DONE, + TLS13_SERVER_HELLO_SENT, + TLS13_ACCEPT_THIRD_REPLY_DONE, + TLS13_SERVER_EXTENSIONS_SENT, + TLS13_CERT_REQ_SENT, + TLS13_CERT_SENT, + TLS13_CERT_VERIFY_SENT, + TLS13_ACCEPT_FINISHED_SENT, + TLS13_PRE_TICKET_SENT, + TLS13_ACCEPT_FINISHED_DONE, + TLS13_TICKET_SENT +}; + +/* buffers for struct WOLFSSL */ +typedef struct Buffers { + bufferStatic inputBuffer; + bufferStatic outputBuffer; + buffer domainName; /* for client check */ + buffer clearOutputBuffer; + buffer sig; /* signature data */ + buffer digest; /* digest data */ + int prevSent; /* previous plain text bytes sent + when got WANT_WRITE */ + int plainSz; /* plain text bytes in buffer to send + when got WANT_WRITE */ + byte weOwnCert; /* SSL own cert flag */ + byte weOwnCertChain; /* SSL own cert chain flag */ + byte weOwnKey; /* SSL own key flag */ + byte weOwnDH; /* SSL own dh (p,g) flag */ +#ifndef NO_DH + buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ + buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ + buffer serverDH_Pub; + buffer serverDH_Priv; + DhKey* serverDH_Key; +#endif +#ifndef NO_CERTS + DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ + DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ + byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */ + byte keyId:1; /* Key data is an id not data */ + int keySz; /* Size of RSA key */ + int keyDevId; /* Device Id for key */ + DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ + /* chain after self, in DER, with leading size for each cert */ +#ifdef WOLFSSL_TLS13 + int certChainCnt; + DerBuffer* certExts; +#endif +#endif +#ifdef WOLFSSL_SEND_HRR_COOKIE + buffer tls13CookieSecret; /* HRR cookie secret */ +#endif +#ifdef WOLFSSL_DTLS + WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ + #ifndef NO_WOLFSSL_SERVER + buffer dtlsCookieSecret; /* DTLS cookie secret */ + #endif /* NO_WOLFSSL_SERVER */ +#endif +#ifdef HAVE_PK_CALLBACKS + #ifdef HAVE_ECC + buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ + #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */ + #endif /* HAVE_ED25519 */ + #ifndef NO_RSA + buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ + #endif /* NO_RSA */ +#endif /* HAVE_PK_CALLBACKS */ +} Buffers; + +/* sub-states for send/do key share (key exchange) */ +enum asyncState { + TLS_ASYNC_BEGIN = 0, + TLS_ASYNC_BUILD, + TLS_ASYNC_DO, + TLS_ASYNC_VERIFY, + TLS_ASYNC_FINALIZE, + TLS_ASYNC_END +}; + +/* sub-states for build message */ +enum buildMsgState { + BUILD_MSG_BEGIN = 0, + BUILD_MSG_SIZE, + BUILD_MSG_HASH, + BUILD_MSG_VERIFY_MAC, + BUILD_MSG_ENCRYPT, + BUILD_MSG_ENCRYPTED_VERIFY_MAC, +}; + +/* sub-states for cipher operations */ +enum cipherState { + CIPHER_STATE_BEGIN = 0, + CIPHER_STATE_DO, + CIPHER_STATE_END, +}; + +typedef struct Options { +#ifndef NO_PSK + wc_psk_client_callback client_psk_cb; + wc_psk_server_callback server_psk_cb; +#ifdef WOLFSSL_TLS13 + wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ + wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ +#endif +#endif /* NO_PSK */ +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + unsigned long mask; /* store SSL_OP_ flags */ +#endif + + /* on/off or small bit flags, optimize layout */ +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + word16 havePSK:1; /* psk key set by user */ +#endif /* HAVE_SESSION_TICKET || !NO_PSK */ + word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ + word16 sessionCacheOff:1; + word16 sessionCacheFlushOff:1; +#ifdef HAVE_EXT_CACHE + word16 internalCacheOff:1; +#endif + word16 side:2; /* client, server or neither end */ + word16 verifyPeer:1; + word16 verifyNone:1; + word16 failNoCert:1; + word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ + word16 downgrade:1; /* allow downgrade of versions */ + word16 resuming:1; + word16 haveSessionId:1; /* server may not send */ + word16 tls:1; /* using TLS ? */ + word16 tls1_1:1; /* using TLSv1.1+ ? */ + word16 tls1_3:1; /* using TLSv1.3+ ? */ + word16 dtls:1; /* using datagrams ? */ + word16 connReset:1; /* has the peer reset */ + word16 isClosed:1; /* if we consider conn closed */ + word16 closeNotify:1; /* we've received a close notify */ + word16 sentNotify:1; /* we've sent a close notify */ + word16 usingCompression:1; /* are we using compression */ + word16 haveRSA:1; /* RSA available */ + word16 haveECC:1; /* ECC available */ + word16 haveDH:1; /* server DH parms set by user */ + word16 haveNTRU:1; /* server NTRU private key loaded */ + word16 haveQSH:1; /* have QSH ability */ + word16 haveECDSAsig:1; /* server ECDSA signed cert */ + word16 haveStaticECC:1; /* static server ECC private key */ + word16 havePeerCert:1; /* do we have peer's cert */ + word16 havePeerVerify:1; /* and peer's cert verify */ + word16 usingPSK_cipher:1; /* are using psk as cipher */ + word16 usingAnon_cipher:1; /* are we using an anon cipher */ + word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */ + word16 sendAlertState:1; /* nonblocking resume */ + word16 partialWrite:1; /* only one msg per write call */ + word16 quietShutdown:1; /* don't send close notify */ + word16 certOnly:1; /* stop once we get cert */ + word16 groupMessages:1; /* group handshake messages */ + word16 saveArrays:1; /* save array Memory for user get keys + or psk */ + word16 weOwnRng:1; /* will be true unless CTX owns */ + word16 haveEMS:1; /* using extended master secret */ +#ifdef HAVE_POLY1305 + word16 oldPoly:1; /* set when to use old rfc way of poly*/ +#endif +#ifdef HAVE_ANON + word16 haveAnon:1; /* User wants to allow Anon suites */ +#endif +#ifdef HAVE_SESSION_TICKET + word16 createTicket:1; /* Server to create new Ticket */ + word16 useTicket:1; /* Use Ticket not session cache */ + word16 rejectTicket:1; /* Callback rejected ticket */ +#ifdef WOLFSSL_TLS13 + word16 noTicketTls13:1; /* Server won't create new Ticket */ +#endif +#endif +#ifdef WOLFSSL_DTLS + word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ + word16 dtlsHsRetain:1; /* DTLS retaining HS data */ + word16 haveMcast:1; /* using multicast ? */ +#ifdef WOLFSSL_SCTP + word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ +#endif +#endif +#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES) + word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */ +#endif + word16 keepResources:1; /* Keep resources after handshake */ + word16 useClientOrder:1; /* Use client's cipher order */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + word16 postHandshakeAuth:1;/* Client send post_handshake_auth + * extension */ +#endif +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) + word16 sendCookie:1; /* Server creates a Cookie in HRR */ +#endif +#ifdef WOLFSSL_ALT_CERT_CHAINS + word16 usingAltCertChain:1;/* Alternate cert chain was used */ +#endif +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) + word16 sentChangeCipher:1; /* Change Cipher Spec sent */ +#endif +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + word16 cacheMessages:1; /* Cache messages for sign/verify */ +#endif +#ifndef NO_DH + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */ + word16 dhKeyTested:1; /* Set when key has been tested. */ + #endif +#endif +#ifdef SINGLE_THREADED + word16 ownSuites:1; /* if suites are malloced in ssl object */ +#endif +#ifdef HAVE_ENCRYPT_THEN_MAC + word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */ + word16 encThenMac:1; /* Doing Encrypt-Then-MAC */ +#endif + + /* need full byte values for this section */ + byte processReply; /* nonblocking resume */ + byte cipherSuite0; /* first byte, normally 0 */ + byte cipherSuite; /* second byte, actual suite */ + byte serverState; + byte clientState; + byte handShakeState; + byte handShakeDone; /* at least one handshake complete */ + byte minDowngrade; /* minimum downgrade version */ + byte connectState; /* nonblocking resume */ + byte acceptState; /* nonblocking resume */ + byte asyncState; /* sub-state for enum asyncState */ + byte buildMsgState; /* sub-state for enum buildMsgState */ + byte alertCount; /* detect warning dos attempt */ +#ifdef WOLFSSL_MULTICAST + word16 mcastID; /* Multicast group ID */ +#endif +#ifndef NO_DH + word16 minDhKeySz; /* minimum DH key size */ + word16 maxDhKeySz; /* minimum DH key size */ + word16 dhKeySz; /* actual DH key size */ +#endif +#ifndef NO_RSA + short minRsaKeySz; /* minimum RSA key size */ +#endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + short minEccKeySz; /* minimum ECC key size */ +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + byte verifyDepth; /* maximum verification depth */ +#endif +#ifdef WOLFSSL_EARLY_DATA + word16 pskIdIndex; + word32 maxEarlyDataSz; +#endif +#ifdef WOLFSSL_TLS13 + byte oldMinor; /* client preferred version < TLS 1.3 */ +#endif +} Options; + +typedef struct Arrays { + byte* pendingMsg; /* defrag buffer */ + byte* preMasterSecret; + word32 preMasterSz; /* differs for DH, actual size */ + word32 pendingMsgSz; /* defrag buffer size */ + word32 pendingMsgOffset; /* current offset into defrag buffer */ +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + word32 psk_keySz; /* actual size */ + char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN]; + char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; + byte psk_key[MAX_PSK_KEY_LEN]; +#endif + byte clientRandom[RAN_LEN]; + byte serverRandom[RAN_LEN]; + byte sessionID[ID_LEN]; + byte sessionIDSz; +#ifdef WOLFSSL_TLS13 + byte secret[SECRET_LEN]; +#endif + byte masterSecret[SECRET_LEN]; +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) + byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE]; +#endif +#ifdef WOLFSSL_DTLS + byte cookie[MAX_COOKIE_LEN]; + byte cookieSz; +#endif + byte pendingMsgType; /* defrag buffer message type */ +} Arrays; + +#ifndef ASN_NAME_MAX +#define ASN_NAME_MAX 256 +#endif + +#ifndef MAX_DATE_SZ +#define MAX_DATE_SZ 32 +#endif + +#define STACK_TYPE_X509 0 +#define STACK_TYPE_GEN_NAME 1 +#define STACK_TYPE_BIO 2 +#define STACK_TYPE_OBJ 3 +#define STACK_TYPE_STRING 4 +#define STACK_TYPE_CIPHER 5 +#define STACK_TYPE_ACCESS_DESCRIPTION 6 +#define STACK_TYPE_X509_EXT 7 +#define STACK_TYPE_NULL 8 +#define STACK_TYPE_X509_NAME 9 +#define STACK_TYPE_CONF_VALUE 10 + +struct WOLFSSL_STACK { + unsigned long num; /* number of nodes in stack + * (safety measure for freeing and shortcut for count) */ + #if defined(OPENSSL_ALL) + wolf_sk_compare_cb comp; + #endif + union { + WOLFSSL_X509* x509; + WOLFSSL_X509_NAME* name; + WOLFSSL_X509_INFO* info; + WOLFSSL_BIO* bio; + WOLFSSL_ASN1_OBJECT* obj; + WOLFSSL_CIPHER cipher; + WOLFSSL_ACCESS_DESCRIPTION* access; + WOLFSSL_X509_EXTENSION* ext; + WOLFSSL_CONF_VALUE* conf; + void* generic; + char* string; + WOLFSSL_GENERAL_NAME* gn; + } data; + void* heap; /* memory heap hint */ + WOLFSSL_STACK* next; + byte type; /* Identifies type of stack. */ +}; + +struct WOLFSSL_X509_NAME { + char *name; + int dynamicName; + int sz; + char staticName[ASN_NAME_MAX]; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_ASN) + DecodedName fullName; + WOLFSSL_X509_NAME_ENTRY cnEntry; + WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */ + WOLFSSL_X509* x509; /* x509 that struct belongs to */ +#endif /* OPENSSL_EXTRA */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) + byte raw[ASN_NAME_MAX]; + int rawLen; +#endif +}; + +#ifndef EXTERNAL_SERIAL_SIZE + #define EXTERNAL_SERIAL_SIZE 32 +#endif + +#ifdef NO_ASN + typedef struct DNS_entry DNS_entry; +#endif + +struct WOLFSSL_X509 { + int version; + int serialSz; +#ifdef WOLFSSL_SEP + int deviceTypeSz; + int hwTypeSz; + byte deviceType[EXTERNAL_SERIAL_SIZE]; + byte hwType[EXTERNAL_SERIAL_SIZE]; + int hwSerialNumSz; + byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; +#endif /* WOLFSSL_SEP */ +#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + byte certPolicySet; + byte certPolicyCrit; +#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ + WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ +#endif /* WOLFSSL_QT || OPENSSL_ALL */ +#ifdef OPENSSL_EXTRA + WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ +#endif + WOLFSSL_ASN1_TIME notBefore; + WOLFSSL_ASN1_TIME notAfter; + buffer sig; + int sigOID; + DNS_entry* altNames; /* alt names list */ + buffer pubKey; + int pubKeyOID; + DNS_entry* altNamesNext; /* hint for retrieval */ +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + word32 pkCurveOID; +#endif /* HAVE_ECC */ +#ifndef NO_CERTS + DerBuffer* derCert; /* may need */ +#endif + void* heap; /* heap hint */ + byte dynamicMemory; /* dynamic memory flag */ + byte isCa:1; +#ifdef WOLFSSL_CERT_EXT + char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; + int certPoliciesNb; +#endif /* WOLFSSL_CERT_EXT */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + wolfSSL_Mutex refMutex; /* ref count mutex */ + int refCount; /* reference count */ +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef HAVE_EX_DATA + void* ex_data[MAX_EX_DATA]; +#endif + byte* authKeyId; + byte* subjKeyId; + byte* extKeyUsageSrc; + const byte* CRLInfo; + byte* authInfo; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + byte* authInfoCaIssuer; + int authInfoCaIssuerSz; +#endif + word32 pathLength; + word16 keyUsage; + int CRLInfoSz; + int authInfoSz; + word32 authKeyIdSz; + word32 subjKeyIdSz; + word32 extKeyUsageSz; + word32 extKeyUsageCount; + + byte CRLdistSet:1; + byte CRLdistCrit:1; + byte authInfoSet:1; + byte authInfoCrit:1; + byte keyUsageSet:1; + byte keyUsageCrit:1; + byte extKeyUsageCrit:1; + byte subjKeyIdSet:1; + + byte subjKeyIdCrit:1; + byte basicConstSet:1; + byte basicConstCrit:1; + byte basicConstPlSet:1; + byte subjAltNameSet:1; + byte subjAltNameCrit:1; + byte authKeyIdSet:1; + byte authKeyIdCrit:1; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + byte serial[EXTERNAL_SERIAL_SIZE]; + char subjectCN[ASN_NAME_MAX]; /* common name short cut */ +#ifdef WOLFSSL_CERT_REQ + char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ +#endif + WOLFSSL_X509_NAME issuer; + WOLFSSL_X509_NAME subject; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) + WOLFSSL_X509_ALGOR algor; + WOLFSSL_X509_PUBKEY key; +#endif +}; + + +/* record layer header for PlainText, Compressed, and CipherText */ +typedef struct RecordLayerHeader { + byte type; + byte pvMajor; + byte pvMinor; + byte length[2]; +} RecordLayerHeader; + + +/* record layer header for DTLS PlainText, Compressed, and CipherText */ +typedef struct DtlsRecordLayerHeader { + byte type; + byte pvMajor; + byte pvMinor; + byte sequence_number[8]; /* per record */ + byte length[2]; +} DtlsRecordLayerHeader; + + +typedef struct DtlsFrag { + word32 begin; + word32 end; + struct DtlsFrag* next; +} DtlsFrag; + + +typedef struct DtlsMsg { + struct DtlsMsg* next; + byte* buf; + byte* msg; + DtlsFrag* fragList; + word32 fragSz; /* Length of fragments received */ + word32 seq; /* Handshake sequence number */ + word32 sz; /* Length of whole message */ + byte type; +} DtlsMsg; + + +#ifdef HAVE_NETX + + /* NETX I/O Callback default */ + typedef struct NetX_Ctx { + NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ + NX_PACKET* nxPacket; /* incoming packet handle for short reads */ + ULONG nxOffset; /* offset already read from nxPacket */ + ULONG nxWait; /* wait option flag */ + } NetX_Ctx; + +#endif + +/* Handshake messages received from peer (plus change cipher */ +typedef struct MsgsReceived { + word16 got_hello_request:1; + word16 got_client_hello:2; + word16 got_server_hello:2; + word16 got_hello_verify_request:1; + word16 got_session_ticket:1; + word16 got_end_of_early_data:1; + word16 got_hello_retry_request:1; + word16 got_encrypted_extensions:1; + word16 got_certificate:1; + word16 got_certificate_status:1; + word16 got_server_key_exchange:1; + word16 got_certificate_request:1; + word16 got_server_hello_done:1; + word16 got_certificate_verify:1; + word16 got_client_key_exchange:1; + word16 got_finished:1; + word16 got_key_update:1; + word16 got_change_cipher:1; +} MsgsReceived; + + +/* Handshake hashes */ +typedef struct HS_Hashes { + Hashes verifyHashes; + Hashes certHashes; /* for cert verify */ +#ifndef NO_SHA + wc_Sha hashSha; /* sha hash of handshake msgs */ +#endif +#if !defined(NO_MD5) && !defined(NO_OLD_TLS) + wc_Md5 hashMd5; /* md5 hash of handshake msgs */ +#endif +#ifndef NO_SHA256 + wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */ +#endif +#ifdef WOLFSSL_SHA384 + wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */ +#endif +#ifdef WOLFSSL_SHA512 + wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */ +#endif +#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) + byte* messages; /* handshake messages */ + int length; /* length of handshake messages' data */ + int prevLen; /* length of messages but last */ +#endif +} HS_Hashes; + + +#ifdef WOLFSSL_ASYNC_CRYPT + #define MAX_ASYNC_ARGS 18 + typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); + + struct WOLFSSL_ASYNC { + WC_ASYNC_DEV* dev; + FreeArgsCb freeArgs; /* function pointer to cleanup args */ + word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ + }; +#endif + +#ifdef HAVE_WRITE_DUP + + #define WRITE_DUP_SIDE 1 + #define READ_DUP_SIDE 2 + + typedef struct WriteDup { + wolfSSL_Mutex dupMutex; /* reference count mutex */ + int dupCount; /* reference count */ + int dupErr; /* under dupMutex, pass to other side */ + } WriteDup; + + WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl); + WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err); +#endif /* HAVE_WRITE_DUP */ + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) +typedef struct CertReqCtx CertReqCtx; + +struct CertReqCtx { + CertReqCtx* next; + byte len; + byte ctx; +}; +#endif + +#ifdef WOLFSSL_EARLY_DATA +typedef enum EarlyDataState { + no_early_data, + early_data_ext, + expecting_early_data, + process_early_data, + done_early_data +} EarlyDataState; +#endif + +/* wolfSSL ssl type */ +struct WOLFSSL { + WOLFSSL_CTX* ctx; + Suites* suites; /* only need during handshake */ + Arrays* arrays; +#ifdef WOLFSSL_TLS13 + byte clientSecret[SECRET_LEN]; + byte serverSecret[SECRET_LEN]; +#endif + HS_Hashes* hsHashes; + void* IOCB_ReadCtx; + void* IOCB_WriteCtx; + WC_RNG* rng; + void* verifyCbCtx; /* cert verify callback user ctx*/ + VerifyCallback verifyCallback; /* cert verification callback */ + void* heap; /* for user overrides */ +#ifdef HAVE_WRITE_DUP + WriteDup* dupWrite; /* valid pointer indicates ON */ + /* side that decrements dupCount to zero frees overall structure */ + byte dupSide; /* write side or read side */ +#endif +#ifdef OPENSSL_EXTRA + byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ +#endif + CallbackIORecv CBIORecv; + CallbackIOSend CBIOSend; +#ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_HEAP_HINT heap_hint; +#endif +#ifndef NO_HANDSHAKE_DONE_CB + HandShakeDoneCb hsDoneCb; /* notify user handshake done */ + void* hsDoneCtx; /* user handshake cb context */ +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + struct WOLFSSL_ASYNC async; +#elif defined(WOLFSSL_NONBLOCK_OCSP) + void* nonblockarg; /* dynamic arg for handling non-block resume */ +#endif + void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ + word32 hsType; /* Type of Handshake key (hsKey) */ + WOLFSSL_CIPHER cipher; +#ifndef WOLFSSL_AEAD_ONLY + hmacfp hmac; +#endif + Ciphers encrypt; + Ciphers decrypt; + Buffers buffers; + WOLFSSL_SESSION session; +#ifdef HAVE_EXT_CACHE + WOLFSSL_SESSION* extSession; +#endif + WOLFSSL_ALERT_HISTORY alert_history; + int error; + int rfd; /* read file descriptor */ + int wfd; /* write file descriptor */ + int rflags; /* user read flags */ + int wflags; /* user write flags */ + word32 timeout; /* session timeout */ + word32 fragOffset; /* fragment offset */ + word16 curSize; + byte verifyDepth; + RecordLayerHeader curRL; + MsgsReceived msgsReceived; /* peer messages received */ + ProtocolVersion version; /* negotiated version */ + ProtocolVersion chVersion; /* client hello version */ + CipherSpecs specs; + Keys keys; + Options options; +#ifdef OPENSSL_EXTRA + CallbackInfoState* CBIS; /* used to get info about SSL state */ + int cbmode; /* read or write on info callback */ + int cbtype; /* event type in info callback */ + WOLFSSL_BIO* biord; /* socket bio read to free/close */ + WOLFSSL_BIO* biowr; /* socket bio write to free/close */ + byte sessionCtx[ID_LEN]; /* app session context ID */ + WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + unsigned long peerVerifyRet; +#endif +#ifdef OPENSSL_EXTRA + byte readAhead; + byte sessionCtxSz; /* size of sessionCtx stored */ +#ifdef HAVE_PK_CALLBACKS + void* loggingCtx; /* logging callback argument */ +#endif +#endif /* OPENSSL_EXTRA */ +#ifndef NO_RSA + RsaKey* peerRsaKey; +#ifdef WOLFSSL_RENESAS_TSIP_TLS + byte *peerTsipEncRsaKeyIndex; +#endif + byte peerRsaKeyPresent; +#endif +#ifdef HAVE_QSH + QSHKey* QSH_Key; + QSHKey* peerQSHKey; + QSHSecret* QSH_secret; + byte isQSH; /* is the handshake a QSH? */ + byte sendQSHKeys; /* flag for if the client should sen + public keys */ + byte peerQSHKeyPresent; + byte minRequest; + byte maxRequest; + byte user_set_QSHSchemes; +#endif +#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) + word16 namedGroup; +#endif +#ifdef WOLFSSL_TLS13 + word16 group[WOLFSSL_MAX_GROUP_COUNT]; + byte numGroups; +#endif + word16 pssAlgo; +#ifdef WOLFSSL_TLS13 + #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) + word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ + byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to + * offer */ + #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ +#endif +#ifdef HAVE_NTRU + word16 peerNtruKeyLen; + byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; + byte peerNtruKeyPresent; +#endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + int eccVerifyRes; +#endif +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) + word32 ecdhCurveOID; /* curve Ecc_Sum */ + ecc_key* eccTempKey; /* private ECDHE key */ + byte eccTempKeyPresent; /* also holds type */ + byte peerEccKeyPresent; +#endif +#ifdef HAVE_ECC + ecc_key* peerEccKey; /* peer's ECDHE key */ + ecc_key* peerEccDsaKey; /* peer's ECDSA key */ + word16 eccTempKeySz; /* in octets 20 - 66 */ + byte peerEccDsaKeyPresent; +#endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + word32 pkCurveOID; /* curve Ecc_Sum */ +#endif +#ifdef HAVE_ED25519 + ed25519_key* peerEd25519Key; + byte peerEd25519KeyPresent; +#endif +#ifdef HAVE_CURVE25519 + curve25519_key* peerX25519Key; + byte peerX25519KeyPresent; +#endif +#ifdef HAVE_LIBZ + z_stream c_stream; /* compression stream */ + z_stream d_stream; /* decompression stream */ + byte didStreamInit; /* for stream init and end */ +#endif +#ifdef WOLFSSL_DTLS + int dtls_timeout_init; /* starting timeout value */ + int dtls_timeout_max; /* maximum timeout value */ + int dtls_timeout; /* current timeout value, changes */ + word32 dtls_tx_msg_list_sz; + word32 dtls_rx_msg_list_sz; + DtlsMsg* dtls_tx_msg_list; + DtlsMsg* dtls_tx_msg; + DtlsMsg* dtls_rx_msg_list; + void* IOCB_CookieCtx; /* gen cookie ctx */ + word32 dtls_expected_rx; +#ifdef WOLFSSL_SESSION_EXPORT + wc_dtls_export dtls_export; /* export function for session */ +#endif +#ifdef WOLFSSL_SCTP + word16 dtlsMtuSz; +#endif /* WOLFSSL_SCTP */ +#ifdef WOLFSSL_MULTICAST + void* mcastHwCbCtx; /* Multicast highwater callback ctx */ +#endif /* WOLFSSL_MULTICAST */ +#ifdef WOLFSSL_DTLS_DROP_STATS + word32 macDropCount; + word32 replayDropCount; +#endif /* WOLFSSL_DTLS_DROP_STATS */ +#endif /* WOLFSSL_DTLS */ +#ifdef WOLFSSL_CALLBACKS + TimeoutInfo timeoutInfo; /* info saved during handshake */ + HandShakeInfo handShakeInfo; /* info saved during handshake */ +#endif +#ifdef OPENSSL_EXTRA + SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ + void* protoMsgCtx; /* user set context with msg callback */ +#endif +#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) + byte hsInfoOn; /* track handshake info */ + byte toInfoOn; /* track timeout info */ +#endif +#ifdef HAVE_FUZZER + CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ + void* fuzzerCtx; /* user defined pointer */ +#endif +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + CertReqCtx* certReqCtx; +#endif +#ifdef KEEP_PEER_CERT + WOLFSSL_X509 peerCert; /* X509 peer cert */ +#endif +#ifdef KEEP_OUR_CERT + WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert. + points to ctx if not owned (owned + flag found in buffers.weOwnCert) */ +#endif + byte keepCert; /* keep certificate after handshake */ +#if defined(HAVE_EX_DATA) || defined(FORTRESS) + void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ +#endif + int devId; /* async device id to use */ +#ifdef HAVE_ONE_TIME_AUTH + OneTimeAuth auth; +#endif +#ifdef HAVE_TLS_EXTENSIONS + TLSX* extensions; /* RFC 6066 TLS Extensions data */ + #ifdef HAVE_MAX_FRAGMENT + word16 max_fragment; + #endif + #ifdef HAVE_TRUNCATED_HMAC + byte truncated_hmac; + #endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + byte status_request; + #endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + byte status_request_v2; + #endif + #if defined(HAVE_SECURE_RENEGOTIATION) \ + || defined(HAVE_SERVER_RENEGOTIATION_INFO) + int secure_rene_count; /* how many times */ + SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ + #endif /* user turned on */ + #ifdef HAVE_ALPN + char* alpn_client_list; /* keep the client's list */ + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + CallbackALPNSelect alpnSelect; + void* alpnSelectArg; + #endif + #endif /* of accepted protocols */ + #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) + CallbackSessionTicket session_ticket_cb; + void* session_ticket_ctx; + byte expect_session_ticket; + #endif +#endif /* HAVE_TLS_EXTENSIONS */ +#ifdef HAVE_OCSP + void* ocspIOCtx; + #ifdef OPENSSL_EXTRA + byte* ocspResp; + int ocspRespSz; + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + char* url; + #endif + #endif +#endif +#ifdef HAVE_NETX + NetX_Ctx nxCtx; /* NetX IO Context */ +#endif +#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) + void* mnCtx; /* mynewt mn_socket IO Context */ +#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */ +#ifdef WOLFSSL_GNRC + struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */ +#endif +#ifdef SESSION_INDEX + int sessionIndex; /* Session's location in the cache. */ +#endif +#ifdef ATOMIC_USER + void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ + void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ + #ifdef HAVE_ENCRYPT_THEN_MAC + void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */ + void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */ + #endif +#endif +#ifdef HAVE_PK_CALLBACKS + #ifdef HAVE_ECC + void* EccKeyGenCtx; /* EccKeyGen Callback Context */ + void* EccSignCtx; /* Ecc Sign Callback Context */ + void* EccVerifyCtx; /* Ecc Verify Callback Context */ + void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ + #ifdef HAVE_ED25519 + void* Ed25519SignCtx; /* ED25519 Sign Callback Context */ + void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */ + #endif + #ifdef HAVE_CURVE25519 + void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ + void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ + #endif + #endif /* HAVE_ECC */ + #ifndef NO_DH + void* DhAgreeCtx; /* DH Pms Callback Context */ + #endif /* !NO_DH */ + #ifndef NO_RSA + void* RsaSignCtx; /* Rsa Sign Callback Context */ + void* RsaVerifyCtx; /* Rsa Verify Callback Context */ + #ifdef WC_RSA_PSS + void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */ + void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */ + #endif + void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ + void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ + #endif /* NO_RSA */ +#endif /* HAVE_PK_CALLBACKS */ +#ifdef HAVE_SECRET_CALLBACK + SessionSecretCb sessionSecretCb; + void* sessionSecretCtx; +#endif /* HAVE_SECRET_CALLBACK */ +#ifdef WOLFSSL_JNI + void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ +#endif /* WOLFSSL_JNI */ +#ifdef WOLFSSL_EARLY_DATA + EarlyDataState earlyData; + word32 earlyDataSz; +#endif +#ifdef OPENSSL_ALL + long verifyCallbackResult; +#endif +}; + + +WOLFSSL_LOCAL +int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); +WOLFSSL_LOCAL +int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); +WOLFSSL_LOCAL +void FreeSSL(WOLFSSL*, void* heap); +WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ + + + +#ifndef NO_CERTS + + WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, + long sz, int format, int type, WOLFSSL* ssl, + long* used, int userChain, int verify); + WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, + int type, WOLFSSL* ssl, int userChain, + WOLFSSL_CRL* crl, int verify); + + #ifdef OPENSSL_EXTRA + WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName, + size_t domainNameLen); + #endif +#endif + + +#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) + WOLFSSL_LOCAL + void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*); + WOLFSSL_LOCAL + void FinishHandShakeInfo(HandShakeInfo*); + WOLFSSL_LOCAL + void AddPacketName(WOLFSSL* ssl, const char* name); + + WOLFSSL_LOCAL + void InitTimeoutInfo(TimeoutInfo*); + WOLFSSL_LOCAL + void FreeTimeoutInfo(TimeoutInfo*, void*); + WOLFSSL_LOCAL + void AddPacketInfo(WOLFSSL* ssl, const char* name, int type, + const byte* data, int sz, int write, void* heap); + WOLFSSL_LOCAL + void AddLateName(const char*, TimeoutInfo*); + WOLFSSL_LOCAL + void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); +#endif + + +/* Record Layer Header identifier from page 12 */ +enum ContentType { + no_type = 0, + change_cipher_spec = 20, + alert = 21, + handshake = 22, + application_data = 23 +}; + + +/* handshake header, same for each message type, pgs 20/21 */ +typedef struct HandShakeHeader { + byte type; + word24 length; +} HandShakeHeader; + + +/* DTLS handshake header, same for each message type */ +typedef struct DtlsHandShakeHeader { + byte type; + word24 length; + byte message_seq[2]; /* start at 0, retransmit gets same # */ + word24 fragment_offset; /* bytes in previous fragments */ + word24 fragment_length; /* length of this fragment */ +} DtlsHandShakeHeader; + + +enum HandShakeType { + hello_request = 0, + client_hello = 1, + server_hello = 2, + hello_verify_request = 3, /* DTLS addition */ + session_ticket = 4, + end_of_early_data = 5, + hello_retry_request = 6, + encrypted_extensions = 8, + certificate = 11, + server_key_exchange = 12, + certificate_request = 13, + server_hello_done = 14, + certificate_verify = 15, + client_key_exchange = 16, + finished = 20, + certificate_status = 22, + key_update = 24, + change_cipher_hs = 55, /* simulate unique handshake type for sanity + checks. record layer change_cipher + conflicts with handshake finished */ + message_hash = 254, /* synthetic message type for TLS v1.3 */ + no_shake = 255 /* used to initialize the DtlsMsg record */ +}; + +enum ProvisionSide { + PROVISION_CLIENT = 1, + PROVISION_SERVER = 2, + PROVISION_CLIENT_SERVER = 3 +}; + + +static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; +static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; + +static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; +static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; + + +/* internal functions */ +WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); +WOLFSSL_LOCAL int SendTicket(WOLFSSL*); +WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); +WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); +#ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_TLS13_DRAFT_18 +WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*); +#else +WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); +#endif +#endif +WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); +WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*); +#endif +#if defined(HAVE_SECURE_RENEGOTIATION) && \ + defined(HAVE_SERVER_RENEGOTIATION_INFO) +WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*); +#endif +WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*); +WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); +WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); +WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); +WOLFSSL_LOCAL int SendFinished(WOLFSSL*); +WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); +WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); + +WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); +WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); + +WOLFSSL_LOCAL int AddSession(WOLFSSL*); +WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); +WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); + +WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); +WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); +WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); + +WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); +WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); +WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); + +WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); + +WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32); +WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment); + +#ifndef NO_CERTS + #ifndef NO_RSA + #ifdef WC_RSA_PSS + WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz, + byte* out, word32 sigSz, enum wc_HashType hashType); + WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, + enum wc_HashType* hashType, int* mgf); + #endif + WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, + word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo, + int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo); + WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key, + DerBuffer* keyBufInfo); + WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, + byte** out, int sigAlgo, int hashAlgo, RsaKey* key, + buffer* keyBufInfo); + WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, + word32* outSz, RsaKey* key, DerBuffer* keyBufInfo); + WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, + word32* outSz, RsaKey* key, buffer* keyBufInfo); + #endif /* !NO_RSA */ + + #ifdef HAVE_ECC + WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo); + WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, + const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo); + WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, + ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out, + word32* outlen, int side); + #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl); + WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo); + WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in, + word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key, + buffer* keyBufInfo); + #endif /* HAVE_ED25519 */ + + + #ifdef WOLFSSL_TRUST_PEER_CERT + + /* options for searching hash table for a matching trusted peer cert */ + #define WC_MATCH_SKID 0 + #define WC_MATCH_NAME 1 + + WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, + int type); + WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, + DecodedCert* cert); + #endif + + WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); + #ifndef NO_SKID + WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); + #endif +#endif /* !NO_CERTS */ +WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, + word32* hashLen); +WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, + const byte* sender); +WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); +WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); +WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); + +#ifndef NO_TLS + WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); +#ifndef WOLFSSL_AEAD_ONLY + WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, + word32 sz, int padSz, int content, int verify); +#endif +#endif + +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); + #ifdef WOLFSSL_TLS13 + WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*); + #endif + WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); + WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); +#endif /* NO_WOLFSSL_CLIENT */ + +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); + WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); +#endif /* NO_WOLFSSL_SERVER */ + +#ifdef WOLFSSL_DTLS + WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); + WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); + WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); + WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, + word32, word32, void*); + WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); + WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32, + byte, word32, word32, void*); + WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); + + WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32); + WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); + WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); + WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); + WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); +#endif /* WOLFSSL_DTLS */ + +#ifndef NO_TLS + + +#endif /* NO_TLS */ + +#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) + WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); +#endif +WOLFSSL_LOCAL word32 LowResTimer(void); + +#ifndef NO_CERTS + WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); + WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap); + WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); + WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); + WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); +#endif + +typedef struct CipherSuiteInfo { + const char* name; +#ifndef NO_ERROR_STRINGS + const char* name_iana; +#endif + byte cipherSuite0; + byte cipherSuite; +} CipherSuiteInfo; + +WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); +WOLFSSL_LOCAL int GetCipherNamesSize(void); +WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); +WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); +WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); +WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); +WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, + byte* cipherSuite); + +enum encrypt_side { + ENCRYPT_SIDE_ONLY = 1, + DECRYPT_SIDE_ONLY, + ENCRYPT_AND_DECRYPT_SIDE +}; + +WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); + + +#ifndef NO_DH + WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, + byte* priv, word32* privSz, + byte* pub, word32* pubSz); + WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey, + const byte* priv, word32 privSz, + const byte* otherPub, word32 otherPubSz, + byte* agree, word32* agreeSz); +#endif /* !NO_DH */ + +#ifdef HAVE_ECC + WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer); +#endif + +WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); +WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); + +WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, + const byte* input, int inSz, int type, int hashOutput, + int sizeOnly, int asyncOkay); + +#ifdef WOLFSSL_TLS13 +int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, + int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay); +#endif + +WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey); +WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); + +#ifdef WOLFSSL_ASYNC_CRYPT + WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags); + WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state); + WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev); +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* wolfSSL_INT_H */ diff --git a/source/libwolfssl/libwolfssl.a b/source/libwolfssl/libwolfssl.a new file mode 100644 index 0000000000000000000000000000000000000000..ace38aaf0bf91873c32c9a5479f1db75fe808abf GIT binary patch literal 392892 zcmeFa3w)H-nLmEs$s`PzV$@ippbkna2o2$)P6(G75-?mHNg`CK$&d^rB_uHy9NL*o z0_cLJyFqCS%1xy%ZT+xpOLy6pYo!)j_rJ8YmR8hQ*^1WPA8oNkMdttgp3D2bGYM*U z|GWSFfByS^^5#9~InQ~{bDnd1&T}p^Y*M7PwtmW>G5+*t>@ByAEgoMyw)hsmzeonT z|NH%8Zyi5=f`r!$62fy@h|>0t|1QWA;y?N}1%&v|zFz{rANFoJC&Yi(`}5I4{6Fwo z{w{hqHzW+@!$Qp1`{Qv%aa)-$J-}k>n2HsU0#eeAi(i-7) zzuU`&_kZ92mBIgzI*>iCK>UB^-M&d=|L5NOYpctbM`|k?z7U_a7RNOi34WP;Vo-e8f|O0 zlTs0;H8$5SbHi-j5$?(&d`=eW(b=k~kChj>8iFCO|nJ7Go1 z?bRf7R&UpxF~6#$m>7MgpH)7mWg%TQ0L_!>!pM#6m`yjRTc}P3jnAO~Pe#MEdqo|K z#EIp!M^|ICTcRET!04RjrAyJUN*CM1LRoZihlEw%F|R-140Nc7U&?kSdlQ$pv@sfK z>S!So{Z$tioOLtO-q9L`G>ph?m?}s!cw~U3Y@OJulkbCTI%csn+Fo7Pu(YAQ zy0*Eason8QS1Sfp6)cvwRMSWDQQ0i28-Na9^O7ai%}v$l`;b$o%%n^s?ai%iHWYd3 z2Rb)G>Dx%EQfNB!F^Lp9+>Z9X|CIqMzFliQF8AYk9q3vfN3CTcu%IZ}Q z-LcrgPJ^W*-4$uwH-~>b2wv;fjQ6 zkvc0foI%LyoM_Y1_Id``9=bvm^C}}t>8gm{*AeCL>~d>#5LHmA2{622>Ac8ti8^;B zYEm1A9l&RzG@%mBXl-6TvyK3ezhm*|qqXhI>vo44mo@_mxjG{fct!PYu8WGw=E~Mc zT?5CnNTcff$xJ`sbXXrGCICjl%WB&KE|PaFS<U_jqQ|KoAl6C(XqH4@HSBzX{=@Af;6;BT1JJJ|88%M;(u#p zeWXdCJ~dDimVqi)l?^BavP%MPyW|P4Z3m#e z6+I=<@W;>0;;*uqF=e+?rc>k>s5T64#jXU0qsu`T3Upnxbw+bDN>Bh) z*{ox^-JtCDQW9?e^x9gxcG~gXK#-Judj)#Q==9Rk>avOuwGz#`8v-5~Q>k}pl~wg? zb^vpho`!6bsL*XuGB`g9Ri|M^RM-$514Pr9v?*Q;DvO0>zy=`)nCbJ%s>4;&s%KCC zte7_a_L=i+A48bA@O-E$D#-RSY zWo;tePicoW2I?~_rwd{$N(RNzstlxhZm5(|O6w!F^^t1OP}-m4*EBUC+}d0lZNnfe zqX0Or$R_1dHxZB?hTKqj60&~H?`UE_gv8p>yR=amXrPja?-CAZ_|`(JYBd4X%R3s| z8)R^EYi;xk(bi^(LlvWXaYMVL(9zTeJtbNPKvQ)aXZIkpw6*zug^Jl3{C3pF$nq8f zqOsa~ep}n>7wc~wzssBJs>exJUBe3PYHzMiOC-`>-O?=6ZfvVpu{s(xF1nh!G;9)$ zESA`{q>rH%A2{`=S`uhOFAH!(8?#ldeUbywR!s_Zb;{A!A=#yWNd)t9l5B2jU)sDp z+Pbp3HCoq!@%v)Hx>gs4ri4U@uVRvcam%V3Ga>XNGD0Drj>Zm|9ap+w7@Dv`vfXen zHw2G^t|uKj8KhyOp^TLb>@db4bQ~S5Aa=1zPc3KM2tiGe^JJYyMkx^^1B4h&l6JEr zyoRO~$dXEkuIjc%RdbvG2uhe|Jk8Lvt}mQUM#tuCL;QUfZu9R_BIBK>wKfN)EW zIvO=$TL`KUTr#eOj!@my+`1e}z!%W@Lf--b3YKiMGPwPV(U~X#YKpeJofISp=}4|L zA<|G7E^00(H6vN^?5xx`EUl+>Rgs6~@*Y?GCn z`H@A^(u&@KwN5%nAss?yB)@2L)D@+#tr{Ydl~IE1x`WYCqBOQI*JRowmqd_LjlTs=jK%W=} zP#4vSIwWk6!C@=V4CsW}y(o?}0D@aVjj_6+PO7s^d8x^0Ca{UxypHHb>I-8Zi~hQK zIY{&kMOrGbe}Ycr{=>noB>mx`EmE=WFL4#S4wCo?l;-}JPmk1AA3;+<-KcGa)Rv<2 z(DF$SaEdhzZjfb>uo7d~XlPo(E=&&AvK~O6t!_b=t_d%vf0;cIwNU^vD6$K5lBCxJ zu@Wz7jG!eNK549~hxYBNdK@ez%pl2;S69k$99MMY71E}c8Qldnhz-kW-qLj*>aKyK zNBJ;#toYXP8K?xgSY^YPO;2-FOY11bW1{JlGovYf`l0WL&G4qwQy3l^ZK5VfPW;fV zNV72IV*+#>SBQ~-4oNS-zJZ4Q);5k%C=eF_R5O4GCxiwN)mLeP#B?&Gfksd1i)$cK zLvree>>jH*wm1k&RiCMm*cq^~Pz0!9ZDM8{Ru}L;gvlgE9l6wip(X<`UQPF4L7f|I zug4HO6E&3vRZjf$7Yh;19Z>8zZ&DLF9ZuZRhL(ER6(roa9e71cv=*$8W=BJNw2d=| ziiV|}j=G@INrikKdp9Oydl;1-8!Ge?4=IJA>0*u#f=&D?OPNp~7aYnhgQ5S5>9ttF z0ye%Hn-JN7RLK5=A)LO>M)j3e9XP_Y@|4vpYmUqd4bCz@a+XSIR4$YpmcwXI^Ep?URoaXycAXLy>1%+^jTxgk( z2H^Olb7m73U_?bdOa#jm(zK2xOAt$eWUzrC3;mUHdY%kM8*<%Lr=ntk>UJpcZenr{ z5n2&xXyi1%f~x-9NPBI4S@ZHpLz66Gg<|Y1WzCogHMG@(7P5sY2bNZJ=}hZrXp}Yu z<_+?c{<)apL?9G$foTlnqbi;R*ra4A=D-b08fsy3QP_@uKCNg_#xl?<+F^)Q8HAxG zB7;MXh$i&ZDjbcra%$Zs%9=whw6I7ePa+$G==AyXp`AtAU?`2Ywl=rYw5;tk)9Ke{ z8_cE^>B%}x zo1iSD3d7Hw2FNMgP`iwUU|O%5|2j4bCCJ8xXcNpSFypGJB#Kd*97~&Fn2K`!5z1Su zLMUr?`?PrHM_bUx&yUtdq1H*Es+v$LDN6=jDY=_SMnUQdWHOFCVpSP*n_KIoXs5%d zRHxGs(nA7Lk~8l>W2jwW+%{Zxhm{NEEc^}|BMq8{ix9|gW;&_?rei9!NF94!!?KLK zpcUPw8;XpOVmhh>_CeK&N9wTPMQy_|*U!8|A}hFE&Z@J97h-LzXn=87+N$V73tkqT zi(v#tEY(jMYUuf(%yC6ulP7@v*!|kxP+1>sn#)ZBI{d@J7?+B9D;KvlKK!;jEg|R~ zZL&Jq!5x@PH8)b>r=FnWw^7|v1}&5Xe{fwVVk1uKV()82uokZ1=QXfA1fK7}@tWOYg)(;pW>Vqn)navuC5lfFc3#^s4 z2PDg)E3nXDLUr}UBmcHYUGRD6qdBS3g^?c8 zAGoTi5zA|(A&1)*lr?oCn+B?68ww33;SLzwl#1t|e@KvS8R&D2wqa=&&AgK{lUwH{uLm1b;tGc^bD zK`Ehc#xhV@`SgtOqF*@0%<8a0T0U%29|}T)Z^I&mjf^xY{L;m4)k;^S(vWNG39D^d zPvBI^#)ieM5m@svcX0?C=Gst!Vf)3D9p(_4<6Z4Y^RE^4H06Ss=nrlW{2gs50@#A_pwiy#wcNKBN(IhKWJk{H=b!vbeXDR4t z;+QS;2_`ucY?6^^oSa|<9Bn+4qB3gL$tkRyTiI!mSS_YEs9|!dV+gV)$l9aoY4u_` z`F07OMuUDZY{IVIfqN55LzzuHBRWh4SX$G`Ea3`7x)3uPqQZ2N1398NQ#wtn4~Dxn z|D}n#@omD8z0}V7OYmZ0ACa36&q-!vH&@jeqWdshI|q7vLzmJfr%Uci(0A;^%!Qps zHLc9j>|xMlz3rpw=&qzS3RWD2khrK?X>|@=(ucvS>s><=<6|wQm7Rj_a@uHNvh&mz z!44{&87`kbU#?Qn&d?t`lQmbA)+JaWb4RO~UQsdgj(OECoV0Msi8O22DLJ5YQW3al(3lu_7TvLwJqIexRLQ1+xpeUby&X|`-jC_4!)`}v7mY1>9%i2kB?2J z@>GCHo$VIc1b8M!kye4+RM*2t$3pBiYN~6DRyDPmNrmJ@)@2zELBJSDOlc~-I3kjP z65Z0=)P}8S#K$zJS{w0{-=rWXHR#=K()x?-92BTlk`)Wo-5VPfUX_|Z z$pE_3h}tM&E`!WaJ+DM9ZEjxH5am=WBe}ki>6p=A$1~0+$e1=`)0ekkAxgsLN0&Ea z=~KEj2e#PS6gb@6(t#~MYAQx?YB)+r8$9K7U6PO{AY%rV5Q(LP*$2%n<8TD~i|*2W zkBliHvUbATzpBwEz@V=fTRrZgQThhDqFqF(K}v|05y)*;+~R^tId;6=;Kq)38X7Gl(wj8Y8P!hIgv{oTRNKIXoTfP}xf#51&VIffi;8LT5GE@h_MrCYiq1-jC_WDMq%@q{z71l?mwiqrK6#){~+#a zZeHGh7|e7yDbjyfYg?rMfJn5h{{T?yKcG?VZ|^@4t9i7+^dBfK68#5p6;K^C=|8*; z^I5sYy#HVd9Qxu#s#AA;)Le?WWVMPeXe?0Ci*G)7&e zVK*sr*T!wQYh!Ft5kl?%w@$z%8xx9e)iG)YC8y7sVRT^=!F`HxK{-cNbuxRjIw; zt$=tJi_bhT&xTjZ;1J@v_?~UF>0)3%(EVeBx%ncO;Mg(T1T61?a?r2UBY| zC9NxwPS-`!slP}%VZiIKU*A7wh6atZ9P3Ibh1kbl+-mYt~^TFz%p zeBBmIe9G38`v@&dw|s|d*aSn5X@H+z{XK#5&8Lh|KXOq&@=X1>7#w_@NOXx$vwj|m z2va{tZ|D|z$j_F-Y{>Ncqhj$_#>ax+Mmu^?h>{(t3e?5p#l!8k=7;-z@Ro&kmk;-! zhy%YjbU^H4o@8A)sCZ)?CBLknXmeuIb}OH49kQ48m|^h*>w{=y+>-60Mbg?PC>yr9 zr%4}pb4G0w!O&K*F!V5J{}6Sd?xk3A_3N_kFbsS)B8^~4N;D@%WnL3{*vOIb!F>` zU}(P>TGGpWDgKeBDI2kl_`m)m`zZ@D@RbCG==|;XW6A7i(({KtIrv2CF!LAahDiqh*Vx337W9Li5dr)63;0H7C(`Y2`?G0=En&h_LV7&b;Sx?bUe8~qOH>8(5 zpz4d{chS#d#Uq8qyrS$;=BYhWZm)^apu;h<(w5t=A-8uSw`)sdiAl3#iF+!H>{#~U zVoUfs-#~tIkl#=JB$g~g`MK*d`m63?Vqvl#ZRW2~r&;!_C*9yp$H;D*%=BSStj&E4I%f&PmZ<|NOEFbjhD=Mm> zrV-P4PlJAeLx29DR|ktwPAGKAESXZ7?Faq{yn9qUYXsw!g0HPvCI#^J%F8+l$;(Nd zM$qKJV9reA#qw&rwFXadJXdl6zBNZ>%At^v2TSMQ+KG50$jf8dTfB;&QphTMMvf;) zo=(1$6Uv!EsY$t6?TUo(=`U%m)$aYEb=pILY##7vjzf^b|GcF2>tE%B6ml8j9ac^& zfOzL*yp6eEx#X*ZzBX`^uP=p#ik)Bo>clT!{KX4KRsr0{W_alVoiLN{pTOrF0w%U* zTz_N*qT4G{zjp_rOSZ!ZhaZ2=0}so=@KNXKi=X3Q%g7k<#MK5SE3y!u&hWFY$w!An zW~kGsvzIIScfrj%Rerfg@>c`5d^CPjhJR&-|F7Ubhxchs?<*j?6YmJ^e^ z-=E?C3CiMmz=AsdFEhelLC$jlTdTw0$_Rfa-EUFM8_AQxw=T;FH|<yK{Jo(P_Wxb5DsAvq;6{@-1SMzIK8TeI$`i5Ee;n zy|XEdE4I^CA&Nyrx4oo6sshtz*hdUmwWgkVB%TrFV!OU(MI9DH%vzkHaZE^n-L6g@qVs+>3-5WZb8O_=Itv7Gkh* zpAq6x?Y0&=_*R!g$J*r3x6TQ1xyJVt2yumR7dbeda+e!C*f^k>Z}36W@aEa$avyc! zfVWR-e0DpA|E#dXTUI58J%fX^t~TzN3*O_vy=aG5X&mneA##noQHUYN{j?B6jeEb7 z7w>T=FW$Eu-m=mEnY?5Vb@*jJsEe%ZwXo8J@Et z|LZk82mBlQIpq$`oEir|r%{Mu1|NNjNh{}RC#@XF+@zax(&dKy4G#m5FC(7;bxyhi z)(UZ*raxd0)DYv|C&Z1~EfCjp4GNG?P`g1xpzI_Z@kCs^kv{>M5Y9eX^eQ*|SIei| z>`Senb|X&~%9{A>1FiMijc^P3lJN8RA`ac?*9zNKF6VKjLTva|-+JSMx)mwJofGY% zu#Ovx3m0SadLb5$mtz4=6w2TzZau(J^eA}yOCCRvIhLC7Z~}M%fA-_mt|9o+9aR3o zqrvwMxRG}mpJB+095YFe4Fk^r%FX?laU1bv+>gQ=3p~atQbZ)Z8E`~zOl@{r`S9COfflmq9Xn1AMi=g}<> z!CvBrZFQB%MH&|3(YBb&GKJmAN4pc{!!XQaPnog?tr+PX>J~BDH#m0&&GqpukR9x* z#8>lWF@f`A+TzmZ*RVIh=I4UhZp>BJ>Uk^d4gYQF^ve7^4%=C(g!A*^%opu|(jI$6 z+f`Pdqn)aK)K*y+y3kIncmC+-v(JH7DA@OX+v2J`m2u! zY43$?ZzyCeZB!o>jxvu!E)tjJkFq$6FKxYV!!82*_JtZ_|2ufZipB4jcBP&1?~RIW z=(gIWeW9Q7C#G{)h)ASTc@p&xXIF=D?i)3_Zie3OWIHu>>O|*zNR-! znZ!5UkPq2$-N#BsUy60Ec@lV8C+II8mUV(QuFjp`ip3j#E#p3nw$~l=kI%h%Z%)#PnjG?HL)1WI9N4!0>Gb3%0xVOA8aSh&C(_)ExXBMKa zdQr|N6H~&w6W8D!3HX#dcNfoM9ZtQCu%qbP%4PYyCN{?7LtajDcfdV;&Trgho8ZYHvJPdjLI_!WbgLs3o zOTvasyM8XdKGacPNw4sB4-?N*M%^KCEbyAh+b|3^!%xG;_$K6}?Zn0okN#&L^ZK8# z9a6t4APGGA>LYb7>W+NM)JMXC+CAI_tJH2cUcH6|TzGNqmh8gKbg2{aS)@J^wo|(o z>MzsUr`_#h_Fx|^bu$NP6W_GKPkEWc=fP}t+i+rbDQ@nX^oTEz_qAH^Z6*; zAaG4SXzTNntYgDmI4CDH4TQnZCDUE*Qrg{&#SOBtbpAbgu(R&SqVcgmn_rnULtf&c z@fBuBY4>w%k)(4}axJV~pwlyubUw^}=()>9$TlD%Kb#ZEXCLykPs*yV0g|0l!$0m`l(uzH2hd9ivF|JElFe%uv498)5cw`~s`t-IK zK8=4gExevvj^q)1nkE0MFC4zObrOj?)=9@QYTF>4K=Nr@B!TI6rx`1Wrwx!qbDS>A zBm$&4*0CN2Y%3_xWEhR7pyje9YD=lU_Sm+HYAY)?aKhAUjH52bVLi2(WhBXxlkzyE ztj(jKK6-ePEa_BwPthh1@>cWjEDGY&slXp4r2tf5Z2S>WH;@UkX2 zakCaVw!W!o}eaBOv1;NP}K0^iu%yfMcX=tY|{wm0ui$L8k+&o}72XCqx>lglo1 z@UubF#LaGT;%09|mulkfak)X$#)q73`(iuHQW`&Jjmzz#L%XA)nX}*JKJId#6XIG; zX8`18yMqqS0Hk%3#_@R_xUazFUg*U2)d(?Cdr$G1s+?f*uP7|lSu zABC4;vy}91w5h4INi)-C$?_?4;hB739CYX7vcvH2#YioHKQ_x-#@Txb>9B2 zm7g|CAM)|>_9B?Pn6Jqbgz%BNpi73buyuJWQt)_%+9X^nKCA&;)Lw5``dDAqVe-y$ z<}*Qk?EfZT!vLY%@Om-4n}Fl0!xyE;x=wmUc=?dtjnbw5G0ePfd7*z2HF(Ldshj=O zIXQ1)y)+ML@yV!j;s{{3$Po2U;*Ghjxc@qLTmNHjqe(K-^O<>zGv`VkMCK0d+F8 zt%$Py(jG>5=&w_6XW9jIJeKQmW%m>I9xcEYq3o1>Ii&Ujab@NSrjdXf|?z#HvQyQJ;ATa>eYX7F?y^RM|@B>7qke*PBxIO$l# zK{}BPz7_(XGQJIR^cnja@*!!?PMuGD2+vn)p7-^`^RD7-l&N2~om=DI$a*UNdRVu? zR4V?)xctOTv+@%+-nqMKy`nw!j(G@i1__UB%aAYkvd-Nm{G-usi+!mS*S!)q zq7A~%?2Zc=o#-wVV);yQ>6mrXf}w4mM)nVoo1omlN7ljD#7WipSeasci3Mx<0><2FE&&D=oQam$rATSLCPFZr}vvq zKs-NjlC>`(?F(NfoxnCRRr?e0vu`-A{mZ+jpiCgY4frx&;2Z7my{{A{*#<2UuYFhc zWhNciJ>{NMN!Q)h2v_{=ap5}rK?acPKBfoT?t{r>Scda91?$reue$fUVKmCyANOXNBi+* ze{>jM_D4tYWq))GU-n1O<9i-;;WoKH`DWx7a^P6Ndbasy$*&Lf@N`Kr`<@FU9=lGg z*l@436W7c3-L3Y^qprw$zJ!}(PW7KPsxm~qvcjtp#3nHHBXIL(W zB3R=&iav6i@M3HjP8&1r$5_Aev3~$f>;Z?(ejC=b4#<7eeq+y$Z@)P|9)B-CzU2n= zY3JTyyVmtM3v%+t51j~)dH{X@fz(l^1zz_fZ8_E*IwJcxxfj0Vuv}X#>q?>x92P?N z52HczP4=0{3*f0@hU+j{KiRg?N6GbN?Cs9wIH>y%w!3o$Hn@R-c$wh zxCLY3TF`76^N=j#`a;U&HBVxy>2Spe1Ql6MRI~ISlBo==VeemCoiY4mq zi6uTYTh_5eHEimzr=#x9lzbf&MMxvXx(MDsqhYY2V<1PG;BS+AJt_FG2tY1fYJGxn z-ao=PIMc9S!Vsotz5fk=Ey^JEZXRT~Q`+qHx+v0aP%=sFL)aSR`*d+IbwQ5(A(U4T zG74d>c2H>yx_~c!4Eu;(`9a%b-%Gtupw13CWvGOTP$Ss$&AV<0Of%acO z9`v~6PdK)h@fpLN|QFO(Lbeiw{Lc{2CmtGey zAimTgo)E*?7LvDP>|cVh;Xvv<`q!beQ-3}p+shMT=*8NKp*1`8&Zo4#H3E6Dbo<$3 z+7IM8oP9~jVOchNft$s$18x?0A47bU*>S+BBYRXiqz<#40=^Glt~>7upiCeK!FmRI zezqf*Kab&nqwZhuvdzl!M_XY&Q2txkW>E)ZU&cBo{o5?>WXb|MQSyNx*V@mnyAJ(W zZ>kt=*h0HK)rBz>ZSX$G&_jI%yziabi!wtwqP_{#3m@u*Kk%y91AdAE+r@E|i)G3L zG&Ta>71(ZZi~_B*SL*VJ1CDiSrK_NSbjK+}K8F)umX#WBi^vP&aEye^{`60JTrD8n z?0Z1j{g8Z`__I@gd_a#y1^80-L#6C{A^Rz^uakWV(qW!F%sb(b`Dvs@p2SmkAOGX@ zm*x#lo$h$%i8rpF_M^+UF23}gBUgXp|5Tm1^MT&?ALxE}Y{ykMHRZfnlX&ST&lmpu zwVG${+5E@gw->Lf`)NmBO|SQJPp(ca_E@fA6%9(wiP=Kqb=J?uLd4m?x(#@F^GzF+&&72{v|)lc7k?f!px>L0H^{jFT<`t&XG^|4_SMm~gRXi1 zjo}-&in|xa?tJZ=EAPF%?e=4P?pi#w;K0e3zr6W;^$-5ZUvc7Jo__z5eXB3ee($F* zzj*k*u@BW0oGEF0=ig4faQwb^U&;F53vcCp?%~b*{%-R(2i)`0+<*G!h$COVYW7|K zezP@q;M%XIZdmnP)vl`>dK=zb-#g&(u7ZgJUfq4w$Fx~+o-8uXPY_l>I3Bt=aee$!_UaLhu&1NdJjUBcpe;R$PwT+{2bz27s#UYav2e6$1X zP;tc;v)1T7R4@~yaLPe04eG^3^7w*|vlnp|x|co6ZG5v7N!ye~8x@}x^&!8O&OdD7 zGX{5gn6bX=fjraT;aLp5Gzp@fS%bwdPyFiFFP(h(6^LLO;`WV)Xfh?H-KEp?>o54X zlr4bkc359!(#|moE?1u{B!7HCI@C)W4%g-VEt&(R9fvkwKGqAs-6Pjm z-32Knd9RkFyKFo=WHeR(=!DF;4j~`7&DV2GyL~R$N$ob}3mI^If)BbV%D`PYT&1Zw z0R1e#L|67J?M(Yv#`iI7e9-iq2Ojb@NJIQEXpvSvUO(P)?ML|v%5IMKQ|8FOwO{)e zAWtoTZPEUA@SIB=?T6-)br}8@?SBHv79q}B?f))JvxslKp#4Bq5BSSAZhqm11;=^d zr>*UW1_EL6`MLVo1@>Bo|MwYwjE3q_@vTo}_)Q&@Mr81LV@CMR8GiOR^3n8WWcVw= z_CCP;>b#7#6#f(N$MyPY#(K8}`3*oEdwsblgWlE*|F?j@AFy+p-r(`zu;V1vb5BXhE2fsca;~5WsBm7>) zj|cL)qy=);`vE-nV7Y?wGWgAK7vb%?%)|QOG4d+X{siJ8*bayMPWa0yLq^lttT53Wnc%`#2xynz|NlOVV_tA1a$s;NN*$t&F?ylzQhLtAU4a4a^a zBMd*V(NcJuE6PkKfLmmFJ z@^OZ>@BXikd?_x_I@XB4)`~D;h7n;RzCo7&6@duea@P>Z;`Vm?>pnH)enTs z&06}v(au`;z@URa5PjYVEr)@iW8Omp{R zy-%mx?^?Ydc|hLf`aJ3abp`3(3peP{E%k#F$}P_e`Lz2m`s$&|O`U-IM~Khyk>}i` z8}ZCKJjX!`J=W%1IHu}=n~HHh-a9jyAI!8?Pk2Q z+Ksqb!<8H3&tJUe-`cDWE&W%WSIRvsoX4x3L-3_LsQg#$0skA}=9(i1MTX_#{j~OH z;fp61c}{!e01C)xyeKQGUVJW!Hx_}60~L-B@vJWCRR0WrG#L@ENP!2p<9nlW%l{1H zd%ON>dV^6HvUD7YXXs6X&z0Y6%HThbm-(fx$S~&D#T$I$vSXkZhJ*E*Yp=x1!^?O& zuW*Sg3y`I+(WM{K;lnsCydgpO@5E~!i8p3!5msiM$KE4wk@eaMiTbvke@7!Z$9z^0zGr zo0eaB`q&isW0h~5zL4-u1f6O58*UbpkhZiz1-b<8>am8?4%KB@1@U!RPvOjjzdK?L z?Rw4fbz4?$cgV`?9%kiNUb|~brT6%h_?ow3mDdKQtX>aA8Sd4G!2f#K{IMR9Jn)C~zC*Kf%0+K%u3fTUM7dDoQq(Q)~4@7KVjUOmMI>A6KL3pgHEFiy?M>kDLe(5*)l|MN%C9&*=Smn{M{Kj{}uDvD@ zNcbR&HMrMhnWX3ET!p`QH2r1?lE2-vJxTp*pHIvuY{r>YL=bOBz2 z{0O99hy36hKY9<+84-xTq0(7>2U3V#>3k09tVKHINXLhC zK8JMhO-!ypI*6|AGq;o#8NY&q}1oCrgVt#xl>o53PgY@12y*ianRYIq8 zEzLA%?4 zcGrV;w*l>L1KJ$>2H9s^C(ml+CrZ^>4Yc3412sZ?AN@*Tm=&1Ug>_-{f>=xHnjHN6 zz@F8jF*577OE;7XF**4CrIA^?AAs9CIXI~)GV716aQh|)zkWw#);km7&Yc{*b8uwV z{3P6YlY@_CM`qQphdY0A@cPw}S-<)g+y#?^_w+_){qxmu4+ZZ6-x|DiczIWlAP<@A zdR)`f_VeMqI|=*^=USjVcXwzMZQ*{dr!Y*f*YVCOdtDE9X?Ye1=Paj&4q#n#il|FW zpOv3n7Y<@AvJUH^d4SdHHQajI#j$4X4;>T>Z+ub&lUvUPf#XYlfb$`!yIik|fAO09 zU;j>8I zL9_$uV7<9yiwKrud^2%NQmMnUQ}4dZ_&5i3Oxe&=!{t3kOR{U~fVO14TZ<3%W;&p$N}I zSU$oEHVhX-SuR|Qi(~CfuA8a#EO~z%)-!6<+N`y(dn#moNcee%uy`ic#H&RO)||Q$ zpPRWGYdAG1g8*bX!4J7&+z|1^HByGCqd}~F)|mUtkmqc<7h;u#14p8Uafy$30TZXY zTGS!Edd8_LzrM3-RzaX@WI+IF*2yudS}X$1dagg=yAbOqf3IkYJzW^9x~~^r(C~pq zZqEhC;yU3)eej|Dase9(oIK#<1E&D6p_Bce9~c?=+oizG18zQW3qV&)_M>f#-2DLg zgx@>akM=S0kFD_6!S9>wM;jUW&P4d@;m@7yM>`pbb}|+1#E*6|676Iv+KC_SWF*?j zRJ0R6+Q~??6Y#|KAp(sQAF2={+tvL5}aBT=Q*07$*b;Kudj#ZvP)9XUGw+=jZ zF+K8T&dW}FXw0VjZY$gH-NWzy%bVYQ>FdRJ{otO@{{FJxKRk8S&TkF9_ZKGyd~?&~ ztM9RfkA2`^Rc_*$)`OpG?|S9$FFbZK=WmZZ_WSlzk2M_mKL>Ar@X{k&pBFS*PEu?Ie*vKXP58Ey6M=V&nAELZ0{w1{KemHxIO2`wRh%^ z9J%zSe;o8c;gDg0xuch#uLykNis+!W$`zj<^!@H1JXiQ|>*xobICT2)UDqs`{e#(G zYWY#)olpMs;nP>YxH)I|*}=CwkoWl=Em!Y6^2zINYxLbze*c^ad-i{~cxdi-=AHQF ztb4Zn_zqn8`N#IZS@rL+uh%xOITp)b|09pD=V0o+o#Dpc9enr6KR

<|Bm^^)Nb zBXm_h-gelP_j$_9L8~n5DlQKUmVwl9gVH4gG%5K|$FEdQYXaiR^Hh$#pGIlD!l8`P zq=BA7K8y5s1iqV;8+yOKkIJ#dd+w2TeTBgI=t<;5-JB0$C!|a1;&cwh`?iLaiQ5PJ zcoeJ5vHv5__L;FoTqBXT^z9ZGC}v^hL*-Z#aD9vp52gPj_rzj!a~^oS@C{NBZ#yO@ zHZ8&so{i5C6>c$*e)~Z<=Op$6KWzcm$}&TFDEp@b?~yR}Sn+lE{qURfTi=1d4t|rKDNAJ^ zZ&Nn{YKPeM0=zM$mCV z%w<7NWNiv`(sIQ}JEc>~AKbR7@phoJb2!qRikxC888X#&8}V(pSr72=+=jWcCVQuI zW+nTaW*!p;8!rWiuLs^@+K9s4k>G_bBxhIIW4`cgE zv(JDx+BeW2*ykr?bzH09vd(PLZqOFTlv~z?liJOCa7MfRs8gsXq>1wXA7>Bo9R{!F z@oER#BHcmd|HOKHci|m~mu;6}kbR~-#CH}j_hZ`mXaIe9(RBG-6feUbLOer4Ml}3o z*h2;~-5Vu_`o~CoGwdOQP)DpH7oMS)VGkKR0XU6#ncokwhg?z)dM&_V-Q-JpC~Fx{ z=M_G+4)Zg*^kXuWVGkL+1L6JHL&oEDg!6oqJ!I_oz*u!N%*U~ZObAMzm}7I#%kWex zabtNnURMwf)TUBZBQL#BS$pY)V(cxYKXK!bSY>U_lzClJSC#wn^!{^mN9`Qwa%=QH zx!}5~ViWf%hPH_j(D&AY&IP@va&%V`c&ky-a1U#-pZ7V-edpYthdtV&2l|fO(}{RJ zEOfbl7WS2C!PGI{Nx(Dj(8tfRAn-j5oyxgu19KMWQ}V8j9_UuY0UeQCR}c(s5hJ<) z!+a;E_a$0dXZ1buD(FV!o-6?!KSBDS+e2OLUY**ktY@T-R}vJMi(#I01bZ2Kv2V8q_mkfH<9u_Ef!X(bSHp}ci7C(RzN=x)l+ELW zbyvd=`1NqF*Q2c>i+jy@9|HHWbw2YQ#cNFNgB_7r^j?1A`ZM7~bvRsnGtU{wI|zm+ zzjiJ-u?>4%x286#eXS{TS1V<`h~e0yc`{LcZg-;c-QBP$5q>PW>2>UFOie<$a(^uD z^byyfe7S!QdpR%c!#4-v=Qw}Tb*RsLhx@=V|J#A?n}yj#E=dP&Nf-uN&tHs8ifCdP2_EhRHJ+Yy+dg`!4LA{a4oalBuGlq*~N) zzi>%XgmG7K5P2!WzIQ+7uM?6t{zR6CxjVwlHO<`!CT&yJe{zekXF zmI2DbuHT13VqyFXat~d5@CkKi6YC>!Irry1!nj-gZJtk&d(nBP@Oj)9f&Hv(U&+_FQgx&k-}(pM`ytyn;h4kELEdmaAytNNPH2B> zlG=-$ngE#OBfeJdKQ;S?8CS|f*U7F#m%8)%;A>(L^2c&r!+nI<2fPq-@pATCp>0-B z&&dOn5Bx>E{~F&B-7_GwhopPxn7_h3G~29voTbU)eH!r(AV12E{l}x|N3eey`+DoU z?-lD2hj-{KVt$a`YRX3Tkq6O-@ZJpABXrmXJ8T>F-*yRkRzkzj_Ocj1%gBW`4Yb1^ z_{%4LAnUG$@P{SsZ6bhsKrGlx*0VjaEwLT34Pjo&b1wmt7VI_kq(Q&=>bNWe)+@pl zKGVeg%VV~uHipm#$nuA+2J`&&us!?``kdPd!OqGj|v!pha1Iv5Ai!`35>0?>Mxw4@zs)dlW551|(LG;8TaRLFRCjz!9x1!fstb9*{~N^hmE4OylWh}q z5_zd{=LK>MK*r^?X)rI$7t=u8zm~E%nDR^hlpI=29*D>;SQI4K5^kNXrLZpym=fvbfHW@gFMJO@WcmO+;@bHS&jZ`+xZvJXY*X$ zCOOs*!+qMY2cq3Kf>y<<$3@Gkh={KWiLO=MVohk3=dfz~o_(tAd-kZa0G?fm;@Pq8 z5n_GfF6{Nkee3A^z0?unI4dXbL4w^5<***@&D?uG0cp@CSpeK@gguRK4q%;-{U0;#3gU~Ni1*@<0jfin#^|aexKAvq|=Ug*^CEWXD`R8 z)u6w6zvv;&F<*grS^MGkpdZ?ZuP8x(0)B4`9u()5K9N0V)K_ug0qPof?viD? zEql_s641a{8QhkQx(po#c46Kb1Rbg%QBp4Tj0Gt#&%U5fO`U?BcTjL^c7F1u_wv_G zNu`u5vc1XF=`i@|=|SGmCm^mq1Nq5tplX(P3iVm)w(6TRr2+oV7qJF_^Oc>iz8_0& z4F}_=1LvUs9J}FFF^D?IT`yjGf$2)!KiwQe&| z>b&M0gLT()zDX0mL0$NCIQf;+JS&jPI*YRNfiG+HK(rmy7wCC;iFmzi_F z)8yIVWJ;bL?jet|{Me^=S;xj~q<$g_Iya(Tent2&X0xBig}m0&$+PdrI;&5IizlEh zVsu0Ko-VwM~4^7kU*k39;$|M+jR z&Oo>Bd=h2zs+x&dQ!}VkFjg51kHgz6FQ8 z$E7YL_nr>(F2PWj$ZML}CBTaZbyl8-9DOZhQnhDyqGZo*(BPTsh4?)WYvPO0QP+i8 zx5LS=ZW4)GH-$N;MEPPZtxF^yL0Co^BkrVR>Iunj^3^l!Q>^4me?VT&PvF`X^dT8W zIAk^z-x$+D8N?I!fQKvba((rlzu&FlyV$-HvruOjhIS|Jot0lTi~W$W#^O9_qP!?f zfBcQ&Jf1I&zlHVoLBTN66Oa6o_5Qq*lpl} zIKWMvGV>I9mJ4UnI8R}l=Q!W}Y0R~7#s<2$pY0Ccp?C}M=HsQFjx|nM_ih`N2(!LnX!ii#y#(i{L(ug=djsat#WkQ85ktEpqKLFWKWhWlNXSReYtZSLE_4K* zlOr#n-+eLq@zW(S(v|7lgtIoilGl&J^JgwbQ_@;0dFDEACeIVVGtY5lkw=*a3p|4l z`16@Q&fxs?Vze`4ZT*F^MjiTdM<#8g&9jY_M&{tzA|EmzBan}eE<@72Hj}PvJ}&38 ziBYpDYfI7{3A#AHm#DwTT}Nd7fNVS{$2^u_&k>X>$`Cxrazz-@`qSTMrj;028Y>oZ z9N_%S>z-MB~UB8P_kCAo{=$K}1E&Jcc#c1d|SdW9gOS~UJANnoEd+0=F?yYS>Jd;?Y zZ2;`MQ8!a(jNB8mE6C^Q?padiJZHsrW6K0>z)$%>Zh4d&WR$Dxs~kfx7H#e$mzyDT z=nd#Y9J!zkO1WU&Ps=5ja)GRU@%JH@Yay2@kjrP&X6v6+7dfMtGq(# z&spb`{+xA&`YZIs)6%~1OWXw-hW^Yl|72;5d5y!S$NdPhuZ8}T{8|ClwxMfo$=VD3 zaS+n_WN>TNF5Ff94)vqtx?b4&vNm-Of!?!LKo`Z?Q2hQB^>mDJ=qssnTZ`bwS-I5N z)h|(p&8lI&WnI`%BGxmlF+CWMTcu7r6mIIYjrc;Rr9Nv79Ro<`6%?EE#ka?zg$yJ#lQZueAqZVq?ufFJWN?9rv7wy$=&cn&hl>34ny@%=Z ztS0O9SAPrr55L1BbtTw5WSMB2jxZ{2=D=?5_|v*p({6T!Fmcyuak7CAqox z9Bf^lWbx1PX=kJ@k^CsTm}e2j5y5^Cb(OlRufz|1=W2{?#n2I+NX_A0B2s=BYvU<( z?#svr}*W0=(pQ)+&7nzvBemBdZPb(e@}wQ0OYSwWpp$LnZ!AfDNz<8~dg}o1>R{QBFW4>jCLcW=OiYA6ru3GJ>7}`p z1Ilj~^(>~zvVeVEP`*qHc28O7;@f`)UFNMSRsLepm`7##TY=Za09pP)$lw~t0CSAc z6CX4d4?C1D&TRs>q>*%%* zPNQ#KtMz#ie@E%5@mF!*%^TRml?ur_Z&0p9cKOTtVwH_~l)9=lp%eF41ivfGANJ%A zHlb|KC5j=JyHU5H<55p#o+oa{UK8Y-Z3|zoEdSL{#wI?lY$~*0Ff6Uio=8qlGyLWfq^d&XU zpln&MXQxiTCT0G_h0_z~Yu$G~bl+;~zCA_7kU8fVyd#*pFUziYa_T~&xICPgh_||Y zcLUZx64f(zC#K>KYt)Zv!S|mxvi$NuJukp27UXz3Iq@e*^FnWOiu|@?9P6cg*k3a) z$9K**%@~HSTkoUJH5~T_48xc;9J-(1rTfV>7dyTMJ;{Qu7s5VSjAwvzj^zPtG-+@= zgnIp%BLvmf3(7vYUM3V3_>f&S=loMs-oLr4?jGwFgi?u#Qmsow&|ahm*4 zm+>W*V!T!~$M!>0u6ddKal8hu?6ZN(-`vb|$wul@hlbgE>qb-0qW-4FKIhJUWj7X+ z)EFoxluQ8~*xPCE=e_aqldv7(egd}T?#U=O=t^A6LLZn1nhCTg+Fpg+)27!Hw2l1q zBcB5twmumb^@wApTnF2a^&0MP(_tEa-y?@)o!Mh_vxBeMYa0_*TOzPJBqpsMhTm0O zW$7_o=rLTJ(fK&7^U=$(BD77Mpj`&vc&Ae5sqe=CF9Q5!4KGJ| zO<BUZmA=RTyfk!498k#Z+Z zlxrULa{`{e$MQe1M~Umn1$g;z9i5LKuW|Et(_FukS7m-DZv=3{c=;?e`;(l#MR&N* z`I7y(#1wKbQ_D1*34VC+BcJ%NE15s5PyMQ&bo=?woU^yw6Coe+z-Kt#lhP${ms_8G zP7P+86Y^?t4V{lqeR!9gW%7R%aYvB1zCSScdBcr4gj|GpCjVy;Pv$A}=rVrg@0FKv zJ+;F-&(g>zSAWS9YN~wl^*0FE)5@K79<;lx{?D0n>s9uQL7oMMxf8!M$F#X0iDz>7 zu(R)r;WaW;h#H1-hgwB? zc$W^ZH1X%9hwsqgl0M_lPY*xr4(})ZUL9T|N)>-|)8eB6si)4Q@1l=#$nxuOQ#Jv> z)XoK-`wI;&q6{;Cevlj6>TIEz>LDPHtQJjA=7)H9I{Yxbo{aR6R@P1p+iTKGuZyG- zHL01z!icBqe>Q)2Qr+p^llRfZon;L)#N;n0qP&kQs^FhzzvRO+@qS*<;5z5eaHK0A zmZyIFME+mG`&~KaB8;v|Ia!A&soi7xA~q z_*kSX%e3!R46J=CaZmkB)qv3nA#0bE+P<6+2;_lQr6i^HMQUf-$Lz(y=AHl0zDDj3 z;xpOjZbi& z&G5gU?zh0EJlD8S?VF@5)T8KGLu|j~&l;KGABVOy0x*59-3r2A1piS@Z(aueJ+@yu ztOnqd$1@s#bw)U5ujMfqMs8YUd&Im8eDXqBE9 zs~tn;z<*f#;U1dHzES%ZVJkGoK`~VNTiYV|*?`*ixskSI^P1bI-^YEr^V=e&_zC8w zjurtY_UqmiY3zv7J@@t*W7TyCMcS*cWuPzI+OQ(h9xaR3wytbxpB|I2j>U})wbPpn z$lg7y?oiM_7%HzJSl&|I(bU$kv?*Fwy||&Nx(z>+DgbP6PJ;`Zg!!dY?j{D4WerR5 z^Q-)MRr`lX^_>HDjIq2$!P)ODw;}7@(%>Jr{d2dpzK8)SH{dr?tCx2)wl|QET8N~T z;^Bs8g-#!N*FGR&Cw6W03%uUKPIR39l~YQnqN2LAK3cmhj9VxgnwBy-2agv%kh$e8 zx)3taHCRhikhE4TZc#%pN~X3+3G2=CCtX z-%>$IrPZaGO^pprC{~%-{(|%__dXH(jp88lUW&V-tqn`?i@vTD9I%Oxa&zN36j(&= zkUkM)ack;MQR{0!bd^v9`XkyuISIub9p=i7X^qXb%Uoh)MbffzH^2U1PNK|o1zMlM zLdNKI5SUdL!i>g9dwaAgEK|@wl!5$AkF_+nnjg-9AHSl3yF$?4@IhZ`e#1iSML$1C zfd%?|vqzu$fZ3yO`J8(wEc99C4hyRV!>NwT-@h>TZdiMqJ^I!u=S~Wb-$~1}1^um# z>p6+ORJ);OIPN_3p$1;yau0X-$r_Dmw!vw4?!4gmVD7)jLceXh*Sp*sU2gDW$ z^|Z?kS=s#Tce#(c+|Rq*FSy*uqa7FHjQJg1jw8b~|6Z4Dz3q++z2MoLdGLZabH|4l zJltU7z76w&ai4R_F&kxV?&iQ8#=e^)`>=C=N4AU4Z186Ab0Bk5Em%GJWjOAz-~?dIJjrrqVvap>gMIqfKShts}zt(R%n zpQv=|%qNhpp))w(&>0LF8vINBE;n!t{PISe=G6RLj(TY5Tz87J;l$giPuRk;)Qsv1XDSG7Abzv=}?J_VI7cZ(3yb-D!`opcM{cIX$J zcj#Y@@-^vR9dvjb0)A#{Izx6i?Rp4gX!?*L$DF=;$Vo?5L(VzyYbQAEkv0^bYm!fq zcB7r~T%?49w&+rBInR4ux#fJfSG$ovjtj)+yw1`zIj6HU9r>FwYZVUXV%8SzJ_Gk2 z<>nlWzduGg1Cgw!Ou0Gt@YE?c=N+Ck+Px9qo!WgG-=oUSxrXPIcJBaBUgd^%EwYAd zcOBf2C)48GBCB1wukgc7x`1;Ik+n;^!FyJ(a&s>4B_F`yJi%M3+?*q@uO^)H1FxpT zxq)}Df)4?G?+e;J2lLKc<>q`Kd!ce)8~Dr5nEhAXwR3GHgk~PEb_~In?x6CIUZl+! zKKL!X3`2f0&z4;a8KynN<_L(vK6iR=;4L-K`wh0p?{>M2pHajTOnjrtn zJ9O|H24|{fo$D;VS^h?N&fKl?Y}m1?StBNNug1FNtW@totczF8`c-FFmhcv1-LiW) z);VY54x87p-nM>L41RCdGgyBS((Q}CA-}otXJ^GG`$1zQI+kNsey{4Gs_zx!=x1VP zxG*s=SXk+;`d*^JkMEV=<379YEUbsEK{(u%zOMk+E8^??5?8`b{{k={eitPue^a$; z?Uj;V)qE!cUd0Nqs`1Buh#h2kopM1P=<@W+_W-2U-@2OjaO7YTlGEiQx(gZQnd_e0k>++FA(MvRqMYZ!;05?1>x~^ zMTJ$@%$QO&uL(IXQr^^ zfF%|j$eUR5MUP0V|4nSc7ZJAJ6N?W#T{!X2S=a|{{3i zq+9F}yq{%3F~YeY;5mO`u`f$3c*XdS6;}E3CKk`KfQP*YkbnHSGlf;Nz!&O8@iN4J z7JFWo0sqIaRu=CA*g%e-&h`<{vZ+HDUXG&$Q zSLP#L`+dkeP*_r6iOx6o6vk`6i94D+*O9lo{wxMF51nt6#7gc)nzbyOV};3)hmn^o zQTc{f=5;|a=pkS6H?WqAvR8RJURb%tb6v3yd45(5R=nOAW4>g5WWE;`mb~IY`#~9@ zyqN#WXT36?@n^B`3wbTsVxcadLEherRm}olD61+T_+ohu!aC}}6NT{~&xZ_q3yasI zOb&prXF&_)Tjc{Slzqa7wdLn(3bEh0FyZsW$WKpHc&kQwuIu?%?DKgJ>-f|0djJFf zZ{pqrK8j*%|L;ix1c(rD&;SvFAS8egRws~z32O)lF(iP9LfCgOK^;%)KdOuanO6nFq%_R_0}&>f%wja3(6i zdmY`>qWZEw0QuP#U?&8dH&Gr<6FgvW)iP@`w;eTSyFd=pE)e;!=RI?@1Ng}v z&d5q|QRc5p8s{+P2xYM*AO~3w)2>tY`kt-G2b(gP*pmS-gYtK3*Ykg*tp2nK^0FaM zL&n!-&I57{W^RI7U+3X0*QraPT@rK7r*nwhtHjdeWu;_alVI)@#2y@BtihPU9Dp;) z%L+ECc_I;7Nog-*j%KKuhqzR`>Z;zxF*RH(Q0v-`Hc|5o*pDfMd}STTcG;VWJXdfI zwr?!aH2OGgAI6%B(|mXyR@GsfSRR{bj0HQjpqv4aq8*jid6qLi)QNB4TvCO(>jCIy zT}SfgVCP$Pt+`7A{B=K=x+G9@z7^ged5Km|4+9IA1Q}s|)g+9(0;bkwUV-io#BCKf z=Md+P1UZMcwp$J%|6tn18NFGRuas>YWnd2s+aRNS%eBy)Y|6Kc@}1*aZOV5V{8r^_ z;Yfaq^8MVxntNKxCw|HYE<1m=fhAHt2@|ZQd@4-J2Tq?;hA`{hSFBmd8r&(2-oi*A_ zWa8UqKOvJhecJ3NWFl?$rcaywM17>qRM;JD7UI)pp@v&zf~-{g)oN|m!f0RS%CkO5 z4-1xhNj)g{0PsN8A=gL$LuCyJb2*g$GM_`A>#>Eo9w*eiosf79+(D03o1>#C4}p;p zVa;9P30CJ9;fWa&BU#_#S4;Q^eT(^7#E;hsGM;Cy-FokW=lj4tmasQZdw5C*>b(OS zcxTavZ2|tG6Si$KCJ2Tz77#AiJ==oAJ*R`iWlTtEKU1YiNjR`h(zrS%S@RMkos1DO z-Z93IM#ecwC)YC*^t8@%Ne*l>X{@~u_kaLC#{9kZjF`*p#dO(f-zf9QD6cV(OvVnG`_8<&N@~qE^BZMO zwCrh8+^(1N)+Klf^93t|V~;ZyMX5bS7E{JmGHz_x!kELHNXDXM=6x@g^2xp|QWyHB zDyNiB`stV*T6yNV)`EjHZ*`mx*aI4~28!~=Qr>xo>^|j`wKy7UX;_Pj{mW=A$a52a zs1}fa8@qhHC`T2_(*iqVu{@u^4Wc^od@@NZ88^@W6l<-ul!)-Ao{g43+UL0Ewk0Sf z;ybrl9;bL!c4TWm@)c`+ZDyh2~7#JE(#@b9yR zXEoCTvn=wE%#ddr6kV`TB#_EPwDdhc-zkEn)7A zImCGo&Ox4Va?cg;lXxu-S~L}pXPXw+{51Em)nWtEp`H;=Pja}u>#SMLgTv*S#`7xq z@%*5kU*y{Bi>w*dKeY-@OB#=Zwi0}qLEgwwc(>rSGY2jM-*!%$=5W2<&l+{nUvnpc z`*42G?%?p0i*Rw;%jF$!m2hb{dB*X4#WgTLDuU-R+D~Md5+S@j%^~`cxf5BSAIcw? zAkR1>q|KzRxu?Uzr7pSma;6T>OOqVAzlVhMrbed`}=b6@yX))+YnIy-wC()CR368vWVd1%NOCFoc zO^spPUX{h#kSs@D8$DllaFQdht+>e-_p}GV4c4G446C)v!8$>B-PK3wl&g<2>$6)gN%)*kT8kSP0`sl6>_ zFD7u)<^iWujrrxQx3+;}HZahfvkGpR_Fk;EO%{D$D227Zek}NF&Wq>X`HFYj!R5Z1 zwlP(Umbt)`W2~zx&wnj=E{kJcbDS1Q8OC{jwA7NhvYGzapJ-#LpIOrq$vUp&FJ~MiJb0W6Kp;ECe!;szVS@x_q_~;Rrxmji}Ec-FO0VNYx$NNo~&CRd>5$FN;62hnMTA)KkCSRNBhb>QBdX%8uP6>RNC~*-*%&-5Fm+ zZs@=m8QU`QuoFSv&a;W5BoEo&5&NM5*bfcNj6io!Fs`0nBy;S8T!G6)7lK_0s~xm2 zV*_$Mq2}33nPlyy-0OMP0MwGTV0Yv@_ip);pURi~RKDwse38dr^L?0nN1(5>L|->9 zL{D|wr6ZUlzA9>%_p0=%dM|1Lar3aFTe*$H`5}FV`RqPA6yoa5`wH1R@iue5v6Ybg z?TOfAbW&u(8ml12{sP8w#$v{K#%Ssk#&e|1-4CIRq3nxV2bqU-zov5>u7~57wXF3y zi{3|auEn`&#{9K*_lK9Q87&p}S+C}!Z`7hi&Yip$AGV>p$S7RrK<8_yIpnMp;d&r) zw1}VUfu=nkLr>eHQ)8vwJek;WlJ$kyU{Y(ijI~-uz9D+P=XR(yK#~u5#eJ6<9BhcR zKXnU^qHg9|Mr5T4wis&?WsR}2xzfq|tLx74o_kv4D(hPG@?Lz5dI!2%>O2j15F9Ol zb1>&X&Q_hX-M*k>pVvcMdQ@9(!6uN-FLPv_C3Y_~eQv+yx-r+^YS_Lxqw`M7ahdC{ z;?B41x3ONRo<}QByKh(P_}0XV|mTz5RXB)p*%UnDFR~_TNZ*{P8S_!w&Rqr!6X&a7x%4Rup8ov&T+RI`L- zcm&NyteOs2i8gB8jI0$F z?jY~&oCo!~O;6Q=rX$;ox~zxk2xgt(d5`|%-i9p;(TM=Y_B+-IX}zQRc)jYLld!SC zKKAr0Oa1DaMQm2UFQQ#B`kvQ??}K9=TS-}K$@^gBa)>h1hPQ9}lsgnX?M&O)q|FU1 zy2>66`Oe{0)t zZ4YcX+*ac&bsypETXo!~I7_0cUl!}9&~e&)RWTVX@R7j`#$hjGFj%bR%9?TMgTD25 z2KYN%Px{oKF}PU$_4+M8uh(w}b(6j1|L65nnLKf(`5lG(F?))b2U z060jHbE&Zoej@GXBj0>DrnHHNGw-|M?*4B|9z|=kEKOycl`xT?oaJ{nyYBF;0_;@= zQLb8?%Nge~_KoNFZA=e~BacZ|mQG$#thQ=hx?+oBjKQ z2`_msU%uzy@ZlSdjvoEq)XzUp?i(4I=x4F`?-@LJS@(MNT&Hi}uKdBb-}Za-?YDov z@a(g5rtI9=u6kD1yu2Md?0>pk6EFVxXQkDTKYsq@4jp#fC@3f!_s%;P-rv7}aGyns zZnb;&-E%eP&fU~)@#1Tz($ZdeZS&?Qp84pbPfy&s6&f>r`pV9=YY!XIym>Eot5$Kp zUAyL&y?b}pAx)e1er(B-t6%^0Q`0{#T?#z;^wZPdK6EI(U!z9d>Q<`MDli}*XyzAR zB(<+ubKtzsK6@%MBqaQiS6*3IrbLPI4d=}Hpj@d^rE68J*u1L8^V+eKCu6=mf4+8? zI(3F-tX}=)xo4hvy<+LoRUgRCp5L>6{jp7}RB6z>YSo92j2g9iO|M?RKCxiIjm1ex zzdzfu<)a@RJecZw|NT8l5fKx9`0>Zsry4eV`re$JSKsW`?YED={(1=AMceYrFZJzV zVSRtRd9(Vs_ukw7;S*2%vVYjHjW6xm)qe2Cjo+n3MRl5ykZ^QX=g#|A_3U}(`LDi8 z_+;4lcIC-8-ni|t+c%e(GG$V$Y17`RF>l`bF*aNL zrQd!F=)ZpbvFASgaLc=g4?okoMveYq!NHL~dA(I`UAa9BpkfEDYWeDZYT z%9ZQ=oSr^&bKkxTDraWSn%}kS*KZs-lF|0T2L~nBt?O=?pZ|8*+}!NR?c4AC;@4jz zhOb@wO}Nz>{npW=(DUsWz=+$M1tm zmMjxrtJa9My?dW}{nJmM-0;mequQ)kadB(Ees4xiow~Hq%$bY7Id$rh%j3qqc;NKu z#xHK)-e%Mzk34>Om#{-GKs!BRAopher2q&>+ng8d|Hzn{Qr9U$f?mSGR3@ zY}c7HH5dNygY(STv2$aqSFiC(r%pelZrE_-o)=$yq5Pyt&mSK%Cf^ww+xqDbKG?c@ z(4gh{@$rXB`umr-_WSRa&~oJ}ewv#4#;|71`mF5Hqf4ukp7hae;d&`!dEgpEF zPM!JlKmP8-3ETPW*YB-2Yu5V@R;bWq-_W6-Ec@=eF{NI9Ij_l#8E-xO+G`(1SF845 zrHK=#?KpcjY~r3h9hax1coW0J9ZQZK8}C1P@|4FHF1%hkFV9ouo_p>exM|bjZ-4%| zQBLdD+x89_vNkI&?z4#5vsd+c_~GZOl`mgm!m3rfmL@0P9Qny72kYN=UyCIGKn?&f z8vu9-0JsML*Z=^$2LL1k0EqyAKLD@{0B`{Sl>vZ$0Km@xz#IUe9RM&70I&l969Irq z0KjBi6#(D~0N_&qAQS*t2>=WO0D1ucaR7iH z0MHcx=nVi|1pt}?0D%C&bO0b70O$q)v;qKv0DvR_U?2eS6aWwo04xLm$^!r&005-{ zfaU`qf08|A4<^up@0e}Voz{3E*Y5?F@0N@4y@H+tTC;*TO z0PFz(CIA4j0Kn4#z^eejZvem$06_YGeE^^@08kwO*bV^v0sw3T0NMip-vI!f0Dz+a zzV-01O8J>H+{i0RZ;_0G|T@-vR(B0Kg0Y;41(i7yu{<0AvCH1pq)>0AL*e z@FM_l1pv4W0Bi;TCIJBN008R&fOr5P001}!0BivOo&f;*0|1c#KotO>8~`v90O$+= zSOI`$06;?k-~<4$2msg(07L-*Jph2q06-Q1&;bBg0RWr^0O|n%GXa1F0KhB&;A;RN z0{|EV0Js5ww*i1`0AMEo5CH&u0{}z=0OJ6FlK{X20Kl^VKuZ9iI{?rH0H_84d=CJW z0RTn-0H*+eCjo#_0Ki26;7tHvDFCn-0C)rdco6_-3;?tN03HVbJ^}zH0{{a6fPDbK zaR6Wq0PrUOPznHe2mp8&0C*VyI12!T000L7fLs7zGysqW0Mr5iE&%{v0055x05t&s zCjc-P0H^@~`~UzP0RUbA0G0KirNU^xJA2mmMn09XKkiU7bH06-rA;12*` zF90wV0O$z-)BylK1^{dTz`X##`v5=_0N@h z0MHx&XaxXV0|0gd08IgaB>=!r0Kg>x;AsHh5CG5!0H_221ONbE001=sfX@Jc5CGs6 z0H6c_Fb4oA1prh806YM|NdVwH08j@2SPcL?0|1l;0I~sq`T#%`0H7)WFbV+Z1pq7n z0FnTJmH@y(0N{N9AOZmR5ddfi0OSAw-2i~E0RZX$zW@MX0KiQE;5`7~2>@Ui0I&-H z*a!eb0RRaAKxY7;Cjjsj0I(MTxCj6&2LNsW0Brz(M*)B)0KoGAKsx~74*05}Q&JOu!h1pvMW0FDCyjRAlb z06-Z4pd$cK5&)k5>0I&`KZ~y=g0RRmEfKUM7O#omG z0I&@JI0FFu004{y0ICB3odAFh0Kkg?z$5@*3;+-d0DJ%d3<3b+0RVph;CBF^8~~6C z05k&tdH?_)0{|}o09ycn2LOQi0Kf?V;5q;>3jnA901O2Hz5@VW1^{LN0IvZ6)c}Br z0Ki!QU=IM00sw>q0LK7;$pFAY03Z(lxCa2(1OWUD0JH`Gh5!I@0KjYj;9&ruJOHo? z07wP^J^=vk0|21^+o1o~q5r=^|9^-6d!hdaq5nsr|5Ks=eWCw;(EmNq|L)NL)6oA9 zp#P6T|1UuQr$GO!L;v%j|9?XNFGBxUL;qif{@;N9$3g$!hyM40{~{e-irtHuS$A^uI3j zKM?vq6Z+pC`aci)9|`?`1o~eF`ri=xUk>_T3;JIb`hN`i|0VRl3-mt&`hO1kUlIEM z0QA2n^uHv(W#Kp#LuDe-iZn2k8G((Eod(|8GM7KUV!8 z0D%76q5nTZ|Hnc9KZO48hyK3={T~edPlNu?fd0>d{;z`mKM(!?1p5Cu^uH_g{}<^0 z3()^L(EmZu{|eCmNznhZ(EkAF|84010_eX3`u`C0zZ3L-5%m8_=)VX0Ujq8y3i@9I z`acHxe+l~EANv0s^#5Jxe{1MJ)?upr1pU7S{oe%r&xHPmK>uq)|38ENZ-o9ggZ}42 z{~JL6r$hf!p#L|a|Kp+m+oAvKp#P1b|35?jH$(p`L;vSP|KEWAw}t*EL;qVs|I0%E zCqw_gfc_7M{)a>V--7^xq2op9cL8g8s)t|JOqQUx)s0 zfd03E{%?i;M?wD^LI1yj{$GavAAtV92>l-g{XY!-w?O~jgZ|Hj{&$4_AArh<|GlCAHt2s3=zlu&|5fP!F6jS4=>Hk$e=PL> z73hB|^#2~{e|hNtap=Dj`u{Zae>e0$ANpSs`hN}j9}4~d6#735`o9wTKNR|ZKlFb# z^uGo4zYg^OJLvy;=zl%v|AWx~ebE19(En1<|0dA?hoS$`(Em!%{~gf(iO~P$(Emi} z{}SlGKlJ}`=znSGe--HeK{YN8jt!@u7892e&&{ zZq}2xH=p>d;WK`joeL_y)c(~shJW+NHvcJoPFI>Xcjl&%m^ayu4$3+h;z_8+P^OagNzNV~5xI_~{=up6L2vLGC;E?+9Bl$hD`%n*PTULVl{! zDC^b7n)L10Eu-Cg1D-qn$?%mqw=)-n{t;Mj#+djaJ*Tw0Re8qI5fhUpT>t3p^lxgW zb@Ds;WA!OL2Bo}RclG)3QVl=&)c=LgC(QZgk-#O9;S(>{+_Yr1pZ~CRzucGAd(u~- z_1+q{X4;ifmkYWKJ-Kk;;j3SkEV1#x*G>CX-}>h5NlhDco44pn%7PM;PBdQp`}t?e zW?zW1_r19Msi$8rxnWfBW3e?R{qf2VC1ZYwEwS>^pEtChn*7oSPj7v)L_o>?qx&XS z@>ZU8qt?LELW#{_ORfYCC8S zt+eNb?8fzeiLX{+%!(1c(z@I#=e<$>d0Y3Gl?SRde>kd6neyKa7}ERA8m~Q({B^D7 z4O#@18T{V#9;eH%`Sq23RbQJr-?RDiuBk`D7WI0r)6me0Rqi`EeO;N&3+nz9{owI7 z6|3I=K)KTQl)e1o7wwFSdzzc2~`9M?U=J=8(0gF7^Mm(UG04`#&Fi@2d~mbGB6odp@C-Yu_g^ z*H`}0xWX3^3r9XMzhS2%t0S-6^Fq>v=eGQ~x8D2rjaWA33E$PRMuzj{`UHlo{dBIPIrzz@bI#)9;*2M z_7$^R28X!bIy1NbsP9{TGU3bGj?$wZ54n0_&PSH)u5*_DJag2*<=&s&HP(L>c(Kx% zpVys!?Yo50&G(#pz4ZQwRnCKr7O#G{ZmXJ&wk??v*=*6E&11W)f8=J?&Nq+e?_Jg8 ztwWVA1{nbxZx~ zYugWeEMwkN=K?H~n?3pG#Ifl&%EmQ#fA9mnrhUIJ>1=TKCL<4axOdLCsgoaB7&QLz z>(-ag-y5B`XIY(JKT6%v>_q5Kzl`tjUi933#~x3)oZc$Lx@TPa7msY}cJ0e^eQqs( z;#kaRtE27rFYJ8xO6JEyw#M3OHLd^Y8}>f;J@8rD`jZa@g-3UM(RdFdYC$ z0RVmn0Hy)}4*>u-0f27-01p5#1pw#>01O5IW&r>v002J#pdtY91^}=P05}Z*%me_= z0|18sfQJEqZvcP@0H7@ZFbn{2006@QfFA&W4*`Jt0f0dOz#0G`1OUha0Qv#|?Erw| z06-1^5DEay004Rd0F?oNi2%Sy06Hz@L0DuAjU?BkTB>->$0H_WCOacJr0RRgCfW`p8GXOvo0I(bYCO1_1m4 z0K@fUW?* zA^>100B|1wPzC__2>@sV06YKylm!6Z0RTP*0JZ}F&jSFR0f0{cfLj2->j1!d0N`@~ zpeX?GEC6r>02l%Q^alWT0sz4PfE@q`0{~nAz;yti0st@)0O$k&Tmb+s004UdfDr(| zYyjX-0N_CYU@HJn1pqh%09*tBz5oEW006fEfaUe0P+BUaR5Lp0Pr*b&=ml92LMHz>l0DxNnzz6`~Isotu0N@7zOaTDi1^~hVfKLH{2>?JK z05A~%SONeH0|2rBfKUKn4FGT%05}N%Tm=9&0s#F0fZG5-Hvk|705|~voCg3d000*O zfY$+lU;tne08kPDC;_@90IUN5>H+}A0f74ffO`OdF93k00KhT;pfUhZ3IO;40O$(< z)CK^40{~hA0B!&v0sz1OOTW0FeMd z5&-Zc0B|1w@G$@o4*(1R044(ftpI@f06;zf&;60N4!xv|1yaxar0|3$ifIR@fBLKjc0KjqpU^D>mJpgb8 z0N4ruGz9?c0KjJez(W8)M*v_Z0AK+C-Uk3q0RUS7fE)neLja&R0MG*ffc`%Q{dYtE zt3dx-K>u4p|Eoj)S3v(eLI1;`|L;KmbD{sgLI1l#|38QR*M|Oo0R2A-{eKAh-wyi! zB=r9?=zk{k|0U@EaOl53^uH4He-re7CiH(l^uH(cza#YjW$6Di(EqE@|Jl(0I?(@( z(EkGH{|@NC3;N$5`u`L3|5fOJKj{B^(Em@M|F@z4e?b4oK>w#e|7Sq|lc4`^L;usD z|35|6hRqe*^uGg#Oor{`*1ye}Vo_g8sh+{l5bJ?*jcF2>mY!{r?*J zzZLr56#Bmi`d^_|0wi-D)j$p=zjq8zc2K^ zGW7o-^gj>!KN$MI3i@9P`hObwKMwl85c=|EbXbUeNzg=>JLR|7PfaH1xkB z^uHYR|1$LdVd%dV`riZk|1R|ZSLpv6(En@D|K8C5w$T44p#LvI|93(EKZO3Th5mmF z{cjEZzZd$S1O0y<`o9nQzY_ZY1@!*`=>HMu|2@$E=b-=fp#RID{}rJB9iab9q5lh@ z|J|Yg4?_PZLjS*m{!fPf&w~EH3H@IJ{XY!-Zw39Y5B*Ps{ttuxCqw^#hyLe7{~JL6 zv!MU4L;r_D|3^drzk>d6hyDjc|Ia}GzlZ*R3H=`h{l5VH&xZd04Er_s{yz@= zKM(!i1O5L9`hNoYKOXu&7y6$9{SSfur$hg{LI3+e|Bpfc9nk-s(EpF2|2F9Vr_lfV zp#STk|KZSoFZ4eO`X31WKLq_B0R5i;{XYQxkB9#6O)5R?KxFeJwoUdo=4W2{_J;Gv zsI1o-dM7r0xlP-xN6+p`o-m{Fo1fN<`L*-RvaSF8tV>{ng@eMstF`*sCl+-a`Qq0P zrCtAhzzaiW-M4>n@7+%h{BYWcG4YAFe);(DQ8 zzg@|_^{Y+U*{ZzXmUlP!Tkf4Syv5WCaa{)=Irr-2ul5wI`8oZS6=NSf{Z6yzPyX@9 znb2pBjp}fz%F_=-e4aP@qkiRHdHARCuTS4G_u_)%EgxN3_qSEs&wmn~-EDU2{q+Le>z+GU z`@~Rd|CAa*uK&VbZZzFBMEWetm}A`@#R9=bKTs9-0wY1Tq>iMatptuQeb0?ZqmuyBy}wQd;6N*O!J|pea&Rj+4N)q zn@N`_Hd9}&IHkhBV~#Z0%&pKE=~sJ;ZuDZS9UKG1z9M|HBvqq2O zC-z#$wB_Fa+RCusxI1rYRzqHy`5Cvf>?SW|KX+!?SIXSoR;Zsccx<+|kqf%w*VZUc zE%MO!LjT(=a*FgtRY&x~FUKgv2+{|OEa&^ZZV~IG-H#pBV<{UIe%O&v$9m$0NIbKR zCGKOYl7)4Xavjm5TkOQQN&LSpR!1KR=~+ag`=WOo*j9-vSKuecS?@GdJKjuX+!Z?- z{)u`T?Ko-9_=y2uUxUd{8!7Yz=(@khh;Q6WbY1M9sG}`;1dGjCADgt2#%O=lFC?Ob z8TzjU=t)(WQGczk5mx+EsQmw(-B$mbXp!VqiE`ZJ9BKHOi5eibMYbCLhWHEc4>0^V z^}`nc=L<@-`?-O9of=%wGq1A$D)0r)m;>3 zmDo%i!%n3(P;M@VaeajDEA)@ow6bFfTWsX_VzKM9nSKb41{iiHwdKXGuO+8Lgn5kg zW*eIKJE&p!RW*Q|bpwt?c{esJFv>NfrsN{NlraM^k!sXR42c>}WdYT=laju&?n!fN{rH+t zQXCwEa0lql5)0@rWpsB*RLrz5RYntw+MRw?__AY9dsy^{Utwna+LZcaWjI^QD*UU3?M$vs`{1sbc z>L5>XtMPA)?p9;pEW=$utQERjjX}E&_h#^tHkGt8mRPv2xMke1a4&Jo7-3nfyVZDL z#24)Mi`T;y&gbfG!F0HxN-Oy7cU*T@4x@bhBu~L<|76`Q810{&1rwFdO@RINe3^mMI3+GySL ze`Yf+Tq`;P45uiAxb3>XgS1yJZpKJ8w#v02ezgrhlthjPh!JV%cD`~vy?Q#{jV znx7=n^Q&>U^1*dfIq3It#OCm?rgG~4h$Id_MK&(T!<57)|SWmr433L9#jH?YPkD+ike zuNA~**3^2(SbJq3#8)ymE=mWj7 zGCCf1*tU(E?TWD5oZBuFZy)Q`3u03S6DOjv)m4Z5oUI+vzY}+EPn+#Dd7fg;#cB4J zn|l}=Tm`Wib6Z$b>JYzVFNe6Jul34uZi`oOvjbQUeEKkJg0a^XQ4s6g*23CjVz@d- zucf?$6CAcB<7PWgAGc-KVx4UX)}Wv6<>)b&xTjlNled%aLnm3U+u9manS7T-+LS!n z%6^rsEyp%g^0tE5CMEt}XPg!#tJEZ=uK$|Ul0QO|+C9tmkB(}XoR@huvM*Lmu zDU3U&CFK|%Zi|W-H#;NmBzEB%V|VJLH6>K!bkdrggT0C+w98h_<~&>15$hyA@@kPz zxxYb15#)ocQU>WV^K8|^MTW9g*ZFR1N9-WtU+k&JztY0$x>(oYx@gFZv*(mnU*zaY zIO%W&_j1Gz?v>>Zj@RSAU)SmmZtZXf*R`hn6do&Q&tff7Wa&ysbGV*PaKsKIej|s9 z@4B}&Yx;Y!-oLfAdm!;SX9j3ZQ!W<7dU9B^)p)!kb_ns4JbL`}Uf3eQHbrnjtUIZf zwR=74a0NRGxMM~UFFjZ3k;u=TKHky25%JO!tlc|?$Hokh>x7q{ME&#icoD4KKR@2; zIy>IleJFWd;6F6Xqv;_bduHm0k)8?7Q}Y{fb{hyS-Yd( z$iN!&8|j8GVvp`miR-aNT_oK>+G;p?b)9B)AEe#~17lU)JK?{!(;@YbLD!}J?rU`& z?iaHhlFl_e*XF*4jg4zkZt@&G$C?qcPnXB=Io6nKqYiiP6ds!qLj90w)W!1)-DM{^ zGD4_38hENe#8YHZ|@4q0@6 zF+5hu1$kujI_ZcRH|nsv>l}3a{KAZ04qeUaqOi189Sq}GO)2ta2KE(!LU~I}IYJ;&N(uE=3Lw)g5fM7JojH8z?$b(6j=b)I9D`0jfp&OZ7m^+>0^rec5MbZeyx z?&*uHv9(7XPDv*X_5$29^faz3)9CNWr9u|=BqUugY`~={tZ}DjS!3&PpM2@>>yUMp zexF2%L;qevxh`Q}BY2Uc`_ssby1RqXN9--e{DjPcC#kk^J-vv&|EaDAjppD+HjS{C z5{TR?A_v?e@7Q?KOqt_ok#v5c>ms_H2FBzhA!DPjaCYqyS)x10OWCW-0YisV?zAjN z%&t*~ojG+KQG3oWOwJ+fW%im*nnZtCuIo+`y08@)T&1lds55?v>$XZ9!A#POn!{d} z;~j!0DZf%5

vOm$hJq_?5mjL3a{*DcwZx}*Bg*JQW{ev+FeG@sw96|<7 zr4Lc(Lb*vCqu(gGO>)G1M?AqTej z73$JpnxjRq^c}FL0G--Hf1@8M9UJq8!?kC;>Py{6)0ViUPq{}gu(^Zt`Au-d+?Wy? zb#eU>)xVIr-k)W^$s|Y0*VIG$7P5DJ{TkyRdi>Qao4e5h#${yKi1au0^eKC&3-~4d zOzEkiuhP%l71Q;;R(_1lokaR1(*3NblYXZ#NMXJ7!_^LvpXzJK&)qbe@sTn&^w``p z#@NKxj(Y~_PwVNG48c9s@4CLI^iKMmDNpHp?rym@*F_J%*BFJ=rz;(iKG*%_aO?q5S9D0m8u!cjHn<6GknV`t&VBc+KceJI`$!*?_DCtv+eP}C ztKbdQ*Id7vawgp_J)QJZcY{e*r7y_UNxu}mmi{Pmc0WA9-p9 zm2n7NRsB-%z>u>V!z#X}_sw!5W6~#)Zik*u`l;xw(rx4_eN^PE`lcag)ju1EoJlWz zat7&l8uvw4UB7~1(l=)?j&`NKoTY!dk-O@nT}(NX?tq?7`l(=rlJ!L}gR!prbkeFm ziXXX4KNT4(S<_dQoDUlJ6|9tgAbr+H&eCs1&T8!QmGifHI_by0a+Wbr<{~~YIck#RS&_-R6^`4^stHyBpfqM$Nx(9h9V>xF`Z-LyB9PYW( zIq!rE=i0ib2hy)edu2+f^keD&N}n0uRsRh|pO4T+!6)(WbGVMYq57}us|B`gxQH(6eRLAz9C#;ky9oYnCrvVG=$GP` zG-}+UU#jtM26*~1^`ak&%w)e^>4P%X#q8SIKVzyE%>?Qww5S&Dhz$<=ia? zrT@9kPI9<=Gyc%$QhE~?z8ce;dWamPzcrxF5sW_xTMqVMJd!>qe%Cqr;RnRu^QWW7 zIqDC-$ENJ;pMuO2h{|jZ7OM6F9rO(ISVdyT}l|JecN) zeGEC!elNvLmv_}8R|YHN#Y+_QO_&M$i;>Eq+U z@r=hwN_O4LgvZ8SCvV0}2~+WR%Gihu9^qLifw47elImMxlOUtl97p#Zloz+iA|{Ho z^e5Lf_-_Qd&}*8*wIfZ9i|%Wy9qwx~=JTA`g|=xynea8@YF^wstR#F331}kmtK*JNv7$-AE&T5;i+q z)25936S6oXlL^SI4!mzCn1x%_zs}D7&gIBzn_hoc!Ze5b>^h}W&Ta6Eq2%8#kg^d* zKXPtEZpcIWPs~Hq<^I)5Zeq7dGgd(f7vc zc~+iFyPrjFoLxiFnF#P?81joirU~dSyf9|+&i*kG=q@sn`bA9^*}KPUwJ~ zos&+IW}iGmbB3?W^L+yPwEZ&m>4&{Ssn=oablx|(5{&247}1dyR_qQZ%KM0^ZM4oA zXB%6wo!oQ!k6LeAUrqa%cNW-RNbKS%w7t+f#y+?md*t>_O{i&+G%@yzU#2F!orgOy z#y)FZYQmA*xRYb-!HrWBlAp!hGsgbezSM*h1-N@h*|8VXM*RXf2g-dUf76Zw?@JCT zn>5%sGHk8XZ@ED17U?!soY*@PyBFAR2yXB^c8a)We?>dxaVxj8ZnoAcZl<;$J0-zl zOQq!kWs_nncBcYdedq^yiT0`3p0dxw<_@-~#8$^t&SJZwr5igD8?~M_-_YzC^RC;8 z6PR%eJ1RLpIx?1=cQ_|hfyasRyGkg{Y%|7oo^M{DJrvpq3xgJ$b-_Unx)wIUlo5aHeIoco|PVH!A0$(;WrdBYcum`#kKAI;Lj#2&|^ z*v7`LY3HcAT4(GPV|N4_N@cX<%ml4x{#I;eW0!g=cB!Yf#olIwvWpQc?NVsBXCdvO z+XOT0_E=QD*t!Y9wv*O!6W6ib6V(xU_MyCXugCRd$CaK8cK6BFY{;@{7;?3Fu-D?M zqGT8qhTKSN+SS8u(g9_sB}?0yPdZ5}@kwVh(_kMqKx|1#nw0qJ?v#WOTS`QTje7>b z+pL`9$um%FY;kT&o|&Fw)Y*%kSEs&xsP9qgdz<=JqrOj3-&W{H zy$(aKBhc$s=ye!+9f4lALa)Qn>j?C^6?z?pUPqwUq^B+#XZZ#23pDK$*%o+jOC6-$ zM4rw(^ml+y+vMqOgPgC6-iy5=Y|{+D21*cV#0JV=?0$=`vTwQAUM;lKM0#cK3!8LK z=j+&0!4?pCgpBQ1d#9_Sp98WKMh`j-rr$h4w_W5(nl1+u(Qoi!a*WPYJQjO2YxQuVXfBDRA>=#Ll_CrUdjz~&GI|Xv+I`%Ke5*6Vk)avqUizK6m!Euh zEp*>3+KWoQ*##PDWgjCmt<_WXz1KQJ)9x|jEJmh=`;PC8BlK@{NpFl}VH^=LtWZ#`%uHAhm)BJ&%}dPtr|UbwXThLB$(4*4c0aV1``;Wz4lPrDyo z&{m4eI3yoAz!kHu;;lS@e;vhT94cPJ#*HFJ=P#(ca}$G`K9&QHo)^o_2J zRvMm^)WxGXs5*=LzZeH4{}6Q#T}I-RFllQ!L~e3Om|YwkBFDQOrre0|kGSvCPD;o= z?VhP1c{-=1N7m@}Us6+CrX}IMi*W@RCR?cQSkHDSC&pgcX zNt=n=u3xY$L^gtj@6wTc=~3xiy7%2W3pM+2b~PkG~X;?N7P)d~ZQs zY2sohv0*O$jaq%N4Jr3w4<}Xbj7fGo;UQAS*&V49&s;q79dTku@ud!h`5ck^628XP z*Le0&`vhsdJwx>J$}@oED`hjvWwUMddS7a9_xY!D;WH)AC_Ga-oY_1RVS}CLl~A$69*=Hj9J_3FI@NQFO`fF;o5@;U49|;s ziTbnl^E{XH9BA58R`w@1diRSxQdg^j#EiM|c5Gz^=k=j}x@@<$JdW~uy{rD0@I6%1 z59ue;kL57?v4q(rfFn>pss5B~xMhr#L*flluA;MqIgK#iwE1@lTYQ%=GjB7klui1h z969E*jyZ>2o>AiOoWriiEc$QuaX{f8#~~B%RBAlZC(UstfQBPs|hRyCrJ)<_Fm*+P&oBxW4zQ1=N|-!a$Q-!Q!wpyZ zz`}G!{QiAperutpGuxFHdQwIec}I>Tqfz`cezKc<;d4r3nR_fxO6(r5AB;%>W;>R_ zZMHEF@`djEeB9N1;y>sUUf0Lnz{efy<8JNaPAqyJlC>%3yjvN2%x4$NnW8<(?|6=h zGnhFkQ8wioWAbY`jH7JXT7xJ6g?8txhYipSi2p5lK` zX1ISCKk2t-yELUdX1^l1upd@6+;$0sBB1MP&68k z4=IZN6h71Z4ex1I82#UQrZMC}3v+~1i&FpQ_*Pg*!(rA5Vf`b{`^Zo=wvVioKR_Fp zmNq&Kl>1j5;BSe1@uK}pzv!@(-AC8&h;P=bh7r#!t1hvksAfDFZ+vvvn9=#yc%ti) z#?WCEuVzs+bxp3z&sSbO@%QB?Ns8VU#u{-oEaQTa z$tw@FysKz2Rga-#hseS#JzRL1;VfEXbm!tLJ)&A$RK%o=*UNfLV^!6iIdeyIwUu7D zWS|L-rH-+{gXzvMdZ(++E#gHomIs+}ju)ksrZdyZHw*Kfu_e4Htpz#QhrXGvem`gWAt!6MIWJ zKdvYHT1JD}K{8hH8phaThCO8_@*ZcS_kz5K;e1NnXQTIsyi35pU*;mX+I4ftI}BH? zP7c{q#`QoOwKt3N2IH5pmvTn-87*$Tcd_}NLdL5&kJ?XJ%HLb|f+4>g_E+|g+u(I( z%xBM^V^XF6^EH3xv*^|YWVn(2aQbTxItRlawje)|wbajO3;i9Sx3{DrZd2cI@@gyJ z-<^Z1I^3VXuXI&ppzgC!i?nBXYq`&{Cr|0m9KL&u$=+4M7tFlalkKLI1zGJ!R{Fdc z3;C{7I$K|KR%Auq1&UY6K1juMHana)ovmaj`yh&*?KNb!UFHcW{dE}nOWkB&9alB@ zm*}r4uh}7@zq2y@KT~a~>fzCx^Vguc2;>67f`Q|dF>J1tQ0&xlkvHJz}J@lWysMcwaqf(SLKyWRU&GXJ?Vz%N|*9wWe(htKw zrI>$FG5@M!{*Q|Jw{q|8{OTL`|F+ompNjc^DdxX%r{BV}fZtW}v+DU-gx=gM@M>pSD8>4@@_5GrpG=y`&|xZrwWfF^m-$cYAhV+R#Dc`V1kx&)Zgc zMljyCn%`Yb3kAgr;FHKOxKOM}T|2gwrxdC&dceTK#1d5K=`e8Az%cu_ur-s1>w(Tc>;2a@(JL+W_bd37nLV~` zK&}ebO1vO`wGF?4sU>KWI}Q_<>k}$z|0!OvXE&8!O`jYkKlv4Vb}O-f;1I&i!>mWK zXScF;BA|=^^z0_@ku95v_Yco*fezvgBc6Gf^)2@7R#xQF(Tv1d#cSB4*r<7MQ9X`Sa8bC>68VT1>% zec^|OHR$4zxjIJr1^PF6lOHoL*1BmS&vhGgj!d56!XM??z?d@|BK!`8voxF!Z{5IN zqG3EM!70tTu)^Jqxz@(qS??(iVfs5v?xo`=}8G%%Za+{`Zy&fcQ$tC)R4?XjrxH1`LUG|v9l z6D7WLUKOjvk!zCHOvkzal}4UFr~{a&X>1$n{a@mgA(9`54DHfy<*?}|6=pZw(x2rB z=a;Np@(m6S*oN1jMRR!{70PK$1y*xXJVxBD#Qlpsx597XN!ageEu2y8_jSS(XL^j} zcbv?A_rJma1ndhB0IO7?2M2!Phk|`_gc#qTL&eR{X7~jc6Zr)i{=)AAB2TSb25V%F~f{j$)PzgmAqPM$I`ZFuCHZ45f`z{D&ia#@;5n$d`CAq$6a}b=o@*ecfq1-=#z4bUghX+ zbmBke8R`F9W_rRXhxAM7FLE#vSq|w=^*_LH7vmZwdJ~?{PsUzJFY%pe>IlXP48nTMHQ z90B6C>laE~;2h1*mupDfBu^tRT$&%cWbxn--I8)j9s(zl&Zq+}zEJUxw?Bo4M-p$Q!7eR7PQ@xLw&K8#5g&MHy*g84&SgL#lj44;mK_O|LNFR#>gpvj6~;n zmQiQZFM1RxVa9cw`hilKeP0FOm$6mmkI7-qFO%tlUC6O; zE*I@l=mrxD4PGxAbzx&^3xsEamF~CC$ql_CP-S}c#_^cBtJRKaV%2zYLZ_~ z!!0MtPkzOonJtnR?OS-5`Jp?itaklMKrPPE{G=@CVPQQaPoMEg=4@KR2$S(hFhlZ_ zE>~=P@>@*U5`N}k*08$xV6TZ|Ggrw7Gqf+#DHL0lxJGTAG>5-bnk|*YTEP~ zS|IsEyMO*fzEuR;JUn~ztQn82Gr1nTs)0@*O2c~ z_W9mJEo1ohQFE96Je;lSw8osTV}_Hz0M zcvq6A1&ch@yO%|>=H8p_kvJmXK;a^4?Nc{(_F1n?z6GLltSL6vep|VpJoj5{8G4?a zrQR0gz;|1Hoipi{n)Lr2MLF zGx?scfA6!1EDYH%R^JQtIbiZFP@f}~rL|RZp3nMy`CiMnRGG&`x~URJrQOKdcMrta z$dm7pUcTQ-zsMy{Q;D0|g7;2F9}ry0ai%ojgM_3crh@Ya6|*sB?&v&-q3@rMF5y7kT$eT=QPs-@^S98&o6B zH0&4{{sd)o=^%OS99EUL(lfvxC zd5mh`onEixL%zYr`jS;qfwbXy`^t~>d8`%3Z;%gAGG3~Ns0Ea`X;7B2T7T^O>u zpoeo$Y&}G=9wlQU>q6#x_q+VtsI}~Ti{3BkkaYn%xmk1>eGE73O0=aNuq&aBF?4Z= z`sU4dT{S0>xgB@t;sRtLI*_Wjv$VaTi;)Ubzz6f1>c?4HE#gcy!#FFwKqu_R`$4VY zJcXe-KDw;p=z8kiO1o%gdZlyVc4iGVFGE8v>b;`PU8Ix9x2Nhew5O>*Mi~=*%TAaD zISpxf{PrKnrZ2WEl)jT^zKZ9QC%WL2x)RUEIhS)JXVKqqU;RM7s|@+tWS$BbluSI4 z?_cJAnsZ~6oOzFVhnyE8V;^0YdmDAID>?i0c|#_u&zf@bIfqL>^pSg_DR(7r9UD}i z)${kRr;n(49_s#19pAWrzPi5AyMXX;Gd~@xy_2~vGRZOPzma~X&wVYdzthmKvBp?C z!k7a)z!-CTt2r(6u}#quJEk(fK<2(O_d+m;_t*~SteTFv`Fe6NMMKYL%t1?H@p zHb8pp2(cyi53x1O4nQwtybYAIj7^1gCa(o?*e8)Tp}c3JBD`TK5hX9DL}02T%X^{a zQH7J)=J@1%PR1hd<~!O(?*oEEN>6neXu<9uKT%~O-+Y+|)fVKj#=s-9FNm(Lh^nSp+-E;=MA^Zh(*AF@W*xG5UumyGx#)9+g-ZyI7WM;G zjx4RO>L0{6`-c%8U%cNK;gM2ak(uaHW;E~EvoSlt9J72U?mOooOaE78_BreN#Ta7W zczf(!WU25Z`-s9=H9m2#X~d0J^QrXwLkRO7zuGE2WxkBk(+S1&bUt&kn5Sfx!KlY| z)1NEt>5jXQr9skow{+Wx2)+)jnIN-bDoYYg!hn# zqbc~bxs&%+ecW|KPdGooc?IVOIWOkifb(3=jX2LB-4xDN;Ufy0EZC9p z;Ud&;meDu!jlP*{^i7Y^Cmm`oy3F^HdEn9);m~)q<3fd3f(s!sKS*RJZD?SYO>swk zez>j+!X4%-E-Pb$*$&~7PV$hm$s2HMYR;ZMwx~D;7Hw5Jz}$1C1F330l-$?Es--qh z5%v*&OVWYm`6efl`xv@mHOrCjQe))^Lv8~)d9UOmy8`KRBEP9|*tM~yT+O|3zE>R`l=DIT9o9Ok2!W|0Ru`GzFNJJ*wYF8U;4&bvptht-LR zzI5p0&$IVD+GuTCc_a;cEC}|NcSG9Qr+TwcpCEspG#nR_(xn zTLV*THTkW2pOT~YKHq;}O3W`+u6)qr-lsBp>}WQtYtWeEKfn0g$v5*3U%7ZD?SV@@ z7dC(AbhF46JG;iW7&m@>nfJ2ZuXQ8!>%e85R&W3D#>c}Bf7JKet3w{>+WL*7QIB3- z+5MN({nI|FT(;C(+kY)Ha?E_cn7tvTEni@1(c<;O6=UpN5tA{N+p8uKTiAZ@ZFEd&}yJf94KvZA%UB{iTgcNI`nPHxRUMl6`Jy_+*@T)^nEE5{}>}IS!<)) zv`OHTSjjjQDrxeK>*l+GF#Ph2Er*S=sJ)f+os~Lb=0=6f6Yh59l6gXL<$B6DJKrsf zWL;{B_NClLLCsQfze1fc?XC%x-*|>(irvkpKGT1yFH+MTEdvpCf_(zzCZif`#et~w$8ln_mA&+ z5uUa8UVH7e*Is+={jB}tk^B~j_e=j(9T2YyBSrX~THnQIMaP_RuG# zBHwmWdXvjjrF4DAERyb$vX5*7{QLI0#UBYM#f#|kSz3zA3H-D2@#t4fqWrZV=8yKx zes8H2k%7<1cmx;dO+Eg7RaZrCI9X$JH;!Uc&rs5&V9_ zJJntee@j4}Mho~Iq*+MM8F1-;Gb;VN*{}t|H9IvrbbnzV{O7{wM~34C*|04y9-s+7 z2!C``dL?VEY3Mrn$8XK1TOd9QQAi%S0l)G42zL{9dmH2Jgm)1R&ZoC&Rr=wF+ZMOq zR8^gtbW2rDm1$eNC>yh=V`T6VEg9=5xSky=mn>^vv}Bb7IN|-SNX6i%ZyULW9Ii#* z94uV7a%_C1mX_+ncH^<+{b~ zt&cT6@lZ&KQ{lmSd8@9v3c1o}m`Gan#6vEb)8mBOyE;0Tt*{I0^@}6a0>*vBeJx9$ zu$wSF&dMd9b45nj2qGgnL1}DRvQp)6^H*!TUE#MG{5Ho3Ms!6!Sg8-0x7#U4ZQ^u6 zyOsjYOKvSt%_uy(hoE!C$VRig)IOq>n6NOnm$H5_3q4iL4 zGbx9<_`R1o5t=#F%a@h2Hv%6Hzay1%Dw6jCL#UH&Zc+FhrrhcfC$}m5W>xOukcZqp zre!W~9`*J7=TR@ubKX$ML*9`Hd_3ewYxEvpBKCF6Pli0?r$RpS=Z1XdBXci@{6S-` zb^PR0FVD}Il92wGityW4W2!=a#z5c8ZA>}>QhlTua{2& zJovUQSis3KN524mDm}a|5M%a@;???-Qem~lnC<{ zm4|#5O$+5&1aDprMQtHJhF`wscqRNn$HK+HW!Qx)dFt03z;>TZr-Mt0-|FC{z`GpW z1$@-Odl|Elq3CG75+jd=*8x`su$`wk`kJH2)(OYXPaI9nMYLC3@tOz3%L7jb%<()2giJzcru>S3Y7;picH`rW}_q};2}O*6!w$`$O(jnsiy zQ@oFPt9Z~0qhut!V*WJebTR=lm!GEG#|62c=;$|Ujrpo0#4(@D{w&@N)zxmzc+?s* zH#%f*NQ>-&s-EmG7k2i(7ubex_&4zmD-kCYpGvQ7f-VFZTec^r6HA!BE`uM}YhX1HczN7})*PT5q z?k8;5=s2gzdgkZ*z`++)>U~k&|MljlL<1k+Vfoq9FPa0+*SAl;KEk`-u)jc8u`9KN%zmD z%KulPHLaep4SOQ^#pyrGoE1O#Blo5MCUZeNOlzior}%3{_Ib$nfc2NfDp?DwNw6;Y zGIzWsq2=yoc57vwJ>{uAJ+n*q%)fKYA^6u?o9;1BcK;RebrmDxQ-7g#vPs;uv)p1}|JmlcihRW1LW^^?BJ8sTd(Y5q`480& zex0EArP4IAwCnWvEsOmcOQ28em%E<2O#q*L?8vvHCx`p$(V31%O<(QHrlRT5{MFjm zF1--WT`#h3ai@u;kd4*|Z^PcWb&}$qI___O*3z+i`nB&)X9PC22fCv>^qN}JlX~jx z`NkunE1g2dIyj{BqQ_LfnsjE~E4AoKu-Cqt`t4qe4$H?&T6gMo_9k5zb?2l1Rd>u2Olx=k!<8^B~NGV0Bbri`Ajp9)l_8u zh4bl`lP`V43&?c4Nxbj}=-+^ai~D=2@9NK%Z0;uR#UOq2)%2m6qD7kSHW%Dts(R|? zsT@<8M>uKM*iufntE``QyQ%2UwQ1co$i&I4q=$9Y=hYrb+NBSKc6aJbCJ%Db`MYO>ba^;=S=M#<$-V6p4;vef8uR@Kf18)82yNK z+DAA8%o$(kXl<{^p9#154rGq@wU`9`xk&zJ)e&7h08jQzME7@S6J+|z4$A%t{2*i9 z6)1hgKE&a<%-wlE-Pwkc{s(Qp);f*dlK@Yp;z_dXxtcZW_3Gd3(V*|(6F;SXrE+zr zKXxi3yJGM2KbSde^Gt8p^Z0nyIM(Pc#Y`vs?Y*ST%8?oS7*t0qGu69+@ z%xK*6JhaiT64iq>ziH4|E}5c#V^|a4YvZ*}^xADD*N$h+^R;_RHaw^``3Al_m_I}5 z$Y;Iubkkd+k?E5?+I*F5n@;F0gPzt2x_P$wHnQy#v`ZE1G`qXc&?jiWQSnJ#eg#BU%z0ng`nRua}4&`IDj zJ!!WSvH|E#B|25sPn)5~vY$Ejtc}$fD|4;41bu)tAKJ5sc1=jvhAJ=ygq*wZ`0lW;3=0#_EY`@c!)wA7l}ProZI<$iTJd8gmfQ~JCg+dO8P_gtdn#| zHmc`N>tO+Hlw@si zJ5PK5Nc}rHHv6`;a!;B((WTrIJ|4OWmsVi;q5Yw?fOco?F`huCyCb-j4tET=`$^vb zE^CnSKLKxD1TRT?G#_hNnSn@pwWE_DzJvVvj?UB2nHIsDMtWN$+(5Wbx*>T37gP7I zleanG*UF)uxR+ViJs-&@I|84vZ-cA!@A90>^Bd{y!$%`{eXNH@^D$NrpN^z2Bz!y) zUQGCKB)pOEKH6my-|9%vehYy6DeELK@-(x6_www6zotmOz0`+xG;2vm9tJrKS4Yyf zIeFzkKTZ0dg4g9}ZU&|je?KBiNnumjCVVq$BaiT%B`CSN-lG zUow(@ocII8-%0(}A&Uy&2H*w2ZNPV=4_!PL!9NB5M$rLB>5>aNVeU?Ezj!3Xiy82u zI(HJjyTWvHhV=SK_#EMATU{Vr9;U|pigL=k}r4PM*Dv~~z^h6}Qz{xv*PUh{C z@cYNLVK z-8h}kI9)wroX+04gH2=(Bip}u8gmHjv}`=>a{yW$JomxhDcMntgPUTeT=O9IRF-Kj zBR<6o^|W&-&0(ddc&-l{U8t;IQ>nOW~vh7&m<{V|tj$;R&19|mI+doj{4XST7AF-Bd>`mc$1_DoG6P)62h`+&LL-~|G_Bk_2oceh#N&hW>|HvOJN>fXq;cic^@nl`5aFQ~JgDMu%S<#Shvnei420doB+qU-c=tPI)w0iB!B}!Y}{sP|y6yM`54Njq_3+>74x5duU;9sbu3LTRuk`Hp z`~Y`E;I;_70J%?~KbJlBnt7)8HB){6Yd=^$r5T+`+kIFSq!*CBi#jrXnL%V*Je7Kq z9+T{zeKeDSuVS@{^h58f){gg zt1Y4YnA-n_=QOX4HLU^f+NPMPxyj_|j`P|VV`PzI#Ew6}?)`Yjq$yj?xJ|z_xtj}2 z;%l?fujXJMS@+|1PkH4OW6X0OG`W4~7XAsnKU;m<^tdTPCZ(&d`y<;g;A1U&s*wHL z$29M>eSkLJ^fl(7w5x5?Yl;6f`bk|@7tY?pJ5|MIynfH|OmENRt|48zkkyUr^{r06 zgX!|qXHWHiG^opl&+whEt1bU|&(DTG%2HmdH?#OI=X2nHk74(7)}(olLU(A(#Af;|--5f`ju|!50n?!G z*!9-4uM1gP+I%YvdtRk|=#p<5AJNoP;5^Ou>3GNM{(SH~I{PloyU^6W%u?)j%DrQo z?zbD|uZ!v3mTwD|Xl#N<%~Lx@kDK=WL+`K}C-H^6XT9}ao3Xwws}u4MqIbJ`fAMx# z@58+7v-e(keV-@2!}2%4J1cVR-2m?g%u?NBM?FixwP!w%v8}VU&&(egZ}bi;JCmjl zA%E^az=rm|gl`5t*Sl}egVZmXS;4zj9`Y#fc`&8$a>Dc*#x`VZw6$` zLb6sm{)P4S-Y@K;e;0EyIXdF5Sa+_%rR^P+X3tuKyUOuUhH+u$^>~!2UA1nNT7qG)AvVoZgkoJdct`G`X^7Pdm0N< zbj_Hh`zrkH!0z{%T$RhW1^?c@Uk_&5ly@^a#*?{qrb+jEc>d;Oeq-AuJ&@T?n*6NR zx1~Ltn_{L+b?xIBeMbhz&KV`&S6)RonV*7NK6QvQG?XEmkoBwdJ6nOAYx_(oet?AC zYs))-_e+5vK=Vf@E9reu{*L!9-^!D7G-@yP56MA3-QH*I+CXKN#;fm5L-`^;#v?W9 zz@K1kEWBa|`OZpa9`(|hAX}E^#EPT5s%~tr-E)h6sDJfL#m`fQ&z1f0BlLs$s%)P3 zi^^x`=IWZ~zuUIh@4Hyv)loOU$A7~emVqCxNZ&~e+V@vIR<{or_P|QFGXtY>JRi(= zyKVo@<~@Iz)5$i=&xSMDyv)Ym#TPVEjvv{)Y08HmDc<`c_U=HYG4)IA-3)w7Y3!Y~ zi@97O z*!&s#_m>I73*n-kkFj3EYN++sBQN<)t?kQ}^X6=Om(SqvG5HTQFST^8g3drlr}wox zOSYU8oxrb6x#>{nvBxdUQ}}+WbROMU@AhZ+xwU{U^^5MG;#d8oS+B9k+7kJNUx@hN z@r^MC%=PDMM%dj$+-Vc>iP4Vbe8aRjdd9Ez&jtigVPoE4PWEc>US{7f@Zt5* z*JOv72NcWK$K1@$uf&&lN;TWF9p@?2j%#*IbK}@1{GE0z!_NA9J*A%-%NR@Rqqg1G z!RoK>cxC+ZW0ybom$my^vr1+jf`{yQNcna?Wo=gs+r?R`?)|il=2ANtQ=h@s!#_Mt zvpmtCqw5KJ2eZ^o)@|+Cx7uv=R+@Lo|WM28}A-xjK&H1qh$vi|AzTkk>#7S zDBauND(TGxbEPfcB+n?ivPW-NPSAA2Pdi7DH>btQF`R$(w4DW0um#OZ?dl z+P`E@<|o%<53+GJ<1cKLUI>r00@8{-zQ$A1ib%t^^u|B=c;Xl*-}rGP%v}79|7K;v zSs~4(2p>d#rK#p%{SID^A*W8wW%-V8Ne}BX;`QqBIcI|RFMI}?-)cRFr_zNN;PBq7 zwPtvX;y|yW|2pF8sgHfwznl0X;`nZtjoV0EN#9RR zqVF($^9yX9W?fKe#EWjC?=}`^_smI4h3t2YKpD#zM`x z^p3OnTE4@4t(nGOs=;u+gEc&CPkK|osaD^!^IB&sZNKDBXwjf;7J#ogPrBzC+M*%z z{m1V#@1$Qg1H3~|wCzCJ)It01n&4aA8R(_mcZjFW$-MsKNH|6KzcKDiyLtj+UoGP~ zYr;L_fBBE>8<@s8Qr$CQxP!AQRXyX=#e}Qix4P%f+G6GrcJ8b1DsyISaq!L@Ijh%d zs+(GWuo`(Z!q;c<=hr*=?AH8%c&!WV?QwoJrETK;qRuK$Lf-VDwB)w-^?0Y|Bl4Ze zrcpjN@7E=q!R_2UGkzZbmG0WEM0Qowt0MK1-Z|g+W4A7urtc-y_o##I|JZS@*<{ZY z>K(TCwT4FMRc?7benIQNj9(R!bw9iy??&&7qr8joy=lwqIcnz<;O4RBb%J%*Dm(Xe zWd!Y&8R8BA-4(qA-2FTs<*7AHYqw)9X^2_E|*-q!+CG*JW z{Gv%+&f-(yhuDnbM}k zf2VLv;o5I#JY&BKCy_o~kg9rqf^CClpU1AfZV&S)%se5;Q@|SPoxxfdWtGg&FHLoy zF~_ZgSBQ|s(GtD@)2Ga1Q%dKbwL z!#hI4?{NV?wDG|^mhKH~VEvo^nVF||;9BOg(?@5$jiGF{d7sXyOaE%pCjR_` zq_>Xg{1kJKrq&M(clTadLfW*{_Q1!4A3K)bO&bayed?L<%RR)!=@UuuM?cV*n(XQC z59U05w*8NEZ-28S%LBA)IR}mmwDxN#x!@f zxsAG~HebtK?%cu7yhG`8U%c@ytv%~kb$o_YE6HG#}DPfjzg z>#hlXFF^T`lfIkStnt*#O6|bBrn>gInC9$Nb{+sN;d2kdWX;8Bvl2@uoR{opo~bjS z1(q-Cvk!0-rtZ4Se=Bv}k@_<7WIiT*`ePsVV?FtDE#9}#Vd7W6_3M&Paqma%7j66I z^i26*d!*Nd+frW&>H}Q7`nOl|-cKEGrHt3ugbBaB-}<#}UTX0emaS}QgSxbnh83u+ucR{!Jm}i)3mt$-jLNl`&(;IySsw9YwdHx6}|r% zUDq55KcSBg%N|a6U8fGY@6(QWyL03F!B4f?`xGuTwdT)|y`rskCRF~pKGp#AJ}}rb zp1H-Jqwnl0)gCj||57$gxR&46IbGQAu5Inu2WY0AW=_MN4$*zDyyP2l_R_q9Z0&qz zr+vSw*Eq9hUQlExs*1xzAB#9SExAI)9%){_zUz@&}!doh`;gqYh$t-u}N14a?`tQ&-g1#rhd!B zg@aw=`?az0nqO)h=x+TRci@K_8%hHIT8wprKyH$OjkofQ zRdx5gW#!rX+FK=(|JpZVDQnvTza063wo#w&r|x_kEU=Y*!MK8MbvWJ1eWiuwqh7jO zm$_RZI=NLclr5KS+O{LGjVbgaHOODTX_5_*On?{nq6c=ob!*0o)0in;@MD(q7dCZw z2mM@QozsnkAD?O8P0rsxVmwnh`m^(_!R$P1#Qi?hCzvbj$j^I+jJ zz8pu!m*Q>jU(U=)TmKwB3TQUFaxG2D_TSl2TJWtC=O5TXzQ@PMwf~m&X@lLe^($h{ ztK0Es_rX%*VXg{H;;%2k5-*Pj=qI{0V(& zRC|jL<#GBhJ+U$n{wuErzL36FY$Ef;XuYWq_SN!f+16)H+2!=vB0C4=eQqB*_{BbY`8N|O~1J6GhF8}jqXLvP@F`MiDS3dX8_?vLQ^m!27Oy3#LmH`+S-B6E1`Z>iofrar@3 zDgMYULHuOqccsWZ?cWEd{yp=U*M3s6<*=O(pQ>4?_eOluT01|$H?fCoTh)tyzO~d9 z(9YOB@ebZQ=}OYL>!P1Jac9&}&4cDsqS13F<4ZtiwAVpA4!FL@y9RQ2CEjV*;_2UZj}3l*w>QVG z!%F9@?O-2<{3^`fij=Oo2DTgfAMc3ZOk;11aCEN3?(*CSFFAy`d$svM8EsTH`y`L>fM1%pY`V*Y-p4&^gM89 zNzL@YRw$lxEmimn+26)~mV|spoQt|fa~AeIAscHmxR+4l0rl#TA6;p*)nVQ-tZh|& zMN4x@@oVe2gZWfH-*@N_)|b3YY7Y#bLqGMc#47Z&Quc|uuI)X5?R0lg(*Ic>q^!t$ zgp*%RAiwyzk@6cJApRV5n&xD_JKNR!@TFz<5C6lq^%~98_xWKU^koA&R>hD;s8 z#;p6Em7m5@=AXH}-+Z%V%S(11mtej~-R<52JI2?f?HL~C#@RK(F23I`Kd2h`A#E#wkg^2 zOH;JvFHP~5B_?;v-?J_{TloCR7sY!jxY@anoA-EsY8CSsKd&oiO+e=bw3jQXI&b-w z{j>JK&A07bMr#MDQ}}&zC`0~z#+cjEnPc0|5KdUTeqLqjkN58q_KGc5ots+yzWmY= z`|>qbQD(7lBo}{YxeucgRT|GVU-^Bw@-w?V`^SDCF7M7KXy;w;18=YF(EGq!58i_J zf!7RP)%(Cpf#<&M@;l_SJ;VCd@F|T&k`cCTm&U0>G3K`4oY-Z*8_5{dbITmNS3zTx z`k{0Uo42t02l)S(TlIXzo}0?9`_g`H|5&VI26<)<@i)lc);|8y{59jJVy~R`SmH-A z>{&BY?&WV4X@)th%D{Gyxc_cV>^wdx&TGa_VoQp9H*jc?d8FEU%d6VsLi;n$QSZaO z8_p@M#HQ^C(uhB8*HoDoKL>qoFOiS^Snq~G)+1u;pQ|OF`89FtG-s|X;2i+_#28(= zVG;WHtho#wIm44ZqnT5d7xtjuz!yN!!7{IN_&BLA;15=BVZSbQDH>51`88iA zAO1q|$lf-s?=En2J+tLWyLNLHd+7Yo%=xyLa)0Q#M)eo$z+UC0%%bkkl{RhyzxVYs zjlD0N<2@j=&)T7bnccnl-wM9tt-V?9zF^JG@z3sD`+qUEx;mH%nPGo_-^iFzQ-7r=<5k=ihWPtkx6mhO>0lqM?&9Tu;Dsnx53Kp98byajOxR8 zYo}>ENFU0`Kdd=jC9-%BeLUaWt#N7iEbq+4z5n>btSz_m>g^ZOJu}ZW%6`-i1p6;J zThb)^N}jp09pVLDPD@|yysO3R)*KL>J&cZQ<8LeNy3@_Q1~e~ZUTVKH>))?ZeaL0d ztiv}_?C*O0&mv`uy`^{UxQo|xt)TYUR5-$UkA)McxDHpsFZnX}(9 zGq3mQbLm>X)r2gq|6BCezJpv_%vQnZ#gLy%x;mYZeO8?|vG;+si&ExpMVh}+AA8@Q z_Bo0+<#f7wEp7Vcm?uduVxNij;4IXcUimcOyQs#%cfflv2Mqa5{2TbSdEwXknbij3 zfi^uyI~)_gY76G*Wo~S%mh9lELp)9$vT|WwW^T4)nBOAc;mF-REtiigKwZwd0S zJ}i8^c5MUOCwWTNDqnLv{~p3xM%K@zy}~}eXXbaA_k6FU{|_`yUs=MsST4Gn-}`Js z8r~ZHyj9Z6gpDb=bUvbXzlR3|&X;Y_dm4%pR%^}W7?{nUNaZcn0k_V=$StqAI}`;T60$OCVaG7w+i>jC9U38xqev@d0#8j zctl-}d!8u+pOyB=#S*>@w+HNm-yi02v5P1AvEjYX+Wl%rb)HoFhnc6!HtCFj_EWs2 zbE1Sf2c6mFXdS-6c9t-+tDbWkUPemA>VTunf|xnH$M= zTbi~X;M*cj`L!DKJeA4N6=ycL>fu_z=#n{6VtIyVBFtZ@s zu6zyfwb+OK)5WK3ecqrxho}#H_w|Qm;r9^Vp}g3CApZMnWA%(1 zJ2h_DGa|F?Ie=o1OPlU{zJN5wXX>SW)6V|e{f}AuU;F#|J>wJoQr|pOzt{VNwN+ui z4{eJ(hhJ>_hqFc2PHFG7{7I+Zwzhgs=I`$cbeJ>n>LW?~O3$84vxjw`qY?P`py7QY zwjFuL;5}3O_N$l!uIv2{>svve4EEK!G9B&3n!8D#rE^xl)HgNv8qCb4Z^cIQJ0~-= z!R4*gdzC$JK%eSfd#=&1lh}0HM11$hxTjucn}Lz{1@&v5jJ5ArKhvQ%;w9Z*(!T%r zG~Q$9t?iGek@r#8cMi+0BHIIQ-|0Th!wBzodnG)pcFij9kt0 z?R=j-EgH8NtFO_4?STAHA6Vws^O9^p$CuXfNGuP@O`?IKDsm7|lmjbgweM5q&`Q|4u$JW4@x+JfQTy_68})BT4;MQ5NS?)# ziI;UphEtM7R1UR+!{zT)chVBA!}0W!PKtI{Ou<7kP5SeFB-J^b)&M z?w_;;JlOG;cgIXK=cRNH$KoEhFYe&0tY2d%nd1$x|7C9Nn#(V)c|E7H`+xFo%bJ4r zy4>(**yTeXD$#x}Uth+L@|qduOPVjFxx0b2i@D5qwn;Cu>lc(OU)I`Qy|12NEFO1+ z{+pzq#nLZcKCo7Pq9rF9@qz8`9l)1{UTHr$Ym7U$^u~7~w`$g7S>wHYv1|f%kTq!b zghXxJfIU-`Lf8J>&e;OIs!QONI~pU>rVRQyTRcTu$rqQp6rOGO1Hry;-F<@n%ZHyz zUk%u0ANyJ%S&A-vZ^FK&rlwsx9b!JOxs<5{8kI+zB&jd=9^?-qt9oGFd(g~N z_a2;pRyA$QepP(Cg8A!J8^8F@QTamH58IsHKDKn~plsaOV)AkRKfzkG?nM~h=46J&8EUWKMi-YRZa;Bp>QwwYh-Jkz&jQ2SsIa- z^(nx=oudaj7|V4s8%!TE7b5tUp5`->F?mWux)+Z{@YD_?=qk<8?q*L^8T}sGG5p@p z3feBq>nOTi?~`u1qx%eWOWz0GByCp;?c$!RX}_8A1Dvhi@7hxFR@WpKY+BoBdHH(N zUmKjPb|9;15ng|Xtlr)!JjyS=WO*;Xv+F&}JM_**SKiCqP0{y$%1aNtvw-uvRVoi1 zOFA7(rq_&XLdTNtx9^VBvA0f5>BFWwIi(L?Jnwkcym6Gyy|qv8J=n=H(r2G8-=mjf z?SZ#8Md~~{f9LO@y+HC{9w=M#jQF7))V9UwSSK*+%bW|iCccj~27J&L=h`z#;3128 zCyPXS&1DV9LVmn|qaFL-Cq!dPv&ok{rld`*g*_cpm@`?MRSRG2(@h_I`?z@HPP~k( zOYxKf7O;>N+cj-{WshVlu@7tDyDux7ftc-E%(IGD7xZbp3BSr3*&N$vyE_;U*2IoH zS7r1LTr3}=&%3F^p3hp3kEnRlUgk2C=kE@JPH}%DcMd#j&uo`(#t;15HKv@rTj8M} z9(H>=wF9xa;{W&XQ2$)xrFl?0tj<}>TsfE*&dL1tM!tqq0c|L7gA|84g8XG02 zupNgrKGE;Z(U4y=KpyqulGO=hR;#`i$gHP=yXd}*FPHPmnrC$X_%`mHBYe;_&_2UD zCxWk_L-c#5-&wL@He>U%<_7xu!VTlO8*zh$8zl>s7s%fIm9vtUJPXJrL70*Sao#md9!Uo2w+9ZqtuNZ~q--!0>lcKk|jFYMMhtUkAz-q+akq-UutnjjMu->`l8k?`_kM0cf#SRFK2zy*1jM7%@M6xu+A-g*B%P?YTQ|Z z4EA@w(=e$&$K>)pmFQ=kjQcN+b1!7>=2@(_U60T0I?fnfFB^4XS5T)kbt>2!)G6)i zRIsb>4eLX$);pW(;_6hKKKPrtnh&L34dx?uE<_#XWWE;o_740;=P|_F&?w%@F2UOn zvTaj4%*niUAmAq^ev&QYW7bb>$K@T+Lk7}E$-3{=V9pcFW4?CK%H+^nebPT`qn>3i z(e(75ug#3Vncn`}q27bHm27yx#OB}0y@uoGbt#^{;p&g9*Ch60m+)u2_dG!MBs%A* zJ@Bvf>L+%tbnv$eo$W1@ZG+c{ZOtr2M^A`H@)S!Z^dsGE)X99O9Jm3v5qJSGcN=AP zZqIsn5HEQCidyPtYa<5Tly~9a@Q{>^M1-&0#8S3mrMT?bbC z1@${$RWp-4!5LGD-AvaE*|DpPN+PhCECcT-0lhaX2Tv&BYp5+&Q9c< zSkJFNFMmuiFk}9|oLEz9(zJa!eJr{8RnC;Mu8l0qdbirSYG0&Jm5pep0n;Wtm#((4 zb5r5KNAc>bBV}`6>wO;_Go$9lOvd|WnFkk5+^lY$JU*}Yq}a|I zwy_6qdu)K`2Y7DP__cXvPEk;f#sG6TEHhSmi82pBD~B>VDSOECn@Djlv0>OXwuJ?cLI4@X^|5^T{K?sY2U?j3v<__6SR z)Z)wDFd^VOP2XTn^PxGJ|ECDQ)LFHYYm;ew)9-Z9Uh#!Nd&Qf=I>d+WA3x@;Nz4J+ zQ&~j5JZLpYSJ6Yef33gJcdt~ zUw)?#TE#UrnTyzB+92MxR(iC}*8kYrZTMRPSsZ0QVi7oT%p=^wcF1!ul!f`Z{_47lVA)y#D1)i zvRyCPQis6zbSTq>4AnPfu!HqveC3;BfuF+qN&E1ta$lKk(}V0cckeCoTcveZAMXnI5lg*) zn?BG+-)I)U=zUvFnswy|X6t^84ExENWfMLUR)cauRzuKRs^97ol^reO*lkXhoNnO8l^j&Mr!9MS5t;;dD$nO2Y4()d9 z3_JPuXL0r{#SVKOQ2s*eGndbmeGz@B=9qzoT^q3S;rvBvkhx}G;3HT03fuiEcHjDU zYLyrNYxb@i>cny!eKy1Sba-)NNYy6Rw5^UE!bgQ)mU1RrIbO@SJsq2+xfA<1h|_+! zyq-I`ORCoH0Xo|M05*vHz0amtA7XqC^4l{C$mfV%|2`GZcYg5f{mWik7KG7pap;{RcKZcOPsbK*YD<@tx{8UtufC4(IR29SeSp8o{9VuA#~e;oTxkJ*B3EevoD*}; zxO?WfXRdoD+_S*dDNi4X@UTA2=IfFdfj=67KLtFoKd<Y?w6I`D6WcAXOaCN-9?%vNdHqEO49o)|PJvad+Ov~?}amiHF z?f=a0j=H)j$%?l2&po!Jv$3%*$>(p{TUNCvZ@y)GGBxSuN%#`^73;s)AKuHNd2Q^f zBK3Y7S1N!XZ;JLOyh;bB+_Q{l+QAKcv$9m*v>f$a(&ivN7JTW%7*4X7PM2q{zH_PX zYHp7QUnaf#_1E%igG7}#;P5uOr{eZHIN_dEJP$kg81$+}f5TMY7+wDQYd=2uqaQ|T zUvPOe{OCvBVlor@ZMAgB7yZWQr$>HYv;zET0lFEqb*COL=BOrC3c~gu1QqSY0WM{T z$5FIDJCZi_jBRtYeLE;__a)+nE)jS95^-l-++6ph9by+9yb+!%#8be3LzH*$;%YPf zwvEJlAc~g+&(Y4^Yi=7?DtezTv>&Oh)p)}XnZ-K-(8|op;f1_`+@RcfffNF%p<8j^ z{?e1Ar210qF8}S?CejZCwDRDWts>oxeE?Fa97;{L&j z|M`#KKmLDz?|&TgU$*7l)0mtR$KwU)rc{sT$3!(@mCx?mmwM$i1bOH`u6@ILbzALo z%7-rGIQ{4Qf08?VdkIKa=UVEXwDdA(r=y*`6#l&<@sV4OZ~t=eZ97E1BTHN6oOktG zNP1G``~LUou>V0Pmp}Wv6dk2cbLov{_PffdCVgR$j{ZoFlrvI}Y7N)sKm38OF!jyd z>gXQ#{DrcVgxUl72RV}9A9nbi9zU=q^9xZHsUGc+o&e#b3}4b9_5MFTca#Oj8}yr|$^AV=Wq+A~Z_%4dgpU+7RlMzt7?L zb{E|vE{+Spg70I`3hAmYzWv)&Zd7*Cs8M~Wif`k3yL%XX+ef^<1U4iu_-u7(H{fB6 zuYU^rmk`~CkcTwsO9LL``=Qxfk9@vVFj}+J4tz0uX`tdi#6pEd7?rX2chpnq$9_-x zIhQ_HJgP2pLLSMl??T$&G^MM}>%;Ua()rUbRz@At>eErnDDLCw5rb_tdD>i_G(a%C z)qz0wg*gXO)&Rh7L5ag#@9})w3-i9h{MvdIj9kXvCcx%Pl5eidr|*qNzPFC5WbKf? zVQGIyN8&tM__~#|NLqT-r@+@gC0tebrC9dc?Mc!PI9lCG_qOIU`L(sLzs6@^t=%g) zSOOts6p+?@ zd+d6Lm+PL2^X(sv+Z&|o8=Cgl2%f8dT()X~>i_%ZL9^jC&hQwBBr*#M8iBHly#4cK zQ}-fY|Kr$(p;7%&)eolGLG3HRU+8$;4}OKT#P_3zZPBjwcJ5u|>%Wyc*g5>jHn(%l zh^`jxceLTv{?LP>qYfT|h8^Qa>VZZRH+LAJ2bcLeO5aA6EerUdm6K~!%DId`{o)#j z*T>&Iv5_oBPi&CgWlMv6G3n`v_~=0>cnR=A5x#5x*wT0N6)7UfF%5iI{~V3&`*TJA z-JMk#yTX?D#TnXaTv5PZNi+Gk+4lY7hyLV)zfYNhA?xyNg|q7P-~S;pcA*dBT>W`p zdzbyaTP%5IXwz|i{*wrJQXd(&+rd7rlDMHDE+(5ks_j(Ol|fYl%HrXiqaj;l-+8=F zE*Pnk4lVnzFUAVxn#}*o#scIp7>)`P75)fFzs9(jM*KdBKjseb6x&A!l#Af(re)4BH^trJey)S5gv5mdCdK)pjYI=Bn3bClN)RW z`hyO5`lg%kE|QuY{yM&-p$z9;cq5;F-AB01h1pG6E}L=Kh4&b9eF;47ci|zv^{o1& zT^P9j96VRJ@Gr@$UjpGseisCX;h5lJ{tAQim|Toy{9We4axXRf#Kie5vG2z zyMXudSKz{`>w!r4G2kPSF!eXb`5WW#{}}irf8tN{27x7iPw%V1)F+Go4Pe#5r+=F~ zxsmWc5>|bD`p*fMMZ&)!ToH!jxL2(Y#o@&3Y;SR#S{O=R)BAn~^ zr~PA+xlbP^ye>@7xt#F&Fg@o6!kZ%DIfS=G!tfFsjD(*dyekskL3nQ@{I`Vn6L#{= z`7eYIN5cP=@Uckv2ZW^$9{(4F&qTuiO89&j&Q)I^X!3*l=H5a$LD{sre z5LW#YF8ur`{Qm$a`-p3B>0cX_{tBX)MqH^&N51(@k?;=*OMiU&8-%3~KKv`f1BB8KRGH~Mb(O^=U$h83QcnWoIw}Hz6QTQ zzIpeL3XhU+-l|dQt4D>O9u?j?D!jv(4_zegf-C>8N2N>F_UHKdJHCH?9vw6e|EMt~ z3NN7IQn8moVlGL^06!lc`-tRU?!sk+HxXXw!k-$MKOcSm$k_;f9Ze-x8iVrk zn+fw5FL&XmjJZ>b1wWHVEYT|n~y!YdKwW< z-|~M#SoD4PUkHm{uHzs3a`iFlTN#AMg!*Brj`^T5ACtUKy7X&}x#k4;6)s$5(fBVY ze~iW-`*UIBaV_$ud@JuUX=6Sv{-(L`J%qa=>5B;u5kBnbuVj1`|5Yv=>WkIiF&dBT zFVNpHFOLfU4NZ5FxRlHPYBt>hW0Yopj^8&&h2JselaiM!Uwz?|l7|mtk1Hw(yZ)EB zhOp{0EhsNBkuW+LD|2DwF;PVg2KCpH@x;BBo|RAHv%vNj@RJy2j}o5;{}c#mM{gs; zeUk8c7akyt&X@rg{%c_SbM&z9Bf{vhS-kF_VPqFy!yw!z&#O)}hgo|DH*Mutw z4+Z=eVxMQ6A?)N)_+f5cp-tnJ0e&I!3Vs29h1lC#>gVNExNubZquH?SABB%+!xkv) z85RE0s4%jwga6o4SN@?<>BmQf(U0Kg_`|+L!(-8h5#f)H3RAxZL>0S;bL}~Hu`v&zQ;f$}AI3gOSo-3_wC@AZjHO-rUl{Y?M$(;rj`ibn z?g!(VUyMCSTCV%vQ&f8Y3U=?+_saxFM`dHl)D?it6?rQ05U3?oWt9Q37Yd7~iv9hsc)v6~~tZb`$ zNI7cf-QCdM($>CmQG1sQ&tBdc5V&ng=e*99OO`(}sddHjRh=CxS9DCe@fI`hu_Yb% zJoIRLYv=4XWwC^L*0*%Fn|bY>LAe0XhSpt;(d;*yCtDZY_QaBDq5#LD(bOIEFHnRMfgX4R5M+#VTQCc$}&TW);v z-c>Cl!n0c2M#R{SGna_-`4+dVS}a0~?^)7jT!1__7%4-kK~MzA97f#uq%AXy$QG%n z$J(EA*g#pthn7B8+rH|?n^JWTwF=9HYi=45hR}#G_;<7}8-YI}489AucXiV2OIqtJ zpM+|c+NN5i%mnLJF0Eg(s?&vPpXgjXd-=mFB0-wMh2}l+(4%3fu6<=^;|ki!CzCXP zRm&so4tw_U#Y-Mq(pkIQr_bu@9EGChqLn=>zVN!1*{fDP(Z13V3JVHp`ARfADH;wj zQb33qiJaF?Pgto^-kqUt>5}&4o$ryhqOE-%T1Xdocg9)TDbu)eMJFBM-KkAWmbI_y zY+2Uv?xcHKS9OT0QaT=btnJ~O0;qk}P3Fm!EggYYD9(p!EQSlw!b)pfJP)>(wyQfY zTGiQB->_&EIt;l*@10CukFa=IODjt6sMXE8zp1Wa(&U?9p>Cf_qDHFwPeL|VaRMP>sYj8 z`4anFiB((l#Bw_9^7ghx4=q`)#8#~1N`riEU%6u0Y-_z>DQnEKmAdIx_{xTEzA+lQ zQFTE`2(JOdVV1QolU$x$vGn12^X4wPt7YlZ6|LFe?JL`Dt+HhZeOX6H{H9w15!5by zWCa{S7+cY}a>?hgru3Tn_EwZIf}R4sX+_h@mbN9G)VyWs?Bz?BEN_=^E)hL4PDqr$ zYz5=O2xJwD2pb=3U6qQEzUSeGS0R4KleflcT0vcbldl`YFw z&0W!grg@dRshT=UaK5wKfEpb`)Jgm*Q`fSzRnkXd^z)T1t-{Sl!ftN|XhR1Z!7OPW$qrC?@9J2wvU5>K(D;j1EMNLmL?|~0Y8OH5 zs+oMV2G4t1J0WIAY6bbH$LwVt*l0Kcp4An?R?+HJ=B(w?Etw)a%({x#HPtPWXz!VA zkpwnj0WjCtP^%1zLUux!O>fH*sO#*q5rKlV$$ZJQUYjshCMbuV@{j!VL7P^Qns>bfb%!ZVrHr4)5my``EZB|`0$%kyp z-9b`>D4RenwvDo7LN$`ELb7S>Z;g`929-~JV-fpz9Y@)q(wKMHy}F)TA5@xl3%hs= z^1{MzCvF+{{u%q6F?X?cAfI1sHL%|4fLXgVcRQRo?@9M~crGqG51%sT(+wl z?`5~VgL8SOYVt67v+*5a-dyO+cQ|=%A%5P*kY*k{`@H!t<2x45{PMp7ES~v|;eFE6 z83X^m+%fxjw{`T#9Ou2(!>5f|La269123d?D@N>9e6LOQ&!` zBz{sP{=rE6Ly>rNI7??uB>sz$c-7I>w{UwTUUl^Gdm{0wqmMrniB}zc{69qERYxEH zS|t7_k@$a(#Q!>sADbV>%SYttjQv<7{^ODO8IkzgBJs;3@hcDl8KT@i`DG7=xDZ&9Sa zMR!N=?~UL;7>R!<62CeUza|p@#Yp^fk@!84_^(IeFNSvJGVISow3&X|1LE!BW$TP- z@$oy2X?5^8@Vt#0mt?8j$2S;rpNFxN?H>LLK0(P=GWe>4S?3%FZ#EvE`#5;BFut^L zw4H^^fN47mlYQLZ0jpg^=i3ezo$oqWbpFA?qVqimiw^B;^OF4o31b#G-abH@=lKKJ zd|%%WFc$bRqIe2<#eWi4AZ1%Rf*BY5_)@&kn1>zB;AaeF?^daQ&h%5I)@RWsV$HhK=LCC|0wngA$A$)nH?w4;h zrrG7a{D3i!dic08k2$ym`d)4&&|l)?*N3`MaxT=X55t?s|1f1OclaMhhJWB;bY`K4 z8AG%1t_XZM0-uV&7en}p(g+Nnp3W7ULLRPwrsv@b>gaj6;-oQ49S>Jr2T-lVDMM^_%q=g<0BV2z3$>m(;73WvYf9Fc{ml$uaeY#t&cy!60U=k`SERGxz`OC^96^09r9W4U|7q_s=O$qUk;z#7GQtn z^~OBw;dLRM@_iBfBgXuZ$3Z5(tm`+1Hst#K#{99vxgHsMd0v0Ym@oQx^8Sf~KT#6m zd;&(jE&2p~(C7Wc!mzAQtdGEZBXlBVeFC}pyq_#%n}#dvlM$MqY>41Ahw}L(b@6)j z$*mEbosswh5%_Qf=XA(hMM(sPzL!VfUl8&5 zk~Z?X@u^~#$Q}Ntl971&h3{XVnr6(49*4Hb=G_#5(ZkPsoWl|L1WV>V{%ieENfDEsQ;7T!Pj?EeFSG|Snj0m2n;{ItVuf~Ff#N!PdXRM`Gyjg?Ru!q2(*B=LXd;sw9#;?uxi zaq)t`>Ea&*KIGyBf7ivcj-En3ntR6tySaCaa#BBc@q&Nt@b>`!#>E5I6uNloQZvrQ z3zn?J|33qN%*6}tGG;e<^s9Ns;Us~dbueYse9^(8L)g9}Ad?!^7n<=80e{)SHvw-4 z7XP9nIS3Y=uQ*tAz8b(rboKf&%tKJ{pX{&{2m+R>cW81}nq_aS4+897e-Z1A*jUj!eXy?vX8 z?e+a`8nX5_ZF*IRKfO7`pT0E2pN>BGF>X4%`8m~$qL9vva%29J<8#K`aK1NVK?H6K z=YBIfBJj4*ZqGOw+RvHjinnhwsry1leAtYO z>HU%T6QOOatqkL9yF&b0c;4^$p?S?WJ&bM4!pLO6$0KJi!`teOS?1%B$&((2{@;3d zV+7tAp+nmp@HnT9`OhA{7|w_5io&@>9sGFwx@uz%I{Z3#IOJj4!p}YGj)pR9(Hzqt1+|aYu3&S-V}~0vyO*zm0734dBW|; z_Eksc_GI|3bbDKv_x8>RJYdY+XGF-n);5dGDbtkADw1zMtN6B5aF$&V_JeaoDDfsSv+$VFU*r z{JUNwZR+Q!jXNWG&xCnDjjTNWr}u{O_m+jc-Ah@%?)Nr_IP-}2e#Lo_c4>l7U-za9 zA)Wct!o2h0&DVYY{z&}Uke~Y^Jlt0miLVdqb>D)pUiZPjpDW&99rAWRWgT()c|SV# z_YNj&HhuwRW#efJ4}T^S|JlP~e_2Sp?>h^j|7}Ne;jWO+h3Jf5OImm|Hd-_{lqX^{x&li3t4*$h2Z0j-Tu=&Jw%{^_!MwDfNvE{n($K_ zfvJy$NjLB9ZWdo&02%wmVX9(bvP_W^e} z_!Mxb!-t-MuBCqlxZA&&)d#%I!Fz!R z0{C|EIq2XEz&iuDp$M2?1M9k)ldIh={2*{5fa5m-gQs}SW7X~!hdHO(U9jevYIhsY zyj1OO;UmCF2k!xfZyWy{aD{`@z?BY80#^mF;T=cqZt4FaaLU1=InBXe1x`D-8MxlT zJiYD#Wpzny?sdbSnQRN>p!1TxUE;aGgF$>;`1>4u5}2~p7V*=-7Xvtl^jNWjiHoHJ zICm59(g3#SCkFypXP0z-OmuW^DR$Vw;KoikcpdOr2P+@NS^P6Rk(*$hQ4)WGb;csD zFtE-V#Rmge=Q86%4&KFjIBg^xod?R98^Aj2lhYNzI_HxEo^W)gC&%%l^E^2hf_Rw*|1y>f{~?V4c&+C6DOqj80x@0PB1Xck$SGoyE!Paxi)G z1{^GWCpVqH$vYLq>#R*4e2b>e+2kh!_*w(p=wQJ9r3~GDPP( z%FRFP;C;xtEP%^PfgMeqkr~qw#Ou8381R($lh7D*+`;fR=6nF_%u511;pn_eqT0dx zfENd_&bcNA16XHX5`=|6aWC*W2cN>`!iVB3lfaD*rrioU16b!%3LKqD#lS;Byw0T* zoObYGmcvLBog1K2Snl99V8@Tnp%iWl;&le4@JImb{K;4oz&d*}wkm*i?qn?aMN?-^ z#%^>lbsX#Xk?&+IVT*GB*wNG(lOiW)ogXQ3G^btwZVvEuZluW3)R_^h>y)MQB1Ojn z9Gw-pEaBiYz^MS%8Ij960=O0)E_3|ULFY1;SLcey6$dyvV=>O*>%7FcfgoOICC2S_ zFm)Vv*uisw;am0Me8i+xPc7?gd5CA{%HX-!LtLlUGO4q@tJ6$k=VObR^w6qRW|ECv zxgv-Op2~aUq#Iq@svxO##j<7WiguChix)l2F3oltJ#rm< zm4nkk_>0~2+l#=L@u&R4E8_1HF03(u-=b~&cdG@1|2(})g0zkCc>g_uBTzK;o6MhJ z89siCjscbhu>IfDlY>-n+Qyo%(oV4pz~V2DKhGb23`Y+x|M_wsAt>0@w`~_| z=%o=nU+zQ1Maunac+2f0PUWgY`f?+*h&8K*(9L3iar~jD7Ej><{#;#wO#d;O^DhOt zpXliKLH;6mUpqqhaV5B)#k-+;@-4~8@5Wnhy|L!znj2F$C6hN+RaHg)pIlu{=$2b1 z2k6a(y|d=t9<#TOW+|2c`SJmC(NTWE{}pK6*qU-Pv!dtWPR-d0pPHr;i4)r8*^v#lZPu?4QM2q{VP4(%_ z#hSS$H^sf>y?-%#4|g0d?75C_$QERNGd}@e>&+E>FQTFMNPQJ|!pCY~Hq&ZyZJxZ; z>CD?b1vy{2Ep6`{PjZiXihH;(OLK?1Xrz9T$<**ITH*@zeXX9k^SZhVa=N-tPv!3E z;qKlIy7xcR6~!gI51G!BEG@0=`i8;qz>G{LGqd`Z$+xCzrc9kSosfPe7SGAe%O8^{ zC>&dK*|-lBfAB+>mwfn&kCc8iNWb!`va3IKP4e20UsrzpCq7v*e!|4cPffa^>c*RH zHvj(nE@dBFKgI6cIWAcrUOw}g-~tg{_7wm0IP;^EKYs1?+r}kB1oDplW%d2vc~?l5 z9-US8&%Gm>MhGjM{gFN<8vr1j&*LLOTl@*XSQ9_be}nu(X+6-xvWyQhB0GM_uBK#%u;u+ zecOydzKL<2nd`rMF=ddQDtuE!-yr830g2V8CzPz=8>Al_FnMcUH^tXnY4X-`Q^hqm zo4jj2M;zaD=+Bta|ChJ-fv>ta^Zmakf8c--WB1fX4SJ9$0n-o=@q~nUA_xIu8!$1^ zVhIvzs8K1zHtIQ?1fm6(dp8Jeu_8vqF5Pv#?q2tG*;f(bEwyOf-_l)|rLEeyr4_Be zyX>y_SGGmY@BNwY%=vy3(fxCO`}@8!IWzN}KhHeRGtWHp%zS4ya(4a3%eljhdp*;2 z`AU{8Cq4hAW8D8zl)h_StmZAwYX9qZkEIKSE=s-J6idDPlVcl- z>tpFf#|bB5sb9WAcxfzs;}Jjn>!Q+;fqq~MaMSG zAm8l`CNA~hR6qQMazEU2s~>J_yC`*MNv!#YvkxvCTQxKNvq^sZr+$1a{e}2N>FC;6 z`W4Fl2g+JB?1$f+>W6PH_rpKA)eqm=c2W8W>6P}0NypO59y^wvNEwUUW2sN=yePfp z$HzDfFP0v6)WoG9dfN{dQZ8xIkKgKtFQuGE$fLB&{uJE2eQd+B=Sh>~{CLuid+b>1 z(MjB2MwupVQ7nBW@JEnCf2|Gq{-%+0lHGww71T zZ2m=rF?-3_~Shq717ct3pgLtb1wuW^?M~kd`bL6+{+MaUiJMteoH97nD}D+rMNh*j5I5WFDIV1oN2*dfxiU*BK%eO zOYzSoZQ}7mUL$d{q_^pw3H2kj37-EzI-$9@0$ok_7|`~z`i*%}?p;Z!KTm(ew7H>r z8u!{GPwAt@=@rXj?3StJ&YfBb;Yo|U3(@(a=!lVu@ucJKzvQ0Cess);?pk>4dasc> zb(e+ivMz0z;?se9DB|fw%VI5!gcr{~$lVlW>BU#XT9SS^y?9!TJAY%MZ_DkGgQDZy z+s}CEsWW3OHGUb12SwXCvF481@Xq2`^TYhUd`GPL$ZU8fFV<2>_?cy~<^va;txj<# z;V$oJs=qCf+0u|`?uXx2wIxzpmh@yEKb{Z`Qa@}1kOk{zRvHct$K8 zP0)t5SEPO=e>_IJxl8pIJ*ju#(_}Y18>cT&?*iUWMV7o5*^&CAUsFc15}eF3<+T6r ziuB@g^lHjqoQNgPdIf23ZUw9S(RBRA3hpH?N+)ls7yw_m5?m=Rjw{1?xB^@hSA;9Z zmE)AY3O5VBh>I`M1>7?-)#DzJvkA*1y3gJ3AIL}D*J1m|$-X*x0JQ-#aqvKvom{tP2K4Eq!rI) zUi|x5=FI6P({~SM2L-d>$h@2Xo$7I3ZThksVyO?Co=ctd>$<_qevo z&wbgCMx^C#rsJuD-qE$sFqUp)&d|rbGX8xh5mVO2>>%xWA@!o4Cb^NjAi-mGJ$DmM zGI!YPUYA%kV_;^er6N85=AO*pO%>rXsH0o=aJx9l>o`X}&l2DGe=whr4kdk4Pt^Z0 zdYjcRIX8>*e|0?LzvXyEonpAcpM>Z*V0&P>&Q_GE!02oJwhmWUIpLi)?hJK}I_uUP z|LD$Iln#2>PsZX+KY-z?JXLQ53wR&Qe4>iwGv3h|aQYP}@hI z&8c%X{am3lTKz1+f2Vh%sQ!n}V3ba*CyGLyD@ze}-XyPi2y348dpK~K_lAE)OQ55R zz&z;tW(^@~-zN#bPy87(@ABTqwNWzx?-~6|^_v}aVACrFVyRU|CpfDxyi7($|2FYjYP=V0<1#9?9KJ;4O_J>}#ti|RT`V4fYzOWCyUvX3YJbg94 zp3kat--?>A_Gt}sk8zrx@Z^EJsP*T+!4${(3!0e1SbyOMn8&Pt4D+gD=N}BxjDg=> zIb$1GN3m(f(vL21e(L=_=YKvFe>CuG9l)iJmSeuN>7$7t{+#PqQ5v(E_AsY5{IkpY z#XCoQzxc$hO&Ol3@Z+KXzk3e;pEdV3Ys`RYo&x)ODZlb3{V?pz<{O;atUjlAiX1if zjzX&ukL#bb+vKH7>iO7o^hHyCl}YBOo9z3|f0ZY9z5PW5=!p&zz1(>Hf36*K2!`7+ zM7SBJcF0EJ+MzOSS@^thXDBZz4^C;7uGofc8wh#l)$;GKeD-ney^wGyoxVBq7P&Ti(ayX!kuX#0f76^gD%eKYXj5y@BUcU8EuDPBWlJY7sQX;6nO~bb z!VW#(_XJ&(_t^#+kx(O$g5&3{eg6N-D8UXFYqVqT=-A$*IM1Fyn!mM z&LZ9Zh`p1p!s>0clzqJV%IqoK(bh6`?6pdp+~d8lc8iy<`^m6l7Ng5VYu@(nBjX-9 z<~i9#1I$107vP_ZKZaj(<{9`)@H1!0UdcVN@#_bHm$^sHi$3Z0T%+6Rw*VclfZr&;QGSc~EkYkksIAnax&EMS^ZT?p zp*A0!Nn<>rrx@yCsQypmbr3fYz}(toVUFO>0BEQ4mE9f>qrxKSiWDK zQs7x<!tfB)~9vwWMm%rxqt z{OI4qSG{%NHe?=LOu2Jn8_~jDZV(wCJUgY@Z{hDFsJl&@&nTr=P52#Ij?O!VC6WleN zegEp+Ub1fvcQrHL+Qu*QfQm_Ty<{4`O3yy|T)GuEby-jP+IOFW&m-{R`!#Q6hp=5V zRCAYhdhV&F%p<3g%$Y~kqXu<(zlTJGbfqLWwXH4lWy_LNN&uYQ2(O;90|*c zm1}!eUlZ@R=l(lBJM*si>TZQ+_~F?K|9_;%OAhNP$7xK`vm9O4oHHNXBhe&P+3D6w z+h$U7ZZ>Jn-2_3}?r_>h()Igk^Q9vniAYKQ3uoueU%*L-J|7PD0F8CmlBdcX=2S@9J5w0{YiYLcjwR-3y%8fbN?Mrj?x!DHl5QKVP`!iUEFy6e-6G; zYc&O@cs)6kPW8%-TB|7(UBWQB@@^nL+}{0!t8i-XC#=;Jo}ijy(ufz_9sz}wFQhMy z`G9Z==N^ZbQF`UrlO$N`67g%&O~3Zq8S&7QTdQG3=A3%v?3w=_y>hFmZ^8sa+qjO?3`Lyd7cNR0FVPPW-M1+f`ipp2E^Uu?Lk+hr_T%l{;Hh_&xfe zY*7Q&_Ty>XVg3KOu|;uTeJ-uFK?xr6#IO%_x_9UBsHi`jie^*goPLz*UdIRmAH|-EZ{6t;U|V(K|D}-`M0n znErM1`@X-o!8>7Xn{QZK`0J_fUEPxc#|C%3=-b%l(rq{Qq_1DnlfG=8vHuCz!l}|^ zu+cgAWP=08T6^#^A$-~Rp2SmLLt=<^hrQSqEnV!p<(ZeUf66{6x`p5Ep^oVHdon-d z{jYx4lezJ4dSssyT<8kFM8}zA@CwUF&#A5l-o=Y!(mUu#(xo>8tN8*J9Gw71?M8=w z+e@WV21k2+97U2ojv@&kN0BNYN0D+LN0GRXqeuz*b*Jp3np2353GlSx7vJkie*rvI zgQrWt)9D&>_p!s1(gc*)T(QG(7#UF`XN5XbrEiM#bu!eonN{wE&SG45|5|gL-bg(zP~d#EF9?4`p)==Zo~v*+ z)tJHql~IRD>S45Vwnpi&&Xy^i(Ag}tXZ<{<;|+x3pAGpL*IoKZG|&$trJ?wpL0yr3 zfu0!|3ha@QH=wYsOM7RWKM&Y0wDEbQcQEH24f%(IGV{pmY@hkDpq%{vkRSM+4RwSa z6h4t2OTW*33jy!^yYl>}7(q_@Y*!a|cm97Y6?OE>56UGwt7Un~TmQVK zdiHhx=F@-6UZI_PO1*Nbc1#TFT7%=EU+!=^XS{1)&VC5@*vjFTVgw{J4`jV+wIxZBuEPf0hy zHlzIt?2%m3gKitF2VZaWnc@b(Lyrlk)w*?zI!jo`FA}_oVb)VO8(p`AvDxHlnN~bU zdJ*fvm3>Hi_P=`dPh{VBYn{rs4KBeI;A8_mLOn;*z1~$;XDYHf(=6?uz$DYnelA&L;mW+CjJy`ia zOV6r*B$SW+3nu>C#Q)b&{Jg(0@s$@7|7a+F@{de>Yc^h&8NM*ynjNlV&&&K%vwCe*qh56kJycpXp6~X3v3Z zqfImD@<>ObO%)m27F$QDd++jDoA^=MIV)q^XVaFQE3M#FnUuc^9MooP+im^rpOnYs zr4I78*T6sgR(%Yg&4+)A?3|&3y)T|7!7WpL{*s=F?p;2LuL>-GMa5%|C#5IaeGo_K z3!a^il(82%+ehE=%gmlhFK(!uSnidoPUde#>Kp1m;^&sdr#Aqr_HvvSpVAkK)RyKo zV>k5TPp!IaZE96y#|-R+`b|aizr)_`sO^6R>f80Zyb?P{^6lideAj;UuR|}v@AS)> z!(LwRDzB*ZaPb_~QytHqwSB$}Tofe09qSfF+kfsAfG5gt^6C$;?|}ZLb_;g$dAa`h zi>265v&UUsrXGJU3VUL*AJU(8SlG5^cE^*FA@FB!Um5!nnS=B)Pql4WZt>Ub_eV@HUCkPiH`{vW`GPA$G#PWz&orE8$ zKfO3!m3W0snY4TQ!`Pprb7GS^ywddIrqjZw+MGOq9EhX5jDt6TFS*D6*tUOP_Dt%X zwyM;3%BoU7tmzpzi6Q0>n-ai&Jhgf9{i!=I?P=^YV*<2FdiCr(6Q2nFmO^loB>i{U zH}*q*k5pkF=NjV!*!ibI%OP;f+&=RNynMhbXD?RMwz2+L)3U(ewIKC_s!H{>fmaNT z4(xaZ8u@#WBa}+F^wm8zgXX)42y`#8a#3)3n#;3ytu(Xcl;Dli-%2;J zzOd;f_Da#uSUZZ**Gkk5TqKpo4znkF0Q{7SN7HpnjtTaOizwsOWj!<4Uzc7K*};A@ z+G6-Mk?3V#9kPWn=bNH~c(Jq}xcW~urRT@1(hXXhi1(x$7U{z`@!ay3g@!L9sUy|m zr59*lZX7$blDtn&zMt`{MDuw1_N>$!*Ys4P-O%1DwaLQTgA6TlG86f(v9wCBy4ruL{`i7{_=p;sd zfnVy3CHuU!y_>)h^};X6t1DtwR<#>hGYsEKMy*)PenY-#X%MgStw}U{X4@CBS&U)L z=_>3w@I~gyCJ+47sy!NSw9n1S(Daz4m0HV`>;gXNJ8n zDw0#rXC5jUy+>C3P%7R>C+LRnOEtb_4*vRB;tBYdeVCH*Y6Jazgj~e-)r_tq8kU&7 zdZE2(yi17Z#qa7b>8Yod5|`V1X5o%G-m|#v7hPzJ*UNZP?MdD=R83k#{%G=aViWy- z(AV`uOZFwI@5hb(>R@)C_O-SwE}kPUle)OnP25sfE|=~?{(Lln8+0~}G|bc6JS zZ<1%XSL)KzH;Ymo%mwo28J!`Qcb@IL=+p6j;c1c4D@?ih8h^4`#`y@}d%aH|M@PZ` zVs=mBD?j!b`7sC`FM|d{(0mQ!GUZR-q;Jp|Yd0^8X^hcWl5SWQ6YqS? z_}tB2Y%lY0!fSq2;|6rRD$%4oN-rJ|Eo+B*z0B9EBrivg@6EtsBH{^fH$pzZ zdrb~M>5lTs=9iC0TUMRkkopqyr&p&|CZ1ul`))|=3n<;+LL*b@%IVpLoRFoZssg=5N!7BDJiIV68dc!mX71c z;vO{nVZH6ly@b2I2jKO~=yU8rF+2|4E3~gUYV?==%9nZdpL;C-dzsy*J<00y)Ei>( z>#WQpr@i#}(@o-agR4Ps^<=q^D_d6LyXYH!c>@El*m@^Y?&bvaNi<0pQQo zJSRu=wO%(Tv-mC1nCIfG%#4HMa&Yf8?=7AqS(ly{uS}g6M@Ptuv8N=~vS12(JtB4K zMU$i(l=eObUoP_Xg>)IZ1mjK1Riv33soQoXeDvL`HNGXKFY((AP0V)%(4-7q!l%ji zp#}1>?@IU-nru2jyQCBCq91@$`t663FSJSD`}lK1bO7mAA=z}C@}&oOy>H^aN4{Rq z+m1gm42@FI=yEHAM$%`8@`yGyq!TZ+p7d#>aWwS|W9a3laj88z&D~_T5WXcNdWj={)%J%di**;tIF+Sx&|zbytWo8t9;3T4 z_5uIvBl>5AIw-%lA6}p?eE(}agjf!sp27fUu+T^N2~{z%y9Ea*~N&l?sG=k&1^ z&}3rvG;*vcJ!YQyZY41YPxKPc7;pMyoPIKn{%YnMk>y6O^T#U9-4e`g8unz_`& z=+<8npPudiR)H7Y&YT?o(Y^*~RWh$<(-(c3r5FF?m~buIi1@#?tawiU7|MAdURhJ^ zMS36Ro0mr}K9>4&3Ezyh$0)ZT)qZh|vOViM{hfZE{_)ItkC5jPuRv*=zC@l?Q|eNOt74{(SD6EU zS^f5G8+eTNjYCI#$DbRvM3I4G)gR9`e`BoQPI%tT6_J0Xhx%xPc)bjshxbzl*n2rQ zTB|)>)1QcBp(wVEGrPARg1_5wgUCJ6coVkD z19U5BEqWT8hxI!;j-c~FZ@%gqL1)1#I#WM%9Z`2!U$=d*mp&NGiO?gOzg#?L6Z)9? zKI)-j_ zCUMZ0HP9qdQHV@n4vB4}Grj1QO6d;isqe+iJme8@@S?ZX(aMa`mR5crgpTTe8oO=0 z9lJL}!|>d#EjN~LroVij_MexmG~>zwzEk~O{jt>XmtyHllNT|5#99_c7}uxN4WJ*T zqcdVl#~Zx0eG9x<9lS$41umZ*F{U8vrGukaMK#B)-)(rcZ2K<_uby)pFyl%3qvHvA zE0oXhBz6LLuuNl##v{XfZwF&iCX3$0H(jmSpKQ?BqkO=26xeoJJ7yO;Ut`U1_CxhA z$y>^AWbbcJ>T&woo9K=7H}Spj%2-w_Te@@r(!~r<2R7p#?R_CWXU_n)ofiLQJ}n(1 z@e(rsDX%2a$M=^j%|2v*@5~;)Q|pE1^a<5RpO+nHC})$F4r*=Lc$K7G=pP}do@Y)uG_(d#R0#P|GD-P zjw*~?JfJe%d-hO7lISFAS7ONYpNMOh;qg6QQt}cyYhOn~I0?T8rzePy5?>OIM<;lm zJV%6+(dDvlHtYAFvnNTj7rn#rN*g?*^FW%CFM7?jgBN6bzwh^Jjj!$WUo#$!#kPk1 zHuH6>ucL>nzi3ZLdg_F=>3L_@wv=CRma|ui)8!Y(a<+HyOMM@N>Kjmf)YT6U2Xk}U ztGS%dr(S98&;?pkGvC~{qgPbV%l^{nFv$_RzU<|)H|Ff+d@owmB3OT!s7y~uRAUz} zZ<#8&R+UV?m^~txl?Rw)UyO``bH9aCwu{=@VPHU4GB#!EZRgw)gA3*X>GB5V?+Fh+ z!0zPlO-63mxw}6{rK}>^#lC|61swDF-ZD?Jr6qbnA{}L)`J(z`lNNLC%J}+YIsan( zQ1iupT%!S?sB7oppm9+Pnv!zI_%xuNh`sJMp_?8h@=_tw`Uh zN*4QqYhwkL^9j6XYvhC1Qz>dB^ z-U{raJ=-RYw4aJsWcP6WOfsQ<54^w9uLoF+{Ymhszev`({$k_@--`B8rtru&72?yJ zja%?izrk6~HmP|VHb0FmcAV_joL>Dz_Jisq<**jgy8*g0HufH*-Yw`!M@aurQsZ5h z><8NxLAM3WWy$B}vm@*V@LI@r)O9ZXRWzVoG1neDHg-Gww?yI5$;ry}#6`!_a~m#V zJtWrB;E#RVIHxCd=1Ci9@fW<&Tx>iMmmGOfwnq>P2WZOy-wah+nmiPM_X)1A-e7o&J#oEI4hu|=y^Fb zTX=Jiu@A+eH?++>R3(~jwqveriji$oj9!$pLy9j{j%*dp@A`IY?LACSNjAB;OYLy4 zv2TEz(Ke$d@t0_AZAPPQMa!YLv0XO*fH?>HcxqF5rRHeO4~?r$eRoOEwkg>&&08vE zFKXI>4sY?`%L({f>y+wSt=})6Bc6BmJni!vNP9)~j0+k|#ShyU`^4ke8VdM^BcE_o zG8tJDslet?!{JKkdc}e_$A{%=GjevGS+9Eo8;4-g9?M{U;QCoV{T`jb^lM)qh&vt0 z#la`Jbq&?wbQ8)m_7*1(kUOQcr!16j7I3Q1B-Q85_&Ee^ShEmsZF<+YQLEjp*}poA zTrVb_Y_7<7?6QGO;VdsRzmSYGI`yHad^zRnrrruyFLJa@dxIIPjqEdPTZ8C#l$Sa5 zYtvTRk&{#6d-3m*?3;h$>I7fI4qwz&BpGCA71AwJtFWs<8^JFfjrmbbHnQr;$ev9} z?;O09P+Gw(8iEH;ayhk|wHI_!Gxt$lqt@qAXLDx~Xbm8kQ}m&WXq{O!O!+cdHZFq) zzyFsTy>XDfAUlfPCt>^kNSW=AL!QGwJg7NClyI?Z@fvf5qY!=$YhSBy9P0OyY0}|) zt)AR}Xr`$>?g*!y2fwEkxTv z;@YgNa{I@Z!&?o8Z(SRGUY<|d#HjpL#7T#42$fk1Eu=#leyM2(pZ>Vk?((|y{3eu- z-*Wp~Vt-9u_^Q|OD!3~#a_U8|kvdBx&vSL|$?oHQ!tnYN-V6BW8@&abz`uJ1cQ`$I z<_qAqn{;I^9dXan?h?|re1G(GTj*1uW`h2zf!$He; zrVp7uY-A6zqL+TS(xivj~1zccj_)zpe*SmeZ z>qU+T|2dgrXtCSdn$u;luS#byx(s?BeY8nqa)56ysrIPf%a$holq~JVkNhm_MPG4i zGMYz9X9>?G|F!p8Z_~V5dQ5J(#NFZp(jGqsIvn~=R*E95LUfp>we>Hcs97$%Bk%tC>ejU$$id z_Y3Lq4OM2XYj^f_3qvWi%ak6LI7eX){%%;pdl=(6HEyCq>R5G_^FItXv z#{RP>+bCP7_+I=WUf6UyGNhN=ROxFqL+A*%WwUem)tO%KMx%u#y8UOSyb{L?=i&?D zi80}%>_fOHPUj62)4pA;KY6>3I*Xbf8y?fz#u~&ok0jGmhbmj&8Xlu>3Db3~NeIWg zP9=pqtsj{_ILO@M;a~K){mkj*la9%@p|cn>ubwJS^}nJ$chU59FI5V5>S~Y-0FHKe zAy}`kr>~&@Z~6s&hq(YUsh~A08{%ort4gOona6xMdj=jYhputA25abKZD@9V=s0x@ zC)%TCEmv!}n*Y`B$-Y)Y`vtr7q|Db(d$L8dCS=y=TNX!awHLSgdh7{bjM21pCG_*j=BV7E5os zBc}A)Q=E>@@9Bh+a-RIeGLB5e&5hKve(wqpnU+*TAh`-_B}7M zv=bV1{v@V;(|j^IC!L?HOdY{q8f9(gs)m@}HJ@aE;8obUrm}YVW_{(&YvQx9i$q!< zoKgp!ca~!NYG$1%UFfe7Wg5N8RFpG0qnyQ=Y>K5jZ{-qfusMrgW^FnH{c503c5y88GU6MrNIDgPn(^ME&C_J+Ve;u*c;EI-3b!ZCCW^H0ghJt6;5 z{_#$H4F6Q9-QrdDy7@fBKAF^-@}|C0)=F1FtE=Ie&P!r_mttoFPw7t1J1J~v(w=GA zjkNFE@J;y=!#D7VmpEzpWtg^%W&VqN$L>_t{9Wx0^=+KkJu90Yf%dGwH}@ObpO|;Er#w#?HD`j z&`NX##)VDaM@}%-O5U~pjCF11YWgnL=m~s348PX)MZ8!mHoEPkQJ+ukn-5G zVC!7m5NrN@_EOEeIM%#nO5Ha0D+nIy%B=yVI{oz@jRV4^_64>qiq?t;rf)HO1oUln zrv61=hn0MiO%(ZS?4QD$-T$byofFd^j%1}$=E*M*smGS88ecq1KG|R zh?Px?kWF?ULe7rtPp(RNl$%L^x_O0qd&9fPHUaRy@aK|Y^sAs{PJFBCdD$F zkBHV~pG0fm9@Lnt{Zyl1@)!?_TE?@tU?Q@1VN+$z@3a4_ zZA}-YP9$Q@?B{HLhxPMa(lIWMEnR5nnA7RCUlu%_6h4fedYw^ znY9DyaBdv2?~a7mCCwZa+b?6*rK~?hWS58Td)?U^F0Wk+dqc9B_mVLKIXyqZw;Sw@ zNVMmPPrK3eD^fdXuk5~m%ec##42D0D+svQOViRuOu<7ZZIYa&)b>^RA!9kqgGUD>_ z$MA2(Uw}W#Z(&U>^MohZ{~!LYZVzWvSRP|OPyz1OYF_K+1arW_oUdlH8-BO5YQt}y zugYvd@BbF#!;9Ygl_kjNKZ{hzCgAil%fHVukMgb`LKlDQBl1$;!DZb$`kU@LG3f-G z;{jVvNAl6g2%EZ%pP#wvN9N23*&Rmh)hK6ZFIF2fB|EEXlE~50{~5~^eBZ~PZ?it> z>T$TpeCs%KyR)ZTSH)+WF(!41;T7m~vi1A%*@7));{-$f9(4QN$At$|muSOyy#E~e z-_Z8}ynAi>PVok|Am$KSCs(^=QxJ~Kdif-s6Mpv0NAS5PyWHW3_irTNRR_Pp$DZu0 z%$2lP>x*{J4Cy{ln=|=AyW!~~=FgN7}g%X&L$s-^xwjslAGk=DryF z>=_$)U#fH)*f)R6m#3e-Wj(rc`OVnijXg_iubb`sShl&G?aN>9j|@AQ)n*5?eRsGT zyr;*_GyO?zrwzsCoE7F{roTWd>|QZfhSIn){C0nMx~9bJyNIj(l$V$J=20&_=lLe| zgR1lj=D4SR$Gk4PYYy!W!)NpFcV&m+v+s7znE?*Jz1iSYvh$V#*0pzCky{_P>AF9m zj5gsKK9oH%k2!p4{hxWyZrJ>sh1Q#)QPj0N^Ia$ui{r@O{d`NzIzwjezAAo8aHW~*A^GEc|JRdw%#7JxvV|$nwn=&D zetFo>^7!U6uNd6fZ!q(Wo%DM6PVLj!#8|gCvC@yHT_u7q^O&(0%x`@q@*(1$d$(2*RGOyj?=VQt`>W`nSn+gGJJGm99@ILAL!MtMy;@{%|=cG|qfiKnPfI`Buv zjI$p|N637G@n2&lvc}Z$;J&IF&i~A;`DrZk7~|-R-Vx#2AFuPENnROFzooc%0K?h6 zn{Kh=DzKPwRW{6C=sHOM-(mazx6QcP)^`#8e=+^Pm;O(>4f_~Z|A=w*&p&Bg%`0*1 zOm^%%;@SsoOWc@f-#uFm&2r-^dt+&Dv24D`P(yzoM<2fL%Fz7Nm0{l<)p&{?a$2~e zyu8fL<6gREC>U4&*^aA8jjI8CCO>k?l^ur9zU!K^3_L$RV8_+G65;=r4*2b9`q7pv zay*B8V=c_5<2lMH6Yb&Gm>pZ=8%}(WzME&-C^|SlljJ)@`kj~g?eDf2!{wFC{;m?2z0r{K+^#zYXV+Us}(OB%>N!If2c%SCv_$_P| zgw2|pXalUJsUKW3V$H$kGxHU}ip@defY$Y#Oo?zV0s0@jYsb9iJEOJif%NxEGe^Ro zTi1hEitHJKr4CM`Q(IdLFb+_MZ_B3*quzB3KG~v$8^I3TthwZA{Q9U(7WhD`&o^|-zSesHc%iNAor!j2OpscCi)ZO#?5I7MmP8Rk7Iz_z<>s?E_3=%Nb99=38{W zsVc}kne@^tv}X|8KDf!{8R|9P;C(cYchb!j-Mm;l2>kKDCL8yXvg@-(l3o)xHrbZD zu%T99C&CWf=WMc@Szjyo587n6glw{xVUztbHd*Wl`nCv}71(6;&4z5UMWbx8ofjLM zZ0kE_A7Mf2Y(nQpM+V+C-y03v@BdhXV_h#ek0t1%E4?!HL!;x;hYjy*efJUS;yeB6 z{l*r>eMsl90b+{^+f~e-u$A;ne;%*(^uYcnJ1@43-Zbj+pc% z`g*ka73|#}e6iKo!;94~#J|vQq-_x1GkuLZ^b6fKXC5x`n*Rv>cTH1e^N-*o=C{>% zq1^wfq$yR94-IdN$u2B9i=WIloSSGD`~=U0ZRIiT8JBHb-|SI#_e1BI{jUY-FR-4X zZ)LFS_RZ%T=V)XHI&Q3G8unZKvMFyPe(5-4_j{f`H`3+?jvJZ(cSQP*(u)?#Q~HF}_ebj2gJ$mZ9dxi! z`-PD={nDS!ykumaE_4RZ$t=4EVm@)XdA~nSlRvcI(8jGDU8aq1GrEke$CfFb$g~$d zHD`0n!5eBbv?wyVe#jI-VW z_9`3uqFqPdo?#p%o%*zE8@LSY1>lIWe?RSYc02REwQx55VfuBJ{Sq(I|E4iVV4c3N zka{+sN+M79ql4+bF>l-D*!~s&7IGWDZ9RO!+19rrb=zMh@0*MPtdC|MPD%zRW!q=I zU68&J+dKOd`0lUCUvuFbzeVO-=cCk1U(W7TevJ>?*b|F0XW*pAv(BrrVTgC+&-MSW z`~6?_hrZP>Rhw&i{XNg%xHNO*RFnA3e!s505r(J4ONXGTWT?S8dc!$z-mZP>R-Z86 z+sY3NG2+d*pV@LU$@)igjvk~BkL$$i+zvwz-E;8?G}#&EL6z5cIp^t+*L;J~;1viK zofl)|>Td4<-_3gZmbv+%DRta=XV%7qkKWzT0Gn2#6CJTX>CvCMD9fBR1x< zTfP-jh_eXBX^Y`a0!@@ZC8I-${L+p>oq#v4+jsSNclM6S&fz zCos*>yTjtdqdn52#LqF)mj07XTHk|SJ=^yISKN#bU3P!}R*i9Ld;M;&$DC6FKgyPq z9JT%{y-|F}cai3-ta|#3^fKu#;HLLG!yOQ#H!9R09H%{1n zYqH@UmE4m&MShmkKi#^G_N0|7Uv8|Boou7G6Zuo_WUZaU^t-U+t@gWXT|oV0RNiLx zw3g`ZJTp!J4{MQSxDs3`E|^DRd$nUkiD0rekt##48rrkcpS$JiwXnmtO_r~v(+f_M zU-xmSjQWGwp>X_$Cr+9D{PjD$THfsielz!WaNF_5;K7w;%jvaq`4_N9bwh(rJAdg+ zeFxoVP`vZA0?F?jUHY&ELR-mg^ea#Lf#{=tUjwd)OSYoB7#u#yw{LbW!@{6Fi0c2+ zHOx18=35cJ-8v&ZD|moq2w2`1ABgVNoC(7|E!F}#oZYR})_djGtG>4kEc1=M27b|* zCN;oEd{R2J=E14m4VA*bfq^sD4gPB>mvvg=wLdNE)``GtiSkhY`F{HB8^A1EZv@;P z<&KkB%^-EIWc*sm_wm@RGEZPzIAG4Ci>Pkxd2=)s9Vu&P>vzEkc^oW;=k{dZ5Ur>) z>eu<9&$oNBhq05HJr~ruUwRE?>w8Ie z{F#*&L44z&E6w zPdmgfwd!-Cv7zrI_BvpXRG-s(Xl%w=;ibAZdzQXY#~Awl7V4`>8kzoC`d5+ohOpTe zdp)$SEcL&0k{p3{-t}?M`!92~Z^HD)(%uYtC12Rfza5<+K_2Qz)oQ>I za~0Gk#iLVo!gpG~FLylW#(IA*9(y^7WrbwYLl^R4(nY>RO(Ph~@= z*UWwe#tO%8X6~{l`@&t!J!N~*clr7zU-oXBU$&d5<>9}igHMqIBc{p~{>T#C zQrs7Cx8s020?d(narfaK!~t{UA>4n#ZNoi=1J=khxc`RxQ{4Z+eGdn$kymhkiTf)Y z@J4_)@(%9TxPQj|2KOOm=5e_5a1(Kpai7HjpSEx3)!^!Jz?TPnd9AoxaVv1EacgjQ z;l76J!)?NS9S4kg+i~DE?dkF_j1%HYAE8O4W-p2hJ zCpfZnnS30u6rP8>5cg@^XK=t&2t0*Tano^2ajiIDC|r&E8jku4{{Tn*h2OwEhI1W-RV}9B_;QhB24pCgZNg0mGQN zxO&_|+#=jfxSOkH%)DmSwX?5FRM+1yZ~l!77B(zeyrl7_&wajW>9U)fTW)D>yY;sC z$2}|WSkTGQRs zG%vnxb=T^Z>sQCGxprziQF%?Je~P}&t@k1iEW-d%AGx$BqM+hR{)A#(-S%W;9v7J0_;X=_Cywipho_VKM{F8hR?;w@M9|br;&$P9 z5R>&2s^(G7N3STEPoBaBl#@Px0?9%(5{G+ z<4K#glsMP^S>%fv$i~#yPw*4Od7rRpw|a{v6svW+^PY_8t`vJo3Zq$MxlO~upWjBM zQCXcqI@RBA)44Jgx6{Ve+Fy3kM4q+&M(QkC+iL{ob(@g-};Av zXVg8|27iFQX#AM^8$jg*&rreK*^x(E%%gkz3>_XXbT?ejFI+H&27S&)e}Hixderj?eB3@KQyZ!#2$h(v&OB$os_emIyiO9JbZ8CI7U|Bih83C!lGLnCe9d z(yY_ z_!0dEx)fUe&r4EY=SS&stEw)=HUdNqgZr@XPQpEiwzv&n!-DW#-o zH>G)AH)-NGQp%H&R_JA7RbQ`tukk5#f2!&;{V>$tvCrDH>gOTYG@^*{NARD@e#54h z3^aYu(b2R7BKpIm#`S2_Ps{y9^%Hu{a2*JQ4Piu*joSL5r5pM;q!YX+{dAG4 z(YP=pM}Ui@=Z&-cpC_5yAid+8<3Fl-2$I4D=e7E{k>YX84S(QsT$^8Cp6WC5HGG}h zO*T`&cjGo&_)fd@0s8F?Y<^Uxuat5d1nG{VZ=827zRBBUnqU~_Z(lbp z2S?{^w(Zb8$~oEe`JjK$xlLN|ex9Yj(P_)ohCr6K7}Qf%Bk64aFHo7o1tRXF6SklK zaexWvyc0GCjL-=wxy~}_)Jg4$b8``fcJ}Gc$K!-B=sT( zfOmvm^Cgoq2P-%||5-n+H(-COh#Ru`x01g}ybzW%YD31a@u#*VmGgnkUu1u2*Mz9` z_fU>$o1?AD7&TtN?-P(6dYC6I@a0ChUbXr2LA_s|;Qcg2QuUV!JvRRd>T915+@s}= z$|zhgE~g}+9=drQbx+uD^OrezN9w$OujS)i+u3rN)mGR3Gm?42SwJ7P);qo z?agz-r4P4NITiH{V>Z{wVt<3 z`024>SG|mlg#?z^h$NX6&ON-(DTIn7jBO)$2)hBpL=ql{=kqx5>P78+mmT=&?_R~H z@(g@k_}g&_8}7z$9+**2pa0_<6!8B6ZYQqOrpK>l=6N>!9RlXD`LWlG2!GE&&Ya(- zKSEeAByIQ@;b#fYvf*D79wxlihOz7Tk6(U-W{wDB=P6Km$NluOZ5GZaY}*%^L^wsb z*1n%cSoCPL;hCVhfN+Nm&mr7NxYvenAbgVWunjljH;;t}i}YC9#QpCEzY*cvJof!M zNO6FOwf6m1$W%f21smSs>jjaR4ey4m>Jxiy7~7Zs*z#UtED=2{{vy_>mpge{BB6qrz8t-ltXGfX(0Lc^B;^Jj;eJ!4!X-Jg$7~ zh$XWrwMo2aJ}bU(LvbKCm(!Wq4$=5WP_f(i#`>z>F?pn zL+UHA{W+h!SF8ONKly3GLxekQ`mZB8gg+PFMi_iVs_gr3^UgfQ=70WP8#G2r>isj8 zNDf0Emwsr}`~QoZTt1+@)3&_-;d$4*PuR5|oA|Z0 zw|=#E_u3U5YreXoL!Pzk*4({%#ocSVx>m1Sv2NuZYwihR*Q{5%HS5>h(Y4y^y5|9J zUgzpncP+c`o@VlJ=W_R&d+uDX;FTK&N4b@!T#_uh9;_li5#bekIQyJ!8H zJMUTDLBu^P)~|WMH0sWE_kJx`{j$|7ySnaO6@sA3LU8Ze`&D4B;I5T-uT{kAo>iUt zUAMmT4*P3Rboad-D`s{C1lSm1!TNw6dKJ{+Nv3L@lz_W=Bs{dlywDw z%)Dzw*XS69$;DeRdSBOlrdgqi0sKBg2omM|c+@K8ow>S)YrygN^{S3sG8oCnMedyv zDt4wkV$d9$n7}H_1+ZfWZ0zb7MLXpk6}6&kwdo?XA&0#+_k2}BQ;~ct)_1{)1VOQV z0S&BAgt^9BvEn{F9c%EdTfM&f&b8}S%$x~j3_*PId}Uqeovup{-kIjE@jD-WRmG33 zAcq2<1R)Hs;^y`h_uRYg?v-6@9$4AE=3dhhp;bVu_@Kras*!Tt+dEi}1DOG|wmaF{ za+C;aH&MV~T4Re*iGGTpq#2gcT}`V;x3qK3ot?0l-&`>SQq5rZE9-2N!Lv_((Cm9w zAuPJqn|`de8RGb|4*oM9l`t}fwt8F=zwC1hS1eq8&+2ttaeo6M*b zs{8)6t5+BZR)9;xv*uNf#k%kHlXi9AZR_Y>c?W`-ryqUK>4=QexqH?bBXj8VI^o+H+_%}lS6CwZmfj>VP;3|K4fWv(BfQxNg3TR`g^S7aY zT0eF*?^5S44dTZ%pmW;zF}>)c)<2f?Ie!V;TwFZqFLQpz;+&s0x^l*z4&r6McID_E z_bE1Sl(v*Pe^b!LXnQCx@Jx1TcA?8U|K6ak=nLq;F8)*ir)4Z?d6GHV)pk9~ef*k>D7wijQy8xVAYwId*3+Pe| zoDNqPRs?x31m;;b{e`awaDEEdX508rQBJkgbemc~aPY(vX@#$xSyq`W1!1HPN!L{Y0f`AsEf!2<`pJ@#8ex@VH`RD0 z&}goU?`4kV{DVQ7OTn{i%ca2PUU5@`JQrCQ2=ER<$oQeI+k6iqY z0M3cj>*UqM=L5Q227VmfF9S};8^{eP>ch0MDc*=7_dTZu!p1ib>r843j9wwRaM7 za*0cSB!GX?$x!+a0{mYAtzG&n%2`6Rd9R?ou8mhT1m$0`JQPp8m$>wlf0Ol3E)8Iw zoM6uE;wi_KIk`EY_2g8*larx^ks+2hWtB1{=tCOW&5#BI2dTV^Ir)*U0=8|8S>NKTpD1=`S%8W>dFJ5 z^urA-(g30n_ry;o7bKF=all0KM}NX3S~N+ObO9z z3VfK0ZwvX`Lw@k=#=9xt*3oDRGZ9F?*}kn9jf>0&LHpAl-XqY z>gpF*w{U)7cJ=bbS&pU^u>fxs!0+TwMRQPBMOP?&PbfY7nM)7+PQHB>{&e#Bv&8}Y zpDhXUezq*&F}_U5@l|C7wjv92CGBc)e(3IGc;#zBUDL_y>Y832)HS^-sB1bnxy6=K z1#GuEKd?C&UIjeWF8)YRX4TO^x0%@($c>q8LEf2NLEdY?t%K(p%6EFvEZXkyGi!d3 zW>!-G^DN4AeREbvP}j9SI%`k0e!Ed-rH^Y*F7JUc^$a=qKgLxCo8UdKUC)Fpe+etaN}~KA)slZ zJt!wZy|ZkY3EJrTLSk<){wCmU2XkU5R6a1c@~h$P8*Mq&!l_{j3k= z;`fB&{|KGgrGE~;OTRx_4YJjcQ!c#Nkc?(><*!~+_n!m>H(hLVUuYn&NpVUS%v)jD22Lk_GFW`r{%R}*l zq4*O457&jtscQ?;)Ex|PTgSSj!+G6%p?K`&x%mGlz25 z^Lk*bv+?!uKrgLt3i!4je7b&7-yQIIeQ!`#{nnuG*Hf?SQ#T|$?@PA)8|wI?%F_CV z1^6wkZ=f#6V>h&g{M40;-yGoW256d#2UlNqIvX-)?LOV7sw1NPpx0ApL?Q>ns-L z1tFX)0RK+ETF?{B`xbx`hld4w`J~9@eS@Vs=YO9su&jTf$2yer7qf)o{EeP>hw}ql zr}I;nD|6xNfy`Vu9E@cPKM44|VOKC-Gysnq%NCvBQzu*IBGS8g(_-Lp@^CRQxN&eX zxOF=1;`X48OUi;d%aTN32UyY^;BZM-C_WX~nwIPg#-k5=|lkY=MDsEKA+^XG@JMH zZK3#%An)gU0@#`=f;3IY#&Ncv`)f3`>E{ z>2gcKkK@UuXM!@9#R8lxD-HR}LjI~ims?gF&~X`fn{Mk`*3Gs7=ieME|J9&f%NVCz zyOy11nc1elnR*?)ZeA9ozxkFR{mrSM%$sTNtuF7W0M6!Uz$eWQ1m!fN54d`p!H?7b zn~wzgTMIBa+1ru``eqAsbTn=04C-oG8}b92>$5Ebp7%8iTgyK7133SIpx&0F0p4zD z3i$b!4W4(ucz|{GTlz!s|CRUx8~>>1Jz)9dmY?ERJWp#;U`uH&3wXG-Hn5wu&JW6L zg%4eOTlWV1+&UcaQd@D*#x}}vGP7-Kfd95#q4ci?u-zKUd+Q|uoPzZ{+Gn0p*5Y|* zo+|67Pk6v-;%DIp|Hj{rKV|(p@elfbQ`8CH&-NMihFE_Wep|lwNJVOG{4oA@->MZ`r>y@ZzvaGP`?S2~V87kc2`?X)F zaG&qjUZFzUF6|R4wB?kR`1{0EzV-)=A#D7c@z3}D+7~pY%laGf@3el(88hVjwHIiN zEmQk|#*#%*D`=^t3+*aSOy*gT3Q5x;j8F#|> zYmd(O0_)#_Kk56mH)p(sLHlyX^G-c)=h=FbNATNv zwZG;(+xGeawx(41>9uc0e5P`=XQl{e{3-nVe82X}6us{IwGZcf;8U8$F8sC}?Uy;f z&5ysS9e=;?*FKr^pZERRBXd4*EAP@ce)7n#y)qMutRHwM)cStynVA3_N~8TU6At)( z?TwjW^J?GA1?7G`dtNHn-+#B3RV&wbuk(L9osZ8)S5|hf?&gc)kB>)xCG$z4{)qnaI_hY-w3}_iFFo@z7Su_T1joS;$e^mV3ab zc`oI@{7Dn?9(bQEbtmwH8CHQ!5?eKqd|BY}Y1fIMo?q5qcgEY#MhvQLs z1xe%e|EXR*)i|Y_sQ~)nUjE%?y#7DEle@|O+IqjJx2}w^ADV{S%VF$(`_#s<_MQCA zIF)O0_C=L78Rs5X?;S+QZ`<)j_~HWPb&rEV`={hj`Y*P>L2x;K)unM;@8l1aMaa7w zUK~4&=X~4+IHfDbX%De&D?aZ&$|_{+&OIte5BqMz>2@Xvcj<+FOuFf_XHJ2`#EjV{L;Lv5jg1Q;+J5Suh!?{fig>Keyn+LH z%DoBR`J8iM&YR{OiXxpK!TBCB&ZJtq<$ABo-V)MIPG?WMym1>BQ(Sf2^B$uf&dqS=Q=2m*5A|_p5@zIw(zeerkERLf(XUd)_=*l79t0H~z zs59_%uGNUMY2vFmh$8zhI%~t^<=5bYvo&-!TfFZ^&PUwRluYjOdcm))^8?&?oab`O=XyDB$cJ;}IfdN)Ay_zvML0gW=>(hE zucuvGPMR}j9DPLN8t}ON5HvW@z@7D1_lR!mImZNg3I?4!9x-PeK56c;(K(Ynyce(N zeKGIz?0e3}J^Oa%txICO7vJc83Gbu!eG%_pvhT%1dSA+WbB284N!?F(_9^>b{G|7B z-p6fz&MH0Ir}sJ&hV#_SdAPK38)qneT6l10(Tw7Koo!?IGLiAm_2oA%{sPbD&Uf%? z?&1cwj$gxlrzf$>oVn=AC|6#}NVqcaH;gVre0|eyFAm@6UVxqEyqP|)t)?HE!VltG z@hPx%={_@+<)4GYSu^gOG|s`w#dAKKIn&R^+51|OqN_cNh_iaKU$0Jj^F&|u6LaTb zJ$J<|UTp6Bx&c`Wo;n?#gx7GH_6(utMPuOJ{}@t}-=PX5V*OK`t@RM)#f=cr6TRc}VO~oaFYs!+IKBVjP%?NAG zTq1un^*o>ahF4B}LFS>P;>)&C-o(Y;ER~sFxGY8(9^tIke%^DwP&H@!Qsyk;UI52O z(!KuKPY3BM!X>yha)z^?inu#rIk3Y2k!H1n-$s?IbMbU0qB-B|mo+_!Ug|2HXYQCY zxR*@X7>U=^c@1;UdL=cNdH*kS?*kw8aUJ^3N&*%v+e#uQiY?p1$d157UhS@=-y#9~ zPqO%vR5oDKlvpB&7#eIamJ``tp%u^uT-qyQnm{6BK}as{<@(}=q{QWqd`(l_@>0@J zhd9*64M|8Iz2zpnme@jjzh{0k`};|VIC<~B&wKkZ{+*dQbLPyMGiT2H(M;8hHvuU(=9D{*ux!#`MlW|T>D{c-7%fU{YR4Drje&qmuKRo9@@@gPr2i=k2(fyIfhQ= zp65g+szdI>5`6+*jC=}^4e#TqsHP`xvzT{xeDvbI$k*Cwd+(Iy%ivqSXr~j<3*(@PkkxlnVP`XY%$>vTc$=|xv}2{A z(V@p?=-WH{P5k^ZXmh{4I}Y3X7Y%O37`P$*R)y%6xo_6R<*gv8uZc4}S7`e-67PiN z*W#M|2eeHdi929%N7ik46Ef6yGA0fOPD{R#bsS!yd1PE4RYt3&H!9vS_i%bTwR^ZS zk8AFOG<+6Y|Hj@E>Be8V)XRNsZo3B7Tm$E%59b;@UfBnZ+}()%3bac-wC;_N%au)e z-bTi+G5Eoe^}Dio!;ra~ap#r!S~kA6f`7ROF)I2cZ8$;))?XwDR*=4~j8Pr`UbJ4=21?X-TVgS5;w z(ppH{I9B=b^+VH1lQ;kLy{<>z&fCU?#x@p-ZItm!hj*$=GM>phfY|Kwa>s1uN`t^> zxF0_*Z!F7r7H6F8neq2snQ#9VKJ1Kx^;U#k*L(}zp^Rkp0>^T<^08@Kk;v*j`;@Za@XHnQB@LERP} zzWDwN8`c@y&zR`5+l`FpuI(>+)gNEkJA*gCbRXai(Ozt%x%*Q38oue7(Y6=6x~hRZ z8rNU;`rK*T7i}K5zjE)l+<}kYjEdiD@r|Em?>BXAHMB?B-!6+kijF(>P~TDUEf(M2 z6RPX9K1V;xO}A;I@|2Gce+#7k!K=%@a>CHlvNC0#65Ok7%kC=!W8faMdP)C^ir?vcnSSTf&G`B& zE3C{$#P7b+D)_o@`0;mNajt(z>DjvnEN>(0{cgY2^HK2|Jv|QypW2_p7YXV2R=s*NuD-ii+febBym;m` z@5b}vBWZrUPpluhL_W9uuS&bZ8{O{~Y1<_<{q4H`oePZBL0!kI^I>1!IdP3N#=Lj- zUxVg$87s%i7hnHQM#jo(q_vZ_ZLGQ{)((4k$#37Za8c3m*&%ztfNrY8d>u>{0i#^ ztkqH0HpXSxc}=-_x!mkobgT8I(Fu;0l9tL zbza!u-gUlD+R*0Zu4$2VtLV7pP4|zT1xxgt-S~yN4$?pRk%3vaGxaJZuEMV25hr80 zJDxtvoaKmWXDv?8mBs(m{mPX`i?pGWF@4RAixO8soc2)-{fg|{$QIu-+sj&S)Av2U zp0cdW@6lxqUv{{6y_dJA79z7*=t9pQwp7cy($>k!nSrbxe7bsgMwa-eZ!Vp|UzFFC z@aB}Pd+T>F0|&FTx7ciO^*flF-%j2EA^!tktR8;gA14eyur1gqzNplTb>Q;efU06{ zc6LL6vHw3~gPY+I8SC-g`mwrx!;9CwzW?$Ab4q4B@cM_I>i$7Xb>=_zSL-)*Ut8n! z{F~$Sy{(+?f8)KZA3yEMYWJ|nz?tzD_jWV3tb5&Yx~Hyj*1gU;qN7T>E9Z5|`Vn~> zrJi{i@4j-Le2on`RY4!F=*c-w&zqE!`(7z5W&W{v~pM zt;<<=|J+iM)w6|uGTOGzZCmjhY1c-tU585YZTcqoT+grD z^!2gY^xbo|O{G0`*=9}CZL4>WtxG?v^~a|G5@}`Za;jVQEiG}atz;Nqx3KG zij8gWHfz2|dsUyTTWhCe<4<3)DFm~fbO^k1NU@X@4 zbM0L}ZJrhTmR&hwtluc{V&jO{`wM35U8U`#wM(+jwq7mnO=unh_${TPm)T#iRxULE zje9p`LuYdZTZg@$({GiDavhq z9QJmE9$&5Z@fX<}T&h^_`0)#rFKfhwlu^RkFzfg3Ix*|OTNqCUL^r#8dnKPj4ht9$ z&NJrfHWOR#?u-0%$-LZ8<^3r=CLetTf5P>vWS_ECuW>v-MbU1I$u z6IYdGABXq~;w$KzvR9_}%^b6zBYS1=HDYh)|K;))*z#r~1KIQ7y&iSzG!^Zh8n4#t z3bc>R{}TPGY|)$>hchdN*L2SOHl31Mg zn^Oy1T=qhGC*u2UDx)oV3&zcR3K?G(Uxa?3_i=T(J5|-KQ&hB(c42=@WtPn?%`Q_x zWLb>dwEU!eX*bHhVB5*;C+GLnq&;b)iraa!!K3w#&?>SrK>qR$-lc2sQCYrBMRonC zTV`ch_0>G&9xy!U{Z{&Vkavdsdz@9GBeTzvAD;zVr5Xm^Jx?R+QufAj@Ka{S2s$Hk zb(i-tJNFVAI_^mBG~-tQIN(XdS5+_?VrDXms&_4TI24Ws1>r$MjN%?^Njv3zUPbj+ltR7 z@hu{^hF5icRre*~HG)s?y2(52s7#UJf?^R_iTZw9tC4B*S~<}LEm@1Dfv zy$jm6d)Xi8c?vRAJsU0x-4gwliYvoY;LBceLC>9k-z9Hw&&$2_uObip#WSS2`^d6B zfjuMbdnRp=v{K2p?k9iUC4LfV-!y4^7&}`e4V*GrlO%12Nt5@$TTNQIj6tMzo3vG= zEjDQt@_sjIOLf|jTr2yjA?)lD{buFPT>SRKth0RM7p1-3djGo|x$AdOkBZE(%k-&A z_NxZSSB#!7aL0AkPS~B3?^Fwcs1I;eWi z{Hm+>A!JS4A?p(9OX#t-t>j@(pX*kwtl!l7dTIl*wsU>z8OSWZrHe73*p=U#PZ&9z z1g~Tayb^==F@v`kywWl7N)6tf1}_Vqeg{hWk*{3+KFhq^KVLC;i@_@&gI>8y@1Ot4 z;Dx}e7z3}u;Qd#PcO)0=l{R~by)$`dbm#D8-DZb=QOfxN)+&ZiNxSfs{YJ0tp0;hL zR%pAyyxrQ3o*~|vMYhIvjF36Hrq8TMJAqRrXDVnH_x*JAGjBt7vRCZckOM9cxkI

>XIFMMy(=LZ7#HR9v!n4;%A@&=91$H~ZAKR!;Y z=3%GyaY8cw;@?#0F?uq(%A0-n?9jS+;GTZ{mARVe&>naaKcNsmp_TS}$@n5$h%arp zjWZ4j)tdKfu)o-t72=EF7X`BK;ERY)@&;>};v3^biVYTCG#$?0WS>$+Di#)+AOtxN6*eO#o3z5XMcolv+po3_vW|pJK*O>HR!$dxs_g1$cnA`v6i{bpV@G+ zRp3m2{{3ud=<@-3?2z*ddi-$vZaH;0VCLle%$$6Wv77y(1F<=|VL9J$_cNS{c}{Jj z{fo3s#J`j`Ii)U=F1m;eSM>4*l(w^s>wE*e;Z)AI0Qrl56$CdPi)*_*IwcoR83fUa%MZNo;M6uL5=%e#~^j>-88%H}+V9-rl{SZ{3f>Na5Nw%ydN&(v*` zt{ZQi@)nZRYvWk;vUL(&m3o@+V)B;sKEyxX)a>P*MYrFnIAfLj<}`J2(0}m*H!xPq z`6Ydh>6NR_Fo~a3CiS3y$QUm^g7yccokpEqt8``UjXU}I8vet=mAp-bk7wnQ`6K#B zR%G)l@iE(V|5>WG=(AX|u0eli-C!~LUL|P7muaa`8*EkdJ_HA_4_0LaFL=FSi&#~nr+jH1t?SoqxYaiIv74f;} zLwm7)XBK%_SxepW^Paa@V>*hwo@f1!Gf#qJeDJbo-@*z#!YVC!_G-QWADn0y*r-i%C}X!tcwX9X*1gEg6@a!G<0>} zmJ+*nP`BH5-EP~lGY`;iUDC(+W|-eq-t%SYqk(dLer#u;)NRK=v1<@Rr3_;iPmwNdDf?mv=jBfK8aubIcd|Ojd`|n?559n?HkZZajYVuh zal=>Dga;3wAJ+YywVF{h*F1O_{O3-`~XncFLM-0mwbFf<{LL(Jd+RO+~~`-8^rA2f4;{bt>Hubdmu{)Aa; zrjBLW_aDOdH|G-3alH;rT2N%4w+Dl|FJ65Hm-%}vK)-mKG2qiba`&ez@daT#a3!IVb`65Rd6Y}fB=w<#~lNp1msB?ZUHZS-3eOZ~eVn;^LU5!0y?KbN~F>nsQ z&6&$iEvEz8PV}l3TNw+mOPyxCTxI0eVdS>N$ZMhT*XKL!0o8pUb0ya0^YZ#W=hME4 zJip-j1<)Rrb8XNq7ksG`_Dsfs3VV*Om$Iqfe(87i?3^wA>BAoICfy3Cq>;O;L4l)TBCc&~EF)nH?{CYf!rbCo|6x&)z_0d)}8~tO^{I{RpXxycH|$k$GxPbz*1Xe%6p~#D|tW zfV1fJ;{19nV+{GSv}=o&frNK+M#=3LzBsjCd+|j`e(*T`UUh` zoX!zzX`Q51_|ml9(EW|IGw7Dtv~^$oFQe%?Bj`Rcf^PW;x=$!eSM*f#Zr+O=(7e;9 z*S`&q_yw$kE|&3E&b#>P(A66t{%`5?yO>weKdw4svtBLK{JONNegm!Pnige1%MqHE zo|K1OE|U5ucB}0T^i_FdIP;Y3*L;6DW8jT4KcTHI#8e>AGxhJg#4qihSorlMZ*u9l ziLd(O&e`(>tbwO>oms+-UcVnq`Ca#XiM^r!&}E(A zoTATXnyyi34sWPbcC@Z->t zb;>Uu)MNR&Zy$US9JOvcU&?skzkTn>1J8Z$NcYeG&#ni)`N0|06Zz}QZ6BNw|AOkf zrw?EE2h=-aPh07|Co`8YHu~gmNas!6T&JeDleK(V$2c-P@ZjN+8M-|V zKUFHSkg%4;m(N%0H6}x!wpmPG<^#Dd!%K(8W$mMfyc&L)Jl1#A{be{V>*jV{*6=ue zUFDxhoYqO?C2P?5hQp^_c@7t&7mM}0!mAtUS1yTd;(KAo9PxQ%jd8fx2bW@BmH1#s z-d1NaPu*hYoQpGm<@dn?MKVUnI+5|gPKw@%pEY`Yoi>v-an@l2+J6O4X}^ngO7ufy zaqb@4obMU;e1Gl~zMIxqx>E% z5B!2YDPPNFgfBPTuH}NiFk&BtGhLc4`!OT-QFaf97$ft07>0*(>FewjXdlDG1@%7j zI#s3Xqx;*HOM0Jqo!Q@Xf3NW4uHK-Y2Mmntvsd;TSqw_N zZDY60E8E2993kT)SF-4QKy;qI+3D9$!W}+cWnOh~ zzXXD=-xAP&Ye8SROxa!b-FI}<`gLW}f93pv%z?E|duc%l)8FK5+c;=M6UG?cE{POP<&3C7Xm_v1__a-}xEgjXt;nxw&hB_*bI8$gNWB z6TaGz@%i+*TJ~oy$h<+@IkVm){eilkdi*uUllAIE1AAo+pJa_qnLad#@5bCl)+wz% zNWXFWk?P;P1p7EGH!N>~KUSr#K%XItE?Q{}FySe^+Jm+O<`ijvrcK=YQKK4;%Re%)VTp zvS9%EWEtzvVDtIA8QE)-e|O7i_1jd(N!TV~ya}bx*xm zy=ZE%QMXYe@k;|0hA$ZdF8T3$Ub|Q=bMpt^2sSo+g8FPe8IK=QCC@I=<#GlrcMQEL z5+8X-gKKxKUYPm>WIWPqgXm#qv+-wH!{qM;^&Cy>7w1**UrVG;*5Cde=)|!p0pnu^ zGo1GjI>ICTF-IFd>5iv?Vp+H83k0I{(~fG+a!X%DPEO)TU?Fxz_Mek_4RNOm_D_fBmW!qpZ`Rlwp&bLarBl8Yl!v6`_{3GQ)d|K*{Z*x-mG;26wD`c(l zelssTE^T7_?a^M=8?ZC9k830GZS*)!e?||=uo3Q=2;q5sK-L?|XmhPEu1ycfS@DtQ zg4YMi7z=|k#~pbtjyayhOMUkE{+@=v*Cf77^MTzFS(v^oV``cBawF-m_Az$+z%}AG z>3APM(tjzV3;C>Kywdwn*rBNZjIZ`TBu>W8rQXwm~zugx9}sN>Qm;I`8S7g*~%By#bc*kL0bbgMh=i4nRa1dJf zT>F(H>iwLa39okb+{Ky=zKvd=@t+;ujUJl$gpp%VWa|3Oe>2gYd*p%}cIq*pfVq~O zlRktD9NVV0e7kNdJkiHD(T1(h_Uelv#MhU#5}~bm)_ptxDDR-?>IgrPJ#mR2m3V9{ygNb!x@~S*KpZ-VAZ__mDCs zs2M*|EnDwI9?P-Gchc{g_Nhgh?7ShM>u z{;pZ$%)E^J7%Qbty8ZBzWo{~aGV6a%-Hxy>h(E)3ugr0rc4=eIxc2L>?ETAnwT!*n zvXm=x|8+n8>wMo~ucV4KA$Jcfz#bTXTecy=StYoY_mDx1q$;=D6voY(Y(+z&5@uADj zx@oE87abNImA0_?B;MbCgw;{xlF2pbHr$%vE`jxGyR2bK9`kp~tF+G3W-#hxx_yx)oVfMx0S2a9rm|^ zd0&#T205P)e)yiXbwUT-xtRQo0JaMqOuPM84I23zH1gSRWhb zzpKvqJqKH7(G!0gOWR5tQ^yw5u5r_@j?w#&*>9=Rf4eT{HB5VGS@1XQVso_J<9-Lf zocp?&Lo$E#)lG0)Y}+t4arQ_2Z58TU2kf@JCm-2!SnBFR?@SjrekivOo->w)O{YCK z(GIKu9y!FffbRk7d0MY41n`I5J*DaN!>rNcE>qt%rk?H@8rBcw3{B>Tj7c&-M5h}D zDf{wO=V>~rYnAkS@m0tZ6**`>aXITsJ-Jg7HnzA_)~Vrf(Db+CGB?D|PS@j{jLD~& z_fr4tFl#aRMQn4(o^=2_>)PA|Hg_pDw-=kc3!D3jJ||j8`q8{w}%-KSUW_uyK`JE1}tPe`)p) zRgsiw&YuoQyGdAa!59C6{Clt8I1s+YKe^*b?qZt6zxVn{o)i3&JaRvh-1YQcKgn~D zf0C!neEIywAN&_c9VAaV|D;au^^%vWu+NQcXCsbdTY)YiV zAt(8p5*<}n8*6HIl8I21o4D$ln$k^9tfrKZI+C*(r6Xn&`Hpf!o<`91$lW=0GrrJa^7|~QH5soy4nnKOZ_4T!(kkV|29oTMm ze`)i*>hoR*Db?iE*Ve~UH8r97SaURzPCMafEEY+HQ%y~^P3efG(8T>>`d43@h=kHL z$yg}jBx-7ERZU$DjMavnq!WuJ!|6~e?9_$oQ;FJesy6A=sZ?`qBIQJ4waG+tQ?e$K z3Wd{&a4eioH>K+nPQmy+& zT2~jXi#f46Clzs$$rv?EHm97h3P%#Ocx`Q@rp}2)>(jNdbSf3A35TNLNNr7|zCMwv zZB9nQt^i`9hgVf(WJJ@*U~}{Dnjxj?qT!lQZB4AHHkNWiP4%JXM14~%k*p7gqmfWF zMiV*drlwS?CR&$_C9lm=ES5&`BXxq80x=m)hr>>!M%6e@IsxfqC=!Z=n(OKjN0?wV zk{~G*YK}HHhZ4vyE5DXs9-naB4%TP&66AV$?=!B4Ly$6pbcB$@+AC zlA0wG;rdWA5{pJ?X)2bC{>Fx?sY`^LLP@7N6ltoV4~ApW+S*ht7AcZe$$GkeDv3Cf z(PVRdb0l07iG`A}Xd)Cz)ubb}b*V5$EF7UQCzP(EPZAxjQOR_qzAoZ8$=YV@3_PU5 z;dFCTT`C=o(2GO-S0AnCrod>r)~Sibs8p!FDH2t!_s{uQ6PD?L8f81&Xub2t)1>*I zKmPwoX7n@}s;NswlIc`)4ZWu(P1S0nv2abazLu_7lZd60;pSwxK8+0O>tl5_4g!ls z!h;H<73UW=~$?~ra76ep<~mZW1(0&lvLPRdUzz2P9+>JP)wy#kqCAy8csH) zn`5EcR0N?rsAW3R9IkIpBIhJsK9)!%npJ(eDcR&SMVn%wL~T0JRM&*UL@|bukc<&j zAsMN2YMfLPMWP|isZ_E)845SoB$`~suC4Pawh`=D#z`lQZWkNQtK0ug0x5-^tc%p9 zokSv%h((&}laVHBT3cI>sdMP@b+t4Jjg(5&Mw0aMNHWzFNky7ykZ>J+V>Aayb>t8H zy5>ZJ9$!-*YjUE^kz_2DVEm)paBXc38c;*yHiw&P!l`IDTF)p;mZsXeNFo{yA^Q4I zq(1G`gb{fplEAJc=owLXjyY&Tor*T2&EckSb5l*CzB!h37-ca-iTYHiIo4ED7Z#Qy z)F>ILsclL%rIN|IXsFJK(1&Ylnrn4?M4aEo(2T6wRiV5+$#)b3Sj@b%Y{c*QeXjyi z3K7+W#n$6XAciQd*c7V8$%!;O;dBkRh}NWIsk)}-CZ{HfJqbl>q9Mm=t_{^h@Da4v z!iAzJM7Rm`bQmL;a+=cVNE3Fd={-lHt16VjI7MkbypDQ&fo5z_B1E5#I>}H1doK-A z6RS(m|7ydr`iM#-9K4D!-4Kl0NWFtIk*cq0!Xkze>H2706P6&!h?`8*$C8+{SaW@} zrYYovYol0F24cEdxHe7WLJ-@MsEyV(QMqt^U5EitF_zJNWq1$Qg;RB6ADUuL5(fZh z1&wNUnz2L4bl8a{Fhi-PSUM4@sfl17Wx-;s2)<3!ToR3zGrxi~=Eesl`QNgo&l1Xf}4H zIf>@tDl)EwVk$*t>5k+KMMI1oDKw9Mm8`2{7_Lo5qhY!xz7GR`Eh9NPM5lEU&2?mn zrX%TO0)wVF#O+PSxPK;$$Uo=pqsN75;)#TbFcgq9SeIlIesNu_IbBnS2gN<(snm>$ zs*dHK{mjbF*49)7_i8WaCFzPt?bHgVI#MmuQFm?`cEVpV0Bs`G2E^lsXQMBRKs<&lT=0a4|nN>8&^a`ONr)Oqlrz zuDye~Up3uO)&w<+zi@maE!a1x)D2}elJulYLh@JfZ=V26i;F3*Y;<|+JX}^i)M<^% zGRjE)=ZsGz-m>ch;OY7bYTCm~QSt~p);j`HzWnSO2K5iv`VW$Kg`Xd(+e0JkFEniZ z_qe1elOt*_95?_CCxr~ZIO$6hw+DAj`11I#jI*LhLvLL3bp=Z_%^$t-!_z-_eSBhk zvym;gOv@Vz@*7tUofhF`Bn4@^g8OZD(<<;^;AT@3`pDNR`K~Tq=WViiPyZm_rpTZm z?h*(bBY#}-dt6JtPrBLMEal*@aq-m(@Jpm#&j%J+omxnGpPN3eT_tbm3kbnKd;foW zUth`A8^3VFv)6Ac{`2d`5|9+N!sGDue>(O3fBfFbfB3FjF0wB;Z^{jtZ-}@d7Y^)$ zmw|u?-wM11dgGeM6}aqMQA4MYeEMhUNF42`e^xgnZn23gGGAm>Xxo2{)Lp7(`^x>3 zL@nREK_#wBz4fNQXNryTVwSz0aE^w~uvme(@me;3p@cUeJwxm*qre;mY zO8S12KHsL#_0nmFqLXfVK+20tlm2FFGETn2r_=N1lKZGS^v;}4j)tNO(P2pFkI-ZKWz@*r^+O`K2e6N=n8`gY=m z^O~=*1Yhu=%O2L(lo4VHIBw`&An!Ho?q@}k7;W9J(cuZ5CQsDraN5&h!ruw38wzMWs|reTOdkywZWIR_&twMUeBm+kbm-H z>`S`#-ak%>t`*#Ca=O_hPlw4e3OPV`7D&xgDBL6XLQ%gb1nN_w!DN1MYkmx8NMO z=XJY{)+2E(*5*sMf|b0ROgYl0LSr|JmhQ)lGRZJ3S%mLnZeG14FCctOJnhB>=Kp4T z={z$stS_bC&&d}conKR-j7i8s|DxtAamZZ%;9vhFuGPRn^PNtdX@4cQG$i)I>-JKo zPq{p}(hwR(|MT?`8hZ^r>1Sj38J&I_@HolTUtI$KTK&@2-L?beTu1r(cgE`XNM0BD z%K`VgxWTvemAHkY;?l&eFmb|v)mXM&Bw?t#7UuWIC+@Xv;d-n>d%vNB9nn9Dv+ZAI z;wp%<_1}+;X%)2-U!z0JqepAV;BPeF(Vx6?T%>aU)1O#~0T>k~%KH&0B4qc+w%}z7 z{>}W`!oTAtd^gb|t9}zs628d4ViP7!`)F|!eiYwDbS`bey@a!bE&c#up+9KS|0`?= zy#prvx3F-I@IDg;)&0S*?4P|sc`ba$!K{QY5RUV;VRnlPMAuC?fb0uGgo7@A;10r7 zzI61kpu(4aFJWmTi~swCp^>Ne8N#ARwmd-h2Y*(UI)d;-nD*S(p3jb(S_+Lhae~}MsAi!;V?$70~Ky*a^T>c6^ zoDb{rMRrB=iQDsjm`679ev zVO02;QQ@tl!rSv<4HSGmA9nfwZ}h`Kny%0Ab9_|#>3moN1wZ9Y>{hCJ%;5ize7Z}| zlb=o~6dlz+m;XZcmgRjpwZfHG;T-&7+?-CZ77Mt|93Dcgc$b^4McrW2K zZn$Wa{s`KwWxn(&gf|gxG5Ga_PZDl4VRY-ZV!~+?UP8Fl7hXeH`b^xU{~6&^gu6@_ z`{Mpe^rz^+sPG`~L5lv`^3M_$dh<}CH&hk?~hiM6E^KRemUVS zzWk37-cH!mXZ(7?htT7Yp~tOR?$6~{`u>RUzENS?=k5!{T`>9oW>os?N=-jaT-2oh z3%3oz|G20tzwusw)EUPQ@kCo3e)hQd6Zq7gqrOJJCfqra{si>T{kiQsp^3K!E5NTX z`RQ*?oN%iNKjC6qdp#k;DWN{nvnKsN@mD57s?>zPM!1sn?I!$9R2_L0oHOC?@aFOW z>88CVoI$nEli#$*gnuJ^k#wV57v4yukxy_c;WdOEmwqrwSoF`(3oaqN zpRm#2;FG}mCrpC||EX01nEWpg?j&s5C-^d5vz_oIll~99_q~wt852Isd+i~@Hvj)c z*zv;R&o{>j8+sGzU-wQYT<+$dIE`=%;W88E#Ob~5g!h~9@1fel>P8cO2$)|%@O=gN z2g{c&t6rwsKDVq5sBPI3Yd^c3CkvM^S2pI6HEnB_@`hnPLZhr&y|klkW#{rSqAg;_ z@>OkXRm8M<4H8vv&2GYR4u&y!_F&&)C4qN7k%f z+u62u>F3(ktX=uprJZ?ZA6fdDXjXBk1t=ghP|t`H6vrf&ghuB z(CC=h=v5R&}nF(AwoR!4r=@zVhKmmv^*%YUQK($hAv5 zR_Y8w#pF|;TfOSj3l_|8YnH|(^3$u=E?fT8^0li)toMKX-nM&}Ke~J^!c4AOz3elB z@yO~9EAq#ece=VE@dSLlh2c$PO@sa6@@1VX(Vvb_nU)vqWvkabsdGKH)+PFA=fkTX zS-$p3D$w!7GR+HhlC-5A9UAkAPxrlqYm?zPM#eS1oIMboJUtmaba))Y8tCs~`2)sENV`G*^H6(`~CC6+x`^s-$V_ zf<_i=LwRm(gs(GQ6=fr&S&Z!RvWkRUF0>_}LRthi!^+3oJ`3mc`VP&iAc@pnlQAmt zQF-&!$jFa$b=>1CpAv(!`Vr_}oeEhuQ4^$NtXlr4+dtR>679aK43FNmc<>RtDmT^B zyl9K}xUYR;o@D&>aj`p$iG2KOb}T_Gk*Lm?EStg%Gmo!WO2-hhwHE1O_@w#$-Mmez z=&=?S)d8h*^$0A>%1Cl3>R83tNLS}+>7|_*n@@|qdD5m?+d3lrndMK4@*A2Og(w@= z_R33^piL5k^66DeAI^(R%vjrsrH`*Lok@3NtXk*eQn|H{ulSUF{UcL8hg#6NdhK$K zr?sUQB-$3NeApJEu|-emreQHIc}=eot75qR?DDlMKmBCB?5kr{dik=|9U}_J6AIUP zgv_|)3bAAPT3f*KE%<5X6iWVV zUhF9PrfFRE7^p`jo52->v}!c7jIpa$E|Ven8hLyvRxIvNE&LkhnwBkV)pX`9f6^7P zC3bZdo3i$CQFNN#7a@+o$Vk#9W^G=(d@h4eA6>!NzGW$TxHd+2IMZ4}TH6>g=N^I^ zX~SY7q{oZyq3O(M_*LPuP12BF!_LF4zW5Fw+~tEeG3T>+2bsTF_#|^L3tv>K!ociJ zsL2+t;4O0tN101mIPKAAeKpUUtfy339DM71-V0t?1(!Xz5Z}_)rLfEgQ*J&UfA&s8 zQ{Jf0$KzY)VPD+~Gt9{>{(k0P7C!FPs}SC7U5Y5n%AqKPs11J67dWauUg=*E^Q;?- zTzDLHpK5T%A!jSMas6I>$L;fY8+X75AM(M+d@%f2najSEg~u0rG{;wRD&3Sjeu*zW z!<^2>_xbW(@_3s-n|{>bOrXAb7}@4w+OgW=bnurH7KVPv!rOfD)Un3K4|?*PaGE)x zjX&?zal%C(JjDC-1}8`zEq*ZS(UddwlqZeDNoJ@$i$! zhX+f4Vu@GxiB%r`iH*Mag}(Ssrhtb3iCaA0Cc=Z|ZQ?;+UUe-tWQ1QBSXm zTRob^=!}(TF?8yTe2S4zKHk?x#RoinC_dzaPq7AJ^PXdUz`_?jI@cF@dV77j4~93Z z&(|;XE^320oAI^49&ev04EC1_{`{K{~;*qUw(;G^>_#1rsb3@vPgPbkR z8#;aQ$R{7a#}|)G^6|(dU)BXr<~LHVZLb?EJ^9?&=!~l@Di=FP^gUIDSg8s{>vWxfl?nF_rcJNnZEFWes3)JzwR$%2LrXkc`k~LV zK4^TB58;!fkfZ!QbdYsI!}EuRSc5fi8MLmQ5`k%CbD)T;&b z>t~j4^U5ms@mUU^wyaxydU7i=nP>RFm9p%3dTXl>?()HumB)X^^J8xnpSDOehJN#p zzIgUIZ2WD==i{cV+opLqw^jRaI(RY1;-Hh(PrmIbAI>JPZ{9ZGqxqLU{BQa2FDkXb z()@QH4tqqFx7*7-8QvaMYN5fuyU;ZM9}es4mgn1#csLbON7KJ5 z>U{CYcCn#9S?~?cLEj?@_-LMqg0!Xzu=>D$-}vm za@q~fohv-uxbu)wpS1Dkytcb5?%~{p4qIKi3q4tC@bB8^!$0NOz`M@-;2}@PKGNv% z_7P-a=V%|<;@STy__T7XD)#1yRp|V3Q*IT!*>R+*!?O=n(6oK3YMW9ITYThT@u#+U zb(y-@D|hNfr9NZur&2FFznglJBjGk4{joHs(iiNQHLb+6A=BXV5raRi$`?=FZ5vI4 zH(Qr!`@Qjc+6f;%^0YQ;+8G~w&XWm8Q}VX`?sCshxSO)9&A)qz56<{tc(A_B-3NT} z)YtkC(~*^x+jL}=hdVu)Pv5T8ADa43ht6sX4|+ULKkkE1dGpGTW<6ixquYG&9?yUH z=s~5{8k!$PK9+}%p7FsKeDEbt=c|i+u;b}}b*m3<_xf7(CeJ6Sre3yvtI-GRlT^cl zm2LHT559-8Z2UcyJ~-}!eQj~i3Qs0-tFIj^??HxkoV|xS+W3(2;zNr)`Ghul@io-Z z;@5zahpCIDSwmac@v8>=fj0U~F8J+I+O}Prh`Uz3w+-P(rN?Cb$i`Pe@`@D9E zQkHGI=s8ag(IF46E%E${TH4pjt=93u^L=oJ7lI8BwaDN0sandl^{Q+1WLrmGtJ`(p zJYn+IomT2`3&We0Vci7}uBW{|YjEn3`Nu50#gj=rd96*Wr(PCzeD!iFJep3G4-WZY zc(!FZ$kvwSe9;@%cwIa{t~m#N_%aroaoPDh4<}aS)jd}1_1PHw*fA?cxlfvU#pe6) z7y9twCy&3;hfm$@8pRCgTb^eitA`BD867^j&!azMk4JOHA&=&a6FwaD)0R5}*;+mu z%9MJ_&~KnDtDg<4ym?$h)(3C*^rT_GH%DtY?#)jdD9hUIhRYt@NITm2M%vEmTO+cv z`qtR)gDE$Uzs;lHNPVr2HSY7l2feYr5gx3r&ZOKtT&C1AQ{S0s&nC>IT)WOZv&-XQ zCgs|)W)67c<4nr6JkK2T!RI}AR*)NmOj)z0dwqNs`e6N~S+uF;XBIRqpR=IZX!D-( z;Mv7q|D9dwgB`E$&!#Sx{_IYVpEz=`?HdQj`Zn>6USEs%`(WDF&b8z4W91O1t@H3n zAAH&epY!xNet}!;Ou7n=8bbB$)|c$=YlZ@;I{_n!2|$Ce_`2X499v$rjG zc=lG#;eMF2s``gaG%R#W3@iuaN)1fg%HLUPoTb3!23`kTVPNdNs)Rl?3tE61P5fU0 z#|``nFtjwCe*p$h;6Nepd;>#6wHlanXNvaKIG+YyZ0N^<*O>Uv19uu&&b@XS_+{XX zfqx8~b>RZ)sx}&!xtiK!U^#=k#n5+v_n3In)m{UC0eGK*Uj^Q8;7h;bmo}ZS6L_(K-vVA@=)+f_(~S>GSzQL62AnZ4XGQ~A10#>X zMi-v=G2l%Gei3+!3s1Tc7+y91$Rn`V#IFI~XW*xR_ZxT^_<##vw;uSQ3m1ptZg#&K9oN+EZY2Z!3(2~4zwz=@K3(L9Y zqH+Vb0-HL@dFG-H6MqWW@G0k%iw?N)az?p`G@*I>SvgPd!jl&RgD3HF4tZS0!0ykX=a`>hf$XLf@tT)4ghxZi~x!8z%| za_(04Nd;fd+)k`CFyD!-E-YtlWj|DKW)A=#cj5SX;4=ok$loSScVRh8JBcy`Ke+~Y zp@H`TuQ2d_V8g$hm7TQDjZbv~8=C2M{?4G(jhFMW*BLp;+1TqAyYX@^_B!%QS8JR1u64gFEX1t>ORGDVcXg`jj-{PT zRrRMHe_U1T*tM(O822lAYpQEh^|IBEJhGfKGcMBd6`W0yLvO#^uL5*zof>blMH%+C z8CX6=2EN6>aX0)qWN`C7;OqD&`2|lZdY1`H2j$m-Oh)_!SANs^7v$f2;mH^%c?$T) zPv{k3L-Rk&pZraRz;QR_3uTaQ2NwRYiFy8J0Smn_|M<FJ;l8a3->;^Y+t0W;Fcz+; zkXxR7|JRtc^<0Cc@!Kc$G|g`g6xiaR9uU7w*MpDz&TP^jG>cyqw@O|gORGSvf;%cajcrEDp|8jZ@rRnCkj?R#kLQX?-zsuJuK^gR^_;j4pX= zq&ql|d&qNVHbY}`N);@cn!T-i>Vhudz@oYFYJuerPsvZ50xuu`l8NWOQ+>}i_nk)N zp60K=vb)7(Y9nLjmtP955u zR(EE&2RQQvcjoe@@MCjTg}kd0=j~4Lc>ANw$-b#Jc2AmHnt7(BI=fdDagVti*a>W& zt?pbpRaNZZ%N^vw-iHeJY@JhBrSAsjzIDNKvPxxNbMKtx4sG6`Qf0B3>Pt>LCz<4a zdD3~$XS(FyHK#D%uvtYPn_HpePT7Xd1%sNF+^xIPrSa^Sxx@BpbZ#kc#kg=x2j5F(|DU_3h@=W+}0-U-@enm zGZy?}@Pj`5;`m|i*mm)Gw={PW8N2UcCse!W9J-j1`|tHV?%V^8-X7BL8t+uC+{-Ta z@RrM6_6>s??hsy)nY_VuX!w8sHoyuSaJ_yff6=S|`bhToDr-pV&@3pZE&V4elo{;m+Y!{w-{HBlj-f#ezfn^(H;u^YmG{OE|#W5^;%>yTG|8{`y_B z3o9N&{}Q`ZY42p-OGxPZix+QAsD-;ek$ZRZELHH0rE1{k9%LBYTu^p8qQ!6It%MIrpw}CU<%BCvsPumsRkk ziTdv7>v;=rlEYofyJi>E^|q<~-BZuD(x#VRnx?LU_u^e`#NST*w6m?*oH{^UuzTj* zQsF1_ccE77vTieJAK|BWjwZHpT+nEB$%yfq#Yj;IRR6r?lH%@63^RCTN2$ zFYm8+A@fl8%r{EAKl#II;OJK2Goc*5LB5TAi_w>0tgYa@j4^*Yjk~3>jnY3v2X`== ziyyhdA7katQzzb7(6+sTa!W+!`dty;3-Oit(Vm?@rhSG^2`;otG|vxH&#%L;=p8&u zUiwEX{c$?w6pHNy{%B}rE|*z0r$lV7*f2d-c{pW)GkK~i$SnJCNoJWk>Brl}xVLE9 zcV=PBg6u8(SvtZ_7B~Y*f5w zr9Mcx<;dX)-Zgs{J68JOYa3^M<)|75&GFxOOHF`Inb6tA`1}&}i&X^VTOjqmCT;ov zw726&6bXHiHT(v61A(>oY44{`>}~2>FL3oo}W2RvCQVN3!^lf}4Gww_#?hcqUl*b!ctdKpi%` zjUP2x_rno-#vA0iej-=f{<`cV%E4aoKG^UwWVpn>cR?BD0?Yfh&@GWNpj`@Wt$Q2Z z!Vi;s{CTGiS!kKa{rAu)vowsaAbt9P)mdG~DQX{Yzz_28ApcI_6YRyuJ@0dj1IeNYk=$;EcHnux;f2rU}n$PBV^Me5IB2wpF9js!s zEA`c0HDl4k*x%19vA^YuR*s()naJBhWphfzX7@b(!;+q-)k#;5Mb73a0qwuVcNR^T zHkY>)xqLUBEGZW z9B*)iy4yr9xxwkTG5&!kw4B$NPeF_P_XwSZ-x0a+&hh%f6{HsuuOvP5R=9M>cw1I( zCuJ4cvfxY0*vHoi;Y-U}^Ok$Tl{a+%m}k9RK2BI3OkMU$`P+Y?`O-W|{Upxd6}o)p z{vsd8J7DlQZc&gnzdfmCV#*yaIPm_Fe7WBm9vVw_9*=5@#f|R_v{z#XsMo$~d?c^P%pQ9h} zy6|VhUrx(7lba#$7?o=MxYyMW_dTLONaNp*Uc_@JB+rf(uDAqW^aA;PV8;YiBsu|J zq3D3dY1VD4@t}K?<^#Iu^I68WF5v|qUgoVQGq34)Sv#n+)#1ga{Rc&-tqxc{M8=au z22!TTI`OUCpvYCq7MXiGs3!V#&}}Ex>dKXV;p&lXr_%S5tE5YP{WRk*Um1e$Vm&4> zC&Rw+j^OvZUYgBZqKdbD@cov3jrpOBG1v@wAIlk3YC}Sm>9K}&hHJf(75~<-jNki3 zKKPV_*jX7bm8=zfY(4XG>?w9t&rSIjiH-G-DP}wo|E?7Ou8Q%m$oLKAj3IWM*EUA% z3pT}X%l*Ea&?tw7BmSHCan3;Dpp$jyFZdf-ft{YfUa?m$TyQ|(ue^odZu~gwhZrBk z^0kWbJ!|v2u$vbiSD0}}#uq)egU1#43mFNMzSyMeIuPzKK8%eo5qg5l*xg~rDe@HI zzv}nDsP}kT7joK>DeprO4#@j2B1ikS%RQS^(DI)7%q?A7t{d=WbF6JJuMzoX{wC7Z zeeVK!XHwn^E@C_jNq$>q?{%sx`<5#&;hA~=dHg(GE^U0Kcb@9X{JcTqpko2&tQs$T zlXi+Rh4)=4kFum3$|!{=DWlZ#*nO8?1Jdu_kT-yiNq!lV^_mU&wV&UuQuizggL)08)4c1m>h3=(;4QRVhP8n9d$Np6EerB>rR>F0Kgk0emvVG@yWFuV^J(T` zyHr({u+*XF+`D$(4o|~>rR$F0A$vsN2z{kvrG(d`MA7Www|1 zyYLg}XJt}<`@Wgm_BrO4!;gsXW$Q|NR31%GH{NKV^@9^%Qc{|R&{ixUDdR3{sRV92HU(dWjpSzgXhs|!gSRK&1fnG>kcTY%l^%he8 z6yN$>uPV0fZgnGLXh_{MKPB&v^LeEGw0~%QL%$vfu9GXwO4(8$vxdmJNnuv{dHe`+ zZXfN zti^T7nx$Q%FnpA;zJ|Z8+pV~Fs+zuac46KY^xlard_m7o_DKD8JGpX_I_vkj;A8sH z$@s*~MY9_Mjj{%oT^4Zk8(cr39eEE=`k=IDcO&l}{=ov>u3E>AsQK99={>K(*LigC zBiQ2R?|0dE)x>B2ZQjrl86m$a`C7hci%QWQ;SZa*r}y^4^6b&TiYKlsR=au%rZ1ZC zx5JCZ|J(4QqWUAqrfAW`9}F*=^s{07xw5`qRnqqgI`Fm%qI>O&g8wi~KasZw<&CT| zX-C?x9D5XaVrsF>satwy2bLH)Rv|~32TETkC%)alB{rTmFQd(0g-(gs5&Fd*V~1=V zv|VTJx!@@M%G3kfUQq7#u>x7=QP$48ea!8b4fI>vKV)vK<-9X+j&?4Vc*aF}lU)1! zy$_kWB)-wEY0Tee7fjzZORafncHwsLSBWn0?d03fcg5D(1)?t<*!Qf|fAb_&aNor5 zO(MN~^ITPU-<-eLrs0QF>yEaYTB(Ey?m|T@!jUo>~ZFmNX@@(Hx_jV_wn+$eh>J7xzu2qTBU3ciheSD{POW!!`IlC5oO6W?~e zTcA0AM_a)i=zo3@H6c0rJT#pLPR+E#e?*4c%7VmeN( z;ad!Dr_>$2xNFDk!YbBx4)O0K@~>bGYtN#og>NjHs;ZYWzawwOOmOLsineSe@7`U+ z-8X05TCG>a-8bjqr#$%7rv%<~L~YUYZsxBGzsCD}J6TWdDNKv(SaaG!xr@<>?b5z3 zy}SNh@@<}7c!!j8-<+?n1?LX8KC;#pxXiyH>ZOE+(^H_=dt_e0xV{Y=ciPu3L2Q?n zvFMw~nQ`W{ZKDm(%l;XDNjvLrjc&W*&j$N4s)+p?cYWzd?wB(GPSzcptgb?LJ36q? zR~EigZoBXu%dedk-XUws@&>upU-X4FyId!GBh!1^3d>hcRm0u9AIKczp+!@FxNgzZ zu8QtC^SZXu2PjMX*2r4kYLzz}-E}2&MAnwHKE1-2_qMmTB;~VCyN>>_5m{&-*XU>$ z?<`-Y{(2on_!fDKelDG=vZ9|Ncl5SP(qz2lecV3Q%a4!Q9}4lGHt8{AySDL17#sJp z4{=;A$(~p3*-dI;-&X^h`ZfeM_PrX|()Z&)UvHIK15O7xE5KPr`Zm(Glh(g=N?>4f zmFnCvC9o&E!pI(_=1{l_}D0Xz|Tg> z+e=>Rr~S(AY;OhS$y^|+_m=T@qj@Nm>;;+wUB8ZHMqG_SQKXSS)=_uP0{JjnYS08L3d$#Abi>>sf zD(0r+n2#>x%iLL&F<&?%a}LJqQ<;r(wZ3iYQU3}LXGWEO3VS4Dt&F)c2A^X*KL65e zb%8a3vp#*%^)YJ`dQLCxA!CUh5A0WLvC%_WN74ODzJ7hQxb{omDE6mA_YC7BPR&py)y(zI<$$T*#K*R%wea@_Z|d1u$+3q9v( zVV{J-y;JbW|EI)l8x{9u9X?vP$>O2+rQmL{ei-x5{pkDXJ)bdb(@5KHc@cU7i=7$E z#`xQuGZPoI%%}_eXurkMv0vR@(^LUEUbeZdAjY1n*o$J_hU-{~bnY<(P&cr$SHZkowR=bR{2V3;GiZ91`loQCMgTB5+>V}?N z?rjU`b7HK!bY?c*U;6QE(PZWyPsRrrD>vt4jkcY$K;^*i;?oUE8!nw1#~u{Q9yI4v za#t8*Y5UwT^uG;Gzt{$|*2Lbw8sbfIIoFidWzC&i+C8|mp=-9nYSmls6ApY6aA{c=WBP!9)4G*`0shDo0*tWE}+gos)UHwV%?*jlC!v)0S2!IV*HQ=&>LAs|Vj4KTFz^HQs-H z7MiRBGoMlCp6yX*@o&V&b5@UanO@hw8LPh7`Lo#hb5iG?7cRE;yxGz!Jol#5dG_HC zc7O8z(w@V2lqUMr8r{$OSrdK^IkPs|^UQhe@5nkIvS^I|r9RIjd)Q}%kJ+>V@2e~7 zd3Hk&b$)uTj8U769xa5v=uw%BBUWzGC*u9NgCqDi{uy#Rr{%sg*N;Bv@h7w44n6kJ zo|}ZW%puUhHFEw>&XkCL=5;a4p8Om&{_bb=SjIe}WJdR_R?a5=5?zx0(4vY_dfD!V zD`X$wB74_|(XaWy9X-$SyhT4}j@lR_UpU{|JqI~Gb2iS{b~e$UV=q;&tu<1|!{A5x zZsI%L`XbDG-1VR5^ty0)BC8IuRyo92sd}dbin^;>T6;F1kH-(OzQvhA^!a*w#shd< zLsk_%*nh)}p8kt*%Db#}aK$f5Gt2(P_5I?x4eq=|bx7andGl;*&xT)?n)#)y%U`x@ zN%`@E_1#T9fr-fRvVRN*cZm9+d-x6Tm)ZCW#)rT}bnbHB^Y|39K9SOEe=74Z=cwA5 zC$K+a=L^zi^Pf`{jf0Fy-{I^hN9CP|*#nysdXcq~Bj}Z!%?L7Iu6S&k%55G;pINUu zX{TwKpT=KY__GN|NFRW9S7vkJ*P|PAxnx{za(>3xH-WQ~&GC_Rf~sOskTZ6h)HHnY zQ=9K(Ex5U5Bo1ZSb4JjvWSwt`;0f=dpYxeNWHzek!VN!MCwmccz7YF#hO=+g*s{38 zo)Yc3H>Pwu58VBEQwJ$~;`muT&$P%Kq)d1geg!|iJ||}k`=tz_DfW?iwpt%7Z*N)C z*zj}qN1mrI=sCGw1J!;tZK2PnqW^lGPxlw*ej9R{kCT=*U*Ye>ReipfIn<%MyEc4P z>r|!8p+5Hldl_;ja}fVwXDBZH9^M`C_j@y93kpl+EMCvw|FX2_O>8@L24Bvv&cxPb zy5|!Aj1$K%tfb%Sd6l+1rr-8_{vtHl&p4DjC-Y#v&Ms^2*iFhQ$Cq4{S@{VwXBpOe z^w|G{&z{k?lQTO7Gkae9WvPT8d?7GtX1qwrS{HnmAfGaHb0X^=cfpgu(pNKlZy@d? ziQSxKuDCJ4_+CZ)IpmQQdoT0JBb)(j_**7s0oI#1CyOlRcQ=Gu@o{syKb^byV&=>6 zIsSAj=bSl@aN{uN^m2=4YP*|bEDFl{w&+XuQ*V?q?kns|fIchzB*0(R2V!$M0JNL4 zm2GNo=Id3L8z!qN=}Vdae79cb$b6@uRPTLM{(YC6#THxjC%J-|>t4S2VvI@1jOWqs z+1P^r7;x5o^I~f?f33A>){VpK-rCzLXJWc%U34CJ&E+f8bxYT}*IS(U7u2erotImC z`v0=Dr+>id`HA)c!saODRc9?uixH}&)475 z3eLvv2U=RYZeABTzk(~TH??> z291S`dB>zIX0_01e2P7yC)BTBY&`yJ5q60E1H1p}_4})A1bv4&_^J%Hf;rd37k#&|1`b5?LV(xvwt1Pa>|9S6C!X-qF z_SU8v%SECFKFg#D3^lxX|@YOwgwN?ENCE?SEiz z=@$0Oe$L)*-fV3nOxX-in9I)C#+-7T3O|p&!Do3PaGv&Q__8WSKj%#Sl9rR=L>+n* zn}RrPI}7c!Nv+tGwq4LQCtdvHap{}S)&ypvJEov_N;<+n4R4OC5PIJc-&|xb@%S?o5XQ$iqTe5IWfYp)B@fy*(UU}vj#D`;zhQrSwC+noqz!eSDQs46&HGWuJuN&oD8W?u~3@EmysZTpaioSoQ0T!tH`*Qg@ob6EVFk+H+p zKTzbLy@CA!WP&ugFLVZ{h`&3&#V6?_ZBjq!N3zBkUpIVO);h=+fBxWsgPo8iXB%YPqb>2B4o)zz*btTeHGJb2-i}QD5LY_ z|7oMI7a2QO<{?93N9FK`+XiGDh`-D@(B-b1q{?_%iCv?j!}uDF(>8|4r<~KeQg{GgA8X(KE8U)w20Ly* z%VdH%Gv%+Dh`sbO?PKVcJ(V?c^&U4m#I=z$k9aS0BAHj4vW1UT)(@Ndi%!vdj@A}q zoIXO_e(J#a1MTy?Rd^_43Vdun@TQ88j=7DVU*}`z%NeMXug(tYcr&*=x`_R=nX!bn z?~tuy%!QURU*BisYj-zi2c~jPhb$!(HP8`D_319c`!aE~j(CzN*ffk5oseQxWBAh4tMh2QRc+?3N7XhAm0qrECa z`e~H&0iE@~q;LLsQSpn+mstzhc0pyn@EMi$jSFg&EiWeXlYY|JzVPDv;kBi|eeD~E zWnI$k%LXTCaY|;YVC;D(R$7w0SlXMs*fDc{Tl}x^YwCs12l3&1DUjb$u$B4mU`*=S zx#8DstogLGzYwYFxDI>Z$@jxu^WgnB#>!{h`9I@puGCNKlnFX1OLq`s_6 zcw-^lX={5yUUxQy<$%>9OqZ5`v9 zHx`A6yC;3DXKdfE+gHZ5clEe-i5`dEVO+z$oR6D@=;v*-q<;nru-yiPE}ln`E3tj@ zu!G73rftM;UFMCkZJ%}5{i(+oTPOMj?ZzI_T6M_|bmZ%^)EL$RGWvI_Ky zBKOi}n!Y}f_2E657atm5hqokX8%ftqTQLvFleq#mXg>C0gtG@?zygHzuW%9<1NC+c#XxdTmhqQDBo`PbjHV%9khJtCk2~IwoAD z>u2o+A5Zc&A99K|Qz!cJDUlWGcw`6mSNq!cSyReozB+s!8->1-EOPtI@M(B90RA9t zd&JmbW!Pbb(zZLs%ido^LBGh1qxTpXn|9EL@eBDC{$mlw-Ke!y+S$vGCRByAXA1x2 zCdS(6eQpY}M0{tif8UW7lw`xm>^<(pq}hBhC{s~u)OzMzlcIH; zKO3jd+-d!T46tUEvWaVjZ^B=6WT=EoRicCR**EpLS>Ye2#a`2Ew*ARiI$wonQoig{ znR*D%@`PtbkA9qb2IeQf|CJr%$h%gJLPs!mB=>C@H>~a1Lvbg{T$_2lQ;oczEh$rf zEj*REt?adz*0NrD02!)Plcm0EW-^Iqov*t_CB)_u*_M3^DaXpcpD&wV3S>ar)@VO_ zs0r-UI!DjB@m;zOzJ^MWE145fb`kzM?w+Oi7jM9?VmH%a7 zzq@Fc6WZM6M08&n=M;3ZP6dzJpNl(r&y91${|Ej$l5d#jBw0rjIV8`hjGZNQ4(s2) z78#K7At^e~tXVsqJKm>{F?N0K>b7k&RS2GK5}NV#iJ`kW|1S2O@FE%Eo%lxdYkcfm zbWVlv5dG62`#+p3n=EUF@SxD;fu5U}(e}}H&W}smiQU~*%B^7>_#qy8RUYG^)U86^ z>;6-Rf9gT;r`JAj>s^0^j6zvQlQpyGX>`ETgR%Jb49;9Q*=2*Qi9QpRHp-PXR&3^_ zvA*C@SqG4Or5s=0IoRu4sLM|1tPnco9cv|W);h0bw&L7Yl^yHXi~Y?z>mwxV&{`Le zXNY*aukMe}AwJjgf5SL6S+_f5ucVbQYiPe?ZZz44r)5R>O1>%ks6qup%!7*CKYvwt ze)7Oqy3q5`7{0Nm;#2S;DD{dTNY-|t`)OCzF_E=K>Wr;HzfD#UFZlT~zQ+zaTfm3U z!E&MDxwtB@boh9ai|^M)drG~%{x@V{N%w2?z}&EO!I0Y=TFxK_pwKm zWQ;7-XG@`1-f>>8b&AXd_L?&<2Zx&|GdQBm?HNZHXLENf4aOdw>&V#FfSpka?P7E2 z@k!>QuFq%;zNqkyvcUU#y+ZE;40noMBKUFoBx7e8COi09m$DDy$4{UinDY;JJvtY^ zAUWfLY)jr7$^vIZE@gfjI~Xh`@1Vh58`~S4wE0~bdoJ!~|NdINSF+s^zgF%)aLSO0 z56NNtz{Pfv0r*!mKlz>Q7KgRWAZ=XKF*;Ay&cd=5*V#kAIB>BNS;!3!_LxU8}ktK(MHOS zxpMfOIPEWMRC&l?pnr#ob<9KV=1tUlfZ&Qe=C{AVey5{yIwnk{kLE?A18PkBY3QTv zH+>abZV;W*bMF+9Ve;eLV{*9TI=yCBEb=Jx64o*DMYb5z^qM8{=&#{@^xZS0$roKf zdTi>8d9(wz^UxCMue?7dawqHdB6A{tB6lK#B6mUq>5#qe{0(bjvVP&N5okTfS=~4? zK2h$r2*`Z8mFH9FmdLAPgSTj3#$NqCL-xh6eL~U1@Was^*bU@6Klz8}H0`X3Kx6KX z3CQ7ukc=gj(nk|@u07({1K>r3R_UK&-&0QXL*?}1JC_)Kh`MbRoeYgpWcWuN6Bo*w z*)D9#0`yrXvL9khE?RsbFUnr<`p%{A%ld3l;st&F&0XK?zfeS(MeV((rzF0u#D`Vu zK*ki=Q&8j+ATB2IW^{wJ2Y#XW7wT~ZwvNLuO8Vl#WD)&X*8N1EtQEaR9jX`qVANyy zGqg(olDbNNmc9($Amt<^t;Cb(=|vMSIV)*pkAn9D^cTkNp=0j&%6bp=b;lrlTMyyO z^pqak3cJc!-zFd0s6p&KJEs*IX)o!U2f;Dz=xjCZxU2i6U>SC#!qzL&>*lP(;-fOc z$HnOHLh|?;JZMeys)j_nUbh!Jt{)pGrt9D5M5LXCSNO=5aVJcQpPCN*JLWc^Flc|{j%-c#>f{f@eJ z%$l#yFj<>we)9M1Wy80Lq63|(lG)DZSg%KCJLM(Row+FIaJ~IR+DX>ZWj*zJY`mWs zzD`2U#13XneL+~(s-?fmT{`H9T=dt>j)|-_5GQG+uNwNo&y~s?_WTjsCgMMgjlJH6 zU#tnnuycE9i!Etw5uq)%F#e=`i%eTE1`gv79ely%yIShw`<4&$eYnEM_ZJwSn4?)a z8r})tw}@=R_o(Lk{^3ouHT`S2$I|!_G`~RGw`zJ04j-020lxOrHMY9zN7Eh5m386n ze{kna@HU@5l}()jQYJS3v*_KNgIK`gnj3Hc&gUSQ{w9t+A%&* zykRVRDK+dzhuDvPW{|Odu!?s%8^+QO_)KWN>}Q-cWr;pA<%v$*MBV|(6Z?noH`nMr z_?MHri4(hTC-Q{9i>!S*GIwFWn|as|nP*8Ew6*MiZ~i6vp;qrR$FK!^q~4MzwqPy% zJF>}9?c6aS_x~6fa!$$JKVtuBUsLQublo4M&h&ZrE}#QWD|v{2&oRbcdlyhUwz=E| zbd;yu1++`@2T$$-(s+`O%_DvwSj|4h5hE+&KgT-l-cRcOu|F6U8YP{`0Qvk_uP?sr zRKP1)k5Ae3n5DAMBzOF5;hpw@7k&DQx#Nep2>7y}oU-|dOWo;1U(k2{$lX4`OEmu( zBT1v}9{4_a2lE)QH|X0k_LbAeVuFjFX5Bw<9s6tJm;>rv;~ zXS4VF4E>S&eU74ws-Q{hbm4>8SJ2D-K2CIg@(o#2+ut>wJ!P%G^?b?Rk8~K_e8d;8 z{VX`Qa)kK9Vvox^${j;;rx5oI9hN(Wh?6;L4)+cnk$MP? z^o#QO$=83v_%8Pe9c6q>zfY(o)t<7B;{36Dg1#}%wR2Si^_4x|T=IRQ|4`r-89UlL z-a@~EDq}Q@2`6E*zvnK!Hu;3v3f9fuvW~rB6 zGOx2Kp`q#ZE^yY(wAQhGWSD&={1Lb_HT3_ z354vtPi*SMlk~xH0nuv#p4Sjpx~VQ8Yk~ouvYsP-FBI@K#nFseH*U?!Va_yQ z$4hBn=F0`>yC<1jv?B{Y;n|9;1!D&;ZY>!v^A2QbX5MS)L++!>+}APls&GkA1vfA! zdd>;tGB%y1?9uVBqaUqrT|s^5lTo3qT(m8_k^Cd2wv;i|D_tBHxC`Uu<9h)9@z3=!cCZ zCG-_d>(Kg+YtFvbF%uuE2mX5!bC(c&5Id&7WNz~Ji{>%TV|&E6tDcgW%7!-=w#5Va zS_hy9Sl5^SFXy$n8)0~3=lywArT3Hf3&Mw?!f00@PwFv0x%(gda%%hYj(8wX6)wZ62E2q8_n1~fjhWnb4GT&$_FPGoG@cYsB5f~pLm)% z?VZe5zN(@ng`6AvzA8)nM#VPukmoK{u=u)+S(}ci!cC`<^Y_Usn|yyrzVpcI2b|OX zEo)<=$$Ktygf2N3?c_@zLsoPj*?=B}U!&s(FD}I%llvCj_23;J$hk+oJ}h+?SwL46 zFwe?JB%MORWeyeL97n!RBR&@|f3Q{ZLtcaEm18{7!77I*Z8*d}UQpIU821B%$c>)& z03X+SocV~?@0?!J(C^ecmDK;t%UVDlCLgdw=Pb?t;-);yt+8eB8OJ)L=JuYs{&u>JjoL}FYLE8 zNqb<&GVg`n0nR|aT~dXSoncHE3k6Gdqw$r&O2gG${a}e@6AaAxgVaBYMqrSZST%W1GzFMCBH10 z<1#dR|dOb8M`yQP9yA#-4 zwd&*YoEZUcP<@>BDJAlW-&=nBZ-f6=4|h&=K219wR1x6J&Zi>+>-90I3u`VqAMuaG zcT?_u^!qfY{HDdfyk|r3x}If0;gz0`Nx96&+D-Z+YDdECz)G{A1`-$;ZiGf z%iWP}!k5yqDu40Y__VUO*}nDk6uYPC`cg8-OujGsz>#e;=wr93aoaGCvGql_DEdtp zUkl_rIUxIU=+V=Zk6)qjFOI7!?kg5Q%8lY%9AmAc6q>q#$)iVP&-x(BdXDVDprZ!G z4;?)Bj=_V;e}Pn7(Xz4s`CWnXXy{a z8$OF4yXJZ8lIA_p4QC9gcl^<4annYrBLx_F7*8p;5ObIvY43^zwdb=g@^V^49Arog2;z zO<~CcTD&}aRe<;$Xv|=}VHaiIt8JL=s`$k|=U%C&@P|H=OP`4f?`@xneIwZx`zH4T z%nZzsG6k1%8>|kHzJI8TeW8Kj?{$q&-PN)Yn?*^SJDw}9zi}Gu`crAQ+RD1b5bF)% z50EYLjcwCQ|H#&QL;GjyJ7H>>bB36|Z)M$0pR?cmrrUO|U5ee)skTZQy{DT{d+;;4 zrSlnmhHdwr4p)!ZF#)@5A!~!Ze%}Yq<}?pEJfQbaMMu7Zy=3sk zk1bc$A!rZ1mh=X&_s%&-pT41^?5*%C$cvn}LuVf-U8?TUHW%^bEn4*>2~nc7wHdc z)s5(-Nz7&Pdk#4}qc1t@nLlX%r=BF?->_CDy!^c1r)3@U9DIn$$J5ax(_q^tPj)`=vo`8EM%o?Q=LYyQ)cNZBVa`kr2@Nv0 zE$x@NQF6})eCk*iZrczHOz!Nd;(VQIWo(JcUG%J5e|ya+718#`Z-Wy%pRS7CwVi$8 zXY{y}zhQLnnnj^e=eP0PHa9RiicS){gz-w|g1L)A!MC0pt()- zmNbGdf1?nx7vYQxwmtk18LwB> zmaaHsiO4AT?yy#``PpFmG^$ktboY3lW2w`!&C`YuLz zTFiGp#&>Qw!kR-ew|zTj+6>R>FS4G|YJG+qX&>SHxLM*W@)qk3l4kg1=d1sQuP*!S zKREFprB|yUWjb5m4Hj%Y6ufT3X!c$vs*Ha6%D8#Sq4xLLTUj3^otz;X9;5rR@zLo) zFLgf6{e$!wV0>K)#onou{dVX*B4Z8bJKshJR=RSKxl8DQe`THT{4l)vEj?!J+QFI^ zW9S}PBjepx%E>1ER@qy&Iu1G6E54kaeFIgSucF-EBQegI9Ir&@r z>~HV*F6%Kb-Yjc?rB5=Kd8d%`)9|8C;~Yari%tp%A8lS*K3-1d?V!y&m%SC<{CTZ^ zW!~-IbBxL!SJw>mwyYiUlzm4tzsqOsU+z56`b74m^!_6_whVOHKIAw{Y)~W1WrrMm zjPN&w2eSSs{sd8Ld&t}7*-m*>j+FK^Pm zp~iL!$=OiGz-v467U(mgv`a4Sl*4#AvomjA_{JAG$J7@nz}{>HmNks6!1*$c0ap_j zU_GFTavq~ynhE2(>ulsXhIToF?@1x=)^K(qLK{`WmwfRrLH_XfbGV-_Q0V%YI9u0D zU|#vMBYT+7l2?R0SWkCOQeFc165xG2FD2hCzI+4tAf6+?fRrKmp;rswYbj?HhwQo? z`ac)@&DHb!ll`KfV(Xj&>UkTyaL8MHd1dWYU|BaBMZNHGNlLx1geS*%-b&fxPowMf zD4ztUZ2AjhZAC)H3GtE0slzW)=vXwDy=m%dd~WjC2W8Jm=yQrFKM+Tbu+RG?PSVh} zsl0Xj>>ti=#J5%Q;$539cMYE(r(D)!o$^NfGN2KE1k2|P-d#M^$kgf9!_ZfP&Z^l_USJ}_SWk*Kd9Q#$9f;wlh@%YUw$F- zYjE{TppZEhwv45LIl{{qD|jb-O~pStF($MX$$b*E{o_(!?OVDoxt_j|CvrhP$F1xv znwybL-Q`TT=$G}-c)jq8d1DT3#F|~Q)|`vk$h#ZNJCPy!T(bPpxd|n5E@8_1-|>S( zd&Qn2FwzO|Isxvhf!Ea$L? zGM)oZ^q)SrBKO|-+JriNU-Sg)#3zZDy}HzxDY{Vf2Wxr*;50FB3v`he_vyBD+&^y$ zcTfj5UDWfdZ!fC&?kx1|aO~iPE$FU`=&XytJ@6nX<#*g4eNF5p`bJ(!whDIk#$OVbkDm0}#o!FCFClt!vH5$>3PKbYR<8m{)shRH9=JZ-7&r>tqpoYcS(nZFrW z*4IU*7i$?j_(7%cf;}aC%J5%foE1L8C-Douf5Sx91~%yVb$G)(N4`bD{rpu$@-EQ< z9^dZhDCI1s_ziC&uf1fXqHkAI042(*%E#xl6R6c^|%ggg;B3|nU z<{9yqhZ3HhJ=Dq^P3il5zrcAAvtRD@vkUBxs57MlR-S*qmHPN>li&A<&SZ@_fqkNV zXExz4bKpHy-2FYyX!L1)(1hvK2z#4Ke_McvYrx8sMEgp#n{28)~VTke>chZLb^(M4rJ8?tY28injN}M0W5~8?Wzy z>SYa4&S$@Vx{5pyc9PUQb>%8gmW@Sa}WwB#R`rj29;4Xwiftj&`&T-KZ zq~-g4;`iw6?RcQ5sv~>;mpejpf1&N~zR=#12N-Yg!9>=XKT(IzF4VTI_21Lu>KEj` zqEL_Ug0<6=?O(x1T4a0zw$(akPl|u*oK5X-7gdQ*tDJ#%+yBIuq@M8Yl<-6JAbLF6 zd7uLOQJv&|j@Mo|6#OLp(2=&%x@7N<=n%JeP4XU*?e5 z)!P5DKN%=)|IOJdc$Lv{?~L%X&m@!am(>=1CKb6^Tkx#6uBq3loiid^$noipIkeS0 z+Ug5c=)B=-$_eN*3w^^aQtwS~D$Zzqu@QQ1k@|B+jP=FgYWBB~x8X|dTdeisKVL4q zCvGQdICJf9zN62XNgi&0NuH8>X-c5G^KI@E<9;gi73(LAd4r0xFUb7Kvs&i$Iv;oc zi+rccyo@XDEy(3-X%_E1M9`J-oLUX1-tyW$ro zG9dayWJcsd`iGS@_{JO?|8#IlvQa)sbqf7Zg}?Yo`BqBjhG?uKtKzlz0r@^(Rn<1y zM)G^%U3AmfV3@P}r|8#%YYSO7oi@nca!kb!To@3Y3vWLj@5|Ur+8$tZp3pJ;1HQ@E ztLqP6q+N8M|5Np6J;>I7e)5?|J2&XMW3LTit76;im-Wja;beX+k;ISV!Z}&jV4fiM z4foV!$Q?c6ODglvNjyKnJDHPRg^d-9t;-CtCVbMK1(x>Xyv=dpk!xQEqUmxi`d8$Z zb@)Q+66(18{jk{Z@Vt_9-D1bYq`$=Xe=w=@C#PSFHc?OX+5F^&-@f>6urTo+>mEJW z4b)r8wK6+D`G4Ola>W|k;jW1)XYDndX_PtHK__=)zJEBbZ7TBZ_|Ma?k?(Vo=Z#NS ze9DYh&740dE-6Y5bw17gL3{_5whD3ISjM)C>gU*D+MkpD7ZRIH{QgaU?}rzs)@F9I z{>j?ZbLLz*c+ZcPdAI0-%z~E)%rk*{J3KkxH&?+77=j7e00TtH}NE3DXOr z7pI8N!FMN@wQYr5FotM5sHh~SG7|6{AKXy%GfV_5DoS&aRFa&P$go(*}&|sr7=qsBcc{rW@KXeOc>oz5eU! zdh%>_XSpYVTz%R3$hDTWvL^6NEY+$ML4m^H8^ zGB(854HqHH%~mH%8sg9o|IIinYaz*E^wApD8DhkRfMvbxoYbdt`=ESt^rW0IV{M7E zuB`3#3|8qmnfSnC&#*sRCG-9mYg+V8##(geou^-e?*ZXE`xyZl``dq0@f!DYp5K&o z&Y>T)?)A>l2B%8B%zm`kEK^yh>zO)=wt2zg$~ssuA36#&9lP{?%_&0*HZQc8IHUJ# zsmu50C;zLMZ}!~8d}=B6IxAw%>R|ka|2JQKWmTwg?%h{44gYp zcoEODZofEpTJAGKmUhKnkaGgVuk!v?+MhM3bE*6Fn8Oqts-s_V)?D8ci9E`HbT9kniKj{dg_i!%m(~e~^1E zUm8@>?>k@mbz7p3^9kJTHeye#51+kRPM+Ku_Z&}P<~tvRfx{B7bt*XcQn+`G(k{qa z%BO^RfVQ=fwN#w+O`&DeTF$xm%Gr7dpr zdpFDu7Essgkcp$nfSgxbByB#9KGp8~jwv2Zhlp#)#CAos`6duOx+B*HTjI#7O zgZROu%oSqN2Egk{=alvbv~O0lHlWB``y)!;o1g)H?Q`{hatZ4yQC~h4gl#@$z!k{( zZt5#*(W29vy76Pv_}g_^*!1q1Ak`U!7@r<>L)IUnZo z{a`ZU|7L{OW&!b|42g}wy5CZ1w^-kBW#SpmP4=rP3E5|7tGmT$)r1|!s3O5(j0#cjfaHzd(Y~9KFJ&Mr!F(x~r}$k^=EW0?*JaYia&H3rcQSu1 z^6Az#nP-T9H8?5%NteIe=|Z0LSMhPg@8#k~)_dgKXuhUzoOgZ`UdovO?dSLS0a?2U zl*ZNt^K^Q#AN$!m!)Ms&OYRN~hR7>l&TO!LIhrw>bq4m{-SyNQ`q@3tjnm)m(tEbT zC*6J+#S!i;PE|0{_t;p`b}wDjV$ zIp37MZMGVn*nwYP{qMr0*LsUF#J#`kAp4bd@Txv}LEe*JYJCGZ51-va(&Uo9kapC5 z0MtKI;@mb-2Y4sGmB@3TK=c1SRY;w*twCGl5$E~~c(U2%>zmp(k+zYvq|0O7I~N}v z=2dElHYhOjzM&oL4a!|$%xjNRztmcl_S?b#LG&_t27mA;_+Q{T{8VCBx%Cr!=L0*Ixo0k39xjl(yJCGGpy!A4 z8B6rs(TpX9j3wn}EUEU7B_b12H_FeKyU7+Yc1hdOC+PEmImp(el-y%a6Sq;~;H$p( zM$!sR?Cq7)F6X6<&^<$9qiGo&r~PVVuVXU2FZSWHM&a%SARE=R$@h?NJvMPRQQvFH zvk*G`W0UFLb<`UY62D@7|gI@uT^xcT~;}a+PkZ-}T9%}lmJB|kQUIwy#zwBFd zOt`NI8;>*i&Jbxs_($9_0v}#%h^t%3F9W+FxM4K@k&4U{#1DG_9toLc1DfQF!9OvmS<{6B)j6veNPM?>& z#AjRb`(r-r!gusTWQW830&%TJ3s^gwA~Z>x3t!;*b+2((PA;;$v=P zLiDxZ!bALV-o!5kors>)_hod|IJNCxnI0xy*E9N$?8WV1z5$Kx|1e$7z=t+C@T~@) z#Y0+OXnRBV!#+KR?Sv+|Pa&e|qWwia!S9teXKWD~W9R_UJq3%hnbX9%o8t%EjXdwW zvpVLMyvDa*u#N~Nn}iuyOVT&w2AKT z$c*q_%S+OUNLzG%P422kcY-fESn&0j^YZX%X%qCCjH?AQPVb;!M*G!eV)MxN0_G)o4A-kH=qr+ZjZGdQD5q%2lnAhgPnNG_G33 z|EpV9EnD&M>d1p@mNmCVmaS0n%1Tv!$DH`0%4&7T?DB_D|SP`Fo^DQQRc14_j(~Blo-BbDLX*U(!Y+sjG+%b8mQV9NlRoF3-G=n5V=|GH}!v7c+2yFRt3aHjhHWO(yP? zieFkZ`|^0_iqv@4oZ)$zNv0$ABZ{Y%#cH=2^tk^eT0Z^pV>~$JGm2 zUJkdDUz^V4t*p44Nb)&p(zlqWQnkRI*cyqv;Yw@IvJqFKc5k>jVVK>g1 zG&1d-q+KYLaciPPhdXCY`ay7Wr5&UNR%XS^-+kv&c~zuTz~;SWWPasf-<6#eznv^E zRq-)*`{m}!r>~~3;6_1a({as!6eDKyAykhV|Qpy~SqhqOa zV5fP%+dRvO+vma=J*3g{v^BJClwT%-&gIZL2O3ZQ@~wY4Aq1xaMo7rp4i3T_{o@(5 z^)DB?r7d1^q`fL#ij|^nLEHY-;P~20@Tx3d1g}=PKcQ3SCHxkw2i|?hC#yl*{_tP_ zBBbp#a6;XFX>PfuLt3mN8$yh11_umInR!M?cig}t;}MY{DYG6)FoHlo4xTqS&4MGj z`gyl#L>ExBQHE{TN~wqB`I3|32Yk%1?GLX0MTlE!V4cS0qsZi3%STCoU~qx;4?bkr`fr8SLaEzG$ykD1+-c-O#6sj*WJEVdge_M~%VA0H zwSTjv8~$aQ_76zA=FO&UtTvOj4LqY6=<9cxO@_V-Rc>WUC`<7IS;^dJa9V}O^7bWX zq3&-&K_t;`jHQ*81WB9Dl_?$UQN=VWT7b22NQHAfdKeJjh>zuhbM)2IQof%}8D zEL;DWhm(>qdB5A>7V7)wI?Ed)bje*lo{w5@aI}sP9!h`p=?D76s9i1&`aeyN z1RnI1H#iY+t^8~K<;u}~Kd&V})BhdmBO~-uphi&L!NAQggly{HX~C8JguXh&%+n__ zEz!TT;6$VjzR@{zPSzUT$3!H+f`_3t7u{Je_;-8=zex)*Hi4BPXb#!-m$B{5f z@=8hQJE=3&1Rg*cU>y+>W(fJn*O;iOcgQ@El`)kr?3@%{NZtHnYO|rqR1jW_X*c+y z8=`(*+%=MK$nKb32Db{_V*z2bKXYMr=ZFH3pD`!hG^4|$(Q=TUB`Mwt>f+`7XX&3Fyj+xwt`T|2C1e^fCe?>4I-Lt!^6nWBk%18B&+@z9IDq2F4iT z{^f*Q9(>Q)V`$4UPl-EhU`w~eo$%gkNaD_zINN5#U1FkCwTFL+&Bu=iU-ZwuleEZ@ z{#iWgc1e|qOHem0S07ci`_d{#8q!^|(M=l&k+w(cjz1~r@F;W6Wum`)z4NC&IggR& zpqr;7<8D;i=Z`6(Y-2cxvHZ_oCe-^XmnK~Ll&QNaro1hN=9Fz}bwq=ITwXAua7lO6O&2&SWsAN@=Y8O_DP~!sNq1R> zn=Z5ydsFwr^mKDRluX*|GSmLZpU6Jt{dw&acrcZfR;HqwEGg3WF56`49wE=PzL!2v zzHGmXE41hz?R42O7t9iyJ0|v^YXdb(v9=(=JMZFU?gOvN!+XMymy4>4xOggTp6L(A zMr5eue_B|c%&b!HOgJ^!GGXC+j==mPXkx*?Qegg~CVV~c68;KIcnWYke|aWM`|0(9 zQzkr{Y}$w`GvNh<_Yyv5!mZ35cM)ze;SMOxR$51$B3xm@q`l!B zd9F8MUb#OimkIQDc+j8WeU$?xCELu4QW zW=MXNrR!(I7YJ|VFYLZ|vVeEPf`Q!Zvn-$O0`w(fbwHP!$ zKc_e?EcToJnfHs+!i}jg6(aqbwD8kuVZI{g{!D(aq=mnc7XDUR_y=iW`04&ke*ZBt ztclW5?)w0bQ6h&0R|G`<0?6N}Lc)b6%RM>rg9$ToAxGiq} zLE(k|x%CTPo)(Uzg(s7KkT}DyAgk+RkRx@}^AxZH&Qo^U_mY7-tHe2%cq&yyd`k03Yo zxIaT5eg6v42SslBjC%-6e@mGB{*OU7@{o}dFgJY${QH>5N0~`~bsGNkwD4T;n}|DO z@YDKNMwcKbM}&t9ai-#CkXX%&FN$q#w@)Gi{1O!~FvwN0Pa|FX=knC*{QuPHSa9;V7a zNY{)Ij+y-EZ;@KUg(m!SVEr@YqrW2}9}VXHY4h5akG_hWA+E)JKZ;>&oYcwSkGh2L z0AbS}qasRO8zOAla}@pU+D+)^Jy-A_x_vh9^v^AS)Mpq9Vnmdi{Obv?2i3^esLv~P zeLn9`oA=1m4brA(P57^Y_0Qyo{+@t5S^Yig8%j;2z3lif>bnNr)Nj-emAaAgQuR4O z7#=uA{zv_qp$HxXEIn!ZCq$j5Qa`JoLTUOtGH`gz6x z^;hQozoS|StB@NW9VAQ|=cEaX?$AG%{?VV}wl?I`G4e4Q+T&%6u|{8wHoL>fv!-`6 z`q-p*!=C?L?;{mWPi@Zw*5Vu_7}G_tDm#G2qWLNJ+ikD zt|eUU)+d|sd5P#-(_Y#83GGO#1Jq-fQ`>Yc^K?#+)1ZUfV`G%9YQYtCXtCCt{H&otXx&!cz@%nm1_3N6{}n8R*~MRMpDnC&as=y6)k7nps(1*3#6ts-kZ79c?Xh?^9K)R@OJJUR~ALxN3Ies@AHy zRjV7P)Jujft5&v5xoMhOylPo%y%}ySJh1+<9I{Eg2wuls~RdA z>lzwYN!W!}t2-N8=dNg3(^_8FTBpia-q*Nl*+Wmvu4`_7u&(|QA{I8TdaQBP{KhBl zXsd6kTk&usaTRqd8WuLyJ<@pB>W8bJXrUU-%Nkd-s?{1-&0e^;dUnN>>9^>}@at?4ENW?}YaM|zXBo^?HLDs|w?5pm zs%HAFHEn9{ie;_kRIH(~L0F<8-&Q%%I3^~+5}O(R*Q5}8(# z7+brVyW+Fe+|{_)@PE9u66c9l0*_6rnVueTlaIs_Q$bB)V{6mO23=nX&TiF3O7-tr z(@ObwEPt?3nz&KwtOE-hS2Uz*C@i_FZbjY0jjQf%d|U`Nxh!a0y>bo0IcHTP%r^XR z1NAlXT(II{CC_rWXW#pB)2P&CiAIh$H)~`ciIpqsA8|>9A&XXw2ufo2om9k?_SHHA z3%k76g`}G9rfG&RF4Dr5#`@JRW7Z)3tLZLHw06At;g!BvA6tt}@+CJHmE4V7>H<>% zp+o|ySPjIRTLpEsm(5K@WJ7PJZ?sC0RjXG^lP_3ZCzTg*Gr_8b3*8{E+|K30b0g-i zXkNBL%Q`rMKO))Go!!(}|43C`Lj$f|BD?j=TNGGy2U|d6>w>%Qv}CMW_81+C zx1tzKiJ&9H7GuqW&C60ken)-1Ew8b@zGgLL*ECU2#S5<*^6D|IF;Xwl3#%F%7E+Ge zmvm|!SF_rUB!|1u9j3#}`-dA_YgR5pTYCSRPL?;t9~PNTiOuwzecfrH78OMY*P>dz#FOpnB{dI?Oc*7h zh@fb_)uQ#Jy^#f|p|bdUY55ev`3MY&cCn;3I<&A-yy|M2me*;WQ{SQ$pS+^836|s+ zU$v_43AZyCMoBCUWN`@`4Vyvfg0m3^l&wX;{0AQcO_Z>r}Q#(xr5~ zWNDaGx$<$eMD?=eXn7)2?xYS+(fspdFUas za-;NX8$-wWNPV9NfqstW9ZDga^l&fjg6%B5djScF~RVyF&7eYr_z7id& z1t$Jj-LmGo2b&ugF8h3=x~s0WzNviW^15X!v|gyGZ)I$&F{oApl&@qUT802LD0o8O zqYIi2;mMjPhud+s)I^UE7lvC2du+228vQQDca*f7wpxZu8zMy55Xj4AHJ;)DbCS-63}M!exxSx-7C!y~G|^NYTqyu5fcfsV#eGS-p(FUcsU` zg}0*q&D#ZykFH@nPLE#LTGzV9Z3t~v*nwk3!a4?Wb-)HuDUI7(w^+d=YNwp<)=YuZX~xyf`kX>$k{Z9`sq)vjKQfpjH?4(F6oBXtaHNAQ88c;_VSemD?E!CmiY&{iZbg%6*aR08lHg~e4`Oj4CDC>~fX6nWqajbzI z)^k$uBp+PmgBw^QwD`@e2O2oQJo#D+S1L8$!kbv*v+z!(t}}3ux%c%3&Y;{B%>3Qr zWK^^MXK~tm@J0{L46)p4aAbXZf`y^Mrp+8+UC_o;?u`Z(f4me7j^&B?u1zvHqxQ1q zXW>EC^9&p+^uf%jZCSD=caz20Nv~7>y^6I z!ajPkq31Rmf5e9aZ7~~v(&Nb(%9?HB#}xYDs7Lb{Xs~r0v&08OPb$962lx2ktv+~{ z4?g09p{?A~aN29fOA5VqzZ^Q}7@W(Yt-`{-cDcOQ%ja_PxAJiL38m&*{8K*otjC8d z!mLXgoGU0R1s8dAUJ>)!=!z;|d^0x<*tGEBZVR9B=(*y&Qumtpj}<7jz{1rm9a^}7 zFI-vpxDSTT#U?(S)AO#ik0^h)S#GVxa~QR;IR-lfzd7T&`apMgIC{+$+X z^~(JOI4f=Zey=Zl;-n|@pQMg02IrH5N-ekWc~2g$qK>Of{8hzXJ6=`pm338TY%8RXx6ZcC+nearXJrQm&P~s~=SAF{4|qeh4^2>EG3)ecYtI`Ydbo7KY9{44hB9 z*mCnDUcK@sdHLtZd^okfc=(n|+s_)N$@3be)M^WdJ)CQNd0tb&RlgSJxW}Js&Ux^s zXd~PAKUL_}{Zo|tq)Gd!^*)>}KAf$rd0HH3>oD-xT(6E}BOYyIt2j|_ahjF-yoEQi zY;IxXyvxFey>iD6`e0)EhMp8ouToz$d5+)h@qGLd zrJl9%(D00f&w4lo)ZMmML7opT^TxyiXqaiz7BsOk2&{UPrl>p6lR43Z^YmaGMYA_vJ%bmY(aVZwmJHsq3ku<<<4@%C_nC z;8_0Lu*B;ZH*E6c;Rfnu^St4#XA>5pb1pafr|@&Y@Kk<Uk4C z0XnS?nHciQng~y9Sre;0*`D~AQeTp?*rT2Jd0;6E_{P0nU2Z&#D~`#3Qj?c<(iU(0 znhgJ~{+!yv>1=~P)yI>m$M}kgjUV*-R8fvny(YeBy;6M^h6bBw(K(O)Y1Hc_gEPIt ztK)QNvwdy)S&t7l(MJ6S|E4PTRt#L+z?aZ1d_t-17ACD7k8aMz_07cJOj)m3c&V56 z=C!81HerW;*|e9y)P1MLr@l7-TVU~5O#Cf{UjDa4y>f4DQR=G(=ho9+S;-#HMS}S|A4*TLydF?XmoR`mS)t;?;8?;%PZ`<#sjX~RPLqn{|ljqoZ zkG42`v;2(HrdHS)cADidw zLNCud`jz@yllG2%9-VU%UY>K#E49bq+!^-hzjG3|lH2%`N`2YD6%nP@S{RzGKB;I> z>Kis59=>7VxhlgbJo-0Xu-d-LeK;DhDoUGO0VFY$PI7is_A(0SK-FQ2;$mD*?G?=JV| z*LM$i^xS>in`_?_^5)w2z}p*5+I!%em5qD$dhLGCVXxh*D9g%Z6>VYZtXk@|W7R%i z{0T4qUU*{h@1RX0}dwacc;a+H1V&WI%dwO62J{o$AqsN_TF^(hZ$5j@;);urP!;&*y! z7Y!=4(BRysJUijOREQg%qwW4nOK7KKP5;@zHRNOMoSFvD7OFY!$$72v!Ies#FllRB zy?#;K z;ZteoIe>kG75_-nie<;H_75Z1w86Hs8}fYssg<U{&RD^Tj+EDSx%EZpv`g|6G>>EU%JJbkr}{$l48-9=vAyPLf_cGGq*m^{0wi{*c} zuP)u^JpQj&9{<d*i7+-rDaMLbxcJJih?X zEuWtb`{0yST!np1 zom7SkPnZNuo;sd(le2aLPbdJ+HE_@Ao= zE;KkBfhkYoS3skj@z*eQRmBFD{G$e@J>?v>#_0!+8F(jfxeK%5jG{L1Qs7D#7M-f9 z41NR{I&?ll^AZE^2PTb<9{{d3@L}Kv10MlyGO*C!Y~W+Slr3qO?*(pk;gvbSZ3Zp^ zZg=69UBC$!eiRzjdIO&Y?s4JO62H-f*FdkF*}IyxAK{0h3=LNSL$`+UOI6US;dQ`A z4g4kG;|Bg3@JR!UpZF;QW8bMW2F5>L&JapIP7rv=z@H?XVc?s9a}12XzY{j_a^QRe zKLuQ1;Fo|W8TdQE#RmQt;4%YqF2N~x;lRg$D-C=zG?1t8R{!9mh9iW)*D!5p+fjII z+eK{w-s<8ww1eJ=tzn){gMlf_*=XQX zz~n19a=y#s zjVgBGaZ7<43_Jh~p5Vy&pi#RGOx~kTxNt!Xc*wx;L-x}JU(Wx8DqZ-74B&PHQ;(3L zN6!3&PP*}O-Y0a{h2?C|=mGAV+P&$IO%foTv*PaCSSpqvksSqT)2^XUuMc( zLAuMfxbbox;j#f2ma_<#9XIek;2{_8rcSv9F3kCXDXX7Y-dgt{&(>A$v&lkSyjM2` zckfm;1@HJeHRVCPj;H9@RV&>X_bF+oO_`=R9rEjrgmr5|`)y*)IaRj4xRx zSusNqJV^bZU;nP=e}Q89|-sSLjy$Q=0!f%63?*?65foW5*Ipp}i z{QfB3ExeTc1A^t^IiGQ1{lCqB8X+Hj$NNdLn>e8_)4UVg_*J5kqzhy26`i64^1 zuaFvNbKm!Q^F8F8E+i)Ly+Cfqc=tYXxo0-kuc|7@qYI8lYm>v=gFA+MiYM`GB76~8 zzCDuxJOmsDeiS&#{lt9VAbBC-@C_R7%9Zb;-<{xl#p{x1<*wn6C^wu|ZtQb}%O6Q^l0c<5*S^T+M}h`51|h?71hzmWUT<(@XMKhBj=mo9ltS&qLv z8&~k*v`#cF&ID7BROk4AdG|>wBgDw+X&pycbX>XuHDgcb~8cOa&ro;X=Y~{IwW- zqYG1&FXf%^D8szJ6ZniTEc)^+f4S!UGPl@NxYO{?zTZMP;=_NHa1r5lU#tsWjN&#J)83*IJ3^ZCxu~7n7FYcaC!4#R2w-G)6J1X5OVO#9MjTi zwP&$E76(`Bju;Y|!r7Vh=MBO57v zmQ1{PT&e@Uym${qvf5`Wmh5#SRBE&?XK#;5N| z8V$#Q!v?MbE;Mj0aG8Od{^vH>|5tXF(*oi4mtlZ3J1cX5_zM0){7FRxFNeQ0JImQg zod0Ka&LkowEviC(e-uybCrKl`<)`t+yRaJ}k^J3ep2psh`K}}M*`KY)3?c-Mxi7MW zhF$#0Q*@ZEhvaGU0#dAs%PZFZTYKlU*gG?08EO;XiP`*~3d?s* zy2i`*t@&o$2CnPtQ&GNEC*M~y-{^AM_%;IHuT*E^2b6p}@?*fQJmuTHTlv11d}~C1 zt3Y7BE5P@(_$F7K$}={N0$08dCg0Zh8sFBC?<(zz^(BwYj41hbO%C5qD+101&IK-> z85td@n~=eGRs+$Q5hp_a`~L^Hlm0SX`EE`j-z*964P5;Vorruxhwn|E{xj(V*l=6^ z4343FWEp&`>35{<{WEDL|Im$m|18$0zj?(sc=^`g0aXOwvVl+Wls4GQbF_T3VrC@E zshbe6WlCEV^6mz3+DRwhtr{OYIK0HgvwZbvgC5KKq7vZOX#?_*Z=>Bv9$R=$C4HX3 z<6GA0?KLXBy?RELwZ(f*K{?B;*^9lcIGh^g8xFA^hRIY{3 z@|~iSrY;}R2Q*JbKIsFx-t>z<*w-QI##c$tw zu=}>)&hD|QZSgx#56gFFV&71elY7bYHPys7&*VEmy|L$2BKB8m5AOz{;q3oI-TTK! zU0wOZcYY+9ga`wUHfk(GiQNPu1c)+WB1}xQ0|bo_3Tx3MCectMLzBZxatrF@Bg z(1mCplI}@-kaSm~2Q;TUN|Q9(N6|zjO&l}_dyhJc0=u2@IMR_vJmDPdnCv`8TkEKC z9`8;#&uyLTJioQZc>#AKuY}%@>omP_@X={bBF!n#pJqCw`3Pw)BF%7U&&ZClXY}1u zK{2uHTk@VA$IenQk$OWJ(nABT%Ccvi7f>c4%f$O4YaIdd?tW4T$foYk9Z29_K1U#c zI+W#wE>RB$QO?WLMUf7F)JfUE$O(Ho>YQ=Bb2C=)Q*N$G-J$QnU0aDoxbx>MX!6Sr zj5H_pW0h6vhq{6Od`Vqc`jfiQ`a7MXzkcxE#PX!(jk?`5vj?^@kdU^4aurM7L#q6N zcbq3tPra0tyvz28FnEmmA&=0a+4Si_OC9mYa%ds~ETJ%Y$L*GyI5{LG6 zAuxoA$~(?MQ(nYx8C%YgA(h5i7#2>+6aBBH2k6zxbGQfgl(Y@IUBD*Jk&kRcw2NKh zu!Lb3XbbYrH26UH9~bUG9j*p_lTFw5JOaFbFK`t3qzQM&9m2yrX|q!Iu-njp@XNAf zydDV*Vr?a^?3Q}OeRmg?UU(N_qD7W%m#8p$pq*Id`Q(IYAG-dFAQ$hKqMYa}UD=9P zqJlWwBh;hAxFafYLFcm%{4{(iEb9;VqXQS#d53g8vOZ*;r^paSo<7prbjQ1^>}@Io zKA@@W`-$#9-KIY2x3>)`!@!8=Pq(R0BKCBl?_WAKR+~aU(XY!GDg#YYuV@37UO#Tt zbvS6N!@TYnczSZh&gmRDe;kxIpjmC3M*52b|f zk@|%W)pwZ0eaUzQJe(5#T1xool<+etVOXsCX?b2w3I8x9{05fWwzFQeJU>l|e=8+? z4(lVJ$6A{FZmjrYGM?pq7@xerN);As)cf-4rSQvNw@$tmFF%ljx4_jGMpC{wG>44v zX0`edL^926e%!$<0O{``;fn{>hmiO(w)KG|dJDP|Rx2+W!j+JIS$a$z4RORs&pu(pt;*BM+* z*7}qCIQBqv+O%5in;3YL4MzJ&;!j|oPScQe5{3+hCOsmA*U+FIllXoc{us7d49$6q zPe!&44p}rAE!czC^clT27`9^gczpQ2tES-{7)kgLrc?%h*1~5(4~AzZWHWMRqKroV zOz<~&>d)Y_a;$u_N-dsQQ7bQ=Rk&8?%T@m*oNI#vHn`dbL$)M+H@=%{_&}f6X;^>{ z*YM;IG7yGeO`fA+n-eG(@n}!~<$cuusWrTDJCw-se{GZE280NQBvwpV1%Gi7um^wi zzl?)zq^{wOLtTyf8DCupEYs>WyerbBtl>$z&#;C!?gDrpw&iTffp%su$3)brTpy$? zY%r!Alv8@E2!e%%2v12jbFSHg9KD8D zf|b3o_AKYjy=AuAv`Dw zTUPdzSUD4tVtiCJ^Xqu_h;a1C^hor~oJe%nR5^bt@ncT2_xF*ls1f5+NkVf5(q2=0jXAaAZ0sX1*728X>+u7zM6y`1xQ zrsJ3g;g2}STY`O4;-a|QxO(F++N-;~^EP#gd#X2P9ExsS9N7UF^bVHOqA8lasnhj^ z>W%6BipKQ?LzC1+AI6MY7r1wrx+n&Xmv<0TKHN?E1aSWNQPGXNmctT=?CjE)Q{G$EPJf;qO<|5nfYe!mUfxFB9Rk_wqKk<{ef1^|6#X= z7i=s$x?9cxBrhYYOfUD?mF}4~j{K<8PNcz}yO(?J#2dYUr?lGv)}NBEIQoKW578%X zQ1wH(c8PAzAEHm*5TTABuOBubf;S`*^M=H{d4OZPPK&a`T=&3QmA3B{Z{!4Ge;%F@ zD_3h2xPR9XjiNnuokN|A3d+Vg0@pBNiC@d|#CBZZy|vlTCBQ#{xl7N`#pm7u|0BQl z1>cr-w}UdkMtbnXd?~SAt|vStb)?!qZGK=n^_@#yNuA>kUOodag6G#Sgph|P_J5;Y zqs<$;gWNe97F<`e*-m!6-s#bHmayTy$`-#pqT-ajL9R=hRz6urv}O1y$&>9t)A#77 zn@?R1+(qrm$2!sk_>64c->d3O**EG;mGL#y=kBS}$CbrJCFh4MpR|WK?kwM(Bg$S7 zrSxkhA>r6M1@{x9gOB|d^Ip^!+h8CLy}qv6A*}l?X>SeqOeV{w}c+?KFhv{iYm$I*lvv*=fa>HGg?VJId`^;F!xbLd?b4zOk;$ zwHHSKJVJ7<@5(eG&^qXocY=rU-%Nvh(*xjL9P4~f+JMG|C|77e>}9uscn z2b*iwJ}sa1Lx0Y`b9q6=$J(dMK9D*E?FHJIuIIR{=P9B=*YieQ&qb=99r>!B9sa%= zv2=7jJF@#0h-y{O4iUr`d7~c(BeD8lMxwvK7=dF2th-P?v@@)^i7@(dS${J8ln89A zQ}=(%_9oD-z6784MXb-#zioUkVxv#O^@cd! z_YPY@Ux9doCyq7&eC}wQz+NP6Li=826C#&+T-hds4>l3EYy$p}Hc=z|EQ4heBA4q+ zvAlnj@?t-i10D+&<-#LCU4tojadnjIC4LIVFClqub%G2o5EdA?(AS7ya@o zIVRgBs-thsiNt?}vDsnh`}wI@pA$~{s6d@NCpr>T`bQfMJtguxz;7Gc(YA%q`}{-# z`zsFk^jz@%g!I&FNu4`n{5f>Yy{>AeD{;8Jfp=kpuep5~TX+I}&g}SVwVo$+dpL1; z=JV)3`w;&wXkVkfI=LqkHg(4S5@p?C@`_&)VN>_un?u=Uzoy$HZ4zhQnvf=L##Mk1 z+kM&ejq~G6(6<`@TD|ey2>Vm`)upMv^2)TXqR&n%sy{oeYc^?h+w}Iv+0|qT~CD_vp+tIF@YX;GOtiCbdU3U$^L1OKH{Ss z_F;H>jXd3*uD#S1Wi;|waiaSQap>1YH`7o)q#NNlJl^2iYcFfO6E@j7RrcMo90Q4u z;v2{-Ox)oGNx)L6)4Zsp1~&#kPYc zIoC)jOAh4$O~2h28yYi43qlO>&743>NY&l79yx; zbKaEmDmlOSFYxn%pY+S%=N*IJ5PcHH(7C#g$b&EUfj{lbZ_Z|59N?$E9$n-Sp*@Ln z9W^fa-bCWjMNJ5cQnYQ3on-&0{HoJk2A`qmgrg4Wwj#}=i@c=g-Uj=sUdAt98mUOdZe{l=UWBNyoI%8)Oq{*l%`I9`IO&eH(Y%v}K$}?MJv$+Ze~E zatvweLg^d*#0#Q`GHTuDbxd`-XLgMok@e6u^0)f=QV4SgR?>_56mu z!-qMjv<=#X@#71Ifelk{n&$;|HlL1eT;hLn3wimSKtt|clrd@5%FCMF-G4kCR7f9 zW+B=r>|yz$^ukvFGhbaVvc0e`x6enDb%c6>F7r`_c5l}5=f++*c!%GZH&P8`#k@ht4XN87{ATtwj$=Yg*^{*k(X z50!MI>dzYr)OZpMaZD3EevO7gm1QT1 zXPFOl!gUi_Hq(YJ8aWS6`m%VvBgg0rvge}y?k*9D#66jTBGlpCroD_^hfZmKSD;~i z@tg>sZamTURR4oDqbid|+s&uYx~3Ugtc_5=4PDc4ey4WihnTOpDpA(1Mb4XX#>LGs z3iK$JFY?YSDL|W9ST&<<+9F?D0nhZi(f^uxu<4J5lVu0qrJtjG73%u5_RD$NFBj7H zrIf3Q1JnOe3TVYenGcoU&f_XOxmIH4V;ujYA2|+RI<76a_}Lo^@GLl8wY7oi-GHJ9r+ixcnv zj_X2b%Vte3xxPVrmTNKE_ep!kIVIH5IN+bnt;e%|sH(aiGA43nXg*$J-^lx*lyNs? z)Z;bP_7X##2_<7vhhzDc51rqCa5&iMh(~COJ=WxK^^B zx*e`4W$C03+ygyApPWb1E=uZL5nX-}eFt-u9?TJbg*D$FPLIS7W1L#2`<3rv&d0tb zF47E+`r{f+*)CDkF-7D}?{cOCZpQQL@FTe|-G_P5X2{he_98wT=T5oiutSz>movL> ziYq+xIgCjPFm`xKRHOX0n3Ej0>pry0aW>v2aIQu9NXTD{wTd@!7Ul%_->><54gb*L z#9qWdi1__-{yxR|!J`Gj4O`s@{PVzXkG~)ar7s;!JWIa7#S!-qo)MMHuv=nJc_Je@zkQl-bJ{ z9ax94=0ICPd8Dmi8P+{SHqsU&Z7!YxJpCOG=ZTIooSm8CJQaV}c^qdFOS=<@s}Ui@ zR{(!H{;ntm4Biam=|EhKC@cwK?Ia=c>J}vuNS6;9)=edz#nkts==b4=Jbh)(572hS zD>brgmFU9)^d-UDL=~P*_$$U=U~%HNPedbV_fyrpShcBn+Rz=%K0_y%fmA%^s7O%8Ti&I#-5V)4OuXBH_)csqx=fad!o;Kmi?p|1511NCvvr4IEOOJF_R9TLRhZXFpRc@ zb76_Wj`^6wq2EQH;MfXS@sNIMANvdXst)!S`n==OK6Sni=UTX5B7GLy$PAZk=K-b% zf1DE)g*eZKxjo7QTF5E=SX;cq51Ql}CS(}GnIZbH9;TJ!1nf7+HJH)+4Tnwnk!C;I zsqX(jPM*6t@|t_7?Uu!nAmX-mxX(oYa%$w}YaqKDwm7*QJ~pk8vPKVK9?LbNOTkFn zSC&P#b+`xdcUb2C7;J&_S?yziKh$04K7r>!{PmY@7M^Y3SyGZ*zwpl7DO|yL;*-#> z%>EglhaPY~i@pOm%$+iO;NP}TUbF51dPkdId~tcfP&(FAPQowrmP~OU#u`UX`#-!I z!CJ(iEWi8pNc($#r{)=J;fFS(EtR?bTbE;u{B8OjX9L$fZhk?el?`P2LkBXN%bvmc z&pNk1w&OI`(FXn2tF0*S|R6NwAq}tMYsF5 z0;at24)@;f4!0lks6hMQzbe<+pp!wV_bBtkSfI>3*nal!B3Q@S8~>`ZNAw{$w<-!5 zhkX0vr~?znF;b{+kH6)6#^K&e8Du+A^4|}B`#ONv^6%5~@00QmIKu5;eA>vrU&_Ch@;l&* z-20<{`IZmz?=$OD#LZiZzGx^B?Z||F!ot`7W$o~ zzO8u5y80I8e6OVy!Tucab`e5(_s@eJYI$i_afDgt5ta}BK5yo?=o`?N=`~1GKW)QL zfUFpsk4b%c>txKFHoy9Rbono?-HV zOu6vI#{%slFUj|Qkq4Rk;a94FFS6kQyGm&v@N*Z54-0qy>aRFN>`76);>lmMBR&k7 ztG;*Cb*sup*r@Wy8X3_UA>x zUh;QUe{Vp18S)&2oEN(87scJ}B9KgjFyc-l{21!d!Sx)3k0Z@Wq-{kR29f42ra>O= zoq)+hr%y+?7<4_``q&q^wo~_IyIehL9PKznp1_}gyoDW;(XWAjpGVxa{60t4qnRG; zccR=!e$ftjF%HToX8stz6u}P`PsbiM?07HMcD7I7j4=w{ISL&RJQwYqzDbTN58}yj z<*Im}+Bb-^ZeV|bcijgAgLtAZf-N4Ru4&`gLo9+U7nGhH9Aln+sm66{a?I#(ALKp{ z_f4s1){buJHli=bVp`p4OM)GK(%^{@>KrA$qbDWGM_j&)YS&m3+mC$IzfIO z)<-hG`$a4K$T=MsVjSqZL0<~ol1CSc5XQVkFWoQg!3%tz4W9%2O3-i7XN$v}V+MwV zkngt)!XIKD$@%6hQ{2Zn_rzH6vUw-;eVlVnGym-Fb01XYbR4H`u>F?px=1@g|1^A2 zw$TH_r(w&g4pbYhWg6W^YjqpFm1BmoflK|s_tUn6wfMs6X6M&oBRP1chjtAgA}#vP z!-yB4I}H01vDM4iPr^prC)$sxHctN1=RNiDD&~W;EIHCv-gO^}|Jdp)F-OE2JIbeG7S~wD$*1 zxj-jvt!uKQf%Pxjzb9jaZNAQfcava$I}r!F_CQ|8Xj%W*fVr>)iQ;avaPH|OYub~ipw?tpY z*c0vYeX1#%WW&6aOA}=r~oL%{@+|`(qU=LZY0hOSAQYUf5H`SxOQ?Ra!vqW5nw9XT$ zH7varR?T%D_|w9!Y4ZFOc%_$O{E*IdG4zW8)-h?8AY8rCJs!br|Gcs3T{}{BW!7z5x-c)ozFJqgSi*HgtUV9hlZCZJgc0XNoR@KE3x19B09QyH z`jgr8$o+ z@e1GlD0HJ9pTgS1ROkj{UaY+?F*-(BJlI$HNXOy5oy1xDe41^F^XSkXdCn=hR^71x z=LN90AlEqtU~{#OYT6g%5Zy6Rfwh%Wc-N%b^ldn2S0VR0^}f%nsd!m#^>uuIr{Cnq zeB|0U+8@d-$iJgpxG_$z;5*4^XGJC-?sFj@?CZepYZIL)dm-PeED2$Kc_C~9F!FRW zPxL{ue>Hh>&JS6UPT9NGr(9D6&W-&TA7sg8d8ALldOuO7UhaC%?e3y}J)(c%s=b8lcFdgr4PsjKq3*(bRw;}HP-GyFFUGnq@C;lY=$y=}5ARMtTHqEaPYZ3#=$h%tAL&`vT=*eh=WD{l zb9(l@5UC?+Lvnx7GjkW;ZBFdadh%k-vgOf&IL`Bk4A?E!<)lB3$awI^yNi4$%}rT! z8sheCC>UfLz`KGXEhTOX%Y?Se_t(;saTa|BahL06q#5*{E5ubHE|YQ85%#q`*rSUB zm!39Y%+c(2l8+I<+4ciOb4g1c%siWV4 zrtIX0^5&r4b5Z9$^glVQcea(WaL7}hIW+A^?vYyiYx$HF-v$t`;7OZdczHqEK8B6W zv3Xvfw*!Y<5nhZ4^Qu|{v! zqGi49Nu22%LHk~SwN>!o+MsNYSQEjVNuF7f_PrZ+inaJa)LLJJZam~^_)%vDXW9hn zI0~8xC{rut*5y+D3w?jw@e#hYl#^P%vFZ5js>}2+XpO%_#nvgpLqCkOvN)fKIRp9* zv|S(C9Q%Qg*%zQ)Y$(7y6Xyo7KkbYD-Si0OOu<^fSVP2k+QYMSTxyao$GZumSg$h(>NAzftGtSu4w(ms_NDLTifni?^bn^8@xA>c(??<{5kqsj0vF+ z@aA5cqwT&Ad>zxU=DtXTxt0{`42RIxPU0M|CwAropD7>O(;#g7kWJr}O5d*B0nA@F zO!L!+`hw66bRE`qA<$Q_zdlbt3V+tqIaPR2CfZ7OumtDH{sMb)U&9y?I!E8@=Q{i1 z#L4AS=NLurk9|+QAwtui zRXU%CF(z@HZ-~;lZ)=?oVqWxjQqS9iQym*=r;~RHj<5YZHy6vrdyx^G;cc_@8N!~9 z)Z15nbh+NJwm0)HWZ7~8JH#yTDT==E1z-D%-;*{H8~)fA%z<7%!TX&@e#CQxy*uYQ zPUG2!=P$t5Kkr{rS2#mG^I6F!8~q8+%q5zsS5t1(MK8(APfXFW@#c*=2n*?{yl z$uW+`}UMk~YSMvNC&y%3773p)s#nX4=ECcrY*#021uYbVt z7SELj+8t*oUr9*$%(iklH)H#7L>oANP8>IT1JJpH?P7Y9#6PW;wvN4MY3sX0UQ+M3LGQMGD(HmgptuJV zGJ8OnC%fP?N@LHz_v~b>A;)@7S4}{(&!^K>lrS;au;EkynCZSIL(|bxDr!#{WUA zYP?JP3IgU(`gE%kZ ze2^szxPrrH|j5C9+?|H-}zbD6WN{^~!xWJSlJY`xry(`lSu9P2<}nd1&9c zvOab@z5}?0G9zz6nO|8b_Q3W|nD!vsf*NPAU9s)gvOS<3ti-u++0GSTy?&tgxv=)) zh5d0aK($rJe*er8SI_&=2Ow2q^Xpii~Vpgd_igEFYj zE1EHfe2uG#>5BW9B02N zur`H#DN$j{N&Vs$Y4{2c!s`Hap?dG%ah zu9v9yFtFdW0Q*g9u9y4tJFZ@gKQOMvT1rgqJw5-9qnLYhk_P<|@GZ1m+9>+^TM&0E z+N{GCUu%oM746KNPcr8(dA^(WkM^$WN{|0@Hr2cGo9e{``x(?gts2*8nmmqqfO9@N z4eKrNA&g&M@V`ddrrsdWf~U~ycflSS^)8rR-wW_8T`AJTFLEB_svN+1x@kC1r@p;~ z^Fa8JJH}jwhVA9E!ERAo@0a5-Eq6A~=I5F58K1;2QD<56elS(^5@*h_Zt4<_O{=Bt z8J+o{Gq=sJC&x*qytcIWA?+&a7xg}B4Gwmk{LU}q?SER%e6DAaC--wW-t3y@%G>l+ z*Gis*Dr+MnMEqzm6x0i&}oD%&?UP-~IbMwC25XZg}eYt2`6rK^UcWu;V zlKV%nyCNeq`a?O+MO(^-ob(H$WM@7cyHRh@jnuXHANW-@H`c9h^snF0($f5dzs~=_ zh6f*PT<3pq?K(d`jEev9dGXb29ugbYJiKP@<7)&yHu2c38MF0sjwqfndq$DC^UjL! z9W}FyiUS&)Q#5zB28)YIZq?wevx|2U60@81Kj5N&@(WKwCuG-Hvilh0Qlxm`7AnsQ2>; z64$M9dHPA*-V_{VIizt7Mixtwd$J%(y8d7?`JC0Xt3d0eEJo%#K&c6lk0V>t`Sg=G zzlLq{@NNzHv(v%Mf956Y+S2b`QoT5W z!5_-$tWaRmW{5NOpR41DYu2#GhKrAZ!$}YMLmKns9Uby#PkVR_+{rO;XEhGGmOnh5 z7d6apXv^{$o1i`{n{fFxovCxk?zG04Jec=@9hW~w+R`y_RT>x8Px5QfaD@#Q(Xc&_Eh#v}rS)nYK3Y58%jzBAaV z3?C=IwO^5Rp|rIO(8!-jLtN1qxC)IkPtvW_IKc7;Su&b6TsgYTi?Z-}e|qn6x1$n3 zgZwgfXxe5&%d%4kY}1y1${5si9{prmQ-0as*=^ z7tpvu{Uok(3|y_owdkiGbgdfRjngkKTpFDejY3(Y^(d5(6&0_DxrWp$oJnv3Zae5?+2p>ewS%ACp& zddqCm`Rzd37oG&3>^}A_zy6+<24YJ2uyj2mkpfREf=O<`QlO{(+ZXy9k3e)^L)PyWk4 z+rN321>MPCj($Q8-i0K8e(RaFQp1NJ$51*y$VUTSnk+2SMKz6`SGUDOLZsU}2Hl|) zTrTKNXk4@S(s)0MvuM1yT{}tgIj`eu^%FR45z;0kmN?_5T5NQv8~L;2N;S@{pG;e2 z!4e{_LE|7}5*N|1NsG8~TQrV+v-C%Ij`BymA4>j;^fM1>1~traOwz9C(QSUx54v-j zj$?PP@ul~U@(0=3n#R}@WY0!g`LoHHU953o@Y3I6T%tUe?4z@*b-dvNd9#}o&dGjf zl$0qxrOoJICix=G_jo7O9i6apl%{*ALp`nl?FxR%7Eu#;33> zrv5=Me}(vlod$8=-xz-5PBuAAYP6Mr$5kkc{26@^SD|r`S^kJK_HS?j;F?u5?jk4~ zAG#Ce8LKINN#;3fJPtd%YM)NK1!==fJ9a}>606idGlEl|b1J>OFNh%O@Ty^rJ1*`R zpQHQ?7?(>o11+bH`z1AajW_l0)9F#h@nH?qr{~b^So4K1vqVM~=wW=TqIL3Ho>$bv zy_f5O`Sk02x-XaSEB1US=NV1w(ND-d{(^?jGH=Rx`LOw`CTAlvcuhdw@@LuzY-a-M zMgCZhKh;N(hpvBNc=&;fD;A;({@%-WTRHl^AJXjo3^d381P${)uW5`vfWtraGvy=B z)T?>s0%zi@IQOJ)U1<3x#)mbZE5$c`N<8!2q~ksMnFm~thBraKqkP7Fqx_cln5N6o zPx3o$@sSX5ru;<~9Y233e<*|efo`HHceM?duVGVnq$?c*SEX?_Std4UoZ-u~kuh*v zG|sP|r0dnN(F<`0HO}yZ>=Tb`oFBT9eMh-fKTLB@$Gi2DxZ%rjlYo~$8{MQljVsnq z&`b(w*vJJLCRJ)&TvU(u&_+hfFsa#|h6CLR53SiC8~`%1`G4v!iTgkNelEX<$e+iF z1ra=1CzLm$!@ScZj=zu&&r{gOT+@oB>A0h7N8cL1in z6lwbZ3ovZPc}|C)LpX##AHvCrD8d5y8QB?RI8y@pKZK3mB?e)3QQt8%x)T378AgHd z`}>sePm*B;45fsBpA!Bf!h`tBR(DA`vXb$VKktU(owy=T$KyM)^6n}VUW#g<%{J)x z2La2UlGm{zCES@3?oJ6~x52@7v`X`PIVJv3GOXkqObH)H`cuI9bo!qmd=6nF?{868 ztUnWv_Tuy-T%_oo(7Ch9qIXV4xYZU$dvWeSxI)uc0+v6ol*jp%l<*qRp8-yn$BCU4 z_0#kypDO^&am{Za87~1RbuWKPpU#x;B|Cqq%r(jXKa%uP9@o{$umoJ!gMJmj9F?D| z0AZFdSBFu*Zq|vu8_b3BxmjKlegNTKg!SEIu168>x5a-GVb+nM??ZUd7DoBps3TJ! zuAd`(9^n?9|NjOoe@Z{DkI{@MZ?TGZ!yeNpU!e}8y{8?v#VHi@mOxu$`9siq@@CPa3OQXYS zZ1eJ`e`E{4jqotShTk9HYI3Y_I&>@N9=d&| zUx)BY#GCNV2uE%7rGVv6<)0o#Jnd8SPe=RXy}2T+>MPyyKT<#GsNZbLquXyf+TT?n zgiU@wLAb#dMti!7<*!owGT@f4I&BN1nt4aAIHlvK0G2-`U&eIAGe6zlGO)Ehf%-T6 z79-630y=#o!aWH4bogewzQ0WLN^8AA|lBz-CQRseW3X-@x=(pSpc#LrZ!6 z2>X@(vi%63MEH;nhXBi;s-NtoLfo_o2$Q}A;a-GI`fnpVh_H$O0m7$k;WG$dKv=iO z>_6hO?5hy2Rry_Y4Z?>JF4Ezf5vIS;_Rn>eKO?;fuR!<&!fs8E@x`A}ey7?6`-}0fBToKw{w%9KJfwr# zKaKy-WLWZ_;7$oc-|DCMP544ecy>w{ZAbky{rylKZMapHXF^L#JjP3f=YXrw@o2v{ zQ@`3?CcKO=^>a|i|1g-bj?9zs~xulEgvsh_ht{`W%MdII5W6`lwOekZe04d(JqTB8`V|OYKv?VV>W2|#dpF@uoDTIMtn<5iuR1Mi%6B#V zX^`^k@?QOO!1AZ;=W6(aU>FE(zdrB^HX*Fb=gUL51!0}uSAj6gZ|EUk5P2GZ;DbL1 z?z4rTL3qC{Y_$j3etjnp-;elWRbJn(5k8Bs$shU)o<}&Y;;*sVH<0MdZ^H6JGXO=u zetk2p!{O~PE7q=SxO3gwN5XaMo06B;ti#pEHLKUOHm+M!*DM&dta1JN)oa%zDR4ba z^&>46;Tm%?l@XtT8O!Sb~m*0hRx{$KORhStW2Sg#o9P z2PeQwcn0|0wW23ke|H;dxZFfR5vaGpz?c;Z>sbBX*OKWvg z2jCbDxquxlI!dt<6??2B6~BnwCbJ zk|ma`M`6Fz*t+ztFD0cy@a_k`+F0K@N-;E=v169pQ60X!;tG*Sf(CK-hSru1qxq4S zg}r^l>gI+eXk>K{H6{gNmT1FER96?c~fKk!{9&! z8&@)x0W?0FB)32kHs<;Y)T5+jeUeXA-MYF*)>p2rYYUk|#^GuCe~HWMF;MhSmli#-*0anj6xx$0_p;Fq7&Sg79(IJ@ zb6I2kx<*T#WQ2%vC~OJb??d+XW#K4|>g-lOw5D-gHLKsW>m_nnVM=OabQii`bg(*{)sX@0$-)mLNr$p%{3g?2$2~$U0V_>1fF$fJxUjN5)k)G<6>uZ3i+VDX0YW9qZSPoX|YZ~k8YaT+yu3Zfe zVg>8z;A+-mP>NCI+DB?sETz>wA_shm?Yh;E!I32S8f#W`hUaRe)H$Mit{Ni^1z~DxmIJ-uJa19FsaoKKB2XntmdVS&2_C9gO9~eWp;P@ zvZ}FSb#7ORwh}LEt!rr>)wnJbnM^Jt+kioDJxEtSxVj!1uPIx0*DOmAHT=Pd;*Rnf zzF{$X_%kM+O_MG6F{z0pt4~F-Mm98CZf}`#dF2n3r_47PQC9vyk}JK>s1CvM9?h#C zSXa0135=0-n~^O-3umTT^_*JOJc5RqWNGBL58j!r9Lra7C~sOLi)5!V_~a0G!+KOm z&6>4q9>Czq8hs=O#$(4nHhWG@y`1>LCAK!LMFFiQy+mS+2$zwXh?@GfYt~@=EPH5W zjg1X5p!%M0BgS*7#5L0I%`q-wX(QgqQE8g$);!dxG$0XoLaFPU3`fg)Y&oFm-Vv#n z2^H3&Qf(xe`nql-X|&lxIo>8(vq25Ul#jGy zXaNs4Z&=?11C^6$%UW2Mt*aktT)V-lUtVXJH{pDra(=oZ~HD`~uT`Ofu)-Vl7 z{ebL-YVfw#BXy${pX!$sCDcRdt_6n=FAIwV^K8qnTQbfR%3>(P@*wLW%5XA2f~L*ow4hGZipMZNq2-5XG85 zkQPQa${OLJKMhyYWV1`A$M9htmcxwCUC(iKvP_o~B%{g~R)z0aDhDL8m3+x~bB@;* zn&mrF02_6xz_zG$57v)va?9>mwrt_uch%TvMm0$(pX@`Da#^U+tWxl5tTaYx)#?&+ zsacK5ft_x25xHMqG7im`x6Gvw`klI*jF%k@Hgdk4_SIn^WbX?nkFqI zM7e>(mi+0^gV9_185@jp8C~(-@FWZw41ET8F4R2vE{~BXqsayz7h;j7@c_TXz!AJr zY~X!D+-+d!xyrzYg}BGSD3{5X@1+!k)vQ%n#9Li$a!njjH+-LB}*VJA179kon zK6{@Hz92-C#$Q!zg9mZ!!r;Nv*!g&`5H%V>KZ#a;v1TNl1GSd8aP*orwp8L$umj4@Mc4Z*o4h_BM}jo{^^o~`16K&~qJg2GdIRqj;sFC+wCwqYLd&1r5V7cQ z*kR>$!$~3jN~g`uw)|KwWH3HC7y0fpG~G6O*oN_Yx#ukU8zHkvdt+3H=XBZ|A*U(t zjr*;-yAd)QzxR2Mh5tPAHNN!oE3Ldf-)iyy{Gg5Il#K>X%HZ~b{Yh;*w$OfOZ!I1xDopws85Z^N}cp5%aK)>JMA?IIf_zU1^`nWHg zw|Gvi6ykuUnF=}omw~qk(Qjbr@D&4t|Mv}yx_DK?c>x^%FmQvV|Gc=BR~~HX2b$(4 zuT>W}`7N583a$2X6Y9mZ>zh^z@wX-|_?z8(QitAV?P__=}4 z3vpV*{Mzy_44f;(TLvz+_!Odyrtd4;bKJ_e@Qe^|YW&U6c@jpQnzG+~ujQ|9 zzTfg!H%F}g;%4+y#@F4v#qyswKWD@5vBC6#C0)@0?OA-#OKm&gbm2_!s9{ z@)z&5@VDezvfZ-L@-4T(PKvb*x9qUm<1GhmX`xTk58fKJ{KKu_Z^qlV9<$+33GoNb z^VVT&{4+OOhz~S=t{1Q97}#%(-{uDJnvB6$TK(zVRTj^=+pWCjp0(gWu??;k;y*N> z0BqR!G<=28f}3pcCLxA3eF@4^ZQwID7-cc|d63`uka>{5OViJLS&yIdao!5!3ORlz zjCLW%)hORQvVEr5LkGze*T&Wctcd>#7x+1^#~JNz z0B#NU0QP8jA7I#nq&Wx}`jqe>V4s4gp$-M=i}-1+fO9q63)rvV>Ci2|5kZ>i#efl( zFw+)lm}#LqiQfVkbQ0bV7)5fWHwH8omc`Si`FTS85pVhKMQ+ zuLG>*1eDBIzN3aT%uB@8pM(biZ`XLr0KG{31;B?DEZ-A5r{M_BY-(LOP65_s=et^5 zGhte1HekpmVL#wn4MRo;bRqG0IyPx|2jG4Up8m@c2upY+;6e>Y0V6+& z-vPKp+x;_+#CKj3@~ zBdw=Y!xsTpDVXn{cp5YeoCkR`ud4?E>wNi6iRXmE^L-Hy{z$`jMKX&N%=bjN9z{Ig z;mF*sVaSsSUc_GynKL1WgduZQv4Zo!hwD+q=k)_#rQwr+;|k_`2w9rvO}&8kY5XAI z!x}yf7-`6d?;T{}k1*dk80Xe7XvgJf_&nf31^*doLK;2+xLU*DH?B#;Lx7_i9tPa4 z;CunNU&G)x?wE$j6M0YuzBiEVRWRQf$j;MnCE$RDs{pUm@D9Mu8tw&*Kl0)E`)u%% z@HxO26wGt>SLrhHj6K)ZNP}UPxGJn+#9sxOB%bsw8b(>K+OOc5#{i#KFwe%1M|#rp zT>N+~C(p!>uT=QiA;1w0p8|YP!M8B&kcROb|B;3v^8}7Pz2CU$E$40x}GK|Aq~hFbui&@g1?`XTe;S@TIk!}|b3Zi(LyIA6p4fJ-%e7I2k@ z!DABmk{)NqXRLqXk=D8g@N8YDo=pZ?hvOeJaJsuy%xK^#>=_TNUoU1z?7FoIqn=DV zYsM@w1Dm&xV5>_LH8x>yhx@xT@G*cHb*(t-_5hA`t%uZ`aMZTxc^rXwi-xu-6unT|ql|p}`evIR<5Pu&0+347JCx0g2TY+I3 zr;3sMs*_Zfe4M;7O-RLk;~bu_6Dd;~o<_d;fXQz*{_ra$O`8POe~jbb68$Vv=-c>? z-Bbn3{|z19g|*9fTMz0#YNIpd_%d)d`M!A;{mu|@)LAC}jC_r26N Vg0K@ThOm1 zDGc-Fk58==2CHC~6JdAq!#u1P^7G=4ytR%2iMk!=Z%PR1pW!zVVH@4Ik0HFl5aB85 zX3o83j^Fm1b<5mYC38yf=l9PlDk`%5e`|5E-#>e9$=unJzBVg%N9COkr^!xoq?|Uy z!=*C6V)=hQN|N1Gj@i;weCvHtXa?`SekD(Ra~5}mCEBKjtD+4#Re^fk8C4$+MC(Ud zs_WC|-xbIAbEi6d{Ejfbhs!7L7x$X)9*4o6fB5F@4&JlT78hT{_imf<9ra4y1K)={ z`2BF)#T6Q|G~6A*gqWS9;zQkK%5OFXA2% z+}jevowT;NX6VTy!}vZvzCpfH-Z_B#D9l~6x~_2VF7BVkceYsulqDPY0c?Rxb&zR- zmZ=EkX$J1=z*0>@uTAJH*cxC1XEO+t9%?}+U9 zW|bCqnRq&*!cF_<{fV*X^Fz4Lsu=evyJL-~(Kg@WMi=iq@vv@aH@Lf5=1W}1D&fZ6 z5}uAy@JIfy%y$*bGRJTidZ%m?UWTD_ewRNR-|zQnysT5+A*$m>;Wdu;C3t9mu)RWj z^SZlpW0J2-Pa88j=x%p)!zND}eG@PByl3QC-vYdSSCIIfzQ53kGG;?hy|9sew}nuq z0arJ_t$$q#mK8ZQv>6jlKp(av0vWTiP#Wd=oOdarcq~ws(krj`lY& zMPx%q{9b-#^jYcWJiId^`tvyvv^^*E;A?tGTtz?CR)Bka3x3f)1HH)lF7XLRXTjV= z;%3~dxZ+;i?FgD+Eq1B4Cmi!?g=0ld`g~Ppk@w<%Dn9}L** zS-z*rg*Svd-QnM}<#+6N;f|82*iE1Bo*&!Q%kSZPf`ekgil3buS@Cv8d+gSI2in^& z6s>qWeSR$eLJ8Uceaf|M;f&(oIpJQBaL+H><=9b%dz^sJ0$fpcMEE7|0dX!i|HDY^ zecVC+uP+^FFW-iHM-nSRH;#08UWIxZLjG>lkGroxIB|!FGmP~U#1(?30lY{z9dw7L z_Xymd;RumFI0PFn;9Xb34#S%+>l#4n-esQFq4PGHU=YUTO_@wjO z@2C&zeQ#{xPa`uoOWWVUJmT-8UqIj0f%{Ex*9rTH9LVMFSR`_2kGw~SPu>Fp{>RIn zN#shIdWDnah7P^4#QRbP#EY(lsIMc!^;CiItT^JH&%9u7KGQB^N3Qn~-(K)E`3)M` zBpvP?j3pNNfImpxKn6GSM)<6zb4b~7=OFK2vBjUCzC+!`8+u^`caDra2D@zKGxV*I zX4G9e!e>}s%FgmqFEV~$q!M)@m~Sv4oS-{Mn!Wjk1g^+9uIVoUy_M?RVqRUrf(MMxSJ@Ca7k9;KbL#b=TFBSGQbtFOu9S=`|8nO zzh70>6|}Q`rkx#mP2QQpcD5?I z9{1ID;3F%~;NFZMqOG06JsB5+5!i)lZ$CzRgY0dKcyBh^Tb2;(Hlw`_p}vaI-f;KM ziYL+D{0PU<-u@HqZ4m9P1nmuPE2E5geJi0S`WWOxyLcra+uO=ydwW&4w`H&;X=Bb4 z@ee^05(}!&q0Mc=Cr9CX+Oo-A9Q^!?y}57d)xw;?QtL45bFf@!8meb zZ+wWp+KGFaWg9$>C)?op&JSVV3sf6yoBiR8lG|{{&(y^c_F27qg)^|xQA9u2Q3F4V z`#u9P*S)`@QrV!-sW?wp@Wc(3YJ7ax?>GTaHfO4qnRy z?#gr=Lp!5AIXgV4bNod=`1b<{yLa9w96K)2=F!e^k1X0b?+S7;9&xUn_u)>jr56q$ zpR~4V&<)xJ>j`-VkPqAZNj%x+vyor=Q*+QquKr~tG~lf0!^}mN6Fvat>MeU_Wfds3&BegNsbB?~c5U;6I{5O;jj`>-{%!|0`j2bO2TPE?xH z({cA6ZGrki--_Gdg z--GPK7Zo4+mBb+L8EKpS?+19d$j;j^j>wmOrit}U8!Lm~V_hWE3?#O&uMg~ojkUq% zpzq$JYD`5u%g*w`@8mH(X>f1Ws=#j7{fgGLin=Baw%5&ko|>rr_dTY~iK@PP!0W!n zn9pPsmn@Y1jJsnZ{P`l(%_aEr1@8IF)Bj%9Q}kE&9N3wGe&7|6gE~{=saYbYZGp0} z_KBSlX(PK5+nFEkcCUrbN7|NtI0JH4!yn1JisT(M>Ml3lSyT!?>4{?8DQ$yy=C;GX z!G17D;+?tj9;{b?hjG_Jl(Sa)5st+ek2^mTAAzsB;|_g0$FZRC!_VbLd*I)2|B~d( zdzYRPp+K+rd;oPDh)Mf)yt-RhcVG@+ygfp`I4N~W=EE_J2)-e5k8$KzI%zhc{dK9h9~4s-Y=}~^Tzl{)3Dw<-x0YS zpToCsE_oyL!?9>K%gE=bJjWQL+T$rt>>c_&dH>UPqet8~r|#QR_jvKXy~xasvcGSU zcdG3YO&xdeE_*Q*ebp-7yJzmWD#2ne@1a4O;;#Fg^FZSUjTcW3`wO(4T+Hp7dFK`G z+&RI#k%sr)$h+{iPNqL5?Z_a?on!92gKToX0v>sCzM|_E_Z{b89#smxHDLaPd)U<+ zm-o>?NAU%N@c+0I40l@!)V(`^J86Ogw)qD77=%^byn{JJol4)a0Q0-I#dk1g_QbyW zOY-$W&I$108)JWkI|K(s5$|mV-V1xm?polS$NmoCY}`*qyWxGTwRpmwT&}y~oJYFc ze44U!LuS~}s*Z08cRT}gkB3Bd=Wk)>9U>QTe&D^p`?l7JJjCVT&OPD_5iW{*guA0j zc)H((e?5meZimQ6TxrK9jK@8g6Jkz|xC+qt5TAoSBo{OR(1ej^4&p1fI&in2NQ{84 zs&okX!uC)`KD`0TQHHW$4QJ~V>F+`;7x4M^vTdI-BJT(7b~q}J_Bl#f2fdxnqNiVX z-q!gdbocfbd@`p^i3D-2Ixv-QDL9-5p{W_%LWH5Lb!0 zd=>E7h{qh);p^^jcp&#h#QBlV2f7^4=WeZY-oIzAJpX?4!!edM^nsQ(s?mvZH zxoC&xp0<)YN0{~g|MPkdjIQUzxsuw%2;rZY{ar93^#@x4Uh0rzHs~x2 z+qo9@mMiNWPx!qYbLSj%6W8kx8_}MdX*YdSc`vsJ!FTLnJ4d@-NxdSUmE@uI-2fjb z@0>ap4LYo*6VeqH|T_tG3h_5vE z%QAysHQO%RscE}NUnT7r`T$J;{g)TI@7B6+Jz6GKMt?OY()ph1JLxOgZz9iJ-jR%P ztsm8&Ut}a;YL5|W&(h zyJNCT1TcSzZ4QLG6E4|zmSEt%wZ!63wJIQnRwp(>PuoA z;4Jo=EGPJ7gP+I7FFSN3F{t@@U<>{5-yYh+k=Gpk>V93vFxNp*uKwuhIgxqqI=b7^ z%OlZYlmqtA_GgPDv9#ACyxUXWNqyU5RW`jgXx8rZT4uAUJKnp?Hg3Y3-ge#=ZAAF& zC)Qe`T0z2D*RWo~_m&2}b*Az!C>!u9%l;W9A`LOQkM>yBy2cLUU`(NH2>O=kC z7VG(u96O>eLb0x2`(7z?^ac+@w>JzOi2d!ks-0zyJ@eWy9_zrGZO)D=@+t}7?#yYE z+m{#Q1Q7os{Qlm>iF0MLJbMz`gTE5jV9jDN)_n$IM{aEizMc4w*iHW!S@HIS5!QF? z?f1EUc`-PU_?UIhvV>l6qlC+`(K2xA>Sh_#6olinO)`IyIw9~8}A(evg&` zf}E{4MB4xAdy%%|Hw4;`y(;fU-Rf}c?|#>@4{4r=WiN=0Z7Tu?FvgzScIQ)(Xnj$jEi)WxTXcP-ZDBYNI)bt1-4_qE zOxpzT( z)Hu#(cfbeAyClJD4eZegAE@RXcm`@mmZ5)#FHv{O(vIjyu|6hZU49AUjz;dooCBZa zowafOe1hr}5jat@};={4m<*}Rm&%(ePtnJ=*X**ecN zNXI*Z&zQWya}M*DW!3d(D`$SZ6FO9L#$43FWpm%fiQmMTC+sGZWjB1UP^LMCx2;Tb z{u^bI^LbmDWZ#awbC34HE>IrZ+*|df&?Cm3Tz?-2y+q+Z^0bWvfXgZy5S1zO=|SMJ zzK69vwZ48fjx~YBi3`_3kG%g`tq%+&PH>*IIPr(SR(>vV-WJ!7IJrkPM%?yKiIaUY z@@auyt#ON58}YH6w0*hHg0UZUtLN-Z^hev!*J2#OHpDd-@3!AzEOEbru_wuWGp}Ap z;9aq7A0gOK9$+u~d8VPAZJjFZ+QD{$JiHwHK&E4``A*cm)GOpW&GE<4DbTyROS@3t zOT1sNHS9%tZ}g8Ce?V5bUXAgolo{g%&~{?166aWfc|MP}h5b2C2!0l8V)A}!%GwQm zqb{oC9ou?e7Hz`~JBEMy-GTU%Qbse!2+KX(-(YOQcS0y6b%)aSVG*YMlt{4rqfO%8N9AjWqjcdw8BQ zdSRJhleubahPgj{8Oj@px1(=R{wvF@acRFhG|eGAHU2;~}*^<5|18OPCiD9=XdN1k(lzQ@rnW&Oe)(B4;}{#8H3y=Kg}AqVZp zZ)AM_SEwWCeOnvWkugSL9g`2rn5N4Q*`*vO*pA2>vJ7^9g0jJ0Y-QWeHN03CeBVIg zWam-DzaZoDjSNX!!dm_FucKYShPJ&V{c>;YD90@vQ!ATB*$Smyqut5=ZKv#S3gvp) zFJa3VQ@34TuF9&)7Q)vEwskIzBU0L+<-s`^P;eS9E^8pZAaVd?G`?eCs7s4KhWb-fQ#Pv0+hx2Zj}=cLF?bdfeyuwO5Nujx4(nx@F!K=)7D zBswZIT78VM7j$i!!u<$s`tV^HZ_vwAoy4WQz;o`n&dyDTrLM|2{>8bE6&(|tGTtJq zQgdIV_xCxhIdk;dQtREjztiK`Zq1|iUdFBDxAiNO%bV<& z?9LOYQ)IhkId%7#@ddbOR}FP9*5ieq*XE|q%rfIAca5CQxp@@69ddk=Hp07kebSfV z-MX3K{n92`&ue)aT|YgoUyYj9t3JJM7w3{uHN2{y^XKcsGp2Iy^QE7u!Y}=ar>st% zG=AE>bKoAH#)DqapK{h6;f3%9HR|>T_37AIH9U4SJOj8$!%|h)_>jZlxxMFJp)ZXi zp>gE%E(?A6-Q`;jt4Qxo^y@5t&?EY3`<}7a^${5=5u7p`U}|+F6ye{{-=|1 znf7j|;*1*K=B%3w;Z>cSnF6Eay&XHBE_)W42!2`r&rSW?r=-v6KH53>MdWva``A%6 zJu1%cr{g;w>DPQ{Ay>ep&MIv*1ddPHvCOy8KMXr)Rb&`*goPx$Ay?=56YJ z+}8d0N9*49OnA|zWVm*7lDe>~fe)r&E&Oq|eVg23$d@2&&%}xE{fbL72FUa1G`nGN^ zrY}w7Y*^m=n8vwsG4szf&Weh;_h5XNcaE6nBVEkJ%!l$mOoVt2zxwQ+xj(|6)V)w( zHX~OpXJiWg3f}DqyRiaY*W(1dE~x4sJS6?X&5?;6tUcr%qAv87@i-x4A$JIKQ>S;y zJr?P_YcY5)@y)%oSI%bvp zWwvFicSMZWUBle|;Xiasyb`m#2)z6-i(lV0PwcOJWz za3?=bZ8PIdsloglL#J4W_PcRW`jhm($_Blz zFQyMvNMDe%4_U{f)A^i#%RQGqTQPWeS7ax1W}nBIF7Kj@OW!l+Zy2p|8^@}=?fjB% z-m_x35f-a?-zDt{MwjbrnrkBtzX*|K}2j~QL&omowj zio;)XZ^Jp@rSP$4%1_IfcVfVu&zu{Pwn|v=0mC_+3hA`l>BsPAR}JHcygNi3+TzqV zg1Na3S;%;sa_3X58{d?6(r*{Vo=2A4%gP)wH}&)HS~<+4|CWP8_O4r{Ev)ZrGhmln z*i!Jw{wuxaP0OoGzgJKpGSzdK+B z%aXlYP)^9%m*q6wH$GXG>>;cy`KY7#JE(P@5=^iw#xA#^FXp}Rtt(p9A{O;@s@7Ho# z&)N=IEm$9!wjcQ=c8bh?{sp0hJ;Xln$hQ&8cHM4tkhEUmML>5fFVG#)-5%G!RO>Eu zCp}&mJzD$;JXw~RC$tKkj3vJjy<*(Y)_MhvGEUA-{miVV*QS~r&$NtprW$tLKD6KI z_Uum8>As=p8`t@LBeBMWrC%VMV)%aC?GcZ9s?e^Bs^t!L^BB%VC+MTJ9k%2UmZuEUF$7QR-b;Z z@(c2QtL#&}c~yJ$I#5+LNcs2$_Nn_j7XP{+`S@|}?RdA+jO&|Xf=3fAMD<1^x_+qgvTWxKQDO|a$Z57C}I6Dl{1<+ zuqT-l!cV^$n!wm{;^{ZTQ)OMsb!m>IlXfT#dpLCtexF6|cf`26aC0K(&wq|QV=_0a zKB7J({wU*i2>!gM+rLvabu2#p+=ddllRXJvQYT3dvo}2M)2Rxj4e&J#-|{xx$=;W^ zZr29cZ>D5?;FiKP!0N> z`zF@pQTkl|ve#H|eM42;`;A|$k@-Q+`gk|>lsUr>ohbVZ^BCU*ai7L~7CKycbL#(8 z-JD9XCcilKEbwu3m3N4F7hh?8{ZsT79hR|E-V2_(F8sjMXBh|n;3RFAvqaH}tXRj? z{q^WcIKCsdA(8lr=<$`w`-WA_O}+fx*w?i#bKk@JtM~DKEjlgl`IGn9F8WW$*q;<6 z|3KD}xy8hUVj;cTM;{@NDJ#mHR|jB!6z|$IIyx>!JHb+IfzCQBRonp(FEX za|Pim;(defXVS0RwKm+T>F*mnRr8&}lk}6rz>fk?oZmw9OZdV&#aTJvY9L$+uDu_F zt0KUQZ2EGm#Mdl_AB`eA#`+y{zt20fJHt8Sx2RCfkw_F>Oz>{@1#nNHp1Oy}rBV|g zPr=hc-fbPM&aBJwy;R=ijdM=}&YT+dz2IHMT0csEZ;<}qv92pB{r*zr_1vq=rB2v$ zR~f^+3CvaU{(Srg*@tBPL?6^^O391=@S zvAv6TthIjjU2NGfo4M_AJqG79Mu+4shCRdr&M;*@Ka)wXk&|~?^S19|sc!Gii^ag^ zXTloZgoG#3CyESjLd+F|?_3%d{WW|P{pI_G!NZq=^Z7N{la}X`l-)u-yoV?4MF%S` zT{d+FTFdF0tq$Tg0qsP9Qogeh0XXrd@q;Z@l?!H()@qbAB zE|&0q!hZUF6kRF06n^HPgCckGKTg(pBI}wR7vH;7`S|V+PHG+4nPRU$a1c2}`L2UG z=EL?&!ms_HSMUk_H9NxXTHpIFUJx2KOyhh9`jJaHGB0938kK&sopkPx{b zcKrt(eLuc7TrRK%j=8f-M&Z z_)xQZuv*$&d_xSFCL%Pk(6LV89 zd{x>UlRhz3bVH-Y%BD4xNS4M~qDV^2gAZS9wora4LOPuN(V5ypY_& zLHLmi>k|if=jwU(1K;CYgC`%?<0SVDM>H+H7jxF|9uKsh3fzfJk-j!J_0|Lpvo^H} z`JIKgve)W0^?$f6Q2*WVFi&JHcaw8dZ@gs30@fdLmoTtL(j|Xx>dh|Q4(4~EN%Ta& zi=^}39h+PyI`Cn2XBX$u@?Hby(OsOUn=w0e(BL@s$69Z94@m#dga0!QO!LlDkI3K5 zYkdRdGKRt1^FE!=e?NoH(Uz9QK7DVzWoS>;Io&mNeR#GPemnhUeXCqP^4>%{`M&K# z);hAr{9Ppe!+*<@H3nfh@7C`I#CQjiGhY2(fYWWxd5bEe;fUxOW0=0rtBiWy0oEeS zpYB~}eZD~%ImiAaTm|5gccgt>|1}&#>A3`sVVCDCAoB8&@|+ zr`$3&8Y`PpW(_omtpnwKeLjoU8t*fCo=`vk@g`TJLF%Kvw3x@w7Q zovZ2OD}U=M11G%l+HHM{XlwqA+!`gEnL!<&qpWGB@Z0OPaKg(%fpc6G{><0)SZK{d z@1%ua;P4u(^M=1UQq^SF)Lb^>&FmUrqTn8|u?0EG4^`Dbmu z$Stko3x?>p*of1Qu1DJUjOX{4nd$x_Hskd3Nx14Q%o*w{^wm*%6`e(>()~2c>3^@l z1!XH`z9jl#IE6lB?J+pLLSRb-He+m~#7ZZ?U>#>nIVJj2GPLh54$?!rvYr0F18h|4 z@cXYwrrzK;*vo;BS==1ffg6aSG~IUzda_$=J7Sb67e4!Sgl6k5VcJ{`{%r;}bRJke zzF&G=4{65AL?T12Z9IK7`?RI6pRv1K==1BcMGP>o!<_uvs4HLSl5y~^;f$7VzJW$w z25p+KVqj^zeun6ZKnkGM75c=mMHVh@f1{+?_S-%IkL}p(^tle0O$MIv2)@n&ChLyC z)G4A^;Y7j28EPAzdq>`^>^tf-vCODKhM*8yt^Bb&3BT{4s2v)=7!W?~7h8?;co!U; zn`1%`>AIXwfiuUo|AOW#^!f9_*R+a*2z|=2?Ps2&ZqYr5Q<@OEa|qrT@ZFjO6>0)L zCh#Ab!KIu(g*%$+DSOP69bO1cdhYq;8CtY~3GF<5h%D@YinR ze6^ibOZ<$DKY+ZVl-X$G8;S3u>a8};34z$yREuo<|0ceTxWoTrZ21W<7TEk>5vP8& z-o!m@mKAjqPuTeNN?j}YE{^@O>kbm{wfWUbjfoQPxABDx&&;Li`U#o`{(#$i*hOKq z#M_Ar-|}sI9pQpNJVCgazlhEM4&f61M%s7}Vd1BXOIz#s8)fnd*@ya_Y;+3oY?mj$ z#B-tN`z{S7_-^z$@&4_<5BfdW)emEoklZ-g}WgbgU+QyuX4-Cx@56_5Skr789&11@k zGx!sx|BO5fM9-BW>E&UcA1EmCFUkM%*zy_t2zN0;h|V3h<)75RKKxS|arl!j`j=zj z4-k(B;zx*!KAyM|WupGSQtAry+bgp0e@C8v@(q2jW5=(Y1P71)Tq!)Nx8;AS)K&8+ zpD^Vk*V0{%3u==enPRZH_C;#2yGOpNu=(^)@w=i<+c^F4>Qi*DQj71=jPh$U;*2lm zG5m{U=tqS156REyFOiJ?68VP=`1gm#v*4L|Onq4+GU7!UaWR;x9}8cd5udHpXC%qC zH*0x1U-Lf;eGoq<%E~9JgSg1A&hRIzhxjJq6*m6I#E%hQWaG%YNN8%Y@z)qXWqfn_ z|4RHc@iQhrn_=hr1<0?^#xEyNKZgG7QA`~zB%HSSv~P4R@po)|26pdDh@Z6a`NS`P zFJ|LS44>u9ALng6p^@{S#n0`-n6pINZ2nG$SLPEHxA7kke~-9rfA;f)^<(rk`>&N6 zTY+9%{m*_gBmX?CMh4z~gHP6q6Ts(PuyN+YiSJOx#m6gEeun&Zo6pV5WcU+mvhn&f zejOObd{}Wvso{k--^{HksIe-U34 z$fy5JZ}9VTz%sojo!{27x@@UxY+E_$R<#u8l&c?_^;K2(aO2V?b&ac+Eo{ZUs&%T4 zufuzmHLhyLqxK5I#?yK_(K<#psrb*+PL8z~cX7(x*!IY(=9-o-uUxgfZP~-Cm)zCZ zTEBXA+49w^8q01iYi(TBR(6{ydM^;R!l9nsm*8>R6qqzAqi#Rv7L$Vq`6c2H+QM7Z zX<8+#rlrN?PM&PbIG6BuiaYJqOK{TKlu?hLRF42XHvp^j*$AIdg=Es(_G=8bMMb7w^nBzU0fMaL4Z{=Yk zlW)1zkJn=4_Q9rQ&6CS3V&d~$TsF_fcW>=7nytM&TVI8DHR8K=sq+Y}v(tVIg)zQ= z=gGH-|J9{SYM0@c6D%f-^qW^1=hF3!%U6jf?}u07o7wk-E?%Rx%gbh6T%r%-r+bOC z&QIcmb0vQ4+beIK5~xyqgX=11ig#ArW2ft_`LYm4p5W7tsBL)p!)ZhT^mv|M)!c+n zSnUu#?NfG=RDhY_mgW_Ht=f^bcqDIq%uk$B4rIFAKh8Pi}>Nheuk+ zsIlO&R^RodxO0U+B+tg3@+#>UOO_Fnwwcs`Z)p(FPaJgyz}Gtg*V-vX;WN;+%kg$^ z#u-0xhPaA$4%P)w`hc#_AI&T@9B*uKSq?X%(&_UXzb08ma={cK#P4;QER9DGb)pI_ z%?nqoc4LWVt3JlRr+GzFO$$C_&FBD1JGy8^zhn_JdN#M=B)N6v3dRqUz}SWx^0r4- z+qkQ1rgjfszpDAcW*og{j$KAaEPFK~X)>dr!NTywpea3Lh4caqAZbI8r<3bfE??1h zhw(bBL1(U9`OxxaJ;>=e>IdtXD`eOknlfuO=Dl0c^?)KtcglczxV6oaF~3=lFFN1S zlVyOg*v z>z12bxSDmD3pe1K#)Z3iGtY&4S)19gEQVa!P@(THHdNvJiw)HVU>37(b7fgCI(kBf z1K|O`UEzGcUEy+{ws72US9l(4KZ`RAe&_Ee+!BCcy*Amw^!sfIpYq!hKJUY`+)UFJ zp$?n}FKOiiKc_Ose`KF4T^L^!Jk>_w`(RNo? zRy2?vpdsrt{uC??a?W|14a+BX&Mz0|bE?v&Uxq9k%wc%vRD2r zQ1*PF>;=ExtFH0kue#ZXzbfX#Uxh3jf389nuI*R-VW8{}0%hL`ltu1$S~{;9@cC0f zTO6JO&O;o{1v`B_;tSU4=ck~-!GG$okN;E0upDCXi~kun7G1s1*SArHzCY$sCB6^l zQMA$dY#vqT`*<6**!S5vY8ykY#Xo9~-;WB*{kp_2tgE;1xbIWB@RaYjvJgJpYw>&< zxi4~IWS0)tD)j}IzCfw_Z1|cMrM~FG2RZ6>Vd}cyh0g}U)b)T(|4e~W4KCcIRHF;S z&vbaB-`76V8%RInhl}8$)72vQ=E@eqt91I_Kze^5{EmZ33PurNoKAtfre0s(V_&7_Dott+`S_A2{-RWe>8DG|8 zb9igt(jdNC9gO&1eZ-~j^YM)B4}{U5hb+uE@Hn1~EB0Z=LC;qlOiLi#9SGCLGz|FD zVd!+>@%e#pMIgM%r*k|!al9=>4;{}-Td}@vX()wzAES9thKRH+D^c9ygDa z(JqIl4Ei0OGWg?oRfa5Fcw)lGGjYG)r^@3#O!;CTXZcR@_xO5v>wA8>`0R9b z-G&^~;Zy#)>$Z3NbimUxiWLRI)hg}JUVKtHJTds64hQP3gie=USsw`Z`Z%Y8-|5d( zc<#oHsf&F0sfPmL(}C~>KU`H32q%2LRl(a9%g-v>=yb0-hp%~TdUd&9wmML6^&WS zQe6(dEdUP+Dii?nNRNkKBnwI&C^MMtW@+x+0b~xd(~7W76eLIV;D6?m@DvO<3+gvRiHV0^uGLE~cLBGbTJH z$`!DsVGQ_&RhV?SuO0>+LXX^i46}IT-ecHSlP-50!zd##a-Wf7@yK09j>RMQ7&#V? z++pNwH1KkNk#pRH<*p*P$b{uyA{ShOQ|=&g>us3)TuX!8J>;&p=?#SU*l^E(!N;3* z@Am(dKey@7ntmcSq!o&A+{Ewe=KX|D!qP`Q{sb^&i$A?)6tC~kHE@P${(_D z?_zu`+$3P6jC4RA4Y$OE_5Y4O`Gi2=%1vJUHhyn3Vg0}4$={v!*W!yWMmGC3g!#|m zn?Y2VIvH@F1T*_eh=c$gizaqI1xdoO%M6@i&@3!6)T% z`Lnzuq~^B(2WwR z_z(DBTTGwep%?L#;IeW=Wv%(%v}1Po4`E==XFK^01S#-MhS+jB&pYVaw%8_YiXCm_ zJ0I-KtowUx?qX|3>{G>nzc+PTU#u5pXluK+qqa*W-;Nu;ziCIYtG1g@%If6L8x7Od?0Y5%uTcD}(&ynsz3W8Xtw$nlcD`mjCm zAhyIPpInB$o^N8m4I6^;4Z}KQhz*W>v9*B>jsom&6s~(q+Y#41O@1>LhY!B}z{fNl zrP{9Ht9A@#E)QuXh%FQcG~zZFsI}CncDV^(34ni{DUQToR5p0 zLcXIdAODmJCI6i7nU9{UhxSrz>Beh%@OiWZJw&D*xxaf38?2#@+`FHHPidQZ$v4l} z3#`;3wxhbfz$&EYbbYetgM!3z{GB{b92*tM)NczC>)+P)+K_Ai#BT-UicR8xTo|vPiLjG&A#U6CO=oR+-YmYX1rHQBchL<|A=efS~+3=n;9nNl~(W82? z=WP9|WoOV)N?(eKEw3Tz_^-%FOXrK-j2ga$s*GY&{dVa?Ufk&*^6u7pKUyvBc;KG) zj>@_1x5t6OpNiND=Ue^ZmE-tk4*Md)r>;4?qz3)i8_4O%n%SOsr%LL%0)0)0{KfVZ z_8TrcFj`$M`dG=gE+U(bu^)(!r{Pb(q;e%q8&PLpxeIGr=2D#|4d^4nd z{?Sei!*@lFSA2gn8~t$hmX(!ry>3UB>P60l&~p$S+bc8+ueAo;+3{^2HnAu09nhcaF^q4c;cs^JS!0(??8jHe`8Ia6>O{AP z5zk@w5|#c)T~TA#X7HQnRy%FkACQN(lLGw}@_i5A5tRx|7j`YXUkFVVpK|E-71qW> zG2gQ1#He$_^^B*$$6i$5>pqGtaK;7r^nGxb(^fssBI~rDxTCvNwb;nvd-a&uqoBTd z@}0T(rh;#E*pb?Vtx62dV~a&-!M6zZV<`N|_rJ-y_z2$<$Dp}R>;(zk;1W9`rz|dw zUu+4uy2#rnJWu@5_;zi79=<2Ob)&NhFE;w~k$I}4>5JkYh3_l}FQ6~dA6mO^#6J8? z?7-)W4TgApbJ*I4$5z1R8%d91AHEj*VsY%W6{GLWlhU4!S#{5K)Xsj6Z(KcWM88kI z&J(|69a;R%nb97|fA6!%o4WF-D<@Ew*pA;r-;%oIJ7oOD4C=m!ow~;uFA_()Jna`o z<`wJ!9-`km+iOafy9rt%_0PqQL;ts8Vgun!_Y2|i*eA&0dqwS2jydvp$JiMKqlYuD z=FBPBOqpc2hTY#0F@DsZc#(d}H^B>Y@WVQ%u0Hw3%yxn6nDbj~PiR^D>$}Z-b1C-punn~yA6zdD8x;SE*x;xmj*SFwAAS$tU;UB_)$CT)(mzE%Wjqi+ z8J#a`eUkYuk2J>eR4VoiKAV!Fn*;aTe*IqjN$+G;FQ;+fxvLZWyF)R-BRB+C@6k}X z^mlYmd>@2KTNZnhKD{1$`39F8BYLqRRh~RDr=aGC-k}T}lLI(H;AjCyo{!_hzp?Zz z2FGN<5r58WbM~N|Y>;`nosPbYc4F^Kw=>Vs_TeLfw`MJ}g7@_I3(k)nyerqdTboir z-qB9%oQ0-ZzRi_Fs@#KvoO^HGqm0hE}D8%z34?Zbyb+U2Db`dgnz7h5>(pUA;x!kIRHusKjyk(6^ZitMBg$~n1-&x9OX&e-qSJ$UX} z;HXn&l)aS90&@T0)0Vel%V7`x<`(dqhyM4<{3zoWdf$X?oVfG>*83-AO~U+gT;|AU zXNGPS+c?rEI|`Z4UoEd+@Ooq#eLp|eU~H&i`}sKj`i@s&FH(QIiwzFO0WWqm^uFlC z+|&oVsK?trU7e)OV$XXR{Y&gk)uqyW4+q`TYBEbX7LHVe(vSwPBD%c z`_SjH8oo>Gr?hS3 ztQXqdI>gr3DKH|R#K5l$I>bl7nEK~BuBq340vJoR--6^DbK4pF&sqH4ns$6PINQHM z3xDNXJieEn^LOoAnD08Oe=UArj*ET*-!Jx~gYZH(b%)41F1({Hd2>_0y>H}e>BD~zvId1W$Z{wZs9d{t8~<5B8@NlTr7 z_RY|(Rl`(v@{PYN*z&w8XP=|L5r>vj$( zv8D!2bS?QJd!uIdf=#cPzJo0?%D1gMs_{k9sbC*GB>P3`F?~?#SgY!6A3QXq51PDE z>N#|YI2n(U!Yk_Ag=|$o1cj&#*4} zYufbSYeHw1?0bYC=vxW8ufLn8-B+_N&f4T@Ta$On_xO4pJyTs^tQ+VUKKr@E9d!`IwBE>^y9 zcJ_W5Gw5H}NI7Jozwy_4)QL~J>C`#)8g1Vi`}6}suhB8qY3m063_Y%dyewT6R8`#6NdS&SKw&8>70=&Pv zYl#}z1>VHDyPr!QpI?Aqz{{}VRf?^-VcQ>|ugB@@4`^E(5q={J>t4hMZa7>S_tf_5 zRQSLHDht?Lv4MGDdWgOq9nkV>nhTDk+sn{>@QzSf1%z@ zFXKz>2iRo5=kn&^oHxDBoN`g;7k1r`kFl3j{-$@a;hc;8=Gm%f!*p+t9yj{DBIFs3 zJ>#w4K242}t--EIr<&J&)Y~KVBG-uUwqx4gmtl)Flvwk2f%RppIPa1}eGNlfJ=xPf z`+de5{Gp1hg@4H-Zx?jTe)pe5cf`IJwu!vN&R=8S0o{Xle%q9+iDkX5eYi;3#P@!k z_OpVXM5%Xxa+fh)jM4d=!E7Q;aG)c4AE^2BYsPWm&2UxJ`7*!wyxsH$Ji5p}=UT>* z`{CKU*j&mbZ#MqNu=P$}K6wS?6|&A2Ti<7eAMm1-@Bn)Fd$P|#@4Cf4n#?`)y+j}W z($;;C`2rhdVwVkCN;-;vT_$~TLpW5LU=O-*++R+s>R?{$=Ck&lvd+*pXJ~79`;DQA{7sNH(*I8Yht0TDKQ!DRKF`@>ZA`+4>P~d~ z&)BmtHfz1HHmtP`5OX$?y?rWsTJ)#tT6JUR85QXq&^lDnRm7UO?{pbD6hnt9(4lH{ zC=N_MFa_inb}jy>4s}fXb;08=sT(S9RW~L#9FqN+N}nFs6m^s~g{beQ3h2>%&p}VDCS`FaD@xZ4=(IUC(DXGrrbI-;#M7U8@rw zCcdJ_`vv3w0DVfToTpw;ZJhJvZJ(*ys53tC50EA2wQK(BN9O!)2 z{Ut2=hdsWDMlORD(w~wW_RBb4t8wg9MQI#KZ@s`-do0CLR^oa*!G`e$h9G(y z)%=j(FnqZg+e@dVZdpG|IkE3&X<)7i-yFcRU)JAGycxP3Tw=?vN!C@e&Z+8^`Q_p! ze57hS`S79|{A&AXHSOu=m0XfKT3XN@v6)hxLE{2_{wU|HmUifhSMAb%Zuf~SuvggK zG41Sg9S^)+@WkWFW8BPII5u9EJR;|qbM-io+#xzLa3hAn@2u}vy z=^Cx#W-O#n(0<(~b`Kn9j2tI@06d2ck3thPuCt6Am&Ua%+4CxPfi8+4Db9vNf7ro3 znZElzeU~-<;LGb~DYfl+btv)b)B^U($CBTQ$FT``5?i^4oF6+mXN$dyKTG=cf?wiy z{hR7)V7A>J=k2iXhu2Fb<+*6HnO7c7A%q#!u9EA-huK~FX zXP$Cv<0nLB*hed6ejYPke2?$&B2r)ToRFLe>?QqX@P^ST{K|w%9+`#hthHW#^BnOv zmg?rLrl`6%q885ah9@5{K|iqbY|2C^bEpg2C=+GeJwur&WflbTw^^JK@(+_QXLc2z zfHMo6O%|v4Iq#;7jA!Z+Wr}Q@hI1ZXE_KpAY#yQq(Dc<=aal9eHO`6C&cS}6tn|G>3 z{9@y3u$^*$Q>U`ulXV99g}{!nuzA2pyUr|l7ab9siAPeWs?p7bWApX7M#q@Cvc$Vn z3li@d9ia~#()%=7zXtl3?3J+nC%!ANhv(%}=ONlO+3A38lk^M5PxdOsa;9^8Jc2Kp zdT2@&i0>fXf*rt4jsbu3xQUapGyaC*2PIre2)k3=MH$JEkHnaoZ7<1FfK5%`YkIqaK% zQh+}T%7<8!rnb_5=?VC9NVX2qqRuJsl*Q2V8=Yu z-Yoo)sP|;dtC2ky@^Sf9{rcRmAd@D)J(2fij1>8c9#|b%20dBmV!6--FN+rwA$<1Aaha8&cRc4EE%`GrM|b_Q+udCEOzL) zPwBy?>E4cO89VQfb~CoUf%iS#xgf>{30Oj(SnC2`(_q zF;7`J)W;gsT8B5$#F;AXq^`Z_mdD;bhrx&MmFLwa z!4;sjSK1+bXWg|`%Jjaa_DP#MpI3XOol?GxJ(u*On*HoAj)u3wo12`Bq%5>O760Mj z3Bt1eNYe>F7l@8Yo#=B&pG_mTU8B`jeKw8mh^!b(3p&Pe4o@5$S%O3CM;iI3_D$S5 zcyG_XE|So?0*ddRsYdfmm{ z684SZ$Nn^bdQ&}uhc+KfX1~y$Sa&1i#@j#Dyz5PMa=)`*&f(U)_@nkUzx)f?hwFWa z#oqv5s^QD<48F*`sbn0cJt9kK??xF95--jvNOqTV*UNl9Jv_E*dMGY_SULALK6dam zbbFMs`EjvH%3Txbf}62-tgdsdS3#KuIVYELHgAN@E0lE|x_l4%BJUD#p1?Ua?UOqz z*JkF#^P(@ZpOy1IgX3*8_To3I3tGj8M!fHLht|Eu*uoejI1(Md)jBWz2K`$APt*N{ zww@IHl@E9g^!2Os+9axS8plSw^mw*b6(Z9w*3j=Or+MF(`LE{4@0NjQA~pj>XY6?S zTRUFLS}u>Xaqf&V$E>~&4#HRbGJKE_K1%Q8Qn zu@6XXjD1-}w!Nl)y6GF-r}d`Ri4Muyfw=fRaB#tZzwP7D>9 zzQh`TVtBmh_jZ0ad@ej*aL~7Nkz>#8)U|L9dzrEDWOjX-jN@`YAbXih;FWV`gJ&XZ z^bPdABixNM#|iFT6U8S(MAht8#jyr`S5W;C96hPy@Ss}SCF@wmuoBtl$@vK5L!N{0 zf)~hqo4Z4!4L8#sIqNq2WNC|`At!!BpJ!zY4PBoDZyh#q*Lp(NFiBhYn{d(B1~IOJ z&yBC8`h~udr(a=R)Jwgc$eOcU;rs2;PL+H{#>=eIEw6+kl+Tg!z^oFwp7@`k+Xc>? z3Fe*<8C1Ozim&?(KCRKc*zYsOr#OG*6A^5nW^GHVVNbKZhE6-KF?G@I;F^swv_i@W ze&##vnn`kNUp$qW z9`6}ELHglG=D>%wgJ-492R!bNn5UrSbk{`B_(5Vl%Gtr8%@afH^DfF9BkR-41mC(1 zcJ5pu>zuIImd(c}3VtBeymi0voL}5{=PTBy<4VtrO9p;Fb;!Fg`S4%klm7Ojw~P$% zdpdd{lnp?E+{#v+fnIP2V5wP$$9FdhZ)K)$7n-&h&DU zZ!j<4$Jp?V-xgHyjtabqRyCOS%c_udRg}Ltl2} zp>y@I&bV^CyLa}trZMlw?p>~bEAHK(f2%uUZx@grue>oez;Ah35np|><`w_rQ^8$z zmM>M#s?b#0&v8%Ky|Xm&J9^%YPW%pMqu_KT~Iqz0x=V%(lQx4q^&_&wXK+qtPyd=qRqBy&!! z$cwSo$g1Rr1#*5ypKeQ@+y5NAQX48&=-yQ4b;;D+cEY^3z+R7VRZ4}|{Op5*j@Xk0 zYf7GIU-K*0aQ)!ry*yd_7<sk4_&+{Z9A?zkc_lZsqmTAGB<4 zM$f;EY?Aj}9w@%J^O*?-+LE5>?Q~A1`H=^^jvm*z6B%Swu6g;SBf1MC` z8MCOr^@qqb{$y&K&?3AR{Um&zwks*8$7I%NjFYmj&0_4kS#(wO6Pxk}S=+6z)a#hk zd#1gqcPgWyjj_(qM&TEIK;CaM@1U(!)m@)c1MuyF%;WIdBVT-a{Xt*9*aYWr>rCysNh5H=3pf)>dL8yV&Ki-r@c*)xT@B^}XGf zV!Tm3%vHm|-%7j0r`gTO;%3q#%!A<#x!&FMD;Zm4%`5juO;RStJ`mc5v%W0qZB)ez zmh1b>wX)`rJn=aq?PY&h!al6T-jP=Dt{(TJscP!HN!An88797QJ9;m7A%yqvtB6Z@ z8+xo5UrVJ8_!ek1ZQwo@8g%`-o`z7ygp<{09 zr>|SRJ+%uyY+C6>;W_fv_-+zDch#^KAFT=*yGuL9*4GQqWz8k{1z-2~y}P01h{dy! zeRwG}grGs87wBIaS2=r4IZIKDFWX|j@uETt@2NzD7AF_v9X$Xowj8qX%DXKX1hxnp+wNzK=_+;R4s zeWL7@1^?XCsZZIwGtikM^z%+pmb~96?G_%yxMPd;nl+Nt#k!$ibhxJX-;U|^*zCOg z`0l{kjyB7?voe;tF^9Du>nPSn(TKV?#d=q-!&KC*osgZJbBu(aV=AMUdj}?l)4D~S zaYO4*w_94vp-0Xm!zTUoPi=Z3X`ZAxo^a>3(XE-{eeds~j$G;(4_`OQxJ144I)9(@ z4$9bd@o0^!mpikSGH<`%>gsVg8Gjga+`1jpt~*n8@O^>Em;GW+eC_-1I2tH_+KzRy zFSsCk0`yM5UrHO)Cf>Dicv-g=brO%EOLAW>caw70V}A8m@{aK_t>Rs?<<4qw?<0H; z0&goEZimnMz%CYi;)gYeQ`VG{CU`~O(0+#U`W*!O&H?Xosv=~{y=Lkj*6D@N$hoLq zOXutwtJ3$px^1!_k-P@xclMO)@6aGJu;)9aoQaem-^-aZ#UJq}z2hOW z--`|$=C_yn&9@@Ec&CN)Q}nAipkFfQDg9nvU+O&fF2lKFIj4Oqp%dEoAa`|_(7R)@ zR;Y~gcb#fy9qPpon=!1ExtIAaC3QSK$Qhd9$+m@egQcc?YT9bOvnQ)`kOQXwHN8464KKS7BrNV^O z8S$mj#@3+KGQxtrtmG_PCMDesOzw)D>Oj4Wm45geZz>B&QBNqxhYM1 zLKjR~C1nf6e*QDwYV8#uVCx?}3rB4o>s4*0uYu57gBYZrAE{nD^ZFZB7|<48WXgpP zgTGzcbScj@;txi9%E7^bZCISLTTR*Fn<#tU`?$ihvhWe`^&uFnY|(}AX-hYUrAAkR zK1xEkz|a+&N*8lfm1E%Z@`2x`<@O)(FJjE?UllTXU_CX6`<)?9aiZW~X7H$Q>G{HVCud!YqbP?OVh6S*Q*A1v&K}fN}B{UpgOy zCyPF(A6~HgSeUqlS^qIG$RexB!gO8==I*rCX(;+zmX*JfF-MPw{?JJ~(?h3>A6fkt zchA2AYr)b#o(ugKeF@~+^3f0j1L3Rqi}H8Q#z&JZI@M|8w-E0p-fiP`^g$VGPTKf= z#Lp66Z{v@k!@{>-8~-l)5g~re#t#xdPW*(8|E=Yl^DXce@%PAgz6t(CsceBSH}FDR zw&=h%8!zN2caw~9Ha=OYoO93+vGLC_Jc?com^dN(gsF&fU$N0B%pl2IOZ+T;tjGTv&dIJK5@F;@}G1=wL)>#K&dC#fE`?Z2pXlczs6vfsFWy zjCe;z{E3YC_Kf)VGvfG`Fps4Neh!KMI3xaMM*M$g#6K7s4`*k@Ka~*|8xi_3^@l6c zaTEwHvs*P!zKNq>L*idh>N51#d(YSo4?mdB*MTto!#o!MH#6cHw(!Fl{0aYA2K>wE zxS>aMT|XB8+o;-U zroKpHM*d?N@!!jc_om}I5c!jI+~EIfr3w}xhr<>>{mVS2y%FiF`myc#*K}M5A{Wzf zjW5fsO_hPqx*;Rq?;i%fCL@1gMto^T9C;T)+VD+=-mHxFX8H0q_!6AW}ZzY3eHdl;_ruSCfi zi|1$L-3kD^HY5J08Sz&#;u-wN&d`T!Umpzq^BLs_ zhsKAc$5g|wVNs@{gTTx)?H7AL=CS#AU}IJi7TNp^ehg#0oV1Ai#WtVuagyM3adJ6WQ}V*jnS;QV`P{DLMcmbS`1X^L-`9h2S0$H1h?%3{X5X48^+Vrsu^ zDYmuST34-XEt?cm#!NQmtM6L<@e@mbYJ8g>VTu8t%gHPIRN-T)GEMtM(HfoAm){IU6`OSDBu$bo4yp<1& zYk^5q@XXM*a_Pzz-CB28VIuCt!oi5B!+e{1;gCCv8Ta@KCGte)YaFcw5LBl@I8g;PV?HX1mkXX{Q3(7P+w) zUcY?lL&61mg?P>g*!8c)g#Tl$Vq1UGl(YeU-><{WWsOUhH7Bzcn$J>kQQ)hKGeB>tm11;pH+zLh;+|!zmalk7hYhQh)r|V)=2cR= z?>Is$u>42woz;#~tw6-{S2x=8##u|3+K`1&Ggq#7)Y6ZC7f~dj>+iV-9TaySjZIC< zSA5wGfI%AlZZJ9MRe}L2m{1pKqm-djFj>{(a)YT1#wgf8A6=mg zFKDoiF>BpJr&zvng)W(vBi zj%meE-w{iE#}uxV)VUfObs3)>fh4`uSm4{?SL~-pXX{i9w-T1UzdY@}T}`zOQ+&fs zvYZExabeary6g?){mhn?@EO0XSI+UPg_nJD+8@EMcUYs@a0EIWeK$*vQF07y}m56U-t22BWs6e*dZTJ z4tf={e8_=*XQw*%D}LEr*3+(R?hga$e;!Ex*FZY!dj~(f*0&cue7+AeoHctIhITpq z8UBX>m>&dS0&N-o6F>d3kv{xoR|nE>4W!Qqq)S_@d@p-6kS=w(bZMiNdmg-XHmmbC z`nsLhnEyjXuuVl z#d$?Sso5?J{c~Ixc;`FdO6Z(t)5X5+T`mmGpLOBmzK?*b;(i;iY6^t+ur0IjR~_@) zeii!fXt?UU-+v2weV+ma&~uM1TkubuXNY`x3eZ*VVD$4T{&&6xu7+0&E&SDWJ`Gnx z&*xqG#sGYe?_c2Rci4_vm{BFZPk~W!mG&tx3O+mk0;Bf({sl%2_wAM*V#Tob_anQgx8ifFqV2a5LiehrF_`F;(G z&Z@Kx?Q5yG*tYlDc9r&baBVklSGaWK;`+{Y;CH?}uA@&md(qdy=QPYorM_g#UJv|I z7cS*?*@eN`Y{OB~A9UebA0~<{+;}(|SvdKM-C;+=XzFr$dqYDY-0AD59P2K&_-~|L zj?Nno`t;ujPnKDj;ygdS7@V$baezO?@Z8Z*-0#~DFTUXG^G%bj91nqSs+FUJ>v?0; z)^!v8^dT2M=GzIs>6CBB`{tN0qnn|}^}Cw~d^}?cd^}^8DYe4l9J5XNz5@>XcEU@b z;j0!#Z2LQ$vonDpg@#!g}E;m+8gq}xj*@+dto=k)`H@;2mRqAUF=Dc6F99?oc zQ=SNf_p$V{@a3nJ`nnBID&}o;7jE~*#z`Cfab^_M=lPUHe%UF=+SN5>k8f*z%4vTtu88bi)CV+zK3wkrjxI#ZJ2x&w_);Ctqqf}>P-04LjOFQPQI$QVe-WhDlSMCS3GB z;q^A1G}Ud>1?NVaPMX?e!q-+4-fGiHll_9GpET8D!=$NR8zxQdG2tk`YOhU~@ID(R zP3^Z~($ql{zM+orArro79^u0_+(NkDhM`>@v*8PbkDKt#IfPHxa30~4He5*flns{? zK5fHogwL38x!^A{VM1x$5S?-|()Y0421eh(TH5se>-#1>be3cIViOKG5w163xpVc_ z+c5Ncw(W99?O8hIo;5^u!rN?VQ-KZB#!!g~%iU^dfeFjKYN*?U<&G=VZ^Gt&$%OMy zv3@BwVYvqiFE-%^rE9`Fp+W8yBJf4Ra>gE!x(QE$#t3m8UPRdP zQ_jt0|03yfW}X$b;U>bhHVjPGG82|_@+?b(oQY>0GwGa%m#u#6VVoZF+qTO5E_0z( z%`J^(ZO!d%s*G)QqbmCn$0lVub(J-KZ+@lhq_RnhGvS9H<^;?FHRJYmRpZ0WG~z$= zL;?2rv+F_`FDl*-Ac)xTXZV$H+{EwN$Xyd{)VABDyyU^(OxyRjAYZL({OHHwDCjK3`Y9DUOW3vSjI z^4u!-VzoMG{*yfUyUYHTo8((x<5w0#?s0HmBtgQKzS{`OzBK(f`aVyJgySaXzGD=F zhnhaQ`;k21UjP>|RSmA31_F{-%%8xagZd8M@{X9A1z&PzNXR~dN1iMA3&1U|Cmz%h H4fp>5EC5;c literal 0 HcmV?d00001 diff --git a/source/libwolfssl/ocsp.h b/source/libwolfssl/ocsp.h new file mode 100644 index 00000000..fd0e49d4 --- /dev/null +++ b/source/libwolfssl/ocsp.h @@ -0,0 +1,133 @@ +/* ocsp.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* wolfSSL OCSP API */ + +#ifndef WOLFSSL_OCSP_H +#define WOLFSSL_OCSP_H + +#ifdef HAVE_OCSP + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; + +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\ + defined(WOLFSSL_HAPROXY) +typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; + +typedef struct OcspRequest WOLFSSL_OCSP_CERTID; + +typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ; + +typedef struct OcspRequest WOLFSSL_OCSP_REQUEST; +#endif + +WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); +WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); + +WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, + WOLFSSL_BUFFER_INFO* responseBuffer); +WOLFSSL_LOCAL int CheckCertOCSP_ex(WOLFSSL_OCSP*, DecodedCert*, + WOLFSSL_BUFFER_INFO* responseBuffer, WOLFSSL* ssl); +WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, + OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer); +WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, + WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status, + OcspEntry *entry, OcspRequest *ocspRequest); + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_APACHE_HTTPD) + + WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, + WOLFSSL_OCSP_CERTID *id, int *status, int *reason, + WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, + WOLFSSL_ASN1_TIME **nextupd); +WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s); +WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd, + WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec); + +WOLFSSL_API void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId); +WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( + const WOLFSSL_EVP_MD *dgst, const WOLFSSL_X509 *subject, + const WOLFSSL_X509 *issuer); + +WOLFSSL_API void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse); +WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, + WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags); + +WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response); +WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, + OcspResponse** response); +WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, + const unsigned char** data, int len); +WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response, + unsigned char** data); +WOLFSSL_API int wolfSSL_OCSP_response_status(OcspResponse *response); +WOLFSSL_API const char *wolfSSL_OCSP_response_status_str(long s); +WOLFSSL_API WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic( + OcspResponse* response); + +WOLFSSL_API OcspRequest* wolfSSL_OCSP_REQUEST_new(void); +WOLFSSL_API void wolfSSL_OCSP_REQUEST_free(OcspRequest* request); +WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, + unsigned char** data); +WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, + WOLFSSL_OCSP_CERTID *cid); +WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*); +WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, + WOLFSSL_OCSP_REQUEST *req); + +#endif +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, + WOLFSSL_X509_EXTENSION* ext, int idx); +WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status, + WOLFSSL_OCSP_BASICRESP* bs); +WOLFSSL_API const char* wolfSSL_OCSP_crl_reason_str(long s); + +WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING**, + WOLFSSL_ASN1_OBJECT**, WOLFSSL_ASN1_STRING**, + WOLFSSL_ASN1_INTEGER**, WOLFSSL_OCSP_CERTID*); + +WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, + unsigned char* val, int sz); +WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req, + WOLFSSL_OCSP_BASICRESP* bs); +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* HAVE_OCSP */ +#endif /* WOLFSSL_OCSP_H */ + + diff --git a/source/libwolfssl/openssl/aes.h b/source/libwolfssl/openssl/aes.h new file mode 100644 index 00000000..31cc7d26 --- /dev/null +++ b/source/libwolfssl/openssl/aes.h @@ -0,0 +1,111 @@ +/* aes.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* aes.h defines mini des openssl compatibility layer + * + */ + + +#ifndef WOLFSSL_AES_H_ +#define WOLFSSL_AES_H_ + +#include + +#ifndef NO_AES +#include /* for size_t */ + +#ifdef __cplusplus + extern "C" { +#endif + +/* This structure wrapper is done because there is no aes_new function with + * OpenSSL compatibility layer. This makes code working with an AES structure + * to need the size of the structure. */ +typedef struct WOLFSSL_AES_KEY { + /* aligned and big enough for Aes from wolfssl/wolfcrypt/aes.h */ + ALIGN16 void* holder[(376 + WC_ASYNC_DEV_SIZE)/ sizeof(void*)]; + #ifdef GCM_TABLE + /* key-based fast multiplication table. */ + ALIGN16 void* M0[4096 / sizeof(void*)]; + #endif /* GCM_TABLE */ + #if defined(WOLFSSL_DEVCRYPTO) && \ + (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) + /* large enough for additional devcrypto information */ + void* devKey[288 / sizeof(void*)]; + #endif + #ifdef WOLFSSL_AFALG + void* afalg_holder[288 / sizeof(void*)]; + #endif + #ifdef HAVE_PKCS11 + void* pkcs11_holder[(AES_MAX_ID_LEN + sizeof(int)) / sizeof(void*)]; + #endif + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + void* async_holder[128 / sizeof(void*)]; + #endif +} WOLFSSL_AES_KEY; +typedef WOLFSSL_AES_KEY AES_KEY; + +WOLFSSL_API int wolfSSL_AES_set_encrypt_key + (const unsigned char *, const int bits, AES_KEY *); +WOLFSSL_API int wolfSSL_AES_set_decrypt_key + (const unsigned char *, const int bits, AES_KEY *); +WOLFSSL_API void wolfSSL_AES_cbc_encrypt + (const unsigned char *in, unsigned char* out, size_t len, + AES_KEY *key, unsigned char* iv, const int enc); +WOLFSSL_API void wolfSSL_AES_ecb_encrypt + (const unsigned char *in, unsigned char* out, + AES_KEY *key, const int enc); +WOLFSSL_API void wolfSSL_AES_cfb128_encrypt + (const unsigned char *in, unsigned char* out, size_t len, + AES_KEY *key, unsigned char* iv, int* num, const int enc); + +#define AES_cbc_encrypt wolfSSL_AES_cbc_encrypt +#define AES_ecb_encrypt wolfSSL_AES_ecb_encrypt +#define AES_cfb128_encrypt wolfSSL_AES_cfb128_encrypt +#define AES_set_encrypt_key wolfSSL_AES_set_encrypt_key +#define AES_set_decrypt_key wolfSSL_AES_set_decrypt_key + +#ifdef WOLFSSL_AES_DIRECT +WOLFSSL_API void wolfSSL_AES_encrypt + (const unsigned char* input, unsigned char* output, AES_KEY *); +WOLFSSL_API void wolfSSL_AES_decrypt + (const unsigned char* input, unsigned char* output, AES_KEY *); + +#define AES_encrypt wolfSSL_AES_encrypt +#define AES_decrypt wolfSSL_AES_decrypt +#endif /* HAVE_AES_DIRECT */ + +#ifndef AES_ENCRYPT +#define AES_ENCRYPT AES_ENCRYPTION +#endif +#ifndef AES_DECRYPT +#define AES_DECRYPT AES_DECRYPTION +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_AES */ + +#endif /* WOLFSSL_AES_H_ */ diff --git a/source/libwolfssl/openssl/asn1.h b/source/libwolfssl/openssl/asn1.h new file mode 100644 index 00000000..2627fc77 --- /dev/null +++ b/source/libwolfssl/openssl/asn1.h @@ -0,0 +1,84 @@ +/* asn1.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* asn1.h for openssl */ + +#ifndef WOLFSSL_ASN1_H_ +#define WOLFSSL_ASN1_H_ + +#include + +#define ASN1_STRING_new wolfSSL_ASN1_STRING_new +#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new +#define ASN1_STRING_type wolfSSL_ASN1_STRING_type +#define ASN1_STRING_set wolfSSL_ASN1_STRING_set +#define ASN1_STRING_free wolfSSL_ASN1_STRING_free + +#define V_ASN1_INTEGER 0x02 +#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ +#define V_ASN1_NEG 0x100 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* Type for ASN1_print_ex */ +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 +# define ASN1_STRFLGS_ESC_QUOTE 8 +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 +# define ASN1_STRFLGS_SHOW_TYPE 0x40 +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 +# define ASN1_STRFLGS_DUMP_DER 0x200 +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +#define MBSTRING_UTF8 0x1000 +#define MBSTRING_ASC 0x1001 +#define MBSTRING_BMP 0x1002 +#define MBSTRING_UNIV 0x1004 + +#define ASN1_UTCTIME_print wolfSSL_ASN1_UTCTIME_print +#define ASN1_TIME_check wolfSSL_ASN1_TIME_check +#define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff +#define ASN1_TIME_set wolfSSL_ASN1_TIME_set + +#define V_ASN1_UTCTIME 23 +#define V_ASN1_GENERALIZEDTIME 24 + +#define ASN1_STRING_FLAG_BITS_LEFT 0x008 +#define ASN1_STRING_FLAG_NDEF 0x010 +#define ASN1_STRING_FLAG_CONT 0x020 +#define ASN1_STRING_FLAG_MSTRING 0x040 +#define ASN1_STRING_FLAG_EMBED 0x080 + + +WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( + const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*); +#define BN_to_ASN1_INTEGER wolfSSL_BN_to_ASN1_INTEGER + + +#endif /* WOLFSSL_ASN1_H_ */ diff --git a/source/libwolfssl/openssl/bio.h b/source/libwolfssl/openssl/bio.h new file mode 100644 index 00000000..4194a114 --- /dev/null +++ b/source/libwolfssl/openssl/bio.h @@ -0,0 +1,157 @@ +/* bio.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* bio.h for openssl */ + + +#ifndef WOLFSSL_BIO_H_ +#define WOLFSSL_BIO_H_ + +#include + + +#ifdef __cplusplus + extern "C" { +#endif + + +#define BIO_FLAG_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL +#define BIO_FLAG_READ WOLFSSL_BIO_FLAG_READ +#define BIO_FLAG_WRITE WOLFSSL_BIO_FLAG_WRITE +#define BIO_FLAG_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL +#define BIO_FLAG_RETRY WOLFSSL_BIO_FLAG_RETRY + +#define BIO_new_fp wolfSSL_BIO_new_fp +#define BIO_new_file wolfSSL_BIO_new_file +#define BIO_new_fp wolfSSL_BIO_new_fp +#define BIO_ctrl wolfSSL_BIO_ctrl +#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending +#define BIO_wpending wolfSSL_BIO_wpending +#define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr +#define BIO_int_ctrl wolfSSL_BIO_int_ctrl +#define BIO_reset wolfSSL_BIO_reset +#define BIO_s_file wolfSSL_BIO_s_file +#define BIO_s_bio wolfSSL_BIO_s_bio +#define BIO_s_socket wolfSSL_BIO_s_socket +#define BIO_set_fd wolfSSL_BIO_set_fd +#define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request + +#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size +#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair + +#define BIO_set_fp wolfSSL_BIO_set_fp +#define BIO_get_fp wolfSSL_BIO_get_fp +#define BIO_seek wolfSSL_BIO_seek +#define BIO_write_filename wolfSSL_BIO_write_filename +#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return + +#define BIO_find_type wolfSSL_BIO_find_type +#define BIO_next wolfSSL_BIO_next +#define BIO_gets wolfSSL_BIO_gets +#define BIO_puts wolfSSL_BIO_puts + +#define BIO_TYPE_FILE WOLFSSL_BIO_FILE +#define BIO_TYPE_BIO WOLFSSL_BIO_BIO +#define BIO_TYPE_MEM WOLFSSL_BIO_MEMORY +#define BIO_TYPE_BASE64 WOLFSSL_BIO_BASE64 + +#define BIO_printf wolfSSL_BIO_printf +#define BIO_dump wolfSSL_BIO_dump + +/* BIO info callback */ +#define BIO_CB_FREE WOLFSSL_BIO_CB_FREE +#define BIO_CB_READ WOLFSSL_BIO_CB_READ +#define BIO_CB_WRITE WOLFSSL_BIO_CB_WRITE +#define BIO_CB_PUTS WOLFSSL_BIO_CB_PUTS +#define BIO_CB_GETS WOLFSSL_BIO_CB_GETS +#define BIO_CB_CTRL WOLFSSL_BIO_CB_CTRL +#define BIO_CB_RETURN WOLFSSL_BIO_CB_RETURN + +#define BIO_set_callback wolfSSL_BIO_set_callback +#define BIO_get_callback wolfSSL_BIO_get_callback +#define BIO_set_callback_arg wolfSSL_BIO_set_callback_arg +#define BIO_get_callback_arg wolfSSL_BIO_get_callback_arg + +/* BIO for 1.1.0 or later */ +#define BIO_set_init wolfSSL_BIO_set_init +#define BIO_get_data wolfSSL_BIO_get_data +#define BIO_set_data wolfSSL_BIO_set_data +#define BIO_get_shutdown wolfSSL_BIO_get_shutdown +#define BIO_set_shutdown wolfSSL_BIO_set_shutdown + +/* helper to set specific retry/read flags */ +#define BIO_set_retry_read(bio)\ + wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ) +#define BIO_set_retry_write(bio)\ + wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE) + +#define BIO_clear_retry_flags wolfSSL_BIO_clear_retry_flags + +#define BIO_meth_new wolfSSL_BIO_meth_new +#define BIO_meth_set_write wolfSSL_BIO_meth_set_write +#define BIO_meth_free wolfSSL_BIO_meth_free +#define BIO_meth_set_write wolfSSL_BIO_meth_set_write +#define BIO_meth_set_read wolfSSL_BIO_meth_set_read +#define BIO_meth_set_puts wolfSSL_BIO_meth_set_puts +#define BIO_meth_set_gets wolfSSL_BIO_meth_set_gets +#define BIO_meth_set_ctrl wolfSSL_BIO_meth_set_ctrl +#define BIO_meth_set_create wolfSSL_BIO_meth_set_create +#define BIO_meth_set_destroy wolfSSL_BIO_meth_set_destroy + + +/* BIO CTRL */ +#define BIO_CTRL_RESET 1 +#define BIO_CTRL_EOF 2 +#define BIO_CTRL_INFO 3 +#define BIO_CTRL_PUSH 6 +#define BIO_CTRL_POP 7 +#define BIO_CTRL_GET_CLOSE 8 +#define BIO_CTRL_SET_CLOSE 9 +#define BIO_CTRL_PENDING 10 +#define BIO_CTRL_FLUSH 11 +#define BIO_CTRL_DUP 12 +#define BIO_CTRL_WPENDING 13 + +#define BIO_C_SET_FILE_PTR 106 +#define BIO_C_GET_FILE_PTR 107 +#define BIO_C_SET_FILENAME 108 +#define BIO_C_SET_BUF_MEM 114 +#define BIO_C_GET_BUF_MEM_PTR 115 +#define BIO_C_FILE_SEEK 128 +#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 +#define BIO_C_SET_WRITE_BUF_SIZE 136 +#define BIO_C_MAKE_BIO_PAIR 138 + +#define BIO_CTRL_DGRAM_QUERY_MTU 40 + +#define BIO_NOCLOSE 0x00 +#define BIO_CLOSE 0x01 + +#define BIO_FP_WRITE 0x04 + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL_BIO_H_ */ + diff --git a/source/libwolfssl/openssl/bn.h b/source/libwolfssl/openssl/bn.h new file mode 100644 index 00000000..93a63191 --- /dev/null +++ b/source/libwolfssl/openssl/bn.h @@ -0,0 +1,213 @@ +/* bn.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* bn.h for openssl */ + +/*! + \file wolfssl/openssl/bn.h + \brief bn.h for openssl +*/ + + +#ifndef WOLFSSL_BN_H_ +#define WOLFSSL_BN_H_ + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +typedef struct WOLFSSL_BIGNUM { + int neg; /* openssh deference */ + void *internal; /* our big num */ +#ifdef WOLFSSL_SP_MATH + sp_int fp; +#elif defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT) + fp_int fp; +#endif +} WOLFSSL_BIGNUM; + + +#define WOLFSSL_BN_ULONG mp_digit + +typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; +typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB; + +WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void); +WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*); +WOLFSSL_API void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX*); + +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void); +#if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT) +WOLFSSL_API void wolfSSL_BN_init(WOLFSSL_BIGNUM *); +#endif +WOLFSSL_API void wolfSSL_BN_free(WOLFSSL_BIGNUM*); +WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*); + + +WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, + const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, + const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*); +WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void); + + +WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*); + +WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM*); + +WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*); + +WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len, + WOLFSSL_BIGNUM* ret); + +WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n); + +WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top, + int bottom); +WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom); +WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n); +WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str); + +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*, + const WOLFSSL_BIGNUM*); + +WOLFSSL_API int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str); +WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*); + +WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); +WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); +WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int); +WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); +WOLFSSL_API unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*); + +WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, + WOLFSSL_BIGNUM*); +WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, + WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*); +WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, + WOLFSSL_BN_ULONG); +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*); +#endif +WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); +WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); +WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx); +WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, + const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX *ctx); + +typedef WOLFSSL_BIGNUM BIGNUM; +typedef WOLFSSL_BN_CTX BN_CTX; +typedef WOLFSSL_BN_GENCB BN_GENCB; + +#define BN_CTX_new wolfSSL_BN_CTX_new +#define BN_CTX_init wolfSSL_BN_CTX_init +#define BN_CTX_free wolfSSL_BN_CTX_free + +#define BN_new wolfSSL_BN_new +#define BN_init wolfSSL_BN_init +#define BN_free wolfSSL_BN_free +#define BN_clear_free wolfSSL_BN_clear_free + +#define BN_num_bytes wolfSSL_BN_num_bytes +#define BN_num_bits wolfSSL_BN_num_bits + +#define BN_is_zero wolfSSL_BN_is_zero +#define BN_is_one wolfSSL_BN_is_one +#define BN_is_odd wolfSSL_BN_is_odd +#define BN_is_negative wolfSSL_BN_is_negative + +#define BN_cmp wolfSSL_BN_cmp + +#define BN_bn2bin wolfSSL_BN_bn2bin +#define BN_bin2bn wolfSSL_BN_bin2bn + +#define BN_mod wolfSSL_BN_mod +#define BN_mod_exp wolfSSL_BN_mod_exp +#define BN_mod_mul wolfSSL_BN_mod_mul +#define BN_sub wolfSSL_BN_sub +#define BN_value_one wolfSSL_BN_value_one + +#define BN_mask_bits wolfSSL_mask_bits + +#define BN_pseudo_rand wolfSSL_BN_pseudo_rand +#define BN_rand wolfSSL_BN_rand +#define BN_is_bit_set wolfSSL_BN_is_bit_set +#define BN_hex2bn wolfSSL_BN_hex2bn + +#define BN_dup wolfSSL_BN_dup +#define BN_copy wolfSSL_BN_copy + +#define BN_get_word wolfSSL_BN_get_word +#define BN_set_word wolfSSL_BN_set_word + +#define BN_dec2bn wolfSSL_BN_dec2bn +#define BN_bn2dec wolfSSL_BN_bn2dec +#define BN_bn2hex wolfSSL_BN_bn2hex + +#define BN_lshift wolfSSL_BN_lshift +#define BN_add_word wolfSSL_BN_add_word +#define BN_add wolfSSL_BN_add +#define BN_set_word wolfSSL_BN_set_word +#define BN_set_bit wolfSSL_BN_set_bit + + +#define BN_is_prime_ex wolfSSL_BN_is_prime_ex +#define BN_print_fp wolfSSL_BN_print_fp +#define BN_rshift wolfSSL_BN_rshift +#define BN_mod_word wolfSSL_BN_mod_word + +#define BN_CTX_get wolfSSL_BN_CTX_get +#define BN_CTX_start wolfSSL_BN_CTX_start + +#define BN_mod_inverse wolfSSL_BN_mod_inverse + +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L +#define BN_get_rfc2409_prime_768 wolfSSL_DH_768_prime +#define BN_get_rfc2409_prime_1024 wolfSSL_DH_1024_prime +#define BN_get_rfc3526_prime_1536 wolfSSL_DH_1536_prime +#define BN_get_rfc3526_prime_2048 wolfSSL_DH_2048_prime +#define BN_get_rfc3526_prime_3072 wolfSSL_DH_3072_prime +#define BN_get_rfc3526_prime_4096 wolfSSL_DH_4096_prime +#define BN_get_rfc3526_prime_6144 wolfSSL_DH_6144_prime +#define BN_get_rfc3526_prime_8192 wolfSSL_DH_8192_prime +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL__H_ */ diff --git a/source/libwolfssl/openssl/buffer.h b/source/libwolfssl/openssl/buffer.h new file mode 100644 index 00000000..3c1329bf --- /dev/null +++ b/source/libwolfssl/openssl/buffer.h @@ -0,0 +1,51 @@ +/* buffer.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_BUFFER_H_ +#define WOLFSSL_BUFFER_H_ + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +WOLFSSL_API WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void); +WOLFSSL_API int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len); +WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf); + + +#define BUF_MEM_new wolfSSL_BUF_MEM_new +#define BUF_MEM_grow wolfSSL_BUF_MEM_grow +#define BUF_MEM_free wolfSSL_BUF_MEM_free + +/* error codes */ +#define ERR_R_MALLOC_FAILURE MEMORY_E + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_BUFFER_H_ */ diff --git a/source/libwolfssl/openssl/conf.h b/source/libwolfssl/openssl/conf.h new file mode 100644 index 00000000..12a20c8c --- /dev/null +++ b/source/libwolfssl/openssl/conf.h @@ -0,0 +1,48 @@ +/* conf.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* conf.h for openSSL */ + +#ifndef WOLFSSL_conf_H_ +#define WOLFSSL_conf_H_ + +#ifdef __cplusplus + extern "C" { +#endif + +struct WOLFSSL_CONF_VALUE { + char *section; + char *name; + char *value; +}; + +struct WOLFSSL_INIT_SETTINGS { + char* appname; +}; + +typedef struct WOLFSSL_CONF_VALUE CONF_VALUE; +typedef struct WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* WOLFSSL_conf_H_ */ diff --git a/source/libwolfssl/openssl/crypto.h b/source/libwolfssl/openssl/crypto.h new file mode 100644 index 00000000..7d463585 --- /dev/null +++ b/source/libwolfssl/openssl/crypto.h @@ -0,0 +1,81 @@ +/* crypto.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* crypto.h for openSSL */ + +#ifndef WOLFSSL_CRYPTO_H_ +#define WOLFSSL_CRYPTO_H_ + +#include + +#include + +#ifdef WOLFSSL_PREFIX +#include "prefix_crypto.h" +#endif + + +WOLFSSL_API const char* wolfSSLeay_version(int type); +WOLFSSL_API unsigned long wolfSSLeay(void); + +#ifdef OPENSSL_EXTRA +WOLFSSL_API void wolfSSL_OPENSSL_free(void*); +WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); +#endif + +#define CRYPTO_THREADID void + +#define SSLeay_version wolfSSLeay_version +#define SSLeay wolfSSLeay + +#define OpenSSL_version wolfSSLeay_version + +#define SSLEAY_VERSION 0x0090600fL +#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION +#define CRYPTO_lock wc_LockMutex_ex + +/* this function was used to set the default malloc, free, and realloc */ +#define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */ + +#define OPENSSL_free wolfSSL_OPENSSL_free +#define OPENSSL_malloc wolfSSL_OPENSSL_malloc + +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) +#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions +#define FIPS_mode wolfSSL_FIPS_mode +#define FIPS_mode_set wolfSSL_FIPS_mode_set +typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; +typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void* argp); +#define CRYPTO_THREADID_set_callback wolfSSL_THREADID_set_callback +#define CRYPTO_THREADID_set_numeric wolfSSL_THREADID_set_numeric + +#define CRYPTO_r_lock wc_LockMutex_ex +#define CRYPTO_unlock wc_LockMutex_ex + +#define CRYPTO_THREAD_lock wc_LockMutex +#define CRYPTO_THREAD_r_lock wc_LockMutex +#define CRYPTO_THREAD_unlock wc_UnLockMutex + +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#endif /* header */ diff --git a/source/libwolfssl/openssl/des.h b/source/libwolfssl/openssl/des.h new file mode 100644 index 00000000..7f04bd58 --- /dev/null +++ b/source/libwolfssl/openssl/des.h @@ -0,0 +1,113 @@ +/* des.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* des.h defines mini des openssl compatibility layer + * + */ + + +#ifndef WOLFSSL_DES_H_ +#define WOLFSSL_DES_H_ + +#include + +#ifndef NO_DES3 + +#ifdef WOLFSSL_PREFIX +#include "prefix_des.h" +#endif + + +#ifdef __cplusplus + extern "C" { +#endif + +typedef unsigned char WOLFSSL_DES_cblock[8]; +typedef /* const */ WOLFSSL_DES_cblock WOLFSSL_const_DES_cblock; +typedef WOLFSSL_DES_cblock WOLFSSL_DES_key_schedule; +typedef unsigned int WOLFSSL_DES_LONG; + + +enum { + DES_ENCRYPT = 1, + DES_DECRYPT = 0 +}; + + +WOLFSSL_API int wolfSSL_DES_is_weak_key(WOLFSSL_const_DES_cblock* key); +WOLFSSL_API WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in, + WOLFSSL_DES_cblock* out, long length, WOLFSSL_DES_key_schedule* sc, + WOLFSSL_const_DES_cblock* iv); +WOLFSSL_API int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, + WOLFSSL_DES_key_schedule* key); +WOLFSSL_API int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, + WOLFSSL_DES_key_schedule* key); +WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock*, + WOLFSSL_DES_key_schedule*); +WOLFSSL_API int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key, + WOLFSSL_DES_key_schedule* schedule); +WOLFSSL_API void wolfSSL_DES_cbc_encrypt(const unsigned char* input, + unsigned char* output, long length, + WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec, + int enc); +WOLFSSL_API void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, + unsigned char* output, long sz, + WOLFSSL_DES_key_schedule* ks1, + WOLFSSL_DES_key_schedule* ks2, + WOLFSSL_DES_key_schedule* ks3, + WOLFSSL_DES_cblock* ivec, int enc); +WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input, + unsigned char* output, long length, + WOLFSSL_DES_key_schedule* schedule, + WOLFSSL_DES_cblock* ivec, int enc); + +WOLFSSL_API void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock*); +WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock*, WOLFSSL_DES_cblock*, + WOLFSSL_DES_key_schedule*, int); + + +typedef WOLFSSL_DES_cblock DES_cblock; +typedef WOLFSSL_const_DES_cblock const_DES_cblock; +typedef WOLFSSL_DES_key_schedule DES_key_schedule; +typedef WOLFSSL_DES_LONG DES_LONG; + +#define DES_check_key(x) /* Define WOLFSSL_CHECK_DESKEY to check key */ +#define DES_is_weak_key wolfSSL_DES_is_weak_key +#define DES_set_key wolfSSL_DES_set_key +#define DES_set_key_checked wolfSSL_DES_set_key_checked +#define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked +#define DES_key_sched wolfSSL_DES_key_sched +#define DES_cbc_encrypt wolfSSL_DES_cbc_encrypt +#define DES_ncbc_encrypt wolfSSL_DES_ncbc_encrypt +#define DES_set_odd_parity wolfSSL_DES_set_odd_parity +#define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt +#define DES_ede3_cbc_encrypt wolfSSL_DES_ede3_cbc_encrypt +#define DES_cbc_cksum wolfSSL_DES_cbc_cksum + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_DES3 */ + +#endif /* WOLFSSL_DES_H_ */ diff --git a/source/libwolfssl/openssl/dh.h b/source/libwolfssl/openssl/dh.h new file mode 100644 index 00000000..6d8a3497 --- /dev/null +++ b/source/libwolfssl/openssl/dh.h @@ -0,0 +1,93 @@ +/* dh.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* dh.h for openSSL */ + + +#ifndef WOLFSSL_DH_H_ +#define WOLFSSL_DH_H_ + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +struct WOLFSSL_DH { + WOLFSSL_BIGNUM* p; + WOLFSSL_BIGNUM* g; + WOLFSSL_BIGNUM* q; + WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */ + WOLFSSL_BIGNUM* priv_key; /* openssh deference x */ + void* internal; /* our DH */ + char inSet; /* internal set from external ? */ + char exSet; /* external set from internal ? */ + /*added for lighttpd openssl compatibility, go back and add a getter in + * lighttpd src code. + */ + int length; +}; + + +WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); +WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*); + +WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*); +WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*); +WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* pub, + WOLFSSL_DH*); +WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, + WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); + +typedef WOLFSSL_DH DH; + +#define DH_new wolfSSL_DH_new +#define DH_free wolfSSL_DH_free + +#define DH_size wolfSSL_DH_size +#define DH_generate_key wolfSSL_DH_generate_key +#define DH_compute_key wolfSSL_DH_compute_key +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L +#define DH_set0_pqg wolfSSL_DH_set0_pqg +#endif +#define DH_bits(x) (BN_num_bits(x->p)) + +/* for pre 1.1.0 */ +#define get_rfc2409_prime_768 wolfSSL_DH_768_prime +#define get_rfc2409_prime_1024 wolfSSL_DH_1024_prime +#define get_rfc3526_prime_1536 wolfSSL_DH_1536_prime +#define get_rfc3526_prime_2048 wolfSSL_DH_2048_prime +#define get_rfc3526_prime_3072 wolfSSL_DH_3072_prime +#define get_rfc3526_prime_4096 wolfSSL_DH_4096_prime +#define get_rfc3526_prime_6144 wolfSSL_DH_6144_prime +#define get_rfc3526_prime_8192 wolfSSL_DH_8192_prime + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) +#define DH_generate_parameters wolfSSL_DH_generate_parameters +#define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex +#endif /* OPENSSL_ALL || HAVE_STUNNEL */ + +#endif /* WOLFSSL_DH_H_ */ diff --git a/source/libwolfssl/openssl/dsa.h b/source/libwolfssl/openssl/dsa.h new file mode 100644 index 00000000..7a2d0806 --- /dev/null +++ b/source/libwolfssl/openssl/dsa.h @@ -0,0 +1,87 @@ +/* dsa.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* dsa.h for openSSL */ + + +#ifndef WOLFSSL_DSA_H_ +#define WOLFSSL_DSA_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_DSA WOLFSSL_DSA; +#define WOLFSSL_DSA_TYPE_DEFINED +#endif + +typedef WOLFSSL_DSA DSA; + +struct WOLFSSL_DSA { + WOLFSSL_BIGNUM* p; + WOLFSSL_BIGNUM* q; + WOLFSSL_BIGNUM* g; + WOLFSSL_BIGNUM* pub_key; /* our y */ + WOLFSSL_BIGNUM* priv_key; /* our x */ + void* internal; /* our Dsa Key */ + char inSet; /* internal set from external ? */ + char exSet; /* external set from internal ? */ +}; + + +WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void); +WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*); + +WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*); + +typedef void (*WOLFSSL_BN_CB)(int i, int j, void* exArg); +WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits, + unsigned char* seed, int seedLen, int* counterRet, + unsigned long* hRet, WOLFSSL_BN_CB cb, void* CBArg); +WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits, + unsigned char* seed, int seedLen, int* counterRet, + unsigned long* hRet, void* cb); + +WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz); + +WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d, + unsigned char* sigRet, WOLFSSL_DSA* dsa); + +WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, + unsigned char* sig, + WOLFSSL_DSA* dsa, int *dsacheck); + +#define DSA_new wolfSSL_DSA_new +#define DSA_free wolfSSL_DSA_free + +#define DSA_generate_key wolfSSL_DSA_generate_key +#define DSA_generate_parameters wolfSSL_DSA_generate_parameters +#define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* header */ diff --git a/source/libwolfssl/openssl/ec.h b/source/libwolfssl/openssl/ec.h new file mode 100644 index 00000000..17fd0c89 --- /dev/null +++ b/source/libwolfssl/openssl/ec.h @@ -0,0 +1,236 @@ +/* ec.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ec.h for openssl */ + +#ifndef WOLFSSL_EC_H_ +#define WOLFSSL_EC_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Map OpenSSL NID value */ +enum { + POINT_CONVERSION_COMPRESSED = 2, + POINT_CONVERSION_UNCOMPRESSED = 4, + +#ifdef HAVE_ECC + /* Use ecc_curve_type enum values for NID */ + NID_X9_62_prime192v1 = ECC_SECP192R1, + NID_X9_62_prime256v1 = ECC_SECP256R1, + NID_secp112r1 = ECC_SECP112R1, + NID_secp112r2 = ECC_SECP112R2, + NID_secp128r1 = ECC_SECP128R1, + NID_secp128r2 = ECC_SECP128R2, + NID_secp160r1 = ECC_SECP160R1, + NID_secp160r2 = ECC_SECP160R2, + NID_secp224r1 = ECC_SECP224R1, + NID_secp384r1 = ECC_SECP384R1, + NID_secp521r1 = ECC_SECP521R1, + NID_secp160k1 = ECC_SECP160K1, + NID_secp192k1 = ECC_SECP192K1, + NID_secp224k1 = ECC_SECP224K1, + NID_secp256k1 = ECC_SECP256K1, + NID_brainpoolP160r1 = ECC_BRAINPOOLP160R1, + NID_brainpoolP192r1 = ECC_BRAINPOOLP192R1, + NID_brainpoolP224r1 = ECC_BRAINPOOLP224R1, + NID_brainpoolP256r1 = ECC_BRAINPOOLP256R1, + NID_brainpoolP320r1 = ECC_BRAINPOOLP320R1, + NID_brainpoolP384r1 = ECC_BRAINPOOLP384R1, + NID_brainpoolP512r1 = ECC_BRAINPOOLP512R1, +#endif + + OPENSSL_EC_NAMED_CURVE = 0x001 +}; + +#ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; +typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; +typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; +#define WOLFSSL_EC_TYPE_DEFINED +#endif + +typedef WOLFSSL_EC_KEY EC_KEY; +typedef WOLFSSL_EC_GROUP EC_GROUP; +typedef WOLFSSL_EC_POINT EC_POINT; + +struct WOLFSSL_EC_POINT { + WOLFSSL_BIGNUM *X; + WOLFSSL_BIGNUM *Y; + WOLFSSL_BIGNUM *Z; + + void* internal; /* our ECC point */ + char inSet; /* internal set from external ? */ + char exSet; /* external set from internal ? */ +}; + +struct WOLFSSL_EC_GROUP { + int curve_idx; /* index of curve, used by WolfSSL as reference */ + int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as reference */ + int curve_oid; /* OID of curve, used by OpenSSL/OpenSSH as reference */ +}; + +struct WOLFSSL_EC_KEY { + WOLFSSL_EC_GROUP *group; + WOLFSSL_EC_POINT *pub_key; + WOLFSSL_BIGNUM *priv_key; + + void* internal; /* our ECC Key */ + char inSet; /* internal set from external ? */ + char exSet; /* external set from internal ? */ +}; + + +#define WOLFSSL_EC_KEY_LOAD_PRIVATE 1 +#define WOLFSSL_EC_KEY_LOAD_PUBLIC 2 + +WOLFSSL_API +int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, + const WOLFSSL_EC_POINT *p, + unsigned char *out, unsigned int *len); +WOLFSSL_API +int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, + const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p); +WOLFSSL_API +int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, + const unsigned char* der, int derSz); +WOLFSSL_API +int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, + const unsigned char* der, int derSz, int opt); +WOLFSSL_API +void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key); +WOLFSSL_API +WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key); +WOLFSSL_API +const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key); +WOLFSSL_API +int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, + const WOLFSSL_BIGNUM *priv_key); +WOLFSSL_API +WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key); +WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid); +WOLFSSL_API const char* wolfSSL_EC_curve_nid2nist(int nid); +WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void); +WOLFSSL_API +int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key); +WOLFSSL_API +void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag); +WOLFSSL_API +int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, + const WOLFSSL_EC_POINT *pub); +WOLFSSL_API +void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag); +WOLFSSL_API +WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid); +WOLFSSL_API +int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, + WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group); +WOLFSSL_API +WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *p, + WOLFSSL_BIGNUM *x, + WOLFSSL_BIGNUM *y, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, + const WOLFSSL_BIGNUM *n, + const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point); +WOLFSSL_API +int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point); +WOLFSSL_API +int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *a); + +#ifndef HAVE_SELFTEST +WOLFSSL_API +char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, + const WOLFSSL_EC_POINT* point, int form, + WOLFSSL_BN_CTX* ctx); +#endif + +#define EC_KEY_new wolfSSL_EC_KEY_new +#define EC_KEY_free wolfSSL_EC_KEY_free +#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key +#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group +#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key +#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key +#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name +#define EC_KEY_set_group wolfSSL_EC_KEY_set_group +#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key +#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag +#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key + +#define EC_GROUP_free wolfSSL_EC_GROUP_free +#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag +#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name +#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp +#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name +#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree +#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order + +#define EC_POINT_new wolfSSL_EC_POINT_new +#define EC_POINT_free wolfSSL_EC_POINT_free +#define EC_POINT_get_affine_coordinates_GFp \ + wolfSSL_EC_POINT_get_affine_coordinates_GFp +#define EC_POINT_mul wolfSSL_EC_POINT_mul +#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free +#define EC_POINT_cmp wolfSSL_EC_POINT_cmp +#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity + +#ifndef HAVE_SELFTEST + #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex +#endif + +#define EC_POINT_dump wolfSSL_EC_POINT_dump + +#define EC_curve_nid2nist wolfSSL_EC_curve_nid2nist + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/source/libwolfssl/openssl/ec25519.h b/source/libwolfssl/openssl/ec25519.h new file mode 100644 index 00000000..17231a57 --- /dev/null +++ b/source/libwolfssl/openssl/ec25519.h @@ -0,0 +1,44 @@ +/* ec25519.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ec25519.h */ + +#ifndef WOLFSSL_EC25519_H_ +#define WOLFSSL_EC25519_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_API +int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz); + +WOLFSSL_API +int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz, + const unsigned char *priv, unsigned int privSz, + const unsigned char *pub, unsigned int pubSz); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/source/libwolfssl/openssl/ecdh.h b/source/libwolfssl/openssl/ecdh.h new file mode 100644 index 00000000..2a2b6517 --- /dev/null +++ b/source/libwolfssl/openssl/ecdh.h @@ -0,0 +1,49 @@ +/* ecdh.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ecdh.h for openssl */ + +#ifndef WOLFSSL_ECDH_H_ +#define WOLFSSL_ECDH_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +WOLFSSL_API int wolfSSL_ECDH_compute_key(void *out, size_t outlen, + const WOLFSSL_EC_POINT *pub_key, + WOLFSSL_EC_KEY *ecdh, + void *(*KDF) (const void *in, + size_t inlen, + void *out, + size_t *outlen)); + +#define ECDH_compute_key wolfSSL_ECDH_compute_key + +#ifdef __cplusplus +} /* extern C */ +#endif + +#endif /* header */ diff --git a/source/libwolfssl/openssl/ecdsa.h b/source/libwolfssl/openssl/ecdsa.h new file mode 100644 index 00000000..a7dab1d6 --- /dev/null +++ b/source/libwolfssl/openssl/ecdsa.h @@ -0,0 +1,74 @@ +/* ecdsa.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ecdsa.h for openssl */ + +#ifndef WOLFSSL_ECDSA_H_ +#define WOLFSSL_ECDSA_H_ + +#include + + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef WOLFSSL_ECDSA_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; +#define WOLFSSL_ECDSA_TYPE_DEFINED +#endif + +typedef WOLFSSL_ECDSA_SIG ECDSA_SIG; + +struct WOLFSSL_ECDSA_SIG { + WOLFSSL_BIGNUM *r; + WOLFSSL_BIGNUM *s; +}; + +WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig); +WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void); +WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, + int dgst_len, + WOLFSSL_EC_KEY *eckey); +WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, + int dgst_len, + const WOLFSSL_ECDSA_SIG *sig, + WOLFSSL_EC_KEY *eckey); + +WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig, + const unsigned char **pp, + long len); +WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, + unsigned char **pp); + +#define ECDSA_SIG_free wolfSSL_ECDSA_SIG_free +#define ECDSA_SIG_new wolfSSL_ECDSA_SIG_new +#define ECDSA_do_sign wolfSSL_ECDSA_do_sign +#define ECDSA_do_verify wolfSSL_ECDSA_do_verify +#define d2i_ECDSA_SIG wolfSSL_d2i_ECDSA_SIG +#define i2d_ECDSA_SIG wolfSSL_i2d_ECDSA_SIG + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ + diff --git a/source/libwolfssl/openssl/ed25519.h b/source/libwolfssl/openssl/ed25519.h new file mode 100644 index 00000000..ba435bd8 --- /dev/null +++ b/source/libwolfssl/openssl/ed25519.h @@ -0,0 +1,47 @@ +/* ed25519.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ed25519.h */ + +#ifndef WOLFSSL_ED25519_H_ +#define WOLFSSL_ED25519_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_API +int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz); +WOLFSSL_API +int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, + const unsigned char *priv, unsigned int privSz, + unsigned char *sig, unsigned int *sigSz); +WOLFSSL_API +int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, + const unsigned char *pub, unsigned int pubSz, + const unsigned char *sig, unsigned int sigSz); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/source/libwolfssl/openssl/engine.h b/source/libwolfssl/openssl/engine.h new file mode 100644 index 00000000..3d2507f7 --- /dev/null +++ b/source/libwolfssl/openssl/engine.h @@ -0,0 +1,8 @@ +/* engine.h for libcurl */ + +#include + +#undef HAVE_OPENSSL_ENGINE_H + +#define ENGINE_load_builtin_engines() /*ENGINE_load_builtin_engines not needed*/ + diff --git a/source/libwolfssl/openssl/err.h b/source/libwolfssl/openssl/err.h new file mode 100644 index 00000000..cf0d309c --- /dev/null +++ b/source/libwolfssl/openssl/err.h @@ -0,0 +1,32 @@ +/* err.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_OPENSSL_ERR_ +#define WOLFSSL_OPENSSL_ERR_ + +#include + +/* err.h for openssl */ +#define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings +#define ERR_peek_last_error wolfSSL_ERR_peek_last_error + +#endif /* WOLFSSL_OPENSSL_ERR_ */ + diff --git a/source/libwolfssl/openssl/evp.h b/source/libwolfssl/openssl/evp.h new file mode 100644 index 00000000..7bad6af1 --- /dev/null +++ b/source/libwolfssl/openssl/evp.h @@ -0,0 +1,728 @@ +/* evp.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/*! + \file wolfssl/openssl/evp.h + \brief evp.h defines mini evp openssl compatibility layer + */ + + +#ifndef WOLFSSL_EVP_H_ +#define WOLFSSL_EVP_H_ + +#include + +#ifdef WOLFSSL_PREFIX +#include "prefix_evp.h" +#endif + +#ifndef NO_MD4 + #include +#endif +#ifndef NO_MD5 + #include +#endif +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#ifdef HAVE_IDEA + #include +#endif +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef char WOLFSSL_EVP_CIPHER; +#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */ +typedef char WOLFSSL_EVP_MD; +typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; +#define WOLFSSL_EVP_TYPE_DEFINED +#endif + +typedef WOLFSSL_EVP_PKEY EVP_PKEY; +typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO; + +#ifndef NO_MD4 + WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void); +#endif +#ifndef NO_MD5 + WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void); +#endif +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void); + +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void); +#if !defined(NO_AES) && defined(HAVE_AES_CBC) +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void); +#endif +#if !defined(NO_AES) && defined(HAVE_AESGCM) +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_gcm(void); +#endif +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void); + + +typedef union { + #ifndef NO_MD4 + WOLFSSL_MD4_CTX md4; + #endif + #ifndef NO_MD5 + WOLFSSL_MD5_CTX md5; + #endif + WOLFSSL_SHA_CTX sha; + #ifdef WOLFSSL_SHA224 + WOLFSSL_SHA224_CTX sha224; + #endif + WOLFSSL_SHA256_CTX sha256; + #ifdef WOLFSSL_SHA384 + WOLFSSL_SHA384_CTX sha384; + #endif + #ifdef WOLFSSL_SHA512 + WOLFSSL_SHA512_CTX sha512; + #endif + #ifdef WOLFSSL_RIPEMD + WOLFSSL_RIPEMD_CTX ripemd; + #endif +} WOLFSSL_Hasher; + +typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX; + +typedef struct WOLFSSL_EVP_MD_CTX { + union { + WOLFSSL_Hasher digest; + Hmac hmac; + } hash; + unsigned char macType; + WOLFSSL_EVP_PKEY_CTX *pctx; +} WOLFSSL_EVP_MD_CTX; + + +typedef union { +#ifndef NO_AES + Aes aes; +#endif +#ifndef NO_DES3 + Des des; + Des3 des3; +#endif + Arc4 arc4; +#ifdef HAVE_IDEA + Idea idea; +#endif +} WOLFSSL_Cipher; + + +enum { + AES_128_CBC_TYPE = 1, + AES_192_CBC_TYPE = 2, + AES_256_CBC_TYPE = 3, + AES_128_CTR_TYPE = 4, + AES_192_CTR_TYPE = 5, + AES_256_CTR_TYPE = 6, + AES_128_ECB_TYPE = 7, + AES_192_ECB_TYPE = 8, + AES_256_ECB_TYPE = 9, + DES_CBC_TYPE = 10, + DES_ECB_TYPE = 11, + DES_EDE3_CBC_TYPE = 12, + DES_EDE3_ECB_TYPE = 13, + ARC4_TYPE = 14, + NULL_CIPHER_TYPE = 15, + EVP_PKEY_RSA = 16, + EVP_PKEY_DSA = 17, + EVP_PKEY_EC = 18, +#ifdef HAVE_IDEA + IDEA_CBC_TYPE = 19, +#endif + AES_128_GCM_TYPE = 21, + AES_192_GCM_TYPE = 22, + AES_256_GCM_TYPE = 23, + NID_sha1 = 64, + NID_sha224 = 65, + NID_md2 = 77, + NID_md5 = 4, + NID_hmac = 855, + NID_dhKeyAgreement= 28, + EVP_PKEY_DH = NID_dhKeyAgreement, + EVP_PKEY_HMAC = NID_hmac +}; + +enum { + NID_md5WithRSA = 104, + NID_md5WithRSAEncryption = 8, + NID_dsaWithSHA1 = 113, + NID_dsaWithSHA1_2 = 70, + NID_sha1WithRSA = 115, + NID_sha1WithRSAEncryption = 65, + NID_sha224WithRSAEncryption = 671, + NID_sha256WithRSAEncryption = 668, + NID_sha384WithRSAEncryption = 669, + NID_sha512WithRSAEncryption = 670, + NID_ecdsa_with_SHA1 = 416, + NID_ecdsa_with_SHA224 = 793, + NID_ecdsa_with_SHA256 = 794, + NID_ecdsa_with_SHA384 = 795, + NID_ecdsa_with_SHA512 = 796, + NID_dsa_with_SHA224 = 802, + NID_dsa_with_SHA256 = 803, +}; + +enum { + NID_aes_128_cbc = 419, + NID_aes_192_cbc = 423, + NID_aes_256_cbc = 427, + NID_aes_128_gcm = 895, + NID_aes_192_gcm = 898, + NID_aes_256_gcm = 901, + NID_aes_128_ctr = 904, + NID_aes_192_ctr = 905, + NID_aes_256_ctr = 906, + NID_aes_128_ecb = 418, + NID_aes_192_ecb = 422, + NID_aes_256_ecb = 426, + NID_des_cbc = 31, + NID_des_ecb = 29, + NID_des_ede3_cbc= 44, + NID_des_ede3_ecb= 33, + NID_idea_cbc = 34, +}; + +#define WOLFSSL_EVP_BUF_SIZE 16 +typedef struct WOLFSSL_EVP_CIPHER_CTX { + int keyLen; /* user may set for variable */ + int block_size; + unsigned long flags; + unsigned char enc; /* if encrypt side, then true */ + unsigned char cipherType; +#ifndef NO_AES + /* working iv pointer into cipher */ + ALIGN16 unsigned char iv[AES_BLOCK_SIZE]; +#elif !defined(NO_DES3) + /* working iv pointer into cipher */ + ALIGN16 unsigned char iv[DES_BLOCK_SIZE]; +#endif + WOLFSSL_Cipher cipher; + ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE]; + int bufUsed; + ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE]; + int lastUsed; +#if defined(HAVE_AESGCM) + int ivSz; + ALIGN16 unsigned char authTag[AES_BLOCK_SIZE]; + int authTagSz; +#endif +} WOLFSSL_EVP_CIPHER_CTX; + +struct WOLFSSL_EVP_PKEY_CTX { + WOLFSSL_EVP_PKEY *pkey; + int op; /* operation */ + int padding; + int nbits; +}; + +typedef int WOLFSSL_ENGINE ; +typedef WOLFSSL_ENGINE ENGINE; +typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; + +#define EVP_PKEY_OP_SIGN (1 << 3) +#define EVP_PKEY_OP_ENCRYPT (1 << 6) +#define EVP_PKEY_OP_DECRYPT (1 << 7) + +WOLFSSL_API void wolfSSL_EVP_init(void); +WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); +WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md); +WOLFSSL_API int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD *md); + +WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void); +WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx); +WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx); +WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx); +WOLFSSL_API int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in); +WOLFSSL_API int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in); +WOLFSSL_API int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx); +WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx); +WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name); +WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name); + +WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type); +WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type, + WOLFSSL_ENGINE *impl); +WOLFSSL_API int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, + size_t sz); +WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, + unsigned int* s); +WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, + unsigned char* md, unsigned int* s); + +WOLFSSL_API int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx, + WOLFSSL_EVP_PKEY_CTX **pctx, + const WOLFSSL_EVP_MD *type, + WOLFSSL_ENGINE *e, + WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, + const void *d, unsigned int cnt); +WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, + unsigned char *sig, size_t *siglen); + +WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, + WOLFSSL_EVP_PKEY_CTX **pctx, + const WOLFSSL_EVP_MD *type, + WOLFSSL_ENGINE *e, + WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, + const void *d, size_t cnt); +WOLFSSL_API int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen); +WOLFSSL_API int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out, + unsigned int* outSz, const WOLFSSL_EVP_MD* evp, + WOLFSSL_ENGINE* eng); + + +WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*, + const WOLFSSL_EVP_MD*, const unsigned char*, + const unsigned char*, int, int, unsigned char*, + unsigned char*); + +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, \ + int type, int arg, void *ptr); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*); +WOLFSSL_API int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER*); +WOLFSSL_API int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c); + + +WOLFSSL_API int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + const unsigned char* key, + const unsigned char* iv, + int enc); +WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + const unsigned char* key, + const unsigned char* iv, + int enc); +WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + const unsigned char* key, + const unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + const unsigned char* key, + const unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + const unsigned char* key, + const unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + const unsigned char* key, + const unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, + const unsigned char *in, int inl); +WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); +WOLFSSL_API int wolfSSL_EVP_CipherFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, int enc); +WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); +WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); +WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); +WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); +WOLFSSL_API int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); + +WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void); +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, + int keylen); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx, + int ivLen); +WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, + unsigned char* dst, unsigned char* src, + unsigned int len); + +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int); +WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int); + +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_RSA* key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_EC_KEY* key); +WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); +WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); +WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key); + +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, + const unsigned char* key, int keylen); +WOLFSSL_API const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey, + size_t* len); +WOLFSSL_API int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); +WOLFSSL_API int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, + WOLFSSL_EVP_PKEY **ppkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx); +WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding); +WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits); + +WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx); +WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void); +WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); +WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b); +WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); +WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type); +WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type, + WOLFSSL_ENGINE *impl); +WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len); +WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, + unsigned char* sig, unsigned int sig_len, WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type); +WOLFSSL_API int wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len); + + +/* these next ones don't need real OpenSSL type, for OpenSSH compat only */ +WOLFSSL_API void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx); +WOLFSSL_API int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx); + +WOLFSSL_API void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, + unsigned char* iv, int len); +WOLFSSL_API void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, + unsigned char* iv, int len); + +WOLFSSL_API int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx); +WOLFSSL_API int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx); + +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); +WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); +WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); +WOLFSSL_API int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API void wolfSSL_EVP_cleanup(void); +WOLFSSL_API int wolfSSL_add_all_algorithms(void); +WOLFSSL_API int wolfSSL_OpenSSL_add_all_algorithms_noconf(void); +WOLFSSL_API int wolfSSL_EVP_read_pw_string(char*, int, const char*, int); + +WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char * pass, int passlen, + const unsigned char * salt, + int saltlen, int iter, + int keylen, unsigned char *out); + +WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, + int saltlen, int iter, + const WOLFSSL_EVP_MD *digest, + int keylen, unsigned char *out); +#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER +#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE +#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE +#define EVP_CIPH_CFB_MODE WOLFSSL_EVP_CIPH_CFB_MODE +#define EVP_CIPH_OFB_MODE WOLFSSL_EVP_CIPH_OFB_MODE +#define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE +#define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE +#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE + +#define WOLFSSL_EVP_CIPH_MODE 0x0007 +#define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0 +#define WOLFSSL_EVP_CIPH_ECB_MODE 0x1 +#define WOLFSSL_EVP_CIPH_CBC_MODE 0x2 +#define WOLFSSL_EVP_CIPH_CFB_MODE 0x3 +#define WOLFSSL_EVP_CIPH_OFB_MODE 0x4 +#define WOLFSSL_EVP_CIPH_CTR_MODE 0x5 +#define WOLFSSL_EVP_CIPH_GCM_MODE 0x6 +#define WOLFSSL_EVP_CIPH_CCM_MODE 0x7 +#define WOLFSSL_EVP_CIPH_NO_PADDING 0x100 +#define WOLFSSL_EVP_CIPH_TYPE_INIT 0xff + +/* end OpenSSH compat */ + +typedef WOLFSSL_EVP_MD EVP_MD; +typedef WOLFSSL_EVP_CIPHER EVP_CIPHER; +typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; +typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; + +#ifndef NO_MD4 + #define EVP_md4 wolfSSL_EVP_md4 +#endif +#ifndef NO_MD5 + #define EVP_md5 wolfSSL_EVP_md5 +#endif +#define EVP_sha1 wolfSSL_EVP_sha1 +#define EVP_dds1 wolfSSL_EVP_sha1 +#define EVP_sha224 wolfSSL_EVP_sha224 +#define EVP_sha256 wolfSSL_EVP_sha256 +#define EVP_sha384 wolfSSL_EVP_sha384 +#define EVP_sha512 wolfSSL_EVP_sha512 +#define EVP_ripemd160 wolfSSL_EVP_ripemd160 + +#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc +#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc +#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc +#define EVP_aes_128_gcm wolfSSL_EVP_aes_128_gcm +#define EVP_aes_192_gcm wolfSSL_EVP_aes_192_gcm +#define EVP_aes_256_gcm wolfSSL_EVP_aes_256_gcm +#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb +#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb +#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb +#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr +#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr +#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr +#define EVP_des_cbc wolfSSL_EVP_des_cbc +#define EVP_des_ecb wolfSSL_EVP_des_ecb +#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc +#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb +#define EVP_rc4 wolfSSL_EVP_rc4 +#define EVP_idea_cbc wolfSSL_EVP_idea_cbc +#define EVP_enc_null wolfSSL_EVP_enc_null + +#define EVP_MD_size wolfSSL_EVP_MD_size +#define EVP_MD_CTX_new wolfSSL_EVP_MD_CTX_new +#define EVP_MD_CTX_create wolfSSL_EVP_MD_CTX_new +#define EVP_MD_CTX_free wolfSSL_EVP_MD_CTX_free +#define EVP_MD_CTX_destroy wolfSSL_EVP_MD_CTX_free +#define EVP_MD_CTX_init wolfSSL_EVP_MD_CTX_init +#define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup +#define EVP_MD_CTX_md wolfSSL_EVP_MD_CTX_md +#define EVP_MD_CTX_type wolfSSL_EVP_MD_CTX_type +#define EVP_MD_CTX_size wolfSSL_EVP_MD_CTX_size +#define EVP_MD_CTX_block_size wolfSSL_EVP_MD_CTX_block_size +#define EVP_MD_type wolfSSL_EVP_MD_type + +#define EVP_Digest wolfSSL_EVP_Digest +#define EVP_DigestInit wolfSSL_EVP_DigestInit +#define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex +#define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate +#define EVP_DigestFinal wolfSSL_EVP_DigestFinal +#define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex +#define EVP_DigestSignInit wolfSSL_EVP_DigestSignInit +#define EVP_DigestSignUpdate wolfSSL_EVP_DigestSignUpdate +#define EVP_DigestSignFinal wolfSSL_EVP_DigestSignFinal +#define EVP_DigestVerifyInit wolfSSL_EVP_DigestVerifyInit +#define EVP_DigestVerifyUpdate wolfSSL_EVP_DigestVerifyUpdate +#define EVP_DigestVerifyFinal wolfSSL_EVP_DigestVerifyFinal +#define EVP_BytesToKey wolfSSL_EVP_BytesToKey + +#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname +#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname + +#define EVP_CIPHER_CTX_init wolfSSL_EVP_CIPHER_CTX_init +#define EVP_CIPHER_CTX_cleanup wolfSSL_EVP_CIPHER_CTX_cleanup +#define EVP_CIPHER_CTX_iv_length wolfSSL_EVP_CIPHER_CTX_iv_length +#define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length +#define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length +#define EVP_CIPHER_CTX_mode wolfSSL_EVP_CIPHER_CTX_mode + +#define EVP_CIPHER_iv_length wolfSSL_EVP_CIPHER_iv_length +#define EVP_CIPHER_key_length wolfSSL_EVP_Cipher_key_length + +#define EVP_CipherInit wolfSSL_EVP_CipherInit +#define EVP_CipherInit_ex wolfSSL_EVP_CipherInit_ex +#define EVP_EncryptInit wolfSSL_EVP_EncryptInit +#define EVP_EncryptInit_ex wolfSSL_EVP_EncryptInit_ex +#define EVP_DecryptInit wolfSSL_EVP_DecryptInit +#define EVP_DecryptInit_ex wolfSSL_EVP_DecryptInit_ex + +#define EVP_Cipher wolfSSL_EVP_Cipher +#define EVP_CipherUpdate wolfSSL_EVP_CipherUpdate +#define EVP_EncryptUpdate wolfSSL_EVP_CipherUpdate +#define EVP_DecryptUpdate wolfSSL_EVP_CipherUpdate +#define EVP_CipherFinal wolfSSL_EVP_CipherFinal +#define EVP_CipherFinal_ex wolfSSL_EVP_CipherFinal +#define EVP_EncryptFinal wolfSSL_EVP_CipherFinal +#define EVP_EncryptFinal_ex wolfSSL_EVP_CipherFinal +#define EVP_DecryptFinal wolfSSL_EVP_CipherFinal +#define EVP_DecryptFinal_ex wolfSSL_EVP_CipherFinal + +#define EVP_CIPHER_CTX_free wolfSSL_EVP_CIPHER_CTX_free +#define EVP_CIPHER_CTX_new wolfSSL_EVP_CIPHER_CTX_new + +#define EVP_get_cipherbynid wolfSSL_EVP_get_cipherbynid +#define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid +#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname +#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname + +#define EVP_PKEY_assign_RSA wolfSSL_EVP_PKEY_assign_RSA +#define EVP_PKEY_assign_EC_KEY wolfSSL_EVP_PKEY_assign_EC_KEY +#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA +#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA +#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY +#define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac +#define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key +#define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy +#define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex +#define EVP_PKEY_sign_init wolfSSL_EVP_PKEY_sign_init +#define EVP_PKEY_sign wolfSSL_EVP_PKEY_sign +#define EVP_PKEY_keygen wolfSSL_EVP_PKEY_keygen +#define EVP_PKEY_keygen_init wolfSSL_EVP_PKEY_keygen_init +#define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits +#define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free +#define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new +#define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding +#define EVP_PKEY_CTX_new_id wolfSSL_EVP_PKEY_CTX_new_id +#define EVP_PKEY_CTX_set_rsa_keygen_bits wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits +#define EVP_PKEY_decrypt wolfSSL_EVP_PKEY_decrypt +#define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init +#define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt +#define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init +#define EVP_PKEY_new wolfSSL_PKEY_new +#define EVP_PKEY_free wolfSSL_EVP_PKEY_free +#define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref +#define EVP_PKEY_size wolfSSL_EVP_PKEY_size +#define EVP_PKEY_missing_parameters wolfSSL_EVP_PKEY_missing_parameters +#define EVP_PKEY_cmp wolfSSL_EVP_PKEY_cmp +#define EVP_PKEY_type wolfSSL_EVP_PKEY_type +#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id +#define EVP_PKEY_id wolfSSL_EVP_PKEY_id +#define EVP_SignFinal wolfSSL_EVP_SignFinal +#define EVP_SignInit wolfSSL_EVP_SignInit +#define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex +#define EVP_SignUpdate wolfSSL_EVP_SignUpdate +#define EVP_VerifyFinal wolfSSL_EVP_VerifyFinal +#define EVP_VerifyInit wolfSSL_EVP_VerifyInit +#define EVP_VerifyUpdate wolfSSL_EVP_VerifyUpdate + +#define EVP_CIPHER_CTX_ctrl wolfSSL_EVP_CIPHER_CTX_ctrl +#define EVP_CIPHER_CTX_block_size wolfSSL_EVP_CIPHER_CTX_block_size +#define EVP_CIPHER_block_size wolfSSL_EVP_CIPHER_block_size +#define EVP_CIPHER_flags wolfSSL_EVP_CIPHER_flags +#define EVP_CIPHER_CTX_set_flags wolfSSL_EVP_CIPHER_CTX_set_flags +#define EVP_CIPHER_CTX_clear_flags wolfSSL_EVP_CIPHER_CTX_clear_flags +#define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding +#define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags +#define EVP_add_digest wolfSSL_EVP_add_digest +#define EVP_add_cipher wolfSSL_EVP_add_cipher +#define EVP_cleanup wolfSSL_EVP_cleanup +#define EVP_read_pw_string wolfSSL_EVP_read_pw_string + +#define OpenSSL_add_all_digests() wolfSSL_EVP_init() +#define OpenSSL_add_all_ciphers() wolfSSL_EVP_init() +#define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms +#define OpenSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf +#define wolfSSL_OPENSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf + +#define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1 +#define PKCS5_PBKDF2_HMAC wolfSSL_PKCS5_PBKDF2_HMAC + +/* OpenSSL compat. ctrl values */ +#define EVP_CTRL_INIT 0x0 +#define EVP_CTRL_SET_KEY_LENGTH 0x1 +#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 /* needed for qt compilation */ + +#define EVP_CTRL_AEAD_SET_IVLEN 0x9 +#define EVP_CTRL_AEAD_GET_TAG 0x10 +#define EVP_CTRL_AEAD_SET_TAG 0x11 +#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG + +#ifndef EVP_MAX_MD_SIZE + #define EVP_MAX_MD_SIZE 64 /* sha512 */ +#endif + +#ifndef EVP_MAX_BLOCK_LENGTH + #define EVP_MAX_BLOCK_LENGTH 32 /* 2 * blocklen(AES)? */ + /* They define this as 32. Using the same value here. */ +#endif + +#ifndef EVP_MAX_IV_LENGTH + #define EVP_MAX_IV_LENGTH 16 +#endif + +WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#include + +#endif /* WOLFSSL_EVP_H_ */ diff --git a/source/libwolfssl/openssl/hmac.h b/source/libwolfssl/openssl/hmac.h new file mode 100644 index 00000000..5f0d2e37 --- /dev/null +++ b/source/libwolfssl/openssl/hmac.h @@ -0,0 +1,93 @@ +/* hmac.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* hmac.h defines mini hamc openssl compatibility layer + * + */ + + +#ifndef WOLFSSL_HMAC_H_ +#define WOLFSSL_HMAC_H_ + +#include + +#ifdef WOLFSSL_PREFIX +#include "prefix_hmac.h" +#endif + +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, + const void* key, int key_len, + const unsigned char* d, int n, unsigned char* md, + unsigned int* md_len); + + +typedef struct WOLFSSL_HMAC_CTX { + Hmac hmac; + int type; + word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ + word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; +} WOLFSSL_HMAC_CTX; + + +WOLFSSL_API int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx); +WOLFSSL_API int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, + WOLFSSL_HMAC_CTX* src); +WOLFSSL_LOCAL int wolfSSL_HmacCopy(Hmac* des, Hmac* src); +WOLFSSL_API int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, + int keylen, const EVP_MD* type); +WOLFSSL_API int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, + int keylen, const EVP_MD* type, WOLFSSL_ENGINE* e); +WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, + const unsigned char* data, int len); +WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, + unsigned int* len); +WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx); + +typedef struct WOLFSSL_HMAC_CTX HMAC_CTX; + +#define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g)) + +#define HMAC_CTX_init wolfSSL_HMAC_CTX_Init +#define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy +#define HMAC_Init_ex wolfSSL_HMAC_Init_ex +#define HMAC_Init wolfSSL_HMAC_Init +#define HMAC_Update wolfSSL_HMAC_Update +#define HMAC_Final wolfSSL_HMAC_Final +#define HMAC_cleanup wolfSSL_HMAC_cleanup + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL_HMAC_H_ */ diff --git a/source/libwolfssl/openssl/lhash.h b/source/libwolfssl/openssl/lhash.h new file mode 100644 index 00000000..01f8535f --- /dev/null +++ b/source/libwolfssl/openssl/lhash.h @@ -0,0 +1,2 @@ +/* lhash.h for openSSL */ + diff --git a/source/libwolfssl/openssl/md4.h b/source/libwolfssl/openssl/md4.h new file mode 100644 index 00000000..2a296f75 --- /dev/null +++ b/source/libwolfssl/openssl/md4.h @@ -0,0 +1,62 @@ +/* md4.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_MD4_H_ +#define WOLFSSL_MD4_H_ + +#include + +#ifndef NO_MD4 + +#ifdef WOLFSSL_PREFIX +#include "prefix_md4.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct WOLFSSL_MD4_CTX { + int buffer[32]; /* big enough to hold, check size in Init */ +} WOLFSSL_MD4_CTX; + + +WOLFSSL_API void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX*); +WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX*, const void*, unsigned long); +WOLFSSL_API void wolfSSL_MD4_Final(unsigned char*, WOLFSSL_MD4_CTX*); + + +typedef WOLFSSL_MD4_CTX MD4_CTX; + +#define MD4_Init wolfSSL_MD4_Init +#define MD4_Update wolfSSL_MD4_Update +#define MD4_Final wolfSSL_MD4_Final + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_MD4 */ + +#endif /* WOLFSSL_MD4_H_ */ + diff --git a/source/libwolfssl/openssl/md5.h b/source/libwolfssl/openssl/md5.h new file mode 100644 index 00000000..44721272 --- /dev/null +++ b/source/libwolfssl/openssl/md5.h @@ -0,0 +1,81 @@ +/* md5.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* md5.h for openssl */ + + +#ifndef WOLFSSL_MD5_H_ +#define WOLFSSL_MD5_H_ + +#include + +#ifndef NO_MD5 + +#include + +#ifdef WOLFSSL_PREFIX +#include "prefix_md5.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct WOLFSSL_MD5_CTX { + /* big enough to hold wolfcrypt md5, but check on init */ +#ifdef STM32_HASH + void* holder[(112 + WC_ASYNC_DEV_SIZE + sizeof(STM32_HASH_Context)) / sizeof(void*)]; +#else + void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +#endif +} WOLFSSL_MD5_CTX; + +WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*); +WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long); +WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*); + + +typedef WOLFSSL_MD5_CTX MD5_CTX; + +#define MD5_Init wolfSSL_MD5_Init +#define MD5_Update wolfSSL_MD5_Update +#define MD5_Final wolfSSL_MD5_Final + +#ifdef OPENSSL_EXTRA_BSD + #define MD5Init wolfSSL_MD5_Init + #define MD5Update wolfSSL_MD5_Update + #define MD5Final wolfSSL_MD5_Final +#endif + +#ifndef MD5 +#define MD5(d, n, md) wc_Md5Hash((d), (n), (md)) +#endif + +#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_MD5 */ + +#endif /* WOLFSSL_MD5_H_ */ diff --git a/source/libwolfssl/openssl/objects.h b/source/libwolfssl/openssl/objects.h new file mode 100644 index 00000000..e12443a4 --- /dev/null +++ b/source/libwolfssl/openssl/objects.h @@ -0,0 +1,62 @@ +/* objects.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_OBJECTS_H_ +#define WOLFSSL_OBJECTS_H_ + +#include +//#include +#ifndef OPENSSL_EXTRA_SSL_GUARD +#define OPENSSL_EXTRA_SSL_GUARD +#include +#endif /* OPENSSL_EXTRA_SSL_GUARD */ + +#ifdef __cplusplus + extern "C" { +#endif + +#define OBJ_nid2sn wolfSSL_OBJ_nid2sn +#define OBJ_obj2nid wolfSSL_OBJ_obj2nid +#define OBJ_sn2nid wolfSSL_OBJ_sn2nid +#define OBJ_nid2ln wolfSSL_OBJ_nid2ln +#define OBJ_txt2nid wolfSSL_OBJ_txt2nid +#define OBJ_txt2obj wolfSSL_OBJ_txt2obj +#define OBJ_nid2obj wolfSSL_OBJ_nid2obj +#define OBJ_obj2txt wolfSSL_OBJ_obj2txt +#define OBJ_cleanup wolfSSL_OBJ_cleanup +#define OBJ_cmp wolfSSL_OBJ_cmp +#define OBJ_create wolfSSL_OBJ_create +#define ASN1_OBJECT_free wolfSSL_ASN1_OBJECT_free + +/* not required for wolfSSL */ +#define OPENSSL_load_builtin_modules() + + +#define NID_ad_OCSP 178 +#define NID_ad_ca_issuers 179 + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_OBJECTS_H_ */ diff --git a/source/libwolfssl/openssl/ocsp.h b/source/libwolfssl/openssl/ocsp.h new file mode 100644 index 00000000..8689ede7 --- /dev/null +++ b/source/libwolfssl/openssl/ocsp.h @@ -0,0 +1,82 @@ +/* ocsp.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ocsp.h for libcurl */ + +#ifndef WOLFSSL_OCSP_H_ +#define WOLFSSL_OCSP_H_ + +#ifdef HAVE_OCSP +#include + +#define OCSP_REQUEST OcspRequest +#define OCSP_RESPONSE OcspResponse +#define OCSP_BASICRESP WOLFSSL_OCSP_BASICRESP +#define OCSP_CERTID WOLFSSL_OCSP_CERTID +#define OCSP_ONEREQ WOLFSSL_OCSP_ONEREQ + +#define OCSP_REVOKED_STATUS_NOSTATUS -1 + + +#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +#define OCSP_RESPONSE_STATUS_TRYLATER 3 + +#define V_OCSP_CERTSTATUS_GOOD 0 +#define V_OCSP_CERTSTATUS_REVOKED 1 +#define V_OCSP_CERTSTATUS_UNKNOWN 2 + +#define OCSP_resp_find_status wolfSSL_OCSP_resp_find_status +#define OCSP_cert_status_str wolfSSL_OCSP_cert_status_str +#define OCSP_check_validity wolfSSL_OCSP_check_validity + +#define OCSP_CERTID_free wolfSSL_OCSP_CERTID_free +#define OCSP_cert_to_id wolfSSL_OCSP_cert_to_id + +#define OCSP_BASICRESP_free wolfSSL_OCSP_BASICRESP_free +#define OCSP_basic_verify wolfSSL_OCSP_basic_verify + +#define OCSP_RESPONSE_free wolfSSL_OCSP_RESPONSE_free +#define d2i_OCSP_RESPONSE_bio wolfSSL_d2i_OCSP_RESPONSE_bio +#define d2i_OCSP_RESPONSE wolfSSL_d2i_OCSP_RESPONSE +#define i2d_OCSP_RESPONSE wolfSSL_i2d_OCSP_RESPONSE +#define OCSP_response_status wolfSSL_OCSP_response_status +#define OCSP_response_status_str wolfSSL_OCSP_response_status_str +#define OCSP_response_get1_basic wolfSSL_OCSP_response_get1_basic +#define OCSP_response_create wolfSSL_OCSP_response_create + +#define OCSP_REQUEST_new wolfSSL_OCSP_REQUEST_new +#define OCSP_REQUEST_free wolfSSL_OCSP_REQUEST_free +#define i2d_OCSP_REQUEST wolfSSL_i2d_OCSP_REQUEST +#define OCSP_request_add0_id wolfSSL_OCSP_request_add0_id +#define OCSP_request_add1_nonce wolfSSL_OCSP_request_add1_nonce +#define OCSP_check_nonce wolfSSL_OCSP_check_nonce +#define OCSP_id_get0_info wolfSSL_OCSP_id_get0_info +#define OCSP_crl_reason_str wolfSSL_OCSP_crl_reason_str +#define OCSP_REQUEST_add_ext wolfSSL_OCSP_REQUEST_add_ext + +#define OCSP_CERTID_dup wolfSSL_OCSP_CERTID_dup + +#define i2d_OCSP_REQUEST_bio wolfSSL_i2d_OCSP_REQUEST_bio + +#endif /* HAVE_OCSP */ + +#endif /* WOLFSSL_OCSP_H_ */ + diff --git a/source/libwolfssl/openssl/opensslconf.h b/source/libwolfssl/openssl/opensslconf.h new file mode 100644 index 00000000..ac6b55bc --- /dev/null +++ b/source/libwolfssl/openssl/opensslconf.h @@ -0,0 +1,8 @@ +/* opensslconf.h for openSSL */ + + +#ifndef OPENSSL_THREADS + #define OPENSSL_THREADS +#endif + + diff --git a/source/libwolfssl/openssl/opensslv.h b/source/libwolfssl/openssl/opensslv.h new file mode 100644 index 00000000..4bc495ee --- /dev/null +++ b/source/libwolfssl/openssl/opensslv.h @@ -0,0 +1,44 @@ +/* opensslv.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* opensslv.h compatibility */ + +#ifndef WOLFSSL_OPENSSLV_H_ +#define WOLFSSL_OPENSSLV_H_ + + +/* api version compatibility */ +#if defined(WOLFSSL_APACHE_HTTPD) + /* For Apache httpd, Use 1.1.0 compatibility */ + #define OPENSSL_VERSION_NUMBER 0x10100000L +#elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + /* version number can be increased for Lighty after compatibility for ECDH + is added */ + #define OPENSSL_VERSION_NUMBER 0x10001000L +#else + #define OPENSSL_VERSION_NUMBER 0x0090810fL +#endif + +#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING +#define OPENSSL_VERSION 0 + +#endif /* header */ diff --git a/source/libwolfssl/openssl/ossl_typ.h b/source/libwolfssl/openssl/ossl_typ.h new file mode 100644 index 00000000..65b00c72 --- /dev/null +++ b/source/libwolfssl/openssl/ossl_typ.h @@ -0,0 +1,2 @@ +/* ossl_typ.h for openssl */ + diff --git a/source/libwolfssl/openssl/pem.h b/source/libwolfssl/openssl/pem.h new file mode 100644 index 00000000..93295d3f --- /dev/null +++ b/source/libwolfssl/openssl/pem.h @@ -0,0 +1,224 @@ +/* pem.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* pem.h for openssl */ + +/*! + \file wolfssl/openssl/pem.h +*/ + + +#ifndef WOLFSSL_PEM_H_ +#define WOLFSSL_PEM_H_ + +#include +#include +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* RSA */ +WOLFSSL_API +int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb* cb, void* arg); +WOLFSSL_API +WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_RSA**, + pem_password_cb* cb, + void* arg); + +WOLFSSL_API +int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa); + +WOLFSSL_API +WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_RSA** rsa, + pem_password_cb* cb, void *u); + +WOLFSSL_API +WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, + WOLFSSL_EC_GROUP** group, + pem_password_cb* cb, + void* pass); +WOLFSSL_API +int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + unsigned char **pem, int *plen); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API +int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); +WOLFSSL_API +WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA **x, + pem_password_cb *cb, void *u); +WOLFSSL_API +int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA *x); + +WOLFSSL_API +int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA *x); +#endif /* NO_FILESYSTEM */ + +/* DSA */ +WOLFSSL_API +int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_DSA* dsa, + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb* cb, void* arg); +WOLFSSL_API +int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + unsigned char **pem, int *plen); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API +int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); +WOLFSSL_API +int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x); +#endif /* NO_FILESYSTEM */ + +/* ECC */ +WOLFSSL_API +int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb* cb, void* arg); +WOLFSSL_API +int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key, + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + unsigned char **pem, int *plen); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API +int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *key, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); +WOLFSSL_API +int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *key); +#endif /* NO_FILESYSTEM */ + +/* EVP_KEY */ +WOLFSSL_API +WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY**, + pem_password_cb* cb, + void* arg); +WOLFSSL_API +WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY **key, + pem_password_cb *cb, void *pass); +WOLFSSL_API +int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, + const WOLFSSL_EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb* cb, void* arg); +WOLFSSL_API +int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); + + +WOLFSSL_API +int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, + unsigned char **data, long *len); +WOLFSSL_API +int wolfSSL_PEM_write_bio(WOLFSSL_BIO *bio, const char *name, + const char *header, const unsigned char *data, + long len); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API +int wolfSSL_PEM_read(XFILE fp, char **name, char **header, unsigned char **data, + long *len); +WOLFSSL_API +int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header, + const unsigned char *data, long len); +#endif + +#if !defined(NO_FILESYSTEM) +WOLFSSL_API +WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x, + pem_password_cb *cb, void *u); +WOLFSSL_API +WOLFSSL_X509 *wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, + pem_password_cb *cb, void *u); +WOLFSSL_API +WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **x, + pem_password_cb *cb, void *u); + +WOLFSSL_API +int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509 *x); +WOLFSSL_API +int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); +#endif /* NO_FILESYSTEM */ + +#define PEM_read wolfSSL_PEM_read +#define PEM_read_bio wolfSSL_PEM_read_bio +#define PEM_write wolfSSL_PEM_write +#define PEM_write_bio wolfSSL_PEM_write_bio + +#define PEM_read_X509 wolfSSL_PEM_read_X509 +#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey +#define PEM_write_X509 wolfSSL_PEM_write_X509 +#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey +#define PEM_write_bio_PKCS8PrivateKey wolfSSL_PEM_write_bio_PKCS8PrivateKey + +/* DH */ +#define PEM_write_DHparams wolfSSL_PEM_write_DHparams +/* RSA */ +#define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey +#define PEM_read_bio_RSAPrivateKey wolfSSL_PEM_read_bio_RSAPrivateKey +#define PEM_write_bio_RSA_PUBKEY wolfSSL_PEM_write_bio_RSA_PUBKEY +#define PEM_read_bio_RSA_PUBKEY wolfSSL_PEM_read_bio_RSA_PUBKEY +#define PEM_read_bio_ECPKParameters wolfSSL_PEM_read_bio_ECPKParameters +#define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey +#define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY +#define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey +#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey +/* DSA */ +#define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey +#define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey +#define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY +/* ECC */ +#define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey +#define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY +#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey +/* EVP_KEY */ +#define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey +#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY +#define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY +#define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_PEM_H_ */ + diff --git a/source/libwolfssl/openssl/pkcs12.h b/source/libwolfssl/openssl/pkcs12.h new file mode 100644 index 00000000..7d028a5b --- /dev/null +++ b/source/libwolfssl/openssl/pkcs12.h @@ -0,0 +1,49 @@ +/* pkcs12.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* pkcs12.h for openssl */ + + +#include +#include + +#ifndef WOLFSSL_PKCS12_COMPAT_H_ +#define WOLFSSL_PKCS12_COMPAT_H_ + +#define NID_pbe_WithSHA1AndDES_CBC 2 +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3 +#define NID_pbe_WithSHA1And128BitRC4 1 + +#define PKCS12_DEFAULT_ITER WC_PKCS12_ITT_DEFAULT + +/* wolfCrypt level does not make use of ssl.h */ +#define PKCS12 WC_PKCS12 +#define PKCS12_new wc_PKCS12_new +#define PKCS12_free wc_PKCS12_free + +/* wolfSSL level using structs from ssl.h and calls down to wolfCrypt */ +#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio +#define PKCS12_parse wolfSSL_PKCS12_parse +#define PKCS12_create wolfSSL_PKCS12_create +#define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add + +#endif /* WOLFSSL_PKCS12_COMPAT_H_ */ + diff --git a/source/libwolfssl/openssl/pkcs7.h b/source/libwolfssl/openssl/pkcs7.h new file mode 100644 index 00000000..8938d07a --- /dev/null +++ b/source/libwolfssl/openssl/pkcs7.h @@ -0,0 +1,79 @@ +/* pkcs7.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* pkcs7.h for openSSL */ + + +#ifndef WOLFSSL_PKCS7_H_ +#define WOLFSSL_PKCS7_H_ + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) + +#define PKCS7_NOINTERN 0x0010 +#define PKCS7_NOVERIFY 0x0020 + + +typedef struct WOLFSSL_PKCS7 +{ + PKCS7 pkcs7; + unsigned char* data; + int len; +} WOLFSSL_PKCS7; + + +WOLFSSL_API PKCS7* wolfSSL_PKCS7_new(void); +WOLFSSL_API PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void); +WOLFSSL_API void wolfSSL_PKCS7_free(PKCS7* p7); +WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7); +WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, + int len); +WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7); +WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, + WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7, + WOLFSSL_STACK* certs, int flags); +WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7); + +#define PKCS7_new wolfSSL_PKCS7_new +#define PKCS7_SIGNED_new wolfSSL_PKCS7_SIGNED_new +#define PKCS7_free wolfSSL_PKCS7_free +#define PKCS7_SIGNED_free wolfSSL_PKCS7_SIGNED_free +#define d2i_PKCS7 wolfSSL_d2i_PKCS7 +#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio +#define PKCS7_verify wolfSSL_PKCS7_verify +#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers +#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7 + +#endif /* OPENSSL_ALL && HAVE_PKCS7 */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_PKCS7_H_ */ + diff --git a/source/libwolfssl/openssl/rand.h b/source/libwolfssl/openssl/rand.h new file mode 100644 index 00000000..edf2f75f --- /dev/null +++ b/source/libwolfssl/openssl/rand.h @@ -0,0 +1,27 @@ +/* rand.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* rand.h for openSSL */ + +#include +#include + +#define RAND_set_rand_method wolfSSL_RAND_set_rand_method diff --git a/source/libwolfssl/openssl/rc4.h b/source/libwolfssl/openssl/rc4.h new file mode 100644 index 00000000..16a130da --- /dev/null +++ b/source/libwolfssl/openssl/rc4.h @@ -0,0 +1,59 @@ +/* rc4.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* rc4.h defines mini des openssl compatibility layer + * + */ + +#ifndef WOLFSSL_RC4_COMPAT_H_ +#define WOLFSSL_RC4_COMPAT_H_ + +#include +#include /* included for size_t */ + +#ifdef __cplusplus + extern "C" { +#endif + +/* applications including wolfssl/openssl/rc4.h are expecting to have access to + * the size of RC4_KEY structures. */ +typedef struct WOLFSSL_RC4_KEY { + /* big enough for Arc4 from wolfssl/wolfcrypt/arc4.h */ + void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +} WOLFSSL_RC4_KEY; +typedef WOLFSSL_RC4_KEY RC4_KEY; + +WOLFSSL_API void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len, + const unsigned char* data); +WOLFSSL_API void wolfSSL_RC4(WOLFSSL_RC4_KEY* key, size_t len, + const unsigned char* in, unsigned char* out); + +#define RC4 wolfSSL_RC4 +#define RC4_set_key wolfSSL_RC4_set_key + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_RC4_COMPAT_H_ */ + diff --git a/source/libwolfssl/openssl/ripemd.h b/source/libwolfssl/openssl/ripemd.h new file mode 100644 index 00000000..8d7f4226 --- /dev/null +++ b/source/libwolfssl/openssl/ripemd.h @@ -0,0 +1,58 @@ +/* ripemd.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* ripemd.h for openssl */ + + +#ifndef WOLFSSL_RIPEMD_H_ +#define WOLFSSL_RIPEMD_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct WOLFSSL_RIPEMD_CTX { + int holder[32]; /* big enough to hold wolfcrypt, but check on init */ +} WOLFSSL_RIPEMD_CTX; + +WOLFSSL_API void wolfSSL_RIPEMD_Init(WOLFSSL_RIPEMD_CTX*); +WOLFSSL_API void wolfSSL_RIPEMD_Update(WOLFSSL_RIPEMD_CTX*, const void*, + unsigned long); +WOLFSSL_API void wolfSSL_RIPEMD_Final(unsigned char*, WOLFSSL_RIPEMD_CTX*); + + +typedef WOLFSSL_RIPEMD_CTX RIPEMD_CTX; + +#define RIPEMD_Init wolfSSL_RIPEMD_Init +#define RIPEMD_Update wolfSSL_RIPEMD_Update +#define RIPEMD_Final wolfSSL_RIPEMD_Final + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL_MD5_H_ */ + diff --git a/source/libwolfssl/openssl/rsa.h b/source/libwolfssl/openssl/rsa.h new file mode 100644 index 00000000..4e82b575 --- /dev/null +++ b/source/libwolfssl/openssl/rsa.h @@ -0,0 +1,128 @@ +/* rsa.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* rsa.h for openSSL */ + + +#ifndef WOLFSSL_RSA_H_ +#define WOLFSSL_RSA_H_ + +#include + + +#ifdef __cplusplus + extern "C" { +#endif + +/* Padding types */ +#define RSA_PKCS1_PADDING 0 +#define RSA_PKCS1_OAEP_PADDING 1 +#define RSA_PKCS1_PSS_PADDING 2 +#define RSA_NO_PADDING 3 + +#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_RSA WOLFSSL_RSA; +#define WOLFSSL_RSA_TYPE_DEFINED +#endif + +typedef WOLFSSL_RSA RSA; + +struct WOLFSSL_RSA { +#ifdef WC_RSA_BLINDING + WC_RNG* rng; /* for PrivateDecrypt blinding */ +#endif + WOLFSSL_BIGNUM* n; + WOLFSSL_BIGNUM* e; + WOLFSSL_BIGNUM* d; + WOLFSSL_BIGNUM* p; + WOLFSSL_BIGNUM* q; + WOLFSSL_BIGNUM* dmp1; /* dP */ + WOLFSSL_BIGNUM* dmq1; /* dQ */ + WOLFSSL_BIGNUM* iqmp; /* u */ + void* heap; + void* internal; /* our RSA */ + char inSet; /* internal set from external ? */ + char exSet; /* external set from internal ? */ + char ownRng; /* flag for if the rng should be free'd */ +}; + + +WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void); +WOLFSSL_API void wolfSSL_RSA_free(WOLFSSL_RSA*); + +WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGNUM*, + void* cb); + +WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*); +WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr, + unsigned char* to, WOLFSSL_RSA*, int padding); +WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, + unsigned char* to, WOLFSSL_RSA*, int padding); +WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, + unsigned char* out, WOLFSSL_RSA* rsa, int padding); + +WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*, int); +WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, + unsigned int mLen, const unsigned char* sig, + unsigned int sigLen, WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, + unsigned char* to, WOLFSSL_RSA*, int padding); +WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz); +WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt); + +WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, + const WOLFSSL_BIGNUM **n, const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d); + +#define WOLFSSL_RSA_LOAD_PRIVATE 1 +#define WOLFSSL_RSA_LOAD_PUBLIC 2 +#define WOLFSSL_RSA_F4 0x10001L + +#define RSA_new wolfSSL_RSA_new +#define RSA_free wolfSSL_RSA_free + +#define RSA_generate_key_ex wolfSSL_RSA_generate_key_ex + +#define RSA_blinding_on wolfSSL_RSA_blinding_on +#define RSA_public_encrypt wolfSSL_RSA_public_encrypt +#define RSA_private_decrypt wolfSSL_RSA_private_decrypt +#define RSA_private_encrypt wolfSSL_RSA_private_encrypt + +#define RSA_size wolfSSL_RSA_size +#define RSA_sign wolfSSL_RSA_sign +#define RSA_verify wolfSSL_RSA_verify +#define RSA_public_decrypt wolfSSL_RSA_public_decrypt + +#define RSA_get0_key wolfSSL_RSA_get0_key + +#define RSA_F4 WOLFSSL_RSA_F4 + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* header */ diff --git a/source/libwolfssl/openssl/sha.h b/source/libwolfssl/openssl/sha.h new file mode 100644 index 00000000..5734b9dc --- /dev/null +++ b/source/libwolfssl/openssl/sha.h @@ -0,0 +1,203 @@ +/* sha.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* sha.h for openssl */ + + +#ifndef WOLFSSL_SHA_H_ +#define WOLFSSL_SHA_H_ + +#include +#include + +#ifdef WOLFSSL_PREFIX +#include "prefix_sha.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct WOLFSSL_SHA_CTX { + /* big enough to hold wolfcrypt Sha, but check on init */ +#if defined(STM32_HASH) + void* holder[(112 + WC_ASYNC_DEV_SIZE + sizeof(STM32_HASH_Context)) / sizeof(void*)]; +#else + void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +#endif + #ifdef WOLF_CRYPTO_CB + void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)]; + #endif +} WOLFSSL_SHA_CTX; + +WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*); +WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long); +WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*); + +/* SHA1 points to above, shouldn't use SHA0 ever */ +WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*); +WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long); +WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*); + +enum { + SHA_DIGEST_LENGTH = 20 +}; + + +typedef WOLFSSL_SHA_CTX SHA_CTX; + +#define SHA_Init wolfSSL_SHA_Init +#define SHA_Update wolfSSL_SHA_Update +#define SHA_Final wolfSSL_SHA_Final + +#define SHA1_Init wolfSSL_SHA1_Init +#define SHA1_Update wolfSSL_SHA1_Update +#define SHA1_Final wolfSSL_SHA1_Final + + +#ifdef WOLFSSL_SHA224 + +/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256 + * struct are 16 byte aligned. Any derefrence to those elements after casting to + * Sha224, is expected to also be 16 byte aligned addresses. */ +typedef struct WOLFSSL_SHA224_CTX { + /* big enough to hold wolfcrypt Sha224, but check on init */ + ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +} WOLFSSL_SHA224_CTX; + +WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX*); +WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX*, const void*, + unsigned long); +WOLFSSL_API int wolfSSL_SHA224_Final(unsigned char*, WOLFSSL_SHA224_CTX*); + +enum { + SHA224_DIGEST_LENGTH = 28 +}; + + +typedef WOLFSSL_SHA224_CTX SHA224_CTX; + +#define SHA224_Init wolfSSL_SHA224_Init +#define SHA224_Update wolfSSL_SHA224_Update +#define SHA224_Final wolfSSL_SHA224_Final + +#endif /* WOLFSSL_SHA224 */ + + +/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256 + * struct are 16 byte aligned. Any derefrence to those elements after casting to + * Sha256, is expected to also be 16 byte aligned addresses. */ +typedef struct WOLFSSL_SHA256_CTX { + /* big enough to hold wolfcrypt Sha256, but check on init */ + ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +} WOLFSSL_SHA256_CTX; + +WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*); +WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*, + unsigned long); +WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*); + +enum { + SHA256_DIGEST_LENGTH = 32 +}; + + +typedef WOLFSSL_SHA256_CTX SHA256_CTX; + +#define SHA256_Init wolfSSL_SHA256_Init +#define SHA256_Update wolfSSL_SHA256_Update +#define SHA256_Final wolfSSL_SHA256_Final +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS + * build. */ + #define SHA256 wolfSSL_SHA256 +#endif + + +#ifdef WOLFSSL_SHA384 + +typedef struct WOLFSSL_SHA384_CTX { + /* big enough to hold wolfCrypt Sha384, but check on init */ + void* holder[(256 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +} WOLFSSL_SHA384_CTX; + +WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*); +WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX*, const void*, + unsigned long); +WOLFSSL_API int wolfSSL_SHA384_Final(unsigned char*, WOLFSSL_SHA384_CTX*); + +enum { + SHA384_DIGEST_LENGTH = 48 +}; + + +typedef WOLFSSL_SHA384_CTX SHA384_CTX; + +#define SHA384_Init wolfSSL_SHA384_Init +#define SHA384_Update wolfSSL_SHA384_Update +#define SHA384_Final wolfSSL_SHA384_Final +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + /* SHA384 is only available in non-fips mode because of SHA384 enum in FIPS + * build. */ + #define SHA384 wolfSSL_SHA384 +#endif +#endif /* WOLFSSL_SHA384 */ + +#ifdef WOLFSSL_SHA512 + +typedef struct WOLFSSL_SHA512_CTX { + /* big enough to hold wolfCrypt Sha384, but check on init */ + void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; +} WOLFSSL_SHA512_CTX; + +WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*); +WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*, + unsigned long); +WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*); + +enum { + SHA512_DIGEST_LENGTH = 64 +}; + + +typedef WOLFSSL_SHA512_CTX SHA512_CTX; + +#define SHA512_Init wolfSSL_SHA512_Init +#define SHA512_Update wolfSSL_SHA512_Update +#define SHA512_Final wolfSSL_SHA512_Final +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + /* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS + * build. */ + #define SHA512 wolfSSL_SHA512 +#endif +#endif /* WOLFSSL_SHA512 */ + + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL_SHA_H_ */ + diff --git a/source/libwolfssl/openssl/ssl.h b/source/libwolfssl/openssl/ssl.h new file mode 100644 index 00000000..ad6bc11d --- /dev/null +++ b/source/libwolfssl/openssl/ssl.h @@ -0,0 +1,1117 @@ +/* ssl.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* ssl.h defines wolfssl_openssl compatibility layer + * + */ + + +#ifndef WOLFSSL_OPENSSL_H_ +#define WOLFSSL_OPENSSL_H_ + +/* wolfssl_openssl compatibility layer */ +#ifndef OPENSSL_EXTRA_SSL_GUARD +#define OPENSSL_EXTRA_SSL_GUARD +#include +#endif /* OPENSSL_EXTRA_SSL_GUARD */ + +#include +#ifdef OPENSSL_EXTRA +#include +#endif + +/* all NID_* values are in asn.h */ +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef _WIN32 + /* wincrypt.h clashes */ + #undef X509_NAME +#endif + +#ifdef WOLFSSL_UTASKER + /* tcpip.h clashes */ + #undef ASN1_INTEGER +#endif + + +typedef WOLFSSL SSL; +typedef WOLFSSL_SESSION SSL_SESSION; +typedef WOLFSSL_METHOD SSL_METHOD; +typedef WOLFSSL_CTX SSL_CTX; + +typedef WOLFSSL_X509 X509; +typedef WOLFSSL_X509 X509_REQ; +typedef WOLFSSL_X509_NAME X509_NAME; +typedef WOLFSSL_X509_INFO X509_INFO; +typedef WOLFSSL_X509_CHAIN X509_CHAIN; + +typedef WOLFSSL_STACK EXTENDED_KEY_USAGE; + + +/* redeclare guard */ +#define WOLFSSL_TYPES_DEFINED + +typedef WOLFSSL_BIO BIO; +typedef WOLFSSL_BIO_METHOD BIO_METHOD; +typedef WOLFSSL_CIPHER SSL_CIPHER; +typedef WOLFSSL_X509_LOOKUP X509_LOOKUP; +typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD; +typedef WOLFSSL_X509_CRL X509_CRL; +typedef WOLFSSL_X509_EXTENSION X509_EXTENSION; +typedef WOLFSSL_X509_PUBKEY X509_PUBKEY; +typedef WOLFSSL_X509_ALGOR X509_ALGOR; +typedef WOLFSSL_ASN1_TIME ASN1_TIME; +typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER; +typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT; +typedef WOLFSSL_ASN1_STRING ASN1_STRING; +typedef WOLFSSL_ASN1_TYPE ASN1_TYPE; +typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value; +typedef WOLFSSL_BUF_MEM BUF_MEM; +typedef WOLFSSL_GENERAL_NAMES GENERAL_NAMES; +typedef WOLFSSL_GENERAL_NAME GENERAL_NAME; + +#define ASN1_UTCTIME WOLFSSL_ASN1_TIME +#define ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME + +typedef WOLFSSL_COMP_METHOD COMP_METHOD; +typedef WOLFSSL_COMP SSL_COMP; +typedef WOLFSSL_X509_REVOKED X509_REVOKED; +typedef WOLFSSL_X509_OBJECT X509_OBJECT; +typedef WOLFSSL_X509_STORE X509_STORE; +typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; +typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; + +#define EVP_CIPHER_INFO EncryptedInfo + +#define STACK_OF(x) WOLFSSL_STACK + +#define CRYPTO_free XFREE +#define CRYPTO_malloc XMALLOC +#define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new +#define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup +#define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free + +/* depreciated */ +#define CRYPTO_thread_id wolfSSL_thread_id +#define CRYPTO_set_id_callback wolfSSL_set_id_callback + +#define CRYPTO_LOCK 0x01 +#define CRYPTO_UNLOCK 0x02 +#define CRYPTO_READ 0x04 +#define CRYPTO_WRITE 0x08 + +#define CRYPTO_set_locking_callback wolfSSL_set_locking_callback +#define CRYPTO_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback +#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback +#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback +#define CRYPTO_num_locks wolfSSL_num_locks +#define CRYPTO_dynlock_value WOLFSSL_dynlock_value + +#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data + +/* this function was used to set the default malloc, free, and realloc */ +#define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */ +#define OPENSSL_malloc_init() 0 /* OPENSSL_malloc_init is not needed */ + +#define SSL_get_client_random(ssl,out,outSz) \ + wolfSSL_get_client_random((ssl),(out),(outSz)) +#define SSL_get_cipher_list(ctx,i) wolfSSL_get_cipher_list_ex((ctx),(i)) +#define SSL_get_cipher_name(ctx) wolfSSL_get_cipher((ctx)) +#define SSL_get_shared_ciphers(ctx,buf,len) \ + wolfSSL_get_shared_ciphers((ctx),(buf),(len)) + +/* at the moment only returns ok */ +#define SSL_get_verify_result wolfSSL_get_verify_result +#define SSL_get_verify_mode wolfSSL_SSL_get_mode +#define SSL_get_verify_depth wolfSSL_get_verify_depth +#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode +#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth +#define SSL_get_certificate wolfSSL_get_certificate +#define SSL_use_certificate wolfSSL_use_certificate +#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 +#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio +#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio +#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp + +#define d2i_PUBKEY wolfSSL_d2i_PUBKEY +#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio +#define d2i_PrivateKey wolfSSL_d2i_PrivateKey +#define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey +#define i2d_PrivateKey wolfSSL_i2d_PrivateKey +#define SSL_use_PrivateKey wolfSSL_use_PrivateKey +#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 +#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 +#define SSL_get_privatekey wolfSSL_get_privatekey +#define SSL_CTX_use_PrivateKey_ASN1 wolfSSL_CTX_use_PrivateKey_ASN1 + +#define SSLv23_method wolfSSLv23_method +#define SSLv23_client_method wolfSSLv23_client_method +#define SSLv2_client_method wolfSSLv2_client_method +#define SSLv2_server_method wolfSSLv2_server_method +#define SSLv3_server_method wolfSSLv3_server_method +#define SSLv3_client_method wolfSSLv3_client_method +#define TLS_client_method wolfTLS_client_method +#define TLS_server_method wolfTLS_server_method +#define TLSv1_method wolfTLSv1_method +#define TLSv1_server_method wolfTLSv1_server_method +#define TLSv1_client_method wolfTLSv1_client_method +#define TLSv1_1_method wolfTLSv1_1_method +#define TLSv1_1_server_method wolfTLSv1_1_server_method +#define TLSv1_1_client_method wolfTLSv1_1_client_method +#define TLSv1_2_method wolfTLSv1_2_method +#define TLSv1_2_server_method wolfTLSv1_2_server_method +#define TLSv1_2_client_method wolfTLSv1_2_client_method +#define TLSv1_3_method wolfTLSv1_3_method +#define TLSv1_3_server_method wolfTLSv1_3_server_method +#define TLSv1_3_client_method wolfTLSv1_3_client_method + +#define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1 + +#define X509_F_X509_CHECK_PRIVATE_KEY 128 + +#ifdef WOLFSSL_DTLS + #define DTLSv1_client_method wolfDTLSv1_client_method + #define DTLSv1_server_method wolfDTLSv1_server_method + #define DTLSv1_2_client_method wolfDTLSv1_2_client_method + #define DTLSv1_2_server_method wolfDTLSv1_2_server_method +#endif + + +#ifndef NO_FILESYSTEM + #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file + #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file + #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations + #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file + #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file + + #define SSL_use_certificate_file wolfSSL_use_certificate_file + #define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file + #define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file + #define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file +#endif + +#define SSL_CTX_new(method) wolfSSL_CTX_new((WOLFSSL_METHOD*)(method)) +#define SSL_new wolfSSL_new +#define SSL_set_fd wolfSSL_set_fd +#define SSL_get_fd wolfSSL_get_fd +#define SSL_connect wolfSSL_connect +#define SSL_clear wolfSSL_clear +#define SSL_state wolfSSL_state + +#define SSL_write wolfSSL_write +#define SSL_read wolfSSL_read +#define SSL_peek wolfSSL_peek +#define SSL_accept wolfSSL_accept +#define SSL_CTX_free wolfSSL_CTX_free +#define SSL_free wolfSSL_free +#define SSL_shutdown wolfSSL_shutdown +#define SSL_set_timeout wolfSSL_set_timeout + +#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown +#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown +#define SSL_get_error wolfSSL_get_error +#define SSL_set_session wolfSSL_set_session +#define SSL_get_session wolfSSL_get_session +#define SSL_flush_sessions wolfSSL_flush_sessions +/* assume unlimited temporarily */ +#define SSL_CTX_get_session_cache_mode(ctx) 0 + +#define SSL_CTX_set_verify wolfSSL_CTX_set_verify +#define SSL_set_verify wolfSSL_set_verify +#define SSL_set_verify_result wolfSSL_set_verify_result +#define SSL_pending wolfSSL_pending +#define SSL_load_error_strings wolfSSL_load_error_strings +#define SSL_library_init wolfSSL_library_init +#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode +#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list +#define SSL_set_cipher_list wolfSSL_set_cipher_list + +#define SSL_set_ex_data wolfSSL_set_ex_data +#define SSL_get_shutdown wolfSSL_get_shutdown +#define SSL_set_rfd wolfSSL_set_rfd +#define SSL_set_wfd wolfSSL_set_wfd +#define SSL_set_shutdown wolfSSL_set_shutdown +#define SSL_set_session_id_context wolfSSL_set_session_id_context +#define SSL_set_connect_state wolfSSL_set_connect_state +#define SSL_set_accept_state wolfSSL_set_accept_state +#define SSL_session_reused wolfSSL_session_reused +#define SSL_SESSION_free wolfSSL_SESSION_free +#define SSL_is_init_finished wolfSSL_is_init_finished + +#define SSL_get_version wolfSSL_get_version +#define SSL_get_current_cipher wolfSSL_get_current_cipher + +/* use wolfSSL_get_cipher_name for its return format */ +#define SSL_get_cipher wolfSSL_get_cipher_name +#define SSL_CIPHER_description wolfSSL_CIPHER_description +#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name +#define SSL_CIPHER_get_version wolfSSL_CIPHER_get_version +#define SSL_CIPHER_get_id wolfSSL_CIPHER_get_id +#define SSL_CIPHER_get_rfc_name wolfSSL_CIPHER_get_rfc_name +#define SSL_get_cipher_by_value wolfSSL_get_cipher_by_value + +#define SSL_get1_session wolfSSL_get1_session + +#define SSL_get_keyblock_size wolfSSL_get_keyblock_size +#define SSL_get_keys wolfSSL_get_keys +#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key +#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN + #define X509_get_ext wolfSSL_X509_get_ext + #define X509_cmp wolfSSL_X509_cmp + #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object + #define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical + #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data + #define X509_EXTENSION_new wolfSSL_X509_EXTENSION_new + #define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free +#endif + +#define DSA_dup_DH wolfSSL_DSA_dup_DH + +#define i2d_X509_bio wolfSSL_i2d_X509_bio +#define d2i_X509_bio wolfSSL_d2i_X509_bio +#define d2i_X509_fp wolfSSL_d2i_X509_fp +#define i2d_X509 wolfSSL_i2d_X509 +#define d2i_X509 wolfSSL_d2i_X509 +#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 +#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX +#define PEM_read_X509 wolfSSL_PEM_read_X509 +#define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio +#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 +#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX +#define i2d_PrivateKey wolfSSL_i2d_PrivateKey + +#define i2d_X509_REQ wolfSSL_i2d_X509_REQ +#define X509_REQ_new wolfSSL_X509_REQ_new +#define X509_REQ_free wolfSSL_X509_REQ_free +#define X509_REQ_sign wolfSSL_X509_REQ_sign +#define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions +#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name +#define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey +#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ + +#define X509_new wolfSSL_X509_new +#define X509_up_ref wolfSSL_X509_up_ref +#define X509_free wolfSSL_X509_free +#define X509_load_certificate_file wolfSSL_X509_load_certificate_file +#define X509_digest wolfSSL_X509_digest +#define X509_get_ext_count wolfSSL_X509_get_ext_count +#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i +#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID +#define X509_get_ext wolfSSL_X509_get_ext +#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID +#define X509_add_ext wolfSSL_X509_add_ext +#define X509_get_issuer_name wolfSSL_X509_get_issuer_name +#define X509_get_subject_name wolfSSL_X509_get_subject_name +#define X509_get_pubkey wolfSSL_X509_get_pubkey +#define X509_get_notBefore wolfSSL_X509_get_notBefore +#define X509_get_notAfter wolfSSL_X509_get_notAfter +#define X509_get_serialNumber wolfSSL_X509_get_serialNumber +#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr +#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index +#define X509_get_ex_data wolfSSL_X509_get_ex_data +#define X509_set_ex_data wolfSSL_X509_set_ex_data +#define X509_get1_ocsp wolfSSL_X509_get1_ocsp +#ifndef WOLFSSL_HAPROXY +#define X509_get_version wolfSSL_X509_get_version +#endif +#define X509_get_signature_nid wolfSSL_X509_get_signature_nid +#define X509_set_subject_name wolfSSL_X509_set_subject_name +#define X509_set_issuer_name wolfSSL_X509_set_issuer_name +#define X509_set_pubkey wolfSSL_X509_set_pubkey +#define X509_set_notAfter wolfSSL_X509_set_notAfter +#define X509_set_notBefore wolfSSL_X509_set_notBefore +#define X509_set_serialNumber wolfSSL_X509_set_serialNumber +#define X509_set_version wolfSSL_X509_set_version +#define X509_sign wolfSSL_X509_sign +#define X509_print wolfSSL_X509_print +#define X509_print_ex wolfSSL_X509_print_ex +#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string +#define X509_verify_cert wolfSSL_X509_verify_cert +#define X509_check_private_key wolfSSL_X509_check_private_key +#define X509_check_ca wolfSSL_X509_check_ca +#define X509_check_host wolfSSL_X509_check_host +#define X509_email_free wolfSSL_X509_email_free +#define X509_check_issued wolfSSL_X509_check_issued +#define X509_dup wolfSSL_X509_dup + +#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object +#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data + +#define sk_X509_new wolfSSL_sk_X509_new +#define sk_X509_new_null wolfSSL_sk_X509_new +#define sk_X509_num wolfSSL_sk_X509_num +#define sk_X509_value wolfSSL_sk_X509_value +#define sk_X509_shift wolfSSL_sk_X509_shift +#define sk_X509_push wolfSSL_sk_X509_push +#define sk_X509_pop wolfSSL_sk_X509_pop +#define sk_X509_pop_free wolfSSL_sk_X509_pop_free +#define sk_X509_dup wolfSSL_sk_X509_dup +#define sk_X509_free wolfSSL_sk_X509_free + +#define sk_X509_EXTENSION_num wolfSSL_sk_X509_EXTENSION_num +#define sk_X509_EXTENSION_value wolfSSL_sk_X509_EXTENSION_value +#define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null +#define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free +#define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push +#define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free + +#define X509_INFO_new wolfSSL_X509_INFO_new +#define X509_INFO_free wolfSSL_X509_INFO_free + +#define sk_X509_INFO_new_null wolfSSL_sk_X509_INFO_new_null +#define sk_X509_INFO_num wolfSSL_sk_X509_INFO_num +#define sk_X509_INFO_value wolfSSL_sk_X509_INFO_value +#define sk_X509_INFO_push wolfSSL_sk_X509_INFO_push +#define sk_X509_INFO_pop wolfSSL_sk_X509_INFO_pop +#define sk_X509_INFO_pop_free wolfSSL_sk_X509_INFO_pop_free +#define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free + +#define i2d_X509_NAME wolfSSL_i2d_X509_NAME +#define X509_NAME_new wolfSSL_X509_NAME_new +#define X509_NAME_free wolfSSL_X509_NAME_free +#define X509_NAME_dup wolfSSL_X509_NAME_dup +#define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID +#define X509_NAME_cmp wolfSSL_X509_NAME_cmp +#define X509_NAME_ENTRY_free wolfSSL_X509_NAME_ENTRY_free +#define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID +#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry +#define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt +#define X509_NAME_add_entry_by_NID wolfSSL_X509_NAME_add_entry_by_NID +#define X509_NAME_oneline wolfSSL_X509_NAME_oneline +#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID +#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex +#define X509_NAME_digest wolfSSL_X509_NAME_digest +#define X509_cmp_current_time wolfSSL_X509_cmp_current_time +#define X509_cmp_time wolfSSL_X509_cmp_time +#define X509_time_adj wolfSSL_X509_time_adj +#define X509_time_adj_ex wolfSSL_X509_time_adj_ex + +#define sk_ACCESS_DESCRIPTION_num wolfSSL_sk_ACCESS_DESCRIPTION_num +#define sk_ACCESS_DESCRIPTION_value wolfSSL_sk_ACCESS_DESCRIPTION_value + +#define sk_X509_NAME_new wolfSSL_sk_X509_NAME_new +#define sk_X509_NAME_push wolfSSL_sk_X509_NAME_push +#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find +#define sk_X509_NAME_set_cmp_func wolfSSL_sk_X509_NAME_set_cmp_func +#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num +#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value +#define sk_X509_NAME_pop wolfSSL_sk_X509_NAME_pop +#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free +#define sk_X509_NAME_free wolfSSL_sk_X509_NAME_free + +typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; + +#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count +#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object +#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry +#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data +#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object + +#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK +#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL + +#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME +#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME +#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS + +#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert +#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb +#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new +#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free +#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain +#define X509_STORE_CTX_get1_chain wolfSSL_X509_STORE_CTX_get1_chain +#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error +#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth +#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init +#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup +#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error +#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data +#define X509_STORE_CTX_set_ex_data wolfSSL_X509_STORE_CTX_set_ex_data +#define X509_STORE_CTX_set_depth wolfSSL_X509_STORE_CTX_set_depth +#define X509_STORE_CTX_get0_current_issuer \ + wolfSSL_X509_STORE_CTX_get0_current_issuer +#define X509_STORE_CTX_get0_store wolfSSL_X509_STORE_CTX_get0_store + +#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_free wolfSSL_X509_STORE_free +#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup +#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert +#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl +#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags +#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs +#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject +#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer +#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time +#define X509_VERIFY_PARAM_set_hostflags wolfSSL_X509_VERIFY_PARAM_set_hostflags +#define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host +#define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc +#define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations + +#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir +#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file +#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir +#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file + +#define d2i_X509_CRL wolfSSL_d2i_X509_CRL +#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp +#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL + +#define X509_CRL_free wolfSSL_X509_CRL_free +#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate +#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate +#define X509_CRL_verify wolfSSL_X509_CRL_verify +#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED + +#define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY +#define X509_get0_tbs_sigalg wolfSSL_X509_get0_tbs_sigalg +#define X509_PUBKEY_get0_param wolfSSL_X509_PUBKEY_get0_param +#define X509_ALGOR_get0 wolfSSL_X509_ALGOR_get0 + +#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num +#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value + +#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents +#define X509_subject_name_hash wolfSSL_X509_subject_name_hash + +#define OCSP_parse_url wolfSSL_OCSP_parse_url + +#define MD4_Init wolfSSL_MD4_Init +#define MD4_Update wolfSSL_MD4_Update +#define MD4_Final wolfSSL_MD4_Final + +#define BIO_new wolfSSL_BIO_new +#define BIO_free wolfSSL_BIO_free +#define BIO_vfree wolfSSL_BIO_vfree +#define BIO_free_all wolfSSL_BIO_free_all +#define BIO_nread0 wolfSSL_BIO_nread0 +#define BIO_nread wolfSSL_BIO_nread +#define BIO_read wolfSSL_BIO_read +#define BIO_nwrite0 wolfSSL_BIO_nwrite0 +#define BIO_nwrite wolfSSL_BIO_nwrite +#define BIO_write wolfSSL_BIO_write +#define BIO_push wolfSSL_BIO_push +#define BIO_pop wolfSSL_BIO_pop +#define BIO_flush wolfSSL_BIO_flush +#define BIO_pending wolfSSL_BIO_pending + +#define BIO_get_mem_data wolfSSL_BIO_get_mem_data +#define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf + +#define BIO_f_buffer wolfSSL_BIO_f_buffer +#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size +#define BIO_f_ssl wolfSSL_BIO_f_ssl +#define BIO_new_socket wolfSSL_BIO_new_socket +#define SSL_set_bio wolfSSL_set_bio +#define BIO_eof wolfSSL_BIO_eof +#define BIO_set_ss wolfSSL_BIO_set_ss + +#define BIO_s_mem wolfSSL_BIO_s_mem +#define BIO_f_base64 wolfSSL_BIO_f_base64 +#define BIO_set_flags wolfSSL_BIO_set_flags +#define BIO_set_nbio wolfSSL_BIO_set_nbio + +#define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms +#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms + +#define RAND_screen wolfSSL_RAND_screen +#define RAND_file_name wolfSSL_RAND_file_name +#define RAND_write_file wolfSSL_RAND_write_file +#define RAND_load_file wolfSSL_RAND_load_file +#define RAND_egd wolfSSL_RAND_egd +#define RAND_seed wolfSSL_RAND_seed +#define RAND_cleanup wolfSSL_RAND_Cleanup +#define RAND_add wolfSSL_RAND_add +#define RAND_poll wolfSSL_RAND_poll +#define RAND_status wolfSSL_RAND_status +#define RAND_bytes wolfSSL_RAND_bytes +#define RAND_pseudo_bytes wolfSSL_RAND_pseudo_bytes + +#define COMP_zlib wolfSSL_COMP_zlib +#define COMP_rle wolfSSL_COMP_rle +#define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method + +#define SSL_get_ex_new_index wolfSSL_get_ex_new_index + + +typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; + +#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj +#define ASN1_TIME_print wolfSSL_ASN1_TIME_print +#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime +#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print +#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free + +#define ASN1_tag2str wolfSSL_ASN1_tag2str + +#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER +#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER +#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new +#define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free +#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp +#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get +#define ASN1_INTEGER_set wolfSSL_ASN1_INTEGER_set +#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN + +#define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT + +#define ASN1_STRING_data wolfSSL_ASN1_STRING_data +#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data +#define ASN1_STRING_length wolfSSL_ASN1_STRING_length +#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 +#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex +#define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y)) +#define d2i_DISPLAYTEXT wolfSSL_d2i_DISPLAYTEXT + +#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr + +#define ASN1_IA5STRING WOLFSSL_ASN1_STRING + +#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING +#define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN + +#define SSL_load_client_CA_file wolfSSL_load_client_CA_file + +#define SSL_CTX_get_client_CA_list wolfSSL_SSL_CTX_get_client_CA_list +#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list +#define SSL_CTX_set_client_cert_cb wolfSSL_CTX_set_client_cert_cb +#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store +#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x)) +#define SSL_get_client_CA_list wolfSSL_get_client_CA_list +#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx +#define SSL_get_ex_data wolfSSL_get_ex_data + +#define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata +#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb + +#define SSL_CTX_set_timeout(ctx, to) \ + wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) +#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback +#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos + +#define SSL_alert_type_string wolfSSL_alert_type_string +#define SSL_alert_desc_string wolfSSL_alert_desc_string +#define SSL_state_string wolfSSL_state_string + +#define RSA_free wolfSSL_RSA_free +#define RSA_generate_key wolfSSL_RSA_generate_key +#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback +#define RSA_print wolfSSL_RSA_print + +#define PEM_def_callback wolfSSL_PEM_def_callback + +#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept +#define SSL_CTX_sess_connect wolfSSL_CTX_sess_connect +#define SSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good +#define SSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good +#define SSL_CTX_sess_accept_renegotiate wolfSSL_CTX_sess_accept_renegotiate +#define SSL_CTX_sess_connect_renegotiate wolfSSL_CTX_sess_connect_renegotiate +#define SSL_CTX_sess_hits wolfSSL_CTX_sess_hits +#define SSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits +#define SSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full +#define SSL_CTX_sess_misses wolfSSL_CTX_sess_misses +#define SSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts +#define SSL_CTX_sess_number wolfSSL_CTX_sess_number +#define SSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size + + +#define SSL_DEFAULT_CIPHER_LIST WOLFSSL_DEFAULT_CIPHER_LIST + +#define SSL_CTX_set_psk_client_callback wolfSSL_CTX_set_psk_client_callback +#define SSL_set_psk_client_callback wolfSSL_set_psk_client_callback + +#define SSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint +#define SSL_get_psk_identity wolfSSL_get_psk_identity + +#define SSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint +#define SSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint + +#define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback +#define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback + +/* system file ints for ERR_put_error */ +#define SYS_F_ACCEPT WOLFSSL_SYS_ACCEPT +#define SYS_F_BIND WOLFSSL_SYS_BIND +#define SYS_F_CONNECT WOLFSSL_SYS_CONNECT +#define SYS_F_FOPEN WOLFSSL_SYS_FOPEN +#define SYS_F_FREAD WOLFSSL_SYS_FREAD +#define SYS_F_GETADDRINFO WOLFSSL_SYS_GETADDRINFO +#define SYS_F_GETSOCKOPT WOLFSSL_SYS_GETSOCKOPT +#define SYS_F_GETSOCKNAME WOLFSSL_SYS_GETSOCKNAME +#define SYS_F_OPENDIR WOLFSSL_SYS_OPENDIR +#define SYS_F_SETSOCKOPT WOLFSSL_SYS_SETSOCKOPT +#define SYS_F_SOCKET WOLFSSL_SYS_SOCKET +#define SYS_F_GETHOSTBYNAME WOLFSSL_SYS_GETHOSTBYNAME +#define SYS_F_GETNAMEINFO WOLFSSL_SYS_GETNAMEINFO +#define SYS_F_GETSERVBYNAME WOLFSSL_SYS_GETSERVBYNAME +#define SYS_F_IOCTLSOCKET WOLFSSL_SYS_IOCTLSOCKET +#define SYS_F_LISTEN WOLFSSL_SYS_LISTEN + +#define ERR_GET_REASON wolfSSL_ERR_GET_REASON + +#define ERR_put_error wolfSSL_ERR_put_error +#define ERR_peek_error wolfSSL_ERR_peek_error +#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp +#define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data +#define ERR_peek_last_error wolfSSL_ERR_peek_last_error +#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line +#define ERR_get_error_line wolfSSL_ERR_get_error_line +#define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data +#define ERR_get_error wolfSSL_ERR_get_error +#define ERR_print_errors_fp(file) wolfSSL_ERR_dump_errors_fp((file)) +#define ERR_print_errors wolfSSL_ERR_print_errors +#define ERR_clear_error wolfSSL_ERR_clear_error +#define ERR_free_strings wolfSSL_ERR_free_strings +#define ERR_remove_state wolfSSL_ERR_remove_state +#define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state +#define ERR_error_string wolfSSL_ERR_error_string +#define ERR_error_string_n wolfSSL_ERR_error_string_n +#define ERR_reason_error_string wolfSSL_ERR_reason_error_string +#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings + +#define PEMerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_PEM,\ + (func), (reason), __FILE__, __LINE__) + +#define SSLv23_server_method wolfSSLv23_server_method +#define SSL_CTX_set_options wolfSSL_CTX_set_options +#define SSL_CTX_get_options wolfSSL_CTX_get_options +#define SSL_CTX_clear_options wolfSSL_CTX_clear_options + +#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key +#define SSL_check_private_key wolfSSL_check_private_key + +#define SSL_CTX_set_mode wolfSSL_CTX_set_mode +#define SSL_CTX_get_mode wolfSSL_CTX_get_mode +#define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead + +#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size +#define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths + +#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context +#define SSL_get_peer_certificate wolfSSL_get_peer_certificate +#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain + +#define SSL_want wolfSSL_want +#define SSL_want_read wolfSSL_want_read +#define SSL_want_write wolfSSL_want_write + +#define BIO_prf wolfSSL_BIO_prf + +#define sk_num wolfSSL_sk_num +#define sk_value wolfSSL_sk_value + +#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp +#define i2d_PKCS12_bio wolfSSL_i2d_PKCS12_bio + +#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define d2i_RSAPrivateKey wolfSSL_d2i_RSAPrivateKey +#define i2d_RSAPrivateKey wolfSSL_i2d_RSAPrivateKey +#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey + +#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data +#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data +#define SSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb +#define SSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb +#define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb + +#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION +#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION +#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout +#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout +#define SSL_SESSION_get_time wolfSSL_SESSION_get_time + +#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index +#define PEM_read wolfSSL_PEM_read +#define PEM_write wolfSSL_PEM_write +#define PEM_get_EVP_CIPHER_INFO wolfSSL_PEM_get_EVP_CIPHER_INFO +#define PEM_do_header wolfSSL_PEM_do_header + +/*#if OPENSSL_API_COMPAT < 0x10100000L*/ +#define CONF_modules_free() +#define ENGINE_cleanup() +#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup +#define SSL_CTX_need_tmp_RSA(ctx) 0 +#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +#define SSL_need_tmp_RSA(ssl) 0 +#define SSL_set_tmp_rsa(ssl,rsa) 1 +/*#endif*/ + +#define CONF_modules_unload(a) + +#define SSL_get_hit wolfSSL_session_reused + +/* yassl had set the default to be 500 */ +#define SSL_get_default_timeout(ctx) 500 + +#define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (Timeval*)(timeleft)) +#define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout +#define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration + +#ifndef NO_WOLFSSL_STUB +#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)ssl; (void)cb; }) +#endif + +#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate +#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey +#define BIO_read_filename wolfSSL_BIO_read_filename +#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth +#define SSL_set_verify_depth wolfSSL_set_verify_depth +#define SSL_get_app_data wolfSSL_get_app_data +#define SSL_set_app_data wolfSSL_set_app_data +#define SHA1 wolfSSL_SHA1 + +#define SSL_dup_CA_list wolfSSL_dup_CA_list + +enum { + GEN_DNS = 0x02, /* ASN_DNS_TYPE */ + GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */ + GEN_URI = 0x06, /* ASN_URI_TYPE */ + GEN_RID = 0x08, /* Registered ID, not supported */ +}; + +#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams +#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x) +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define SSL_get_cipher_bits(s,np) \ + wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num +#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero +#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value +#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ +#define sk_SSL_CIPHER_dup wolfSSL_sk_SSL_CIPHER_dup +#define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free +#define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) +#include + +#define SSL_CTRL_CHAIN 88 +#define GEN_IPADD 7 +#define ERR_LIB_SSL 20 +#define SSL_R_SHORT_READ 10 +#define ERR_R_PEM_LIB 9 +#define V_ASN1_IA5STRING 22 +#define V_ASN1_UTF8STRING 12 +#define SSL_CTRL_MODE 33 + +#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 + +#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) +#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio +#define SSL_CTX_use_RSAPrivateKey wolfSSL_CTX_use_RSAPrivateKey +#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio +#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair +#define SSL_get_verify_callback wolfSSL_get_verify_callback + +#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) + +#define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1 +#define SSL_CTX_set0_chain(ctx,sk) \ + wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +#define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0) +#define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg)) +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + +#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh + +#define TLSEXT_STATUSTYPE_ocsp 1 + +#define SSL_set_options wolfSSL_set_options +#define SSL_get_options wolfSSL_get_options +#define SSL_clear_options wolfSSL_clear_options +#define SSL_set_tmp_dh wolfSSL_set_tmp_dh +#define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations +#define SSL_total_renegotiations wolfSSL_total_renegotiations +#define SSL_num_renegotiations wolfSSL_num_renegotiations +#define SSL_renegotiate wolfSSL_Rehandshake +#define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support +#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg +#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type +#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts +#define SSL_get_tlsext_status_ids wolfSSL_get_tlsext_status_ids +#define SSL_set_tlsext_status_ids wolfSSL_set_tlsext_status_ids +#define SSL_get_tlsext_status_ocsp_res wolfSSL_get_tlsext_status_ocsp_resp +#define SSL_set_tlsext_status_ocsp_res wolfSSL_set_tlsext_status_ocsp_resp +#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp +#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp + +#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert +#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead +#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead +#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg +#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ + wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg +#define SSL_get_server_random wolfSSL_get_server_random +#define SSL_get_server_tmp_key wolfSSL_get_server_tmp_key + +#define SSL_CTX_set_min_proto_version wolfSSL_CTX_set_min_proto_version +#define SSL_CTX_set_max_proto_version wolfSSL_CTX_set_max_proto_version + +#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts + +#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 + +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_EXTRA_CHAIN_CERT 14 + +#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +#define SSL_CTRL_GET_READ_AHEAD 40 +#define SSL_CTRL_SET_READ_AHEAD 41 + +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 + +#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 + +#define SSL_ctrl wolfSSL_ctrl +#define SSL_CTX_ctrl wolfSSL_CTX_ctrl + +#define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ + +#define SSL2_VERSION 0x0002 +#define SSL3_VERSION 0x0300 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 +#define TLS1_2_VERSION 0x0303 +#define TLS1_3_VERSION 0x0304 +#define DTLS1_VERSION 0xFEFF +#define DTLS1_2_VERSION 0xFEFD + +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ + || defined(OPENSSL_ALL) +#include + +#define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000) +#define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000) + +#define SSL3_AD_BAD_CERTIFICATE bad_certificate +#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE + +#define ASN1_STRFLGS_ESC_MSB 4 + +#define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH + +#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long +#define SSL_alert_type_string_long wolfSSL_alert_type_string_long +#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits +#define sk_GENERAL_NAME_num wolfSSL_sk_GENERAL_NAME_num +#define SSL_CTX_get_options wolfSSL_CTX_get_options + +#define SSL_CTX_flush_sessions wolfSSL_flush_sessions +#define SSL_CTX_add_session wolfSSL_CTX_add_session +#define SSL_version wolfSSL_version +#define SSL_get_state wolfSSL_get_state +#define SSL_state_string_long wolfSSL_state_string_long + +#define GENERAL_NAME_new wolfSSL_GENERAL_NAME_new +#define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free +#define sk_GENERAL_NAME_push wolfSSL_sk_GENERAL_NAME_push +#define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value +#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data +#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data +#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define SSL_SESSION_print wolfSSL_SESSION_print +#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free +#define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free +#define GENERAL_NAMES_free wolfSSL_GENERAL_NAMES_free + +#define AUTHORITY_INFO_ACCESS_free wolfSSL_AUTHORITY_INFO_ACCESS_free +#define sk_ACCESS_DESCRIPTION_pop_free wolfSSL_sk_ACCESS_DESCRIPTION_pop_free +#define ACCESS_DESCRIPTION_free NULL + +#define SSL3_AL_FATAL 2 +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal +#define SSL_TLSEXT_ERR_NOACK alert_warning +#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME + +#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name +#define SSL_get_servername wolfSSL_get_servername +#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX +#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback +#define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_tlsext_servername_callback +#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg + +#define PSK_MAX_PSK_LEN 256 +#define PSK_MAX_IDENTITY_LEN 128 +#define SSL_CTX_clear_options wolfSSL_CTX_clear_options + + +#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ +#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb +#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata + +#define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback +#define SSL_set_msg_callback wolfSSL_set_msg_callback +#define SSL_CTX_set_msg_callback_arg wolfSSL_CTX_set_msg_callback_arg +#define SSL_set_msg_callback_arg wolfSSL_set_msg_callback_arg + +#define SSL_CTX_clear_extra_chain_certs wolfSSL_CTX_clear_extra_chain_certs + + +/* Nginx uses this to determine if reached end of certs in file. + * PEM_read_bio_X509 is called and the return error is lost. + * The error that needs to be detected is: SSL_NO_PEM_HEADER. + */ +#define ERR_GET_LIB(l) (int)((((unsigned long)l) >> 24L) & 0xffL) +#define ERR_GET_FUNC(l) (int)((((unsigned long)l) >> 12L) & 0xfffL) + +#define PEM_F_PEM_DEF_CALLBACK 100 + +#define PEM_R_NO_START_LINE 108 +#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +#define ERR_LIB_PEM 9 +#define ERR_LIB_X509 10 + +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ + defined(HAVE_LIGHTY) + +#include + +#define OPENSSL_STRING WOLFSSL_STRING + +#define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +#define OPENSSL_NPN_UNSUPPORTED 0 +#define OPENSSL_NPN_NEGOTIATED 1 +#define OPENSSL_NPN_NO_OVERLAP 2 + +/* Nginx checks these to see if the error was a handshake error. */ +#define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR +#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG BUFFER_E +#define SSL_R_DIGEST_CHECK_FAILED VERIFY_MAC_ERROR +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST SUITES_ERROR +#define SSL_R_EXCESSIVE_MESSAGE_SIZE BUFFER_ERROR +#define SSL_R_LENGTH_MISMATCH LENGTH_ERROR +#define SSL_R_NO_CIPHERS_SPECIFIED SUITES_ERROR +#define SSL_R_NO_COMPRESSION_SPECIFIED COMPRESSION_ERROR +#define SSL_R_NO_SHARED_CIPHER MATCH_SUITE_ERROR +#define SSL_R_RECORD_LENGTH_MISMATCH HANDSHAKE_SIZE_ERROR +#define SSL_R_UNEXPECTED_MESSAGE OUT_OF_ORDER_E +#define SSL_R_UNEXPECTED_RECORD SANITY_MSG_E +#define SSL_R_UNKNOWN_ALERT_TYPE BUFFER_ERROR +#define SSL_R_UNKNOWN_PROTOCOL VERSION_ERROR +#define SSL_R_WRONG_VERSION_NUMBER VERSION_ERROR +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ENCRYPT_ERROR +#define SSL_R_HTTPS_PROXY_REQUEST PARSE_ERROR +#define SSL_R_HTTP_REQUEST PARSE_ERROR +#define SSL_R_UNSUPPORTED_PROTOCOL VERSION_ERROR + + +#ifdef HAVE_SESSION_TICKET +#define SSL_OP_NO_TICKET SSL_OP_NO_TICKET +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +#endif + +#define OPENSSL_config wolfSSL_OPENSSL_config +#define OPENSSL_memdup wolfSSL_OPENSSL_memdup +#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout +#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh +#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_in_init wolfSSL_SSL_in_init +#define SSL_in_connect_init wolfSSL_SSL_in_connect_init +#define SSL_get0_session wolfSSL_SSL_get0_session +#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb +#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb +#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs +#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value +#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected +#define SSL_select_next_proto wolfSSL_select_next_proto +#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb +#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb +#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb +#define SSL_set_alpn_protos wolfSSL_set_alpn_protos +#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated +#define SSL_is_server wolfSSL_is_server +#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list + +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE || + OPENSSL_ALL || HAVE_LIGHTY */ + +#ifdef OPENSSL_EXTRA +#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA +#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password +#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX +#define SSL_get0_param wolfSSL_get0_param + +#define ERR_NUM_ERRORS 16 +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA 6 +#define EVP_PKEY_RSA2 19 +#define EVP_PKEY_DH 28 +#define SN_pkcs9_emailAddress "Email" +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress 1L,2L,840L,113539L,1L,9L,1L + +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#endif /* OPENSSL_EXTRA */ + +/* cipher suites for compatibility */ +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) +#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) +#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* wolfSSL_openssl_h__ */ diff --git a/source/libwolfssl/openssl/ssl23.h b/source/libwolfssl/openssl/ssl23.h new file mode 100644 index 00000000..fc3ddfb5 --- /dev/null +++ b/source/libwolfssl/openssl/ssl23.h @@ -0,0 +1 @@ +/* ssl23.h for openssl */ diff --git a/source/libwolfssl/openssl/stack.h b/source/libwolfssl/openssl/stack.h new file mode 100644 index 00000000..39404705 --- /dev/null +++ b/source/libwolfssl/openssl/stack.h @@ -0,0 +1,63 @@ +/* stack.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* stack.h for openSSL */ + +#ifndef WOLFSSL_STACK_H_ +#define WOLFSSL_STACK_H_ + +#ifdef __cplusplus + extern "C" { +#endif + +typedef void (*wolfSSL_sk_freefunc)(void *); + +WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK *); +WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *); +WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data); +WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *)); +WOLFSSL_API +void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk); +WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void); +WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); + +WOLFSSL_API +int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher); +WOLFSSL_API +WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_cipher(void); + +#define OPENSSL_sk_free wolfSSL_sk_free +#define OPENSSL_sk_pop_free wolfSSL_sk_pop_free +#define OPENSSL_sk_new_null wolfSSL_sk_new_null +#define OPENSSL_sk_push wolfSSL_sk_push + +/* provides older OpenSSL API compatibility */ +#define sk_free OPENSSL_sk_free +#define sk_pop_free OPENSSL_sk_pop_free +#define sk_new_null OPENSSL_sk_new_null +#define sk_push OPENSSL_sk_push + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/source/libwolfssl/openssl/ui.h b/source/libwolfssl/openssl/ui.h new file mode 100644 index 00000000..a2539303 --- /dev/null +++ b/source/libwolfssl/openssl/ui.h @@ -0,0 +1,2 @@ +/* ui.h for openssl */ + diff --git a/source/libwolfssl/openssl/x509.h b/source/libwolfssl/openssl/x509.h new file mode 100644 index 00000000..df500aaa --- /dev/null +++ b/source/libwolfssl/openssl/x509.h @@ -0,0 +1,20 @@ +/* x509.h for openssl */ + +#include +#include + +/* wolfSSL_X509_print_ex flags */ +#define X509_FLAG_COMPAT (0UL) +#define X509_FLAG_NO_HEADER (1UL << 0) +#define X509_FLAG_NO_VERSION (1UL << 1) +#define X509_FLAG_NO_SERIAL (1UL << 2) +#define X509_FLAG_NO_SIGNAME (1UL << 3) +#define X509_FLAG_NO_ISSUER (1UL << 4) +#define X509_FLAG_NO_VALIDITY (1UL << 5) +#define X509_FLAG_NO_SUBJECT (1UL << 6) +#define X509_FLAG_NO_PUBKEY (1UL << 7) +#define X509_FLAG_NO_EXTENSIONS (1UL << 8) +#define X509_FLAG_NO_SIGDUMP (1UL << 9) +#define X509_FLAG_NO_AUX (1UL << 10) +#define X509_FLAG_NO_ATTRIBUTES (1UL << 11) +#define X509_FLAG_NO_IDS (1UL << 12) diff --git a/source/libwolfssl/openssl/x509_vfy.h b/source/libwolfssl/openssl/x509_vfy.h new file mode 100644 index 00000000..54afb670 --- /dev/null +++ b/source/libwolfssl/openssl/x509_vfy.h @@ -0,0 +1 @@ +/* x509_vfy.h for openssl */ diff --git a/source/libwolfssl/openssl/x509v3.h b/source/libwolfssl/openssl/x509v3.h new file mode 100644 index 00000000..caa9c171 --- /dev/null +++ b/source/libwolfssl/openssl/x509v3.h @@ -0,0 +1,112 @@ +/* x509v3.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* x509v3.h for openSSL */ + +#ifndef WOLFSSL_x509v3_H +#define WOLFSSL_x509v3_H + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* Forward reference */ +typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method; + +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) ( + struct WOLFSSL_v3_ext_method *method, + void *ext, STACK_OF(CONF_VALUE) *extlist); +typedef char *(*X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext); +typedef int (*X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method, + void *ext, BIO *out, int indent); +typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD; + +struct WOLFSSL_v3_ext_method { + int ext_nid; + int ext_flags; + void *usr_data; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2V i2v; + X509V3_EXT_I2S i2s; + X509V3_EXT_I2R i2r; +}; + +#define WOLFSSL_ASN1_BOOLEAN int +#define GEN_OTHERNAME 0 +#define GEN_EMAIL 1 +#define GEN_DNS 2 +#define GEN_X400 3 +#define GEN_DIRNAME 4 +#define GEN_EDIPARTY 5 +#define GEN_URI 6 +#define GEN_IPADD 7 +#define GEN_RID 8 + +#define GENERAL_NAME WOLFSSL_GENERAL_NAME + +#define X509V3_CTX WOLFSSL_X509V3_CTX + +struct WOLFSSL_X509_EXTENSION { + WOLFSSL_ASN1_OBJECT *obj; + WOLFSSL_ASN1_BOOLEAN crit; + WOLFSSL_ASN1_STRING value; + WOLFSSL_v3_ext_method ext_method; + WOLFSSL_STACK* ext_sk; /* For extension specific data */ +}; + +typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID; +typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; +typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; +typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS; + +WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc); +WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id); +WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get( + WOLFSSL_X509_EXTENSION* ex); +WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex); +WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, + const WOLFSSL_ASN1_STRING *s); +WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, + WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent); + +#define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free +#define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free +#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x)) +#define ASN1_INTEGER WOLFSSL_ASN1_INTEGER +#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING +#define X509V3_EXT_get wolfSSL_X509V3_EXT_get +#define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i +#define X509V3_EXT_print wolfSSL_X509V3_EXT_print +#define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING +#define X509V3_EXT_print wolfSSL_X509V3_EXT_print +#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid +#define X509V3_set_ctx wolfSSL_X509V3_set_ctx +#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/source/libwolfssl/sniffer.h b/source/libwolfssl/sniffer.h new file mode 100644 index 00000000..29cfc96e --- /dev/null +++ b/source/libwolfssl/sniffer.h @@ -0,0 +1,228 @@ +/* sniffer.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLFSSL_SNIFFER_H +#define WOLFSSL_SNIFFER_H + +#include + +#ifdef _WIN32 + #ifdef SSL_SNIFFER_EXPORTS + #define SSL_SNIFFER_API __declspec(dllexport) + #else + #define SSL_SNIFFER_API __declspec(dllimport) + #endif +#else + #define SSL_SNIFFER_API +#endif /* _WIN32 */ + + +#ifdef __cplusplus + extern "C" { +#endif + +/* @param typeK: (formerly keyType) was shadowing a global declaration in + * wolfssl/wolfcrypt/asn.h line 175 + */ +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port, + const char* keyFile, int typeK, + const char* password, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name, + const char* address, int port, + const char* keyFile, int typeK, + const char* password, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, + unsigned char** data, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_FreeDecodeBuffer(unsigned char** data, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_FreeZeroDecodeBuffer(unsigned char** data, int sz, + char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_EnableRecovery(int onOff, int maxMemory, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_GetSessionStats(unsigned int* active, + unsigned int* total, + unsigned int* peak, + unsigned int* maxSessions, + unsigned int* missedData, + unsigned int* reassemblyMemory, + char* error); + +WOLFSSL_API void ssl_InitSniffer(void); + +WOLFSSL_API void ssl_FreeSniffer(void); + + +/* ssl_SetPrivateKey typeKs */ +enum { + FILETYPE_PEM = 1, + FILETYPE_DER = 2, +}; + + +/* + * New Sniffer API that provides read-only access to the TLS and cipher + * information associated with the SSL session. + */ + +#if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define WOLFSSL_PACK __attribute__ ((packed)) +#else + #define WOLFSSL_PACK +#endif + + +typedef struct SSLInfo +{ + unsigned char isValid; + /* indicates if the info in this struct is valid: 0 = no, 1 = yes */ + unsigned char protocolVersionMajor; /* SSL Version: major */ + unsigned char protocolVersionMinor; /* SSL Version: minor */ + unsigned char serverCipherSuite0; /* first byte, normally 0 */ + unsigned char serverCipherSuite; /* second byte, actual suite */ + unsigned char serverCipherSuiteName[256]; + /* cipher name, e.g., "TLS_RSA_..." */ + unsigned char serverNameIndication[128]; + unsigned int keySize; +} WOLFSSL_PACK SSLInfo; + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketWithSessionInfo( + const unsigned char* packet, int length, + unsigned char** data, SSLInfo* sslInfo, char* error); + +typedef void (*SSLConnCb)(const void* session, SSLInfo* info, void* ctx); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetConnectionCb(SSLConnCb cb); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx); + + +typedef struct SSLStats +{ + unsigned long int sslStandardConns; + unsigned long int sslClientAuthConns; + unsigned long int sslResumedConns; + unsigned long int sslEphemeralMisses; + unsigned long int sslResumeMisses; + unsigned long int sslCiphersUnsupported; + unsigned long int sslKeysUnmatched; + unsigned long int sslKeyFails; + unsigned long int sslDecodeFails; + unsigned long int sslAlerts; + unsigned long int sslDecryptedBytes; + unsigned long int sslEncryptedBytes; + unsigned long int sslEncryptedPackets; + unsigned long int sslDecryptedPackets; + unsigned long int sslKeyMatches; + unsigned long int sslEncryptedConns; + + unsigned long int sslResumptionValid; + unsigned long int sslResumptionInserts; +} SSLStats; + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_ResetStatistics(void); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_ReadStatistics(SSLStats* stats); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_ReadResetStatistics(SSLStats* stats); + + +typedef int (*SSLWatchCb)(void* vSniffer, + const unsigned char* certHash, + unsigned int certHashSz, + const unsigned char* certChain, + unsigned int certChainSz, + void* ctx, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKeyCallback(SSLWatchCb cb, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKeyCallback_ex(SSLWatchCb cb, int devId, + char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKeyCtx(void* ctx, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKey_buffer(void* vSniffer, + const unsigned char* key, unsigned int keySz, + int keyType, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKey_file(void* vSniffer, + const char* keyFile, int keyType, + const char* password, char* error); + + +typedef int (*SSLStoreDataCb)(const unsigned char* decryptBuf, + unsigned int decryptBufSz, unsigned int decryptBufOffset, void* ctx); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetStoreDataCallback(SSLStoreDataCb cb); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketWithSessionInfoStoreData( + const unsigned char* packet, int length, void* ctx, + SSLInfo* sslInfo, char* error); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketWithChain(void* vChain, + unsigned int chainSz, unsigned char** data, char* error); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketWithChainSessionInfoStoreData( + void* vChain, unsigned int chainSz, void* ctx, SSLInfo* sslInfo, + char* error); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* wolfSSL_SNIFFER_H */ + diff --git a/source/libwolfssl/sniffer_error.h b/source/libwolfssl/sniffer_error.h new file mode 100644 index 00000000..a63e1d01 --- /dev/null +++ b/source/libwolfssl/sniffer_error.h @@ -0,0 +1,137 @@ +/* sniffer_error.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLFSSL_SNIFFER_ERROR_H +#define WOLFSSL_SNIFFER_ERROR_H + +/* need to have errors as #defines since .rc files can't handle enums */ +/* need to start at 1 and go in order for same reason */ + +#define MEMORY_STR 1 +#define NEW_SERVER_STR 2 +#define IP_CHECK_STR 3 +#define SERVER_NOT_REG_STR 4 +#define TCP_CHECK_STR 5 +#define SERVER_PORT_NOT_REG_STR 6 +#define RSA_DECRYPT_STR 7 +#define RSA_DECODE_STR 8 +#define BAD_CIPHER_SPEC_STR 9 +#define SERVER_HELLO_INPUT_STR 10 + +#define BAD_SESSION_RESUME_STR 11 +#define SERVER_DID_RESUMPTION_STR 12 +#define CLIENT_HELLO_INPUT_STR 13 +#define CLIENT_RESUME_TRY_STR 14 +#define HANDSHAKE_INPUT_STR 15 +#define GOT_HELLO_VERIFY_STR 16 +#define GOT_SERVER_HELLO_STR 17 +#define GOT_CERT_REQ_STR 18 +#define GOT_SERVER_KEY_EX_STR 19 +#define GOT_CERT_STR 20 + +#define GOT_SERVER_HELLO_DONE_STR 21 +#define GOT_FINISHED_STR 22 +#define GOT_CLIENT_HELLO_STR 23 +#define GOT_CLIENT_KEY_EX_STR 24 +#define GOT_CERT_VER_STR 25 +#define GOT_UNKNOWN_HANDSHAKE_STR 26 +#define NEW_SESSION_STR 27 +#define BAD_NEW_SSL_STR 28 +#define GOT_PACKET_STR 29 +#define NO_DATA_STR 30 + +#define BAD_SESSION_STR 31 +#define GOT_OLD_CLIENT_HELLO_STR 32 +#define OLD_CLIENT_INPUT_STR 33 +#define OLD_CLIENT_OK_STR 34 +#define BAD_OLD_CLIENT_STR 35 +#define BAD_RECORD_HDR_STR 36 +#define RECORD_INPUT_STR 37 +#define GOT_HANDSHAKE_STR 38 +#define BAD_HANDSHAKE_STR 39 +#define GOT_CHANGE_CIPHER_STR 40 + +#define GOT_APP_DATA_STR 41 +#define BAD_APP_DATA_STR 42 +#define GOT_ALERT_STR 43 +#define ANOTHER_MSG_STR 44 +#define REMOVE_SESSION_STR 45 +#define KEY_FILE_STR 46 +#define BAD_IPVER_STR 47 +#define BAD_PROTO_STR 48 +#define PACKET_HDR_SHORT_STR 49 +#define GOT_UNKNOWN_RECORD_STR 50 + +#define BAD_TRACE_FILE_STR 51 +#define FATAL_ERROR_STR 52 +#define PARTIAL_INPUT_STR 53 +#define BUFFER_ERROR_STR 54 +#define PARTIAL_ADD_STR 55 +#define DUPLICATE_STR 56 +#define OUT_OF_ORDER_STR 57 +#define OVERLAP_DUPLICATE_STR 58 +#define OVERLAP_REASSEMBLY_BEGIN_STR 59 +#define OVERLAP_REASSEMBLY_END_STR 60 + +#define MISSED_CLIENT_HELLO_STR 61 +#define GOT_HELLO_REQUEST_STR 62 +#define GOT_SESSION_TICKET_STR 63 +#define BAD_INPUT_STR 64 +#define BAD_DECRYPT_TYPE 65 +#define BAD_FINISHED_MSG 66 +#define BAD_COMPRESSION_STR 67 +#define BAD_DERIVE_STR 68 +#define ACK_MISSED_STR 69 +#define BAD_DECRYPT 70 + +#define DECRYPT_KEYS_NOT_SETUP 71 +#define CLIENT_HELLO_LATE_KEY_STR 72 +#define GOT_CERT_STATUS_STR 73 +#define RSA_KEY_MISSING_STR 74 +#define NO_SECURE_RENEGOTIATION 75 + +#define BAD_SESSION_STATS 76 +#define REASSEMBLY_MAX_STR 77 +#define DROPPING_LOST_FRAG_STR 78 +#define DROPPING_PARTIAL_RECORD 79 +#define CLEAR_ACK_FAULT 80 + +#define BAD_DECRYPT_SIZE 81 +#define EXTENDED_MASTER_HASH_STR 82 +#define SPLIT_HANDSHAKE_MSG_STR 83 +#define ECC_DECODE_STR 84 +#define ECC_PUB_DECODE_STR 85 +#define WATCH_CB_MISSING_STR 86 +#define WATCH_HASH_STR 87 +#define WATCH_FAIL_STR 88 +#define BAD_CERT_MSG_STR 89 +#define STORE_DATA_CB_MISSING_STR 90 + +#define NO_DATA_DEST_STR 91 +#define STORE_DATA_FAIL_STR 92 +#define CHAIN_INPUT_STR 93 +/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ + + +#endif /* wolfSSL_SNIFFER_ERROR_H */ + diff --git a/source/libwolfssl/ssl.h b/source/libwolfssl/ssl.h new file mode 100644 index 00000000..e246accf --- /dev/null +++ b/source/libwolfssl/ssl.h @@ -0,0 +1,3648 @@ +/* ssl.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +/*! + \file ../wolfssl/ssl.h + \brief Header file containing key wolfSSL API +*/ + +/* wolfSSL API */ + +#ifndef WOLFSSL_SSL_H +#define WOLFSSL_SSL_H + + +/* for users not using preprocessor flags*/ +#include +#include +#include +#include + +#ifdef HAVE_WOLF_EVENT + #include +#endif + +/* used internally by wolfSSL while OpenSSL types aren't */ +#include + +#ifndef NO_FILESYSTEM + #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #if MQX_USE_IO_OLD + #include + #else + #include + #endif + #endif +#endif + +#ifdef WOLFSSL_PREFIX + #include "prefix_ssl.h" +#endif + +#ifdef LIBWOLFSSL_VERSION_STRING + #define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING +#endif + +#ifdef _WIN32 + /* wincrypt.h clashes */ + #undef OCSP_REQUEST + #undef OCSP_RESPONSE +#endif + +#ifdef OPENSSL_COEXIST + /* mode to allow wolfSSL and OpenSSL to exist together */ + #ifdef TEST_OPENSSL_COEXIST + /* + ./configure --enable-opensslcoexist \ + CFLAGS="-I/usr/local/opt/openssl/include -DTEST_OPENSSL_COEXIST" \ + LDFLAGS="-L/usr/local/opt/openssl/lib -lcrypto" + */ + #include + #include + #include + #include + #include + #include + #endif + + /* make sure old names are disabled */ + #ifndef NO_OLD_SSL_NAMES + #define NO_OLD_SSL_NAMES + #endif + #ifndef NO_OLD_WC_NAMES + #define NO_OLD_WC_NAMES + #endif + +#elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + #include + #include + + /* We need the old SSL names */ + #ifdef NO_OLD_SSL_NAMES + #undef NO_OLD_SSL_NAMES + #endif + #ifdef NO_OLD_WC_NAMES + #undef NO_OLD_WC_NAMES + #endif +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED +#define WOLFSSL_WOLFSSL_TYPE_DEFINED +typedef struct WOLFSSL WOLFSSL; +#endif +typedef struct WOLFSSL_SESSION WOLFSSL_SESSION; +typedef struct WOLFSSL_METHOD WOLFSSL_METHOD; +#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED +#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED +typedef struct WOLFSSL_CTX WOLFSSL_CTX; +#endif + +typedef struct WOLFSSL_STACK WOLFSSL_STACK; +typedef struct WOLFSSL_X509 WOLFSSL_X509; +typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; +typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; +typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY; +typedef struct WOLFSSL_X509_ALGOR WOLFSSL_X509_ALGOR; +typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; +typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12; + +typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; +typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; +typedef struct WOLFSSL_CRL WOLFSSL_CRL; + +typedef void *WOLFSSL_X509_STORE_CTX_verify_cb; /* verify callback */ + +/* redeclare guard */ +#define WOLFSSL_TYPES_DEFINED + +#include + + +#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_RSA WOLFSSL_RSA; +#define WOLFSSL_RSA_TYPE_DEFINED +#endif + +#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ + typedef struct WC_RNG WC_RNG; + #define WC_RNG_TYPE_DEFINED +#endif + +#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_DSA WOLFSSL_DSA; +#define WOLFSSL_DSA_TYPE_DEFINED +#endif + +#ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; +typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; +typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; +#define WOLFSSL_EC_TYPE_DEFINED +#endif + +#ifndef WOLFSSL_ECDSA_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; +#define WOLFSSL_ECDSA_TYPE_DEFINED +#endif + +typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER; +typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; +typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; +typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL; +typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; +typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; +typedef struct WOLFSSL_BIO WOLFSSL_BIO; +typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; +typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; +typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE; +typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME; +typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; +typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; +typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; + +typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; +typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; +typedef struct WOLFSSL_DH WOLFSSL_DH; +typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; +typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE; + +typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME; +typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID; +typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS; +typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION; + +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + +struct WOLFSSL_AUTHORITY_KEYID { + WOLFSSL_ASN1_STRING *keyid; + WOLFSSL_ASN1_OBJECT *issuer; + WOLFSSL_ASN1_INTEGER *serial; +}; + +struct WOLFSSL_BASIC_CONSTRAINTS { + int ca; + WOLFSSL_ASN1_INTEGER *pathlen; +}; + +#endif /* OPENSSL_ALL || OPENSSL_EXTRA*/ + +#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME +#define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME + + +struct WOLFSSL_ASN1_TIME { + unsigned char data[CTC_DATE_SIZE]; /* date bytes */ + int length; + int type; +}; + +struct WOLFSSL_ASN1_STRING { + char strData[CTC_NAME_SIZE]; + int length; + int type; /* type of string i.e. CTC_UTF8 */ + char* data; + long flags; + unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ +}; + +#define WOLFSSL_MAX_SNAME 40 + +#if defined(HAVE_EX_DATA) || defined(FORTRESS) + #define MAX_EX_DATA 5 /* allow for five items of ex_data */ +#endif + + +#define WOLFSSL_ASN1_DYNAMIC 0x1 +#define WOLFSSL_ASN1_DYNAMIC_DATA 0x2 + +struct WOLFSSL_ASN1_OTHERNAME { + WOLFSSL_ASN1_OBJECT* type_id; + WOLFSSL_ASN1_TYPE* value; +}; + +struct WOLFSSL_GENERAL_NAME { + int type; + union { + char* ptr; + WOLFSSL_ASN1_OTHERNAME* otherName; + WOLFSSL_ASN1_STRING* rfc822Name; + WOLFSSL_ASN1_STRING* dNSName; + WOLFSSL_ASN1_TYPE* x400Address; + WOLFSSL_X509_NAME* directoryName; + WOLFSSL_ASN1_STRING* uniformResourceIdentifier; + WOLFSSL_ASN1_STRING* iPAddress; + WOLFSSL_ASN1_OBJECT* registeredID; + + WOLFSSL_ASN1_STRING* ip; + WOLFSSL_X509_NAME* dirn; + WOLFSSL_ASN1_STRING* ia5; + WOLFSSL_ASN1_OBJECT* rid; + WOLFSSL_ASN1_TYPE* other; + } d; /* dereference */ +}; + +struct WOLFSSL_ACCESS_DESCRIPTION { + WOLFSSL_ASN1_OBJECT* method; + WOLFSSL_GENERAL_NAME* location; +}; + +struct WOLFSSL_X509V3_CTX { + WOLFSSL_X509* x509; +}; + + + +struct WOLFSSL_ASN1_OBJECT { + void* heap; + const unsigned char* obj; + /* sName is short name i.e sha256 rather than oid (null terminated) */ + char sName[WOLFSSL_MAX_SNAME]; + int type; /* oid */ + int grp; /* type of OID, i.e. oidCertPolicyType */ + int nid; + unsigned int objSz; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + int ca; + WOLFSSL_ASN1_INTEGER *pathlen; +#endif + unsigned char dynamic; /* if 1 then obj was dynamically created, 0 otherwise */ + +#if defined(WOLFSSL_APACHE_HTTPD) + WOLFSSL_GENERAL_NAME* gn; +#endif + + struct d { /* derefrenced */ + WOLFSSL_ASN1_STRING* dNSName; + WOLFSSL_ASN1_STRING ia5_internal; + WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + WOLFSSL_ASN1_STRING* uniformResourceIdentifier; + WOLFSSL_ASN1_STRING iPAddress_internal; + WOLFSSL_ASN1_OTHERNAME* otherName; /* added for Apache httpd */ +#endif + WOLFSSL_ASN1_STRING* iPAddress; /* points to iPAddress_internal */ + } d; +}; + +/* wrap ASN1 types */ +struct WOLFSSL_ASN1_TYPE { + int type; + union { + char *ptr; + WOLFSSL_ASN1_STRING* asn1_string; + WOLFSSL_ASN1_OBJECT* object; + WOLFSSL_ASN1_INTEGER* integer; + WOLFSSL_ASN1_BIT_STRING* bit_string; + WOLFSSL_ASN1_STRING* octet_string; + WOLFSSL_ASN1_STRING* printablestring; + WOLFSSL_ASN1_STRING* ia5string; + WOLFSSL_ASN1_UTCTIME* utctime; + WOLFSSL_ASN1_GENERALIZEDTIME* generalizedtime; + WOLFSSL_ASN1_STRING* utf8string; + WOLFSSL_ASN1_STRING* set; + WOLFSSL_ASN1_STRING* sequence; + } value; +}; + +struct WOLFSSL_EVP_PKEY { + void* heap; + int type; /* openssh dereference */ + int save_type; /* openssh dereference */ + int pkey_sz; + int references; /*number of times free should be called for complete free*/ + wolfSSL_Mutex refMutex; /* ref count mutex */ + + union { + char* ptr; /* der format of key / or raw for NTRU */ + } pkey; + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + #ifndef NO_RSA + WOLFSSL_RSA* rsa; + byte ownRsa; /* if struct owns RSA and should free it */ + #endif + #ifdef HAVE_ECC + WOLFSSL_EC_KEY* ecc; + byte ownEcc; /* if struct owns ECC and should free it */ + #endif + WC_RNG rng; + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef HAVE_ECC + int pkey_curve; + #endif +}; +typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO; + +#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; +typedef char WOLFSSL_EVP_MD; +#define WOLFSSL_EVP_TYPE_DEFINED +#endif + +struct WOLFSSL_X509_PKEY { + WOLFSSL_EVP_PKEY* dec_pkey; /* dereferenced by Apache */ + void* heap; +}; +typedef struct WOLFSSL_X509_PKEY WOLFSSL_X509_PKEY; + +struct WOLFSSL_X509_INFO { + WOLFSSL_X509 *x509; + WOLFSSL_X509_CRL *crl; + WOLFSSL_X509_PKEY *x_pkey; /* dereferenced by Apache */ + EncryptedInfo enc_cipher; + int enc_len; + char *enc_data; + int num; +}; +typedef struct WOLFSSL_X509_INFO WOLFSSL_X509_INFO; + +#define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */ + +struct WOLFSSL_X509_ALGOR { + WOLFSSL_ASN1_OBJECT* algorithm; +}; + +struct WOLFSSL_X509_PUBKEY { + WOLFSSL_X509_ALGOR* algor; + int pubKeyOID; +}; + + +enum BIO_TYPE { + WOLFSSL_BIO_BUFFER = 1, + WOLFSSL_BIO_SOCKET = 2, + WOLFSSL_BIO_SSL = 3, + WOLFSSL_BIO_MEMORY = 4, + WOLFSSL_BIO_BIO = 5, + WOLFSSL_BIO_FILE = 6, + WOLFSSL_BIO_BASE64 = 7 +}; + +enum BIO_FLAGS { + WOLFSSL_BIO_FLAG_BASE64_NO_NL = 0x01, + WOLFSSL_BIO_FLAG_READ = 0x02, + WOLFSSL_BIO_FLAG_WRITE = 0x04, + WOLFSSL_BIO_FLAG_IO_SPECIAL = 0x08, + WOLFSSL_BIO_FLAG_RETRY = 0x10 +}; + +enum BIO_CB_OPS { + WOLFSSL_BIO_CB_FREE = 0x01, + WOLFSSL_BIO_CB_READ = 0x02, + WOLFSSL_BIO_CB_WRITE = 0x03, + WOLFSSL_BIO_CB_PUTS = 0x04, + WOLFSSL_BIO_CB_GETS = 0x05, + WOLFSSL_BIO_CB_CTRL = 0x06, + WOLFSSL_BIO_CB_RETURN = 0x80 +}; + +typedef struct WOLFSSL_BUF_MEM { + char* data; /* dereferenced */ + size_t length; /* current length */ + size_t max; /* maximum length */ +} WOLFSSL_BUF_MEM; + +/* custom method with user set callbacks */ +typedef int (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int); +typedef int (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int); +typedef int (*wolfSSL_BIO_meth_puts_cb)(WOLFSSL_BIO*, const char*); +typedef int (*wolfSSL_BIO_meth_gets_cb)(WOLFSSL_BIO*, char*, int); +typedef long (*wolfSSL_BIO_meth_ctrl_get_cb)(WOLFSSL_BIO*, int, long, void*); +typedef int (*wolfSSL_BIO_meth_create_cb)(WOLFSSL_BIO*); +typedef int (*wolfSSL_BIO_meth_destroy_cb)(WOLFSSL_BIO*); + +typedef int wolfSSL_BIO_info_cb(WOLFSSL_BIO *, int, int); +typedef long (*wolfssl_BIO_meth_ctrl_info_cb)(WOLFSSL_BIO*, int, wolfSSL_BIO_info_cb*); + +/* wolfSSL BIO_METHOD type */ +#ifndef MAX_BIO_METHOD_NAME +#define MAX_BIO_METHOD_NAME 256 +#endif +struct WOLFSSL_BIO_METHOD { + byte type; /* method type */ + char name[MAX_BIO_METHOD_NAME]; + wolfSSL_BIO_meth_write_cb writeCb; + wolfSSL_BIO_meth_read_cb readCb; + wolfSSL_BIO_meth_puts_cb putsCb; + wolfSSL_BIO_meth_gets_cb getsCb; + wolfSSL_BIO_meth_ctrl_get_cb ctrlCb; + wolfSSL_BIO_meth_create_cb createCb; + wolfSSL_BIO_meth_destroy_cb freeCb; + wolfssl_BIO_meth_ctrl_info_cb ctrlInfoCb; +}; + +/* wolfSSL BIO type */ +typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg, + int iarg, long larg, long return_value); + +struct WOLFSSL_BIO { + WOLFSSL_BUF_MEM* mem_buf; + WOLFSSL_BIO_METHOD* method; + WOLFSSL_BIO* prev; /* previous in chain */ + WOLFSSL_BIO* next; /* next in chain */ + WOLFSSL_BIO* pair; /* BIO paired with */ + void* heap; /* user heap hint */ + void* ptr; /* WOLFSSL, file descriptor or memory buffer */ + void* usrCtx; /* user set pointer */ + char* infoArg; /* BIO callback argument */ + wolf_bio_info_cb infoCb; /* BIO callback */ + int wrSz; /* write buffer size (mem) */ + int wrIdx; /* current index for write buffer */ + int rdIdx; /* current read index */ + int readRq; /* read request */ + int num; /* socket num or length */ + int eof; /* eof flag */ + int flags; + byte type; /* method type */ + byte init:1; /* bio has been initialized */ + byte shutdown:1; /* close flag */ +}; + + +typedef struct WOLFSSL_COMP_METHOD { + int type; /* stunnel dereference */ +} WOLFSSL_COMP_METHOD; + +typedef struct WOLFSSL_COMP { + int id; + const char *name; + WOLFSSL_COMP_METHOD *method; +} WOLFSSL_COMP; + +struct WOLFSSL_X509_LOOKUP_METHOD { + int type; +}; + +struct WOLFSSL_X509_LOOKUP { + WOLFSSL_X509_STORE *store; +}; + +struct WOLFSSL_X509_STORE { + int cache; /* stunnel dereference */ + WOLFSSL_CERT_MANAGER* cm; + WOLFSSL_X509_LOOKUP lookup; +#ifdef OPENSSL_EXTRA + int isDynamic; + WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ +#endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + WOLFSSL_X509_CRL *crl; +#endif +}; + +#ifdef OPENSSL_EXTRA +#define WOLFSSL_USE_CHECK_TIME 0x2 +#define WOLFSSL_NO_CHECK_TIME 0x200000 +#define WOLFSSL_NO_WILDCARDS 0x4 +#define WOLFSSL_HOST_NAME_MAX 256 +#define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ +struct WOLFSSL_X509_VERIFY_PARAM { + time_t check_time; + unsigned long flags; + char hostName[WOLFSSL_HOST_NAME_MAX]; + unsigned int hostFlags; + char ipasc[WOLFSSL_MAX_IPSTR]; +}; +#endif + +typedef struct WOLFSSL_ALERT { + int code; + int level; +} WOLFSSL_ALERT; + +typedef struct WOLFSSL_ALERT_HISTORY { + WOLFSSL_ALERT last_rx; + WOLFSSL_ALERT last_tx; +} WOLFSSL_ALERT_HISTORY; + +typedef struct WOLFSSL_X509_REVOKED { + WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */ +} WOLFSSL_X509_REVOKED; + + +typedef struct WOLFSSL_X509_OBJECT { + union { + char* ptr; + WOLFSSL_X509 *x509; + WOLFSSL_X509_CRL* crl; /* stunnel dereference */ + } data; +} WOLFSSL_X509_OBJECT; + +#define WOLFSSL_ASN1_BOOLEAN int + +typedef struct WOLFSSL_BUFFER_INFO { + unsigned char* buffer; + unsigned int length; +} WOLFSSL_BUFFER_INFO; + +typedef struct WOLFSSL_X509_STORE_CTX { + WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ + WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ +#ifdef WOLFSSL_ASIO + WOLFSSL_X509* current_issuer; /* asio dereference */ +#endif + WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */ + WOLFSSL_STACK* chain; +#ifdef OPENSSL_EXTRA + WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ +#endif + char* domain; /* subject CN domain name */ +#if defined(HAVE_EX_DATA) || defined(FORTRESS) + void* ex_data[MAX_EX_DATA]; /* external data */ +#endif +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) + int depth; /* used in X509_STORE_CTX_*_depth */ +#endif + void* userCtx; /* user ctx */ + int error; /* current error */ + int error_depth; /* index of cert depth for this error */ + int discardSessionCerts; /* so verify callback can flag for discard */ + int totalCerts; /* number of peer cert buffers */ + WOLFSSL_BUFFER_INFO* certs; /* peer certs */ + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ +} WOLFSSL_X509_STORE_CTX; + +typedef char* WOLFSSL_STRING; + +/* Valid Alert types from page 16/17 + * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c + */ +enum AlertDescription { + close_notify = 0, + unexpected_message = 10, + bad_record_mac = 20, + record_overflow = 22, + decompression_failure = 30, + handshake_failure = 40, + no_certificate = 41, + bad_certificate = 42, + unsupported_certificate = 43, + certificate_revoked = 44, + certificate_expired = 45, + certificate_unknown = 46, + illegal_parameter = 47, + unknown_ca = 48, + decode_error = 50, + decrypt_error = 51, + #ifdef WOLFSSL_MYSQL_COMPATIBLE + /* catch name conflict for enum protocol with MYSQL build */ + wc_protocol_version = 70, + #else + protocol_version = 70, + #endif + inappropriate_fallback = 86, + no_renegotiation = 100, + missing_extension = 109, + unsupported_extension = 110, /**< RFC 5246, section 7.2.2 */ + unrecognized_name = 112, /**< RFC 6066, section 3 */ + bad_certificate_status_response = 113, /**< RFC 6066, section 8 */ + unknown_psk_identity = 115, /**< RFC 4279, section 2 */ + no_application_protocol = 120 +}; + + +enum AlertLevel { + alert_warning = 1, + alert_fatal = 2 +}; + +/* Maximum master key length (SECRET_LEN) */ +#define WOLFSSL_MAX_MASTER_KEY_LENGTH 48 +/* Maximum number of groups that can be set */ +#define WOLFSSL_MAX_GROUP_COUNT 10 + +typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap); + +/* CTX Method EX Constructor Functions */ +WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap); +#ifdef WOLFSSL_TLS13 + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap); +#endif + +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); + +#ifdef WOLFSSL_DTLS + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap); +#endif + +/* CTX Method Constructor Functions */ +WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); +#ifdef WOLFSSL_TLS13 + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); +#endif + +#ifdef WOLFSSL_DTLS + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); +#endif + +#ifdef HAVE_POLY1305 + WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int); +#endif + +#ifdef WOLFSSL_SESSION_EXPORT +#ifdef WOLFSSL_DTLS + +#ifndef WOLFSSL_DTLS_EXPORT_TYPES +typedef int (*wc_dtls_export)(WOLFSSL* ssl, + unsigned char* exportBuffer, unsigned int sz, void* userCtx); +#define WOLFSSL_DTLS_EXPORT_TYPES +#endif /* WOLFSSL_DTLS_EXPORT_TYPES */ + +WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, + unsigned int sz); +WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, + wc_dtls_export func); +WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func); +WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, + unsigned int* sz); +WOLFSSL_API int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf, + unsigned int* sz); +#endif /* WOLFSSL_DTLS */ +#endif /* WOLFSSL_SESSION_EXPORT */ + +#ifdef WOLFSSL_STATIC_MEMORY +#ifndef WOLFSSL_MEM_GUARD +#define WOLFSSL_MEM_GUARD + typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS; + typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS; +#endif +WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, + wolfSSL_method_func method, + unsigned char* buf, unsigned int sz, + int flag, int max); +WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, + WOLFSSL_MEM_STATS* mem_stats); +WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl, + WOLFSSL_MEM_CONN_STATS* mem_stats); +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + +WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int); +WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); + +#endif + +#ifndef NO_CERTS +#define WOLFSSL_LOAD_FLAG_NONE 0x00000000 +#define WOLFSSL_LOAD_FLAG_IGNORE_ERR 0x00000001 +#define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002 +#define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY 0x00000004 + +#ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS +#define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE +#endif +#endif /* !NO_CERTS */ + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + +WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*, + const char*, unsigned int); +WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, + const char*); +#ifdef WOLFSSL_TRUST_PEER_CERT +WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); +#endif +WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, + const char *file); +WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, + const char *file, int format); +WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); + +WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); +WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); +WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); +WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); +WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int); +WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file); +WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*, + const char *file, int format); +WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); + +#ifdef WOLFSSL_DER_LOAD + WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*, + const char*, int); +#endif + +#ifdef HAVE_NTRU + WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*); + /* load NTRU private key blob */ +#endif + +#endif /* !NO_FILESYSTEM && !NO_CERTS */ + +WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); +WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); +WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); +WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); +WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_is_server(WOLFSSL*); +WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*); +WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); +WOLFSSL_API int wolfSSL_set_write_fd (WOLFSSL*, int); +WOLFSSL_API int wolfSSL_set_read_fd (WOLFSSL*, int); +WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); +WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority); +WOLFSSL_API int wolfSSL_get_ciphers(char*, int); +WOLFSSL_API int wolfSSL_get_ciphers_iana(char*, int); +WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); +WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, + const unsigned char); +WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite( + const unsigned char, const unsigned char); +WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, + int len); +WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); +/* please see note at top of README if you get an error from connect */ +WOLFSSL_API int wolfSSL_connect(WOLFSSL*); +WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); +WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); +WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int); +WOLFSSL_API int wolfSSL_accept(WOLFSSL*); +#ifdef WOLFSSL_TLS13 +WOLFSSL_API int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, + const unsigned char* secret, unsigned int secretSz); +WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_no_dhe_psk(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_update_keys(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_request_certificate(WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_preferred_group(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, + int count); +WOLFSSL_API int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count); + +WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*); +WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*); + +#ifdef WOLFSSL_EARLY_DATA +WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx, + unsigned int sz); +WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz); +WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*); +WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*); +#endif +#endif +WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); +WOLFSSL_API void wolfSSL_free(WOLFSSL*); +WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); +WOLFSSL_API int wolfSSL_send(WOLFSSL*, const void*, int sz, int flags); +WOLFSSL_API int wolfSSL_recv(WOLFSSL*, void*, int sz, int flags); + +WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int); +WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); + +WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); + +WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*); +WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); +WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); +WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) +WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t, + WOLFSSL_BIO**, size_t); + +WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**); +WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*, + int, const unsigned char*); +WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**); +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + +#ifdef SESSION_INDEX +WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); +#endif /* SESSION_INDEX */ + +#if defined(SESSION_INDEX) && defined(SESSION_CERTS) +WOLFSSL_API + WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session); +#endif /* SESSION_INDEX && SESSION_CERTS */ + +typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); +#ifdef OPENSSL_EXTRA +typedef void (CallbackInfoState)(const WOLFSSL*, int, int); + +typedef struct WOLFSSL_CRYPTO_EX_DATA { + WOLFSSL_STACK* data; +} WOLFSSL_CRYPTO_EX_DATA; + +typedef int (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr, + WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); +typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out, + WOLFSSL_CRYPTO_EX_DATA* in, void* inPtr, int idx, long argV, void* arg); +typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr, + WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); + +WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg, + WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b, + WOLFSSL_CRYPTO_EX_free* c); +#endif + +WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int, + VerifyCallback verify_callback); +WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback); +WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long); +WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*); + +WOLFSSL_API int wolfSSL_pending(WOLFSSL*); + +WOLFSSL_API void wolfSSL_load_error_strings(void); +WOLFSSL_API int wolfSSL_library_init(void); +WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long); + +#ifdef HAVE_SECRET_CALLBACK +typedef int (*SessionSecretCb)(WOLFSSL* ssl, + void* secret, int* secretSz, void* ctx); +WOLFSSL_API int wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, void*); +#endif /* HAVE_SECRET_CALLBACK */ + +/* session cache persistence */ +WOLFSSL_API int wolfSSL_save_session_cache(const char*); +WOLFSSL_API int wolfSSL_restore_session_cache(const char*); +WOLFSSL_API int wolfSSL_memsave_session_cache(void*, int); +WOLFSSL_API int wolfSSL_memrestore_session_cache(const void*, int); +WOLFSSL_API int wolfSSL_get_session_cache_memsize(void); + +/* certificate cache persistence, uses ctx since certs are per ctx */ +WOLFSSL_API int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*); +WOLFSSL_API int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*); +WOLFSSL_API int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*); +WOLFSSL_API int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int); +WOLFSSL_API int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*); + +/* only supports full name from cipher_name[] delimited by : */ +WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); +WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); + +/* Nonblocking DTLS helper functions */ +WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); +#define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock +#define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock + /* The old names are deprecated. */ +WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, Timeval* timeleft); +WOLFSSL_API void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, + word32 duration_ms); +WOLFSSL_API int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); +WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); +WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_dtls_retransmit(WOLFSSL*); +WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int); +WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*); + +WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*); +WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short); +WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short); + +WOLFSSL_API int wolfSSL_dtls_get_drop_stats(WOLFSSL*, + unsigned int*, unsigned int*); +WOLFSSL_API int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX*, unsigned short); +WOLFSSL_API int wolfSSL_set_secret(WOLFSSL*, unsigned short, + const unsigned char*, unsigned int, + const unsigned char*, const unsigned char*, + const unsigned char*); +WOLFSSL_API int wolfSSL_mcast_read(WOLFSSL*, unsigned short*, void*, int); +WOLFSSL_API int wolfSSL_mcast_peer_add(WOLFSSL*, unsigned short, int); +WOLFSSL_API int wolfSSL_mcast_peer_known(WOLFSSL*, unsigned short); +WOLFSSL_API int wolfSSL_mcast_get_max_peers(void); +typedef int (*CallbackMcastHighwater)(unsigned short peerId, + unsigned int maxSeq, + unsigned int curSeq, void* ctx); +WOLFSSL_API int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX*, + unsigned int, + unsigned int, + unsigned int, + CallbackMcastHighwater); +WOLFSSL_API int wolfSSL_mcast_set_highwater_ctx(WOLFSSL*, void*); + +WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); +WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); +WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, + unsigned long sz); +WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long); + +/* extras */ + + +/* for now LHASH is not implemented */ +typedef int WOLFSSL_LHASH; +#ifndef WOLF_LHASH_OF + #define WOLF_LHASH_OF(x) WOLFSSL_LHASH +#endif + +#ifndef WOLF_STACK_OF + #define WOLF_STACK_OF(x) WOLFSSL_STACK +#endif +#ifndef DECLARE_STACK_OF + #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x); +#endif + +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap); +WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in); +WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); + +#if defined(HAVE_OCSP) +#include "wolfssl/ocsp.h" +#include "wolfssl/wolfcrypt/asn.h" +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push( + WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk, + WOLFSSL_ACCESS_DESCRIPTION* access); +#endif /* defined(OPENSSL_ALL) || defined(WOLFSSL_QT) */ + +typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES; + +WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, + WOLFSSL_X509* x509); +WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_dup(WOLFSSL_STACK* sk); +WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); +WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void); +WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn); +WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk, + WOLFSSL_GENERAL_NAME* gn); +WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value( + WOLFSSL_STACK* sk, int i); +WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk); +WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk, + void f (WOLFSSL_GENERAL_NAME*)); +WOLFSSL_API void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES* name); +WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_num(WOLFSSL_STACK* sk); +WOLFSSL_API void wolfSSL_AUTHORITY_INFO_ACCESS_free( + WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION)* sk); +WOLFSSL_API WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value( + WOLFSSL_STACK* sk, int idx); +WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk, + void f (WOLFSSL_ACCESS_DESCRIPTION*)); +WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free( + WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, + void f (WOLFSSL_X509_EXTENSION*)); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void); +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); +WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void); +WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, + WOLFSSL_ASN1_OBJECT* obj); +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop( + WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); +WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); +WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free( + WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, + void (*func)(WOLFSSL_ASN1_OBJECT*)); +WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in); +WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); +WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value( + WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx); +WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*); +WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*); +WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL*, int); +WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*, + unsigned int); +WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*); +WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); +WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); +WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); +WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*); + +WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*); +WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); +WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); +WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API char* wolfSSL_CIPHER_get_rfc_name(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value); +WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session); +WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); +WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); + /* what's ref count */ + +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey); +#endif + +WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, + char** path, int* ssl); + +WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void); +WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void); +WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void); + +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*); +WOLFSSL_API int wolfSSL_BIO_free(WOLFSSL_BIO*); +WOLFSSL_API void wolfSSL_BIO_vfree(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_free_all(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz); +WOLFSSL_API int wolfSSL_BIO_puts(WOLFSSL_BIO* bio, const char* buf); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_next(WOLFSSL_BIO* bio); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_find_type(WOLFSSL_BIO* bio, int type); +WOLFSSL_API int wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int); +WOLFSSL_API int wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*); +WOLFSSL_API void wolfSSL_BIO_set_callback(WOLFSSL_BIO *bio, + wolf_bio_info_cb callback_func); +WOLFSSL_API wolf_bio_info_cb wolfSSL_BIO_get_callback(WOLFSSL_BIO *bio); +WOLFSSL_API void wolfSSL_BIO_set_callback_arg(WOLFSSL_BIO *bio, char *arg); +WOLFSSL_API char* wolfSSL_BIO_get_callback_arg(const WOLFSSL_BIO *bio); + +WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void); +WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size); +WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag); +WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*); + +WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); +WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void); +WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int); +WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO*, long); + +WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p); + +WOLFSSL_API void wolfSSL_BIO_set_init(WOLFSSL_BIO*, int); +WOLFSSL_API void wolfSSL_BIO_set_data(WOLFSSL_BIO*, void*); +WOLFSSL_API void* wolfSSL_BIO_get_data(WOLFSSL_BIO*); +WOLFSSL_API void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO*, int); +WOLFSSL_API int wolfSSL_BIO_get_shutdown(WOLFSSL_BIO*); +WOLFSSL_API int wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO*); + +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int, const char*); +WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD*); +WOLFSSL_API int wolfSSL_BIO_meth_set_write(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_write_cb); +WOLFSSL_API int wolfSSL_BIO_meth_set_read(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_read_cb); +WOLFSSL_API int wolfSSL_BIO_meth_set_puts(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_puts_cb); +WOLFSSL_API int wolfSSL_BIO_meth_set_gets(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_gets_cb); +WOLFSSL_API int wolfSSL_BIO_meth_set_ctrl(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_ctrl_get_cb); +WOLFSSL_API int wolfSSL_BIO_meth_set_create(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_create_cb); +WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_destroy_cb); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); + +WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); +#ifndef NO_FILESYSTEM +WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); +#endif +WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); + +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); +#endif + +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); + +WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); +WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); + +WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size); +WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2); +WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); +WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); +WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); +WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); +WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio); + +WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); +WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); +WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); +WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m); + +WOLFSSL_API void wolfSSL_RAND_screen(void); +WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); +WOLFSSL_API int wolfSSL_RAND_write_file(const char*); +WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long); +WOLFSSL_API int wolfSSL_RAND_egd(const char*); +WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); +WOLFSSL_API void wolfSSL_RAND_Cleanup(void); +WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); +WOLFSSL_API int wolfSSL_RAND_poll(void); + +WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); +WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); +WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*); + +WOLFSSL_API unsigned long wolfSSL_thread_id(void); +WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void)); +WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, + int)); +WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f) + (const char*, int)); +WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int, + WOLFSSL_dynlock_value*, const char*, int)); +WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f) + (WOLFSSL_dynlock_value*, const char*, int)); +WOLFSSL_API int wolfSSL_num_locks(void); + +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( + WOLFSSL_X509_STORE_CTX*); +WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*); +WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*); + +WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); +WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, + unsigned char** out); +#ifndef NO_RSA +WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset); +#endif +WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, + unsigned long nmflags, unsigned long cflag); +WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); +WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); +WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*); +WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*); +WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*); +WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID( + WOLFSSL_X509*, unsigned char*, int*); +WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( + WOLFSSL_X509*, unsigned char*, int*); + +WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey); +WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*, + WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509*, + WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); +WOLFSSL_API int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, + const WOLFSSL_ASN1_TIME* t); +WOLFSSL_API int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, + const WOLFSSL_ASN1_TIME* t); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509* x509); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, + WOLFSSL_ASN1_INTEGER* s); +WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v); +WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_MD* md); + + +WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID( + WOLFSSL_X509_NAME*, int, char*, int); +WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID( + WOLFSSL_X509_NAME*, int, int); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*); + +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type); +WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len); +WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1); +WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, + const void* data, int dataSz); +WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*); +WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*); +WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*); +WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long); +WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*); +WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509*, unsigned char*, + int*); +WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509); + +WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long); +WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*, + long); +WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void); +WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void); + +WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*, + WOLFSSL_X509_LOOKUP_METHOD*); +WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void); +WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*); +WOLFSSL_API int wolfSSL_X509_STORE_add_cert( + WOLFSSL_X509_STORE*, WOLFSSL_X509*); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( + WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain( + WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, + unsigned long flag); +WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*); +WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*, + int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*); +WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void); +WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*, + WOLFSSL_X509_STORE*, WOLFSSL_X509*, WOLF_STACK_OF(WOLFSSL_X509)*); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*); + +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*); + +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*); +WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*); +WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio( + WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** out); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, + unsigned char** in, long inSz); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, + WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, + unsigned char** in, long inSz); +WOLFSSL_API int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, + unsigned char** der); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); +WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, + time_t *cmpTime); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime, + int offset_day, long offset_sec, time_t *in_tm); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj(WOLFSSL_ASN1_TIME *asnTime, + long offset_sec, time_t *in_tm); +WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*, + unsigned long flags, + time_t t); +WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_set_hostflags( + WOLFSSL_X509_VERIFY_PARAM* param, unsigned int flags); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam, + const char* name, + unsigned int nameSz); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc( + WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc); +#endif +WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*); +WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( + WOLFSSL_X509_REVOKED*,int); +WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*); +WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*); +WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void); +WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup( + const WOLFSSL_ASN1_INTEGER* src); +WOLFSSL_API int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v); + +WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*); + +WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, + char* buf, int len); +WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*, + const WOLFSSL_ASN1_INTEGER*); +WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*); + +#ifdef OPENSSL_EXTRA +WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, + WOLFSSL_BIGNUM *bn); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t, + int, long); +#endif + +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list( + const WOLFSSL_CTX *s); +WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*, + WOLF_STACK_OF(WOLFSSL_X509_NAME)*); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list( + const WOLFSSL* ssl); + +typedef int (*client_cert_cb)(WOLFSSL *ssl, WOLFSSL_X509 **x509, + WOLFSSL_EVP_PKEY **pkey); +WOLFSSL_API void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb); + +WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data( + WOLFSSL_X509_STORE_CTX* ctx, int idx); +WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, + int idx, void *data); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, + int depth); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer( + WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store( + WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error( + WOLFSSL_X509_STORE_CTX* ctx, int er); +WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int); + +WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, + void* userdata); +WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, + pem_password_cb*); +WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); +WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); + +WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, + void (*)(const WOLFSSL* ssl, int type, int val)); + +WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void); +WOLFSSL_API int wolfSSL_GET_REASON(int); + +WOLFSSL_API const char* wolfSSL_alert_type_string_long(int); +WOLFSSL_API const char* wolfSSL_alert_desc_string_long(int); +WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); + +WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, + void(*)(int, int, void*), void*); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, + const unsigned char **pp, long len); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**, + const unsigned char**, long); +WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp); +WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, + WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); + +WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); + +WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); + +WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*); +WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); +WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); + +WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg( + WOLFSSL_CTX*, void* arg); +WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*); +WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*); + +WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op); +WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s); +WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op); +WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s); +WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); +WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); +WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); +WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); + +WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); +WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); + +#define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ + +enum { + WOLFSSL_OCSP_URL_OVERRIDE = 1, + WOLFSSL_OCSP_NO_NONCE = 2, + WOLFSSL_OCSP_CHECKALL = 4, + + WOLFSSL_CRL_CHECKALL = 1, + WOLFSSL_CRL_CHECK = 27, +}; + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) +/* seperated out from other enums because of size */ +enum { + SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, + SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002, + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004, + SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008, + SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010, + SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020, + SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040, + SSL_OP_TLS_D5_BUG = 0x00000080, + SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100, + SSL_OP_TLS_ROLLBACK_BUG = 0x00000200, + SSL_OP_ALL = 0x00000400, + SSL_OP_EPHEMERAL_RSA = 0x00000800, + WOLFSSL_OP_NO_SSLv3 = 0x00001000, + WOLFSSL_OP_NO_TLSv1 = 0x00002000, + SSL_OP_PKCS1_CHECK_1 = 0x00004000, + SSL_OP_PKCS1_CHECK_2 = 0x00008000, + SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000, + SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000, + SSL_OP_SINGLE_DH_USE = 0x00040000, + SSL_OP_NO_TICKET = 0x00080000, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000, + SSL_OP_NO_QUERY_MTU = 0x00200000, + SSL_OP_COOKIE_EXCHANGE = 0x00400000, + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000, + SSL_OP_SINGLE_ECDH_USE = 0x01000000, + SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, + WOLFSSL_OP_NO_TLSv1_1 = 0x04000000, + WOLFSSL_OP_NO_TLSv1_2 = 0x08000000, + SSL_OP_NO_COMPRESSION = 0x10000000, + WOLFSSL_OP_NO_TLSv1_3 = 0x20000000, + WOLFSSL_OP_NO_SSLv2 = 0x40000000, +}; + +/* for compatibility these must be macros */ +#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2 +#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3 +#define SSL_OP_NO_TLSv1 WOLFSSL_OP_NO_TLSv1 +#define SSL_OP_NO_TLSv1_1 WOLFSSL_OP_NO_TLSv1_1 +#define SSL_OP_NO_TLSv1_2 WOLFSSL_OP_NO_TLSv1_2 +#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD)) /* apache uses this to determine if TLS 1.3 is enabled */ +#define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3 +#endif + +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \ + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3) + +#define SSL_NOTHING 1 +#define SSL_WRITING 2 +#define SSL_READING 3 + +enum { +#ifdef HAVE_OCSP + /* OCSP Flags */ + OCSP_NOCERTS = 1, + OCSP_NOINTERN = 2, + OCSP_NOSIGS = 4, + OCSP_NOCHAIN = 8, + OCSP_NOVERIFY = 16, + OCSP_NOEXPLICIT = 32, + OCSP_NOCASIGN = 64, + OCSP_NODELEGATED = 128, + OCSP_NOCHECKS = 256, + OCSP_TRUSTOTHER = 512, + OCSP_RESPID_KEY = 1024, + OCSP_NOTIME = 2048, + + /* OCSP Types */ + OCSP_CERTID = 2, + OCSP_REQUEST = 4, + OCSP_RESPONSE = 8, + OCSP_BASICRESP = 16, +#endif + + ASN1_GENERALIZEDTIME = 4, + SSL_MAX_SSL_SESSION_ID_LENGTH = 32, + + EVP_R_BAD_DECRYPT = 2, + + SSL_ST_CONNECT = 0x1000, + SSL_ST_ACCEPT = 0x2000, + SSL_ST_MASK = 0x0FFF, + + SSL_CB_LOOP = 0x01, + SSL_CB_EXIT = 0x02, + SSL_CB_READ = 0x04, + SSL_CB_WRITE = 0x08, + SSL_CB_HANDSHAKE_START = 0x10, + SSL_CB_HANDSHAKE_DONE = 0x20, + SSL_CB_ALERT = 0x4000, + SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ), + SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE), + SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP), + SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT), + SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP), + SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT), + SSL_CB_MODE_READ = 1, + SSL_CB_MODE_WRITE = 2, + + SSL_MODE_ENABLE_PARTIAL_WRITE = 2, + + BIO_FLAGS_BASE64_NO_NL = 1, + BIO_CLOSE = 1, + BIO_NOCLOSE = 0, + + X509_FILETYPE_PEM = 8, + X509_LU_X509 = 9, + X509_LU_CRL = 12, + + X509_V_OK = 0, + X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, + X509_V_ERR_CRL_HAS_EXPIRED = 15, + X509_V_ERR_CERT_REVOKED = 16, + X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, + X509_V_ERR_CERT_NOT_YET_VALID = 19, + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, + X509_V_ERR_CERT_HAS_EXPIRED = 21, + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, + X509_V_ERR_CERT_REJECTED = 23, + /* Required for Nginx */ + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 24, + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 25, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 26, + X509_V_ERR_CERT_UNTRUSTED = 27, + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 28, + X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29, + /* additional X509_V_ERR_* enums not used in wolfSSL */ + X509_V_ERR_UNABLE_TO_GET_CRL, + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, + X509_V_ERR_CERT_SIGNATURE_FAILURE, + X509_V_ERR_CRL_NOT_YET_VALID, + X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, + X509_V_ERR_OUT_OF_MEM, + X509_V_ERR_INVALID_CA, + X509_V_ERR_PATH_LENGTH_EXCEEDED, + X509_V_ERR_INVALID_PURPOSE, + X509_V_ERR_AKID_SKID_MISMATCH, + X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, + X509_V_ERR_KEYUSAGE_NO_CERTSIGN, + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, + X509_V_ERR_INVALID_NON_CA, + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, + X509_V_ERR_INVALID_EXTENSION, + X509_V_ERR_INVALID_POLICY_EXTENSION, + X509_V_ERR_NO_EXPLICIT_POLICY, + X509_V_ERR_UNNESTED_RESOURCE, + X509_V_ERR_APPLICATION_VERIFICATION, + + X509_R_CERT_ALREADY_IN_HASH_TABLE, + + XN_FLAG_SPC_EQ = (1 << 23), + XN_FLAG_SEP_CPLUS_SPC = (2 << 16), + XN_FLAG_ONELINE = 0, + XN_FLAG_RFC2253 = 1, + XN_FLAG_DN_REV = (1 << 20), + + CRYPTO_LOCK = 1, + CRYPTO_NUM_LOCKS = 10, + + ASN1_STRFLGS_ESC_MSB = 4 +}; +#endif + +/* extras end */ + +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +/* wolfSSL extension, provide last error from SSL_get_error + since not using thread storage error queue */ +#include +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) +WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); +#endif +#endif +WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio); + + +#ifndef NO_OLD_SSL_NAMES + #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE + #define SSL_FAILURE WOLFSSL_FAILURE + #define SSL_SUCCESS WOLFSSL_SUCCESS + #define SSL_SHUTDOWN_NOT_DONE WOLFSSL_SHUTDOWN_NOT_DONE + + #define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND + #define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE + #define SSL_BAD_STAT WOLFSSL_BAD_STAT + #define SSL_BAD_PATH WOLFSSL_BAD_PATH + #define SSL_BAD_FILETYPE WOLFSSL_BAD_FILETYPE + #define SSL_BAD_FILE WOLFSSL_BAD_FILE + #define SSL_NOT_IMPLEMENTED WOLFSSL_NOT_IMPLEMENTED + #define SSL_UNKNOWN WOLFSSL_UNKNOWN + #define SSL_FATAL_ERROR WOLFSSL_FATAL_ERROR + + #define SSL_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1 + #define SSL_FILETYPE_PEM WOLFSSL_FILETYPE_PEM + #define SSL_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT + #define SSL_FILETYPE_RAW WOLFSSL_FILETYPE_RAW + + #define SSL_VERIFY_NONE WOLFSSL_VERIFY_NONE + #define SSL_VERIFY_PEER WOLFSSL_VERIFY_PEER + #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT + #define SSL_VERIFY_CLIENT_ONCE WOLFSSL_VERIFY_CLIENT_ONCE + #define SSL_VERIFY_FAIL_EXCEPT_PSK WOLFSSL_VERIFY_FAIL_EXCEPT_PSK + + #define SSL_SESS_CACHE_OFF WOLFSSL_SESS_CACHE_OFF + #define SSL_SESS_CACHE_CLIENT WOLFSSL_SESS_CACHE_CLIENT + #define SSL_SESS_CACHE_SERVER WOLFSSL_SESS_CACHE_SERVER + #define SSL_SESS_CACHE_BOTH WOLFSSL_SESS_CACHE_BOTH + #define SSL_SESS_CACHE_NO_AUTO_CLEAR WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR + #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP + #define SSL_SESS_CACHE_NO_INTERNAL_STORE WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE + #define SSL_SESS_CACHE_NO_INTERNAL WOLFSSL_SESS_CACHE_NO_INTERNAL + + #define SSL_ERROR_WANT_READ WOLFSSL_ERROR_WANT_READ + #define SSL_ERROR_WANT_WRITE WOLFSSL_ERROR_WANT_WRITE + #define SSL_ERROR_WANT_CONNECT WOLFSSL_ERROR_WANT_CONNECT + #define SSL_ERROR_WANT_ACCEPT WOLFSSL_ERROR_WANT_ACCEPT + #define SSL_ERROR_SYSCALL WOLFSSL_ERROR_SYSCALL + #define SSL_ERROR_WANT_X509_LOOKUP WOLFSSL_ERROR_WANT_X509_LOOKUP + #define SSL_ERROR_ZERO_RETURN WOLFSSL_ERROR_ZERO_RETURN + #define SSL_ERROR_SSL WOLFSSL_ERROR_SSL + + #define SSL_SENT_SHUTDOWN WOLFSSL_SENT_SHUTDOWN + #define SSL_RECEIVED_SHUTDOWN WOLFSSL_RECEIVED_SHUTDOWN + #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER + + #define SSL_R_SSL_HANDSHAKE_FAILURE WOLFSSL_R_SSL_HANDSHAKE_FAILURE + #define SSL_R_TLSV1_ALERT_UNKNOWN_CA WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA + #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN + #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE + + #define PEM_BUFSIZE WOLF_PEM_BUFSIZE +#endif + +enum { /* ssl Constants */ + WOLFSSL_ERROR_NONE = 0, /* for most functions */ + WOLFSSL_FAILURE = 0, /* for some functions */ + WOLFSSL_SUCCESS = 1, + WOLFSSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */ + + WOLFSSL_ALPN_NOT_FOUND = -9, + WOLFSSL_BAD_CERTTYPE = -8, + WOLFSSL_BAD_STAT = -7, + WOLFSSL_BAD_PATH = -6, + WOLFSSL_BAD_FILETYPE = -5, + WOLFSSL_BAD_FILE = -4, + WOLFSSL_NOT_IMPLEMENTED = -3, + WOLFSSL_UNKNOWN = -2, + WOLFSSL_FATAL_ERROR = -1, + + WOLFSSL_FILETYPE_ASN1 = 2, + WOLFSSL_FILETYPE_PEM = 1, + WOLFSSL_FILETYPE_DEFAULT = 2, /* ASN1 */ + WOLFSSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ + + WOLFSSL_VERIFY_NONE = 0, + WOLFSSL_VERIFY_PEER = 1, + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, + WOLFSSL_VERIFY_CLIENT_ONCE = 4, + WOLFSSL_VERIFY_FAIL_EXCEPT_PSK = 8, + + WOLFSSL_SESS_CACHE_OFF = 0x0000, + WOLFSSL_SESS_CACHE_CLIENT = 0x0001, + WOLFSSL_SESS_CACHE_SERVER = 0x0002, + WOLFSSL_SESS_CACHE_BOTH = 0x0003, + WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR = 0x0008, + WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 0x0100, + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE = 0x0200, + WOLFSSL_SESS_CACHE_NO_INTERNAL = 0x0300, + + WOLFSSL_ERROR_WANT_READ = 2, + WOLFSSL_ERROR_WANT_WRITE = 3, + WOLFSSL_ERROR_WANT_CONNECT = 7, + WOLFSSL_ERROR_WANT_ACCEPT = 8, + WOLFSSL_ERROR_SYSCALL = 5, + WOLFSSL_ERROR_WANT_X509_LOOKUP = 83, + WOLFSSL_ERROR_ZERO_RETURN = 6, + WOLFSSL_ERROR_SSL = 85, + + WOLFSSL_SENT_SHUTDOWN = 1, + WOLFSSL_RECEIVED_SHUTDOWN = 2, + WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, + + WOLFSSL_R_SSL_HANDSHAKE_FAILURE = 101, + WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, + WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, + WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, + + WOLF_PEM_BUFSIZE = 1024 +}; + +#ifndef NO_PSK + typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*, + unsigned int, unsigned char*, unsigned int); + WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*, + wc_psk_client_callback); + WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*, + wc_psk_client_callback); +#ifdef WOLFSSL_TLS13 + typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*, + char*, unsigned int, unsigned char*, unsigned int, const char**); + WOLFSSL_API void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX*, + wc_psk_client_tls13_callback); + WOLFSSL_API void wolfSSL_set_psk_client_tls13_callback(WOLFSSL*, + wc_psk_client_tls13_callback); +#endif + + WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*); + WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*); + + WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*); + WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*); + + typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, + unsigned char*, unsigned int); + WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*, + wc_psk_server_callback); + WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*, + wc_psk_server_callback); +#ifdef WOLFSSL_TLS13 + typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*, + unsigned char*, unsigned int, const char**); + WOLFSSL_API void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX*, + wc_psk_server_tls13_callback); + WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*, + wc_psk_server_tls13_callback); +#endif + + #define PSK_TYPES_DEFINED +#endif /* NO_PSK */ + + +#ifdef HAVE_ANON + WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*); +#endif /* HAVE_ANON */ + + +/* extra begins */ +#ifdef OPENSSL_EXTRA +enum { /* ERR Constants */ + ERR_TXT_STRING = 1 +}; + +/* bio misc */ +enum { + WOLFSSL_BIO_ERROR = -1, + WOLFSSL_BIO_UNSET = -2, + WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */ +}; +#endif + +WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err, + const char* file, int line); +WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line(const char**, int*); +WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*, + const char**, int *); + +WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void); +WOLFSSL_API void wolfSSL_ERR_clear_error(void); + + +WOLFSSL_API int wolfSSL_RAND_status(void); +WOLFSSL_API int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num); +WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); +WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long); +WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); + +#ifndef NO_CERTS + WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*); +#endif /* !NO_CERTS */ + +WOLFSSL_API void wolfSSL_ERR_free_strings(void); +WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long); +WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl); + +WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void); +WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode); +WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx); +WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m); +WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); + + +WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, + const unsigned char*, unsigned int); +WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); + +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_want(WOLFSSL*); +#endif +WOLFSSL_API int wolfSSL_want_read(WOLFSSL*); +WOLFSSL_API int wolfSSL_want_write(WOLFSSL*); + +WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...); +WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char*, int); +WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, + const WOLFSSL_ASN1_UTCTIME*); +WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, + const WOLFSSL_ASN1_GENERALIZEDTIME*); +WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); +WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME*); +WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec, + const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to); +#ifdef OPENSSL_EXTRA +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); +#endif + +WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk); +WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i); + +/* stunnel 4.28 needs */ +WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); +WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*); +WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*, + WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*)); +WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*, + int (*f)(WOLFSSL*, WOLFSSL_SESSION*)); +WOLFSSL_API void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*, + void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*)); + +WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**, + const unsigned char**, long); + +WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*); +WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*); +WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); + +/* extra ends */ + + +/* wolfSSL extensions */ + +/* call before SSL_connect, if verifying will add name check to + date check and signature check */ +WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); + +/* need to call once to load library (session cache) */ +WOLFSSL_API int wolfSSL_Init(void); +/* call when done to cleanup/free session cache mutex / resources */ +WOLFSSL_API int wolfSSL_Cleanup(void); + +/* which library version do we have */ +WOLFSSL_API const char* wolfSSL_lib_version(void); +/* which library version do we have in hex */ +WOLFSSL_API word32 wolfSSL_lib_version_hex(void); + +/* do accept or connect depedning on side */ +WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl); +/* turn on wolfSSL data compression */ +WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); +WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); +WOLFSSL_API void wolfSSL_CTX_set_current_time_cb(WOLFSSL_CTX* ctx, + void (*cb)(const WOLFSSL* ssl, Timeval* out_clock)); + +/* get wolfSSL peer X509_CHAIN */ +WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl); +#ifdef WOLFSSL_ALT_CERT_CHAINS +WOLFSSL_API int wolfSSL_is_peer_alt_cert_chain(const WOLFSSL* ssl); +/* get wolfSSL alternate peer X509_CHAIN */ +WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl); +#endif +/* peer chain count */ +WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain); +/* index cert length */ +WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx); +/* index cert */ +WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx); +/* index cert in X509 */ +WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); +/* free X509 */ +#define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509)) +WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); +/* get index cert in PEM */ +WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, + unsigned char* buf, int inLen, int* outLen); +WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s); +WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*); +WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); +WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); +WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509*, int*); +WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509); +WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); + +WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); + +WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); + +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, + const unsigned char** in, int len); +WOLFSSL_API WOLFSSL_X509* + wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); +WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, + const unsigned char *in, int len); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); +#endif +WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); + +#ifndef NO_FILESYSTEM + #ifndef NO_STDIO_FILESYSTEM + WOLFSSL_API WOLFSSL_X509* + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); + #endif +WOLFSSL_API WOLFSSL_X509* + wolfSSL_X509_load_certificate_file(const char* fname, int format); +#endif +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( + const unsigned char* buf, int sz, int format); + +#ifdef WOLFSSL_SEP + WOLFSSL_API unsigned char* + wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*); + WOLFSSL_API unsigned char* + wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*); + WOLFSSL_API unsigned char* + wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*); +#endif + +/* connect enough to get peer cert */ +WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); + + + +/* PKCS12 compatibility */ +typedef struct WC_PKCS12 WC_PKCS12; +WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, + WC_PKCS12** pkcs12); +WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, + WOLFSSL_X509_PKCS12** pkcs12); +#endif +WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, + WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, + WOLF_STACK_OF(WOLFSSL_X509)** ca); +WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, + WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert, + WOLF_STACK_OF(WOLFSSL_X509)* ca, + int keyNID, int certNID, int itt, int macItt, int keytype); +WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void); + + + +#ifndef NO_DH +/* server Diffie-Hellman parameters */ +WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz, + const unsigned char* g, int gSz); +WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz, + int format); +WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL*, int); +#ifndef NO_FILESYSTEM + WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format); +#endif + +/* server ctx Diffie-Hellman parameters */ +WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p, + int pSz, const unsigned char* g, int gSz); +WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b, + long sz, int format); + +#ifndef NO_FILESYSTEM + WOLFSSL_API int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f, + int format); +#endif + +WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, word16); +WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, word16); +WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX*, word16); +WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL*, word16); +WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*); +#endif /* NO_DH */ + +#ifndef NO_RSA +WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, short); +WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, short); +#endif /* NO_RSA */ + +#ifdef HAVE_ECC +WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX*, short); +WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL*, short); +#endif /* NO_RSA */ + +WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, word16); +WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, word16); + +/* keyblock size in bytes or -1 */ +/* need to call wolfSSL_KeepArrays before handshake to save keys */ +WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*); +WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen, + unsigned char** sr, unsigned int* srLen, + unsigned char** cr, unsigned int* crLen); + +/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */ +WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, + const char* label); + + +#ifndef _WIN32 + #ifndef NO_WRITEV + #ifdef __PPU + #include + #include + #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \ + !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ + !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \ + !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \ + !defined(WOLFSSL_ZEPHYR) + #include + #endif + /* allow writev style writing */ + WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, + int iovcnt); + #endif +#endif + + +#ifndef NO_CERTS + /* SSL_CTX versions */ + WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*); +#ifdef WOLFSSL_TRUST_PEER_CERT + WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*, + const unsigned char*, long, int); +#endif + WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX*, + const unsigned char*, long, int, + int, word32); + WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*, + const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*, + const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*, + const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*, + const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*, + const unsigned char*, long, int, long); + WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*, + const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*, + const unsigned char*, long); + + /* SSL versions */ + WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*, + long, int); + WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, + int derSz); + WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, + long, int); + WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*, + long, int, long); + WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*, + const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*, + const unsigned char*, long); + WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*); + + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + defined(KEEP_OUR_CERT) + WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl); + #endif +#endif + +WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*); + + +#ifdef HAVE_FUZZER +enum fuzzer_type { + FUZZ_HMAC = 0, + FUZZ_ENCRYPT = 1, + FUZZ_SIGNATURE = 2, + FUZZ_HASH = 3, + FUZZ_HEAD = 4 +}; + +typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz, + int type, void* fuzzCtx); + +WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx); +#endif + + +WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, const byte*, word32); + + +/* I/O Callback default errors */ +enum IOerrors { + WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ + WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ + WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ + WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ + WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */ + WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ + WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ +}; + + +/* CA cache callbacks */ +enum { + WOLFSSL_SSLV3 = 0, + WOLFSSL_TLSV1 = 1, + WOLFSSL_TLSV1_1 = 2, + WOLFSSL_TLSV1_2 = 3, + WOLFSSL_TLSV1_3 = 4, + WOLFSSL_USER_CA = 1, /* user added as trusted */ + WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */ +}; + +WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*); + +WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); +WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); +WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */ +WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void); +WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void); +WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); + +/* moved to asn.c, old names kept for backwards compatability */ +#define wolfSSL_KeyPemToDer wc_KeyPemToDer +#define wolfSSL_CertPemToDer wc_CertPemToDer +#define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer +#define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer +#define wolfSSL_PemCertToDer wc_PemCertToDer + + +typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); +typedef void (*CbMissingCRL)(const char* url); +typedef int (*CbOCSPIO)(void*, const char*, int, + unsigned char*, int, unsigned char**); +typedef void (*CbOCSPRespFree)(void*,unsigned char*); + +#ifdef HAVE_CRL_IO +typedef int (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz); +#endif + +/* User Atomic Record Layer CallBacks */ +typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut, + const unsigned char* macIn, unsigned int macInSz, int macContent, + int macVerify, unsigned char* encOut, const unsigned char* encIn, + unsigned int encSz, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt); +WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl); + +typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl, + unsigned char* decOut, const unsigned char* decIn, + unsigned int decSz, int content, int verify, unsigned int* padSz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*, + CallbackDecryptVerify); +WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl); + +typedef int (*CallbackEncryptMac)(WOLFSSL* ssl, unsigned char* macOut, + int content, int macVerify, unsigned char* encOut, + const unsigned char* encIn, unsigned int encSz, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX*, CallbackEncryptMac); +WOLFSSL_API void wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl); + +typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl, + unsigned char* decOut, const unsigned char* decIn, + unsigned int decSz, int content, int verify, unsigned int* padSz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetVerifyDecryptCb(WOLFSSL_CTX*, + CallbackVerifyDecrypt); +WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl); + +WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int); +WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*); +WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*); +WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*); +WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetIVSize(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetSide(WOLFSSL*); +WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL*); +WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL*); +WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*, + word32, int, int); + +/* Atomic User Needs */ +enum { + WOLFSSL_SERVER_END = 0, + WOLFSSL_CLIENT_END = 1, + WOLFSSL_NEITHER_END = 3, + WOLFSSL_BLOCK_TYPE = 2, + WOLFSSL_STREAM_TYPE = 3, + WOLFSSL_AEAD_TYPE = 4, + WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ +}; + +/* for GetBulkCipher and internal use */ +enum BulkCipherAlgorithm { + wolfssl_cipher_null, + wolfssl_rc4, + wolfssl_rc2, + wolfssl_des, + wolfssl_triple_des, /* leading 3 (3des) not valid identifier */ + wolfssl_des40, +#ifdef HAVE_IDEA + wolfssl_idea, +#endif + wolfssl_aes, + wolfssl_aes_gcm, + wolfssl_aes_ccm, + wolfssl_chacha, + wolfssl_camellia, + wolfssl_hc128, /* wolfSSL extensions */ + wolfssl_rabbit +}; + + +/* for KDF TLS 1.2 mac types */ +enum KDF_MacAlgorithm { + wolfssl_sha256 = 4, /* needs to match hash.h wc_MACAlgorithm */ + wolfssl_sha384, + wolfssl_sha512 +}; + + +/* Public Key Callback support */ +#ifdef HAVE_PK_CALLBACKS +#ifdef HAVE_ECC + +struct ecc_key; + +typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key, + unsigned int keySz, int ecc_curve, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX*, CallbackEccKeyGen); +WOLFSSL_API void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl); + +typedef int (*CallbackEccSign)(WOLFSSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, word32* outSz, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign); +WOLFSSL_API void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl); + +typedef int (*CallbackEccVerify)(WOLFSSL* ssl, + const unsigned char* sig, unsigned int sigSz, + const unsigned char* hash, unsigned int hashSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify); +WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl); + +typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey, + unsigned char* pubKeyDer, word32* pubKeySz, + unsigned char* out, word32* outlen, + int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */ +WOLFSSL_API void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX*, CallbackEccSharedSecret); +WOLFSSL_API void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl); +#endif + +#ifndef NO_DH +/* Public DH Key Callback support */ +struct DhKey; +typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key, + const unsigned char* priv, unsigned int privSz, + const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz, + unsigned char* out, unsigned int* outlen, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree); +WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl); +#endif /* !NO_DH */ + +#ifdef HAVE_ED25519 +struct ed25519_key; +typedef int (*CallbackEd25519Sign)(WOLFSSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, unsigned int* outSz, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX*, + CallbackEd25519Sign); +WOLFSSL_API void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl); + +typedef int (*CallbackEd25519Verify)(WOLFSSL* ssl, + const unsigned char* sig, unsigned int sigSz, + const unsigned char* msg, unsigned int msgSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX*, + CallbackEd25519Verify); +WOLFSSL_API void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl); +#endif + +#ifdef HAVE_CURVE25519 +struct curve25519_key; + +typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key, + unsigned int keySz, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX*, CallbackX25519KeyGen); +WOLFSSL_API void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl); + +typedef int (*CallbackX25519SharedSecret)(WOLFSSL* ssl, + struct curve25519_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx); + /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */ +WOLFSSL_API void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX*, + CallbackX25519SharedSecret); +WOLFSSL_API void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl); +#endif + +#ifndef NO_RSA +typedef int (*CallbackRsaSign)(WOLFSSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, unsigned int* outSz, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign); +WOLFSSL_API void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl); + +typedef int (*CallbackRsaVerify)(WOLFSSL* ssl, + unsigned char* sig, unsigned int sigSz, + unsigned char** out, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify); +WOLFSSL_API void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX*, CallbackRsaVerify); +WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl); + +#ifdef WC_RSA_PSS +typedef int (*CallbackRsaPssSign)(WOLFSSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, unsigned int* outSz, + int hash, int mgf, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX*, CallbackRsaPssSign); +WOLFSSL_API void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl); + +typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl, + unsigned char* sig, unsigned int sigSz, + unsigned char** out, + int hash, int mgf, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*, + CallbackRsaPssVerify); +WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX*, + CallbackRsaPssVerify); +WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl); +#endif + +/* RSA Public Encrypt cb */ +typedef int (*CallbackRsaEnc)(WOLFSSL* ssl, + const unsigned char* in, unsigned int inSz, + unsigned char* out, unsigned int* outSz, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc); +WOLFSSL_API void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl); + +/* RSA Private Decrypt cb */ +typedef int (*CallbackRsaDec)(WOLFSSL* ssl, + unsigned char* in, unsigned int inSz, + unsigned char** out, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec); +WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); +#endif +#endif /* HAVE_PK_CALLBACKS */ + +#ifndef NO_CERTS + WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache); + + WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX*); + + WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap); + WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); + WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); + + WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f, + const char* d); + WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*, + const unsigned char* in, long sz, int format); + WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm); +#ifdef WOLFSSL_TRUST_PEER_CERT + WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm); +#endif + WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f, + int format); + WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, + const unsigned char* buff, long sz, int format); + WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*, + unsigned char*, int sz); + WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*, + int options); + WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*); + WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*, + const char*, int, int); + WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER*, + const unsigned char*, long sz, int); + WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*, + CbMissingCRL); + WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER *); +#ifdef HAVE_CRL_IO + WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*, + CbCrlIO); +#endif +#if defined(HAVE_OCSP) + WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *, + byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer, + CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest); +#endif + WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*, + unsigned char*, int sz); + WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*, + int options); + WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*); + WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*, + const char*); + WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*, + CbOCSPIO, CbOCSPRespFree, void*); + + WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling( + WOLFSSL_CERT_MANAGER* cm); + WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling( + WOLFSSL_CERT_MANAGER* cm); + + WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); + WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); + WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); + WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*, + const unsigned char*, long sz, int); + WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL); +#ifdef HAVE_CRL_IO + WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb); +#endif + WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options); + WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*); + WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*); + WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*); + WOLFSSL_API int wolfSSL_EnableOCSPStapling(WOLFSSL*); + WOLFSSL_API int wolfSSL_DisableOCSPStapling(WOLFSSL*); + + WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options); + WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx); + WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int); + WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*, + const unsigned char*, long sz, int); + WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL); +#ifdef HAVE_CRL_IO + WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO); +#endif + + WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options); + WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*); + WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*, + CbOCSPIO, CbOCSPRespFree, void*); + WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*); +#endif /* !NO_CERTS */ + + +#ifdef SINGLE_THREADED + WOLFSSL_API int wolfSSL_CTX_new_rng(WOLFSSL_CTX*); +#endif + +/* end of handshake frees temporary arrays, if user needs for get_keys or + psk hints, call KeepArrays before handshake and then FreeArrays when done + if don't want to wait for object free */ +WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*); +WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*); + +WOLFSSL_API int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl); + +/* async additions */ +#define wolfSSL_UseAsync wolfSSL_SetDevId +#define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId +WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId); +WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId); + +/* helpers to get device id and heap */ +WOLFSSL_API int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl); +WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl); + +/* TLS Extensions */ + +/* Server Name Indication */ +#ifdef HAVE_SNI + +/* SNI types */ +enum { + WOLFSSL_SNI_HOST_NAME = 0 +}; + +WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, + const void* data, unsigned short size); +WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type, + const void* data, unsigned short size); + +#ifndef NO_WOLFSSL_SERVER + +/* SNI options */ +enum { + /* Do not abort the handshake if the requested SNI didn't match. */ + WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, + + /* Behave as if the requested SNI matched in a case of mismatch. */ + /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */ + WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02, + + /* Abort the handshake if the client didn't send a SNI request. */ + WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04, +}; + +WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type, + unsigned char options); +WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, + unsigned char type, unsigned char options); +WOLFSSL_API int wolfSSL_SNI_GetFromBuffer( + const unsigned char* clientHello, unsigned int helloSz, + unsigned char type, unsigned char* sni, unsigned int* inOutSz); + +#endif /* NO_WOLFSSL_SERVER */ + +/* SNI status */ +enum { + WOLFSSL_SNI_NO_MATCH = 0, + WOLFSSL_SNI_FAKE_MATCH = 1, /**< @see WOLFSSL_SNI_ANSWER_ON_MISMATCH */ + WOLFSSL_SNI_REAL_MATCH = 2, + WOLFSSL_SNI_FORCE_KEEP = 3 /** Used with -DWOLFSSL_ALWAYS_KEEP_SNI */ +}; + +WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type); + +WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, + unsigned char type, void** data); + +#endif /* HAVE_SNI */ + +/* Trusted CA Key Indication - RFC 6066 (Section 6) */ +#ifdef HAVE_TRUSTED_CA + +/* TCA Identifier Type */ +enum { + WOLFSSL_TRUSTED_CA_PRE_AGREED = 0, + WOLFSSL_TRUSTED_CA_KEY_SHA1 = 1, + WOLFSSL_TRUSTED_CA_X509_NAME = 2, + WOLFSSL_TRUSTED_CA_CERT_SHA1 = 3 +}; + +WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, unsigned char type, + const unsigned char* certId, unsigned int certIdSz); +#endif /* HAVE_TRUSTED_CA */ + +/* Application-Layer Protocol Negotiation */ +#ifdef HAVE_ALPN + +/* ALPN status code */ +enum { + WOLFSSL_ALPN_NO_MATCH = 0, + WOLFSSL_ALPN_MATCH = 1, + WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2, + WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4, +}; + +enum { + WOLFSSL_MAX_ALPN_PROTO_NAME_LEN = 255, + WOLFSSL_MAX_ALPN_NUMBER = 257 +}; + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, + unsigned char* outLen, const unsigned char* in, unsigned int inLen, + void *arg); +#endif + +WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, + unsigned int protocol_name_listSz, + unsigned char options); + +WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name, + unsigned short *size); + +WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, + unsigned short *listSz); +WOLFSSL_API int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list); +#endif /* HAVE_ALPN */ + +/* Maximum Fragment Length */ +#ifdef HAVE_MAX_FRAGMENT + +/* Fragment lengths */ +enum { + WOLFSSL_MFL_2_9 = 1, /* 512 bytes */ + WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */ + WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */ + WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */ + WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */ + WOLFSSL_MFL_2_8 = 6, /* 256 bytes *//* wolfSSL ONLY!!! */ + WOLFSSL_MFL_MIN = WOLFSSL_MFL_2_9, + WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8, +}; + +#ifndef NO_WOLFSSL_CLIENT + +WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl); +WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl); + +#endif +#endif /* HAVE_MAX_FRAGMENT */ + +/* Truncated HMAC */ +#ifdef HAVE_TRUNCATED_HMAC +#ifndef NO_WOLFSSL_CLIENT + +WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx); + +#endif +#endif + +/* Certificate Status Request */ +/* Certificate Status Type */ +enum { + WOLFSSL_CSR_OCSP = 1 +}; + +/* Certificate Status Options (flags) */ +enum { + WOLFSSL_CSR_OCSP_USE_NONCE = 0x01 +}; + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +#ifndef NO_WOLFSSL_CLIENT + +WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, + unsigned char status_type, unsigned char options); + +WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, + unsigned char status_type, unsigned char options); + +#endif +#endif + +/* Certificate Status Request v2 */ +/* Certificate Status Type */ +enum { + WOLFSSL_CSR2_OCSP = 1, + WOLFSSL_CSR2_OCSP_MULTI = 2 +}; + +/* Certificate Status v2 Options (flags) */ +enum { + WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01 +}; + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +#ifndef NO_WOLFSSL_CLIENT + +WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, + unsigned char status_type, unsigned char options); + +WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, + unsigned char status_type, unsigned char options); + +#endif +#endif + +/* Named Groups */ +enum { +#if 0 /* Not Supported */ + WOLFSSL_ECC_SECT163K1 = 1, + WOLFSSL_ECC_SECT163R1 = 2, + WOLFSSL_ECC_SECT163R2 = 3, + WOLFSSL_ECC_SECT193R1 = 4, + WOLFSSL_ECC_SECT193R2 = 5, + WOLFSSL_ECC_SECT233K1 = 6, + WOLFSSL_ECC_SECT233R1 = 7, + WOLFSSL_ECC_SECT239K1 = 8, + WOLFSSL_ECC_SECT283K1 = 9, + WOLFSSL_ECC_SECT283R1 = 10, + WOLFSSL_ECC_SECT409K1 = 11, + WOLFSSL_ECC_SECT409R1 = 12, + WOLFSSL_ECC_SECT571K1 = 13, + WOLFSSL_ECC_SECT571R1 = 14, +#endif + WOLFSSL_ECC_SECP160K1 = 15, + WOLFSSL_ECC_SECP160R1 = 16, + WOLFSSL_ECC_SECP160R2 = 17, + WOLFSSL_ECC_SECP192K1 = 18, + WOLFSSL_ECC_SECP192R1 = 19, + WOLFSSL_ECC_SECP224K1 = 20, + WOLFSSL_ECC_SECP224R1 = 21, + WOLFSSL_ECC_SECP256K1 = 22, + WOLFSSL_ECC_SECP256R1 = 23, + WOLFSSL_ECC_SECP384R1 = 24, + WOLFSSL_ECC_SECP521R1 = 25, + WOLFSSL_ECC_BRAINPOOLP256R1 = 26, + WOLFSSL_ECC_BRAINPOOLP384R1 = 27, + WOLFSSL_ECC_BRAINPOOLP512R1 = 28, + WOLFSSL_ECC_X25519 = 29, + /* Not implemented. */ + WOLFSSL_ECC_X448 = 30, + + WOLFSSL_FFDHE_2048 = 256, + WOLFSSL_FFDHE_3072 = 257, + WOLFSSL_FFDHE_4096 = 258, + WOLFSSL_FFDHE_6144 = 259, + WOLFSSL_FFDHE_8192 = 260, +}; + +enum { + WOLFSSL_EC_PF_UNCOMPRESSED = 0, +#if 0 /* Not Supported */ + WOLFSSL_EC_PF_X962_COMP_PRIME = 1, + WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2, +#endif +}; + +#ifdef HAVE_SUPPORTED_CURVES +#ifndef NO_WOLFSSL_CLIENT + +WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name); +WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, + word16 name); + +#endif +#endif + +#ifdef WOLFSSL_TLS13 +WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group); +WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl); +#endif + + +/* Secure Renegotiation */ +#ifdef HAVE_SECURE_RENEGOTIATION + +WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_StartSecureRenegotiation(WOLFSSL* ssl, int resume); +WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_SecureResume(WOLFSSL* ssl); +WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl); + +#endif + +/* Session Ticket */ +#ifdef HAVE_SESSION_TICKET + +#ifndef NO_WOLFSSL_CLIENT +WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, word32*); +WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, word32); +typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*); +WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, + CallbackSessionTicket, void*); +#endif /* NO_WOLFSSL_CLIENT */ + + +#define WOLFSSL_TICKET_NAME_SZ 16 +#define WOLFSSL_TICKET_IV_SZ 16 +#define WOLFSSL_TICKET_MAC_SZ 32 + +enum TicketEncRet { + WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */ + WOLFSSL_TICKET_RET_OK = 0, /* ok, use ticket */ + WOLFSSL_TICKET_RET_REJECT, /* don't use ticket, but not fatal */ + WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */ +}; + +#ifndef NO_WOLFSSL_SERVER + +typedef int (*SessionTicketEncCb)(WOLFSSL*, + unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], + unsigned char iv[WOLFSSL_TICKET_IV_SZ], + unsigned char mac[WOLFSSL_TICKET_MAC_SZ], + int enc, unsigned char*, int, int*, void*); +WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, + SessionTicketEncCb); +WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int); +WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*); + +#endif /* NO_WOLFSSL_SERVER */ + +#endif /* HAVE_SESSION_TICKET */ + +#ifdef HAVE_QSH +/* Quantum-safe Crypto Schemes */ +enum { + WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65 */ + WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86 */ + WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */ + WOLFSSL_LWE_XXX = 0x0201, /* Learning With Error encryption scheme */ + WOLFSSL_HFE_XXX = 0x0301, /* Hidden Field Equation scheme */ + WOLFSSL_NULL_QSH = 0xFFFF /* QSHScheme is not used */ +}; + + +/* test if the connection is using a QSH secure connection return 1 if so */ +WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name); +#ifndef NO_WOLFSSL_CLIENT + /* user control over sending client public key in hello + when flag = 1 will send keys if flag is 0 or function is not called + then will not send keys in the hello extension */ + WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag); +#endif + +#endif /* QSH */ + +/* TLS Extended Master Secret Extension */ +WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx); + + +#define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */ +#define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */ + + +/* notify user the handshake is done */ +typedef int (*HandShakeDoneCb)(WOLFSSL*, void*); +WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*); + + +WOLFSSL_API int wolfSSL_PrintSessionStats(void); +WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active, + unsigned int* total, + unsigned int* peak, + unsigned int* maxSessions); +/* External facing KDF */ +WOLFSSL_API +int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, word32 msLen, + const unsigned char* pms, word32 pmsLen, + const unsigned char* cr, const unsigned char* sr, + int tls1_2, int hash_type); + +WOLFSSL_API +int wolfSSL_MakeTlsExtendedMasterSecret(unsigned char* ms, word32 msLen, + const unsigned char* pms, word32 pmsLen, + const unsigned char* sHash, word32 sHashLen, + int tls1_2, int hash_type); + +WOLFSSL_API +int wolfSSL_DeriveTlsKeys(unsigned char* key_data, word32 keyLen, + const unsigned char* ms, word32 msLen, + const unsigned char* sr, const unsigned char* cr, + int tls1_2, int hash_type); + +#ifdef WOLFSSL_CALLBACKS + +typedef int (*HandShakeCallBack)(HandShakeInfo*); +typedef int (*TimeoutCallBack)(TimeoutInfo*); + +/* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack + for diagnostics */ +WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, + Timeval); +WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, + Timeval); + +#endif /* WOLFSSL_CALLBACKS */ + + +#ifdef WOLFSSL_HAVE_WOLFSCEP + WOLFSSL_API void wolfSSL_wolfSCEP(void); +#endif /* WOLFSSL_HAVE_WOLFSCEP */ + +#ifdef WOLFSSL_HAVE_CERT_SERVICE + WOLFSSL_API void wolfSSL_cert_service(void); +#endif + +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Smaller subset of X509 compatibility functions. Avoid increasing the size of + * this subset and its memory usage */ + +#include +struct WOLFSSL_X509_NAME_ENTRY { + WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */ + WOLFSSL_ASN1_STRING data; + WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ + int nid; /* i.e. ASN_COMMON_NAME */ + int set; + int size; +}; +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + +enum { + WOLFSSL_SYS_ACCEPT = 0, + WOLFSSL_SYS_BIND, + WOLFSSL_SYS_CONNECT, + WOLFSSL_SYS_FOPEN, + WOLFSSL_SYS_FREAD, + WOLFSSL_SYS_GETADDRINFO, + WOLFSSL_SYS_GETSOCKOPT, + WOLFSSL_SYS_GETSOCKNAME, + WOLFSSL_SYS_GETHOSTBYNAME, + WOLFSSL_SYS_GETNAMEINFO, + WOLFSSL_SYS_GETSERVBYNAME, + WOLFSSL_SYS_IOCTLSOCKET, + WOLFSSL_SYS_LISTEN, + WOLFSSL_SYS_OPENDIR, + WOLFSSL_SYS_SETSOCKOPT, + WOLFSSL_SYS_SOCKET +}; + +/* Object functions */ +WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n); +WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); +WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); + +WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); +WOLFSSL_API int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a, + const WOLFSSL_ASN1_OBJECT* b); +WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn); +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name); + +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n); +WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int n, WOLFSSL_ASN1_OBJECT *arg_obj); +WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name); + +WOLFSSL_API void wolfSSL_OBJ_cleanup(void); +WOLFSSL_API int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln); +/* end of object functions */ + +WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); +WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); +WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); +WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx); + +#ifndef NO_CERTS +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( + WOLFSSL_X509_NAME_ENTRY** out, int nid, int type, + const unsigned char* data, int dataSz); +WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, + WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set); +WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, + const char *field, int type, const unsigned char *bytes, int len, int loc, + int set); +WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid, + int type, const unsigned char *bytes, + int len, int loc, int set); +WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, + const WOLFSSL_X509_NAME* y); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); +WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name); +WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); +WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, + int nid, int* c, int* idx); +WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert); +WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); +WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); +WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid( + WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid, + char* value); +WOLFSSL_API void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, + WOLFSSL_X509* issuer, WOLFSSL_X509* subject, WOLFSSL_X509* req, + WOLFSSL_X509_CRL* crl, int flag); +WOLFSSL_API void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx); +WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509, + const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len); +WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); +WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, + unsigned char* der, long derSz); +WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl); +#ifndef NO_RSA +WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, + long derSz); +#endif +WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx, + unsigned char* der, long derSz); + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b); +WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc); +WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc); +WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex); +WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void); +WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk, + WOLFSSL_X509_EXTENSION* ext); +WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk); +WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void); +#endif + +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext); +#endif /* NO_CERTS */ + +WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r); + +WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, + unsigned char* out, int outSz); +WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses); + +WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, + WOLFSSL_X509_STORE* str); +WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, + WOLFSSL_X509** x509); +#endif +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, + WOLFSSL_X509** x509); +WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); + +WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio); +WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); + +WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, + unsigned char *out, size_t outlen); +WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**); + +WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int); +WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int); + +WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, + unsigned char* out, size_t outSz); +WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX + (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio( + WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, + pem_password_cb* cb, void* u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, + WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); +#endif +WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header, + EncryptedInfo* cipher); +WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher, + unsigned char* data, long* len, + pem_password_cb* callback, void* ctx); + +/*lighttp compatibility */ + +struct WOLFSSL_ASN1_BIT_STRING { + int length; + int type; + char* data; + long flags; +}; + + +#if defined(OPENSSL_EXTRA) \ + || defined(OPENSSL_ALL) \ + || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) +WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); +WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); +WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); +/* These are to be merged shortly */ +WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); +WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); +WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); +WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); +WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); +WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509); + +#ifndef NO_FILESYSTEM +WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); +WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); +#endif + +#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ + + +#if defined(OPENSSL_ALL) \ + || defined(HAVE_STUNNEL) \ + || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) + +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int close_flag); +#endif +WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); +WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, + WOLFSSL_DH **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, + WOLFSSL_DSA **x, pem_password_cb *cb, void *u); +WOLFSSL_API int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp,WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); +#endif /* HAVE_STUNNEL || HAVE_LIGHTY */ + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_REQ) +WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void); +WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req); +WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, + const WOLFSSL_EVP_MD *md); +WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req, + WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext); +WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, + WOLFSSL_X509_NAME *name); +WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, + WOLFSSL_EVP_PKEY *pkey); +#endif + + +#if defined(OPENSSL_ALL) \ + || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) \ + || defined(HAVE_LIGHTY) + +#include + +/* SNI received callback type */ +typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg); + +WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); + +WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void); + +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_6144_prime(WOLFSSL_BIGNUM* bn); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn); + +WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, void *), void *cb_arg); + +WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int, + void (*callback) (int, int, void *)); + +WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void); + +WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void); + +WOLFSSL_API int wolfSSL_FIPS_mode(void); + +WOLFSSL_API int wolfSSL_FIPS_mode_set(int r); + +WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth); + +WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); + +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new(void); +WOLFSSL_API int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s); + +WOLFSSL_API WOLFSSL_X509_INFO *wolfSSL_X509_INFO_new(void); +WOLFSSL_API void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info); + +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_INFO_new_null(void); +WOLFSSL_API int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO)*); +WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value( + const WOLF_STACK_OF(WOLFSSL_X509_INFO)*, int); +WOLFSSL_API int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)*, + WOLFSSL_X509_INFO*); +WOLFSSL_API WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); +WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*, + void f (WOLFSSL_X509_INFO*)); +WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); + +typedef int (*wolf_sk_compare_cb)(const void* const *a, + const void* const *b); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new( + wolf_sk_compare_cb); +WOLFSSL_API int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)*, + WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*, + WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_sk_X509_NAME_set_cmp_func( + WOLF_STACK_OF(WOLFSSL_X509_NAME)*, wolf_sk_compare_cb); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*, int); +WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)*); +WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)*, + void f (WOLFSSL_X509_NAME*)); +WOLFSSL_API void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME) *); + +WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, + unsigned long); + +WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( + const WOLFSSL_X509*); + +WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); + +WOLFSSL_API int wolfSSL_version(WOLFSSL*); + +WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); + +WOLFSSL_API void* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int); + +WOLFSSL_API void* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*); + +WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); + +WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); + +WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*, + CRYPTO_free_func*); + +WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); + + +WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, + unsigned int*); + +WOLFSSL_API int wolfSSL_SESSION_print(WOLFSSL_BIO*, const WOLFSSL_SESSION*); + +WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL *, const char *); + +WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL *, unsigned char); + +WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*); + +WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); + +WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); + +WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, + CallbackSniRecv); +WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, + CallbackSniRecv); + +WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); + +WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); + +/* support for depricated old name */ +#define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state + +#ifndef NO_FILESYSTEM +WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE fp); +#endif + +WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*)); + +WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val); + +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( + WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); + +WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ + +#if defined(OPENSSL_ALL) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + +WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx); + +#endif + +#ifdef WOLFSSL_JNI +WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr); +WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl); +#endif /* WOLFSSL_JNI */ + + +#ifdef WOLFSSL_ASYNC_CRYPT +WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags); +WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents, + WOLF_EVENT_FLAG flags, int* eventCount); +#endif /* WOLFSSL_ASYNC_CRYPT */ + +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names); + +typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type, + const void *buf, size_t len, WOLFSSL *ssl, void *arg); + +WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb); +WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb); +WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg); +WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg); +WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, + int *line, const char **data, int *flags); +WOLFSSL_API int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, + const unsigned char *protos, unsigned int protos_len); +WOLFSSL_API int wolfSSL_set_alpn_protos(WOLFSSL* ssl, + const unsigned char* protos, unsigned int protos_len); +WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, + size_t siz, const char* file, int line); +WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); +#endif + +#if defined(OPENSSL_ALL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) +WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name); +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +/* Not an OpenSSL API. */ +WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response); +/* Not an OpenSSL API. */ +WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); +/* Not an OpenSSL API. */ +WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); +WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, + void *b, void *c); +WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); +WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, + void *data); +WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data, + const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len); + +WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx); +WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, + WOLFSSL_EC_KEY *ecdh); +WOLFSSL_API int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *, + WOLFSSL_SESSION *c); + +WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s); +WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s); +WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s); +WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL*); +WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*); + +#ifndef NO_SESSION_CACHE + WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s); +#endif +WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, + size_t chklen, unsigned int flags, char **peername); + +WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, + const WOLFSSL_ASN1_INTEGER *a); + +#ifdef HAVE_SESSION_TICKET +WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)( + WOLFSSL *ssl, unsigned char *name, unsigned char *iv, + WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc)); +#endif + +#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, + WOLF_STACK_OF(X509)** chain); +WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, + int(*)(WOLFSSL*, void*)); + +WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, + WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x); + +WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x); + +WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, + WOLFSSL_X509 *subject); + +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x); + +WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( + WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); +#endif /* HAVE_OCSP */ + +WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, + WOLFSSL_X509 *cert); + +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA || HAVE_LIGHTY*/ + +WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, + const unsigned char **data, unsigned int *len); +WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out, + unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); +WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, + int (*cb) (WOLFSSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, + unsigned *len); + + +#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( + const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); +WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); +WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count); +#endif + +WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); +WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); +WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); +WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor); +WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_X509_PUBKEY *pub); +WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); +WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a); +WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); +WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir); +WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); +WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p); +WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find( + WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_sk_SSL_CIPHER_dup( + WOLF_STACK_OF(WOLFSSL_CIPHER)* in); +WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); +WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); +WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk); +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); +WOLFSSL_API void ERR_load_SSL_strings(void); +WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); + +WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); +WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags); +WOLFSSL_API int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str); +WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t); +WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out); +WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); +WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store); +WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); + +WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, + int passwdSz, pem_password_cb* cb, void* ctx); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey( + WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length); +WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509); + + +#endif /* OPENSSL_EXTRA */ + +#ifdef HAVE_PK_CALLBACKS +WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx); +#endif + +#ifdef HAVE_ENCRYPT_THEN_MAC +WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int); +WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL_SSL_H */ diff --git a/source/libwolfssl/test.h b/source/libwolfssl/test.h new file mode 100644 index 00000000..338f32da --- /dev/null +++ b/source/libwolfssl/test.h @@ -0,0 +1,3437 @@ +/* test.h */ + +#ifndef wolfSSL_TEST_H +#define wolfSSL_TEST_H + +#include +#include +#include +#include +#include +#include +#include +#include +#if defined(SHOW_CERTS) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + #include /* for domain component NID value */ +#endif + +#ifdef ATOMIC_USER + #include + #include + #include +#endif +#ifdef HAVE_PK_CALLBACKS + #include + #ifndef NO_RSA + #include + #endif + #ifdef HAVE_ECC + #include + #endif /* HAVE_ECC */ + #ifndef NO_DH + #include + #endif /* !NO_DH */ + #ifdef HAVE_ED25519 + #include + #endif /* HAVE_ED25519 */ + #ifdef HAVE_CURVE25519 + #include + #endif /* HAVE_ECC */ +#endif /*HAVE_PK_CALLBACKS */ + +#ifdef USE_WINDOWS_API + #include + #include + #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */ + #include + #include + #endif + #define SOCKET_T SOCKET + #define SNPRINTF _snprintf +#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) + #include + #include "rl_net.h" + #define SOCKET_T int + typedef int socklen_t ; + #define inet_addr wolfSSL_inet_addr + static unsigned long wolfSSL_inet_addr(const char *cp) + { + unsigned int a[4] ; unsigned long ret ; + sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ; + ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; + return(ret) ; + } + #if defined(HAVE_KEIL_RTX) + #define sleep(t) os_dly_wait(t/1000+1); + #elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) + #define sleep(t) osDelay(t/1000+1); + #endif +#elif defined(WOLFSSL_TIRTOS) + #include + #include + #include + #include + #include + #include + struct hostent { + char *h_name; /* official name of host */ + char **h_aliases; /* alias list */ + int h_addrtype; /* host address type */ + int h_length; /* length of address */ + char **h_addr_list; /* list of addresses from name server */ + }; + #define SOCKET_T int +#elif defined(WOLFSSL_VXWORKS) + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #define SOCKET_T int +#elif defined(WOLFSSL_ZEPHYR) + #include + #include + #include + #define SOCKET_T int + #define SOL_SOCKET 1 + #define SO_REUSEADDR 201 + #define WOLFSSL_USE_GETADDRINFO + + static unsigned long inet_addr(const char *cp) + { + unsigned int a[4]; unsigned long ret; + int i, j; + for (i=0, j=0; i<4; i++) { + a[i] = 0; + while (cp[j] != '.' && cp[j] != '\0') { + a[i] *= 10; + a[i] += cp[j] - '0'; + j++; + } + } + ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; + return(ret) ; + } +#else + #include + #include +#ifndef WOLFSSL_LEANPSK + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #ifdef TEST_IPV6 + #include + #endif +#endif + #define SOCKET_T int + #ifndef SO_NOSIGPIPE + #include /* ignore SIGPIPE */ + #endif + #define SNPRINTF snprintf +#endif /* USE_WINDOWS_API */ + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif +#ifdef HAVE_CAVIUM + #include +#endif +#ifdef _MSC_VER + /* disable conversion warning */ + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable:4244 4996) +#endif + +#ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE + #define WOLFSSL_CIPHER_LIST_MAX_SIZE 4096 +#endif +/* Buffer for benchmark tests */ +#ifndef TEST_BUFFER_SIZE + #define TEST_BUFFER_SIZE 16384 +#endif + +#ifndef WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MIN + static WC_INLINE word32 min(word32 a, word32 b) + { + return a > b ? b : a; + } +#endif /* WOLFSSL_HAVE_MIN */ + +/* Socket Handling */ +#ifndef WOLFSSL_SOCKET_INVALID +#ifdef USE_WINDOWS_API + #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET) +#elif defined(WOLFSSL_TIRTOS) + #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1) +#else + #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0) +#endif +#endif /* WOLFSSL_SOCKET_INVALID */ + +#ifndef WOLFSSL_SOCKET_IS_INVALID +#if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS) + #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID) +#else + #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID) +#endif +#endif /* WOLFSSL_SOCKET_IS_INVALID */ + +#if defined(__MACH__) || defined(USE_WINDOWS_API) + #ifndef _SOCKLEN_T + typedef int socklen_t; + #endif +#endif + + +/* HPUX doesn't use socklent_t for third parameter to accept, unless + _XOPEN_SOURCE_EXTENDED is defined */ +#if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\ + && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) + typedef socklen_t* ACCEPT_THIRD_T; +#else + #if defined _XOPEN_SOURCE_EXTENDED + typedef socklen_t* ACCEPT_THIRD_T; + #else + typedef int* ACCEPT_THIRD_T; + #endif +#endif + + + +#ifdef SINGLE_THREADED + typedef unsigned int THREAD_RETURN; + typedef void* THREAD_TYPE; + #define WOLFSSL_THREAD +#else + #if defined(_POSIX_THREADS) && !defined(__MINGW32__) + typedef void* THREAD_RETURN; + typedef pthread_t THREAD_TYPE; + #define WOLFSSL_THREAD + #define INFINITE -1 + #define WAIT_OBJECT_0 0L + #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) + typedef unsigned int THREAD_RETURN; + typedef int THREAD_TYPE; + #define WOLFSSL_THREAD + #elif defined(WOLFSSL_TIRTOS) + typedef void THREAD_RETURN; + typedef Task_Handle THREAD_TYPE; + #define WOLFSSL_THREAD + #elif defined(WOLFSSL_ZEPHYR) + typedef void THREAD_RETURN; + typedef struct k_thread THREAD_TYPE; + #define WOLFSSL_THREAD + #else + typedef unsigned int THREAD_RETURN; + typedef intptr_t THREAD_TYPE; + #define WOLFSSL_THREAD __stdcall + #endif +#endif + + +#ifdef TEST_IPV6 + typedef struct sockaddr_in6 SOCKADDR_IN_T; + #define AF_INET_V AF_INET6 +#else + typedef struct sockaddr_in SOCKADDR_IN_T; + #define AF_INET_V AF_INET +#endif + + +#ifndef WOLFSSL_NO_TLS12 +#define SERVER_DEFAULT_VERSION 3 +#else +#define SERVER_DEFAULT_VERSION 4 +#endif +#define SERVER_DTLS_DEFAULT_VERSION (-2) +#define SERVER_INVALID_VERSION (-99) +#define SERVER_DOWNGRADE_VERSION (-98) +#ifndef WOLFSSL_NO_TLS12 +#define CLIENT_DEFAULT_VERSION 3 +#else +#define CLIENT_DEFAULT_VERSION 4 +#endif +#define CLIENT_DTLS_DEFAULT_VERSION (-2) +#define CLIENT_INVALID_VERSION (-99) +#define CLIENT_DOWNGRADE_VERSION (-98) +#define EITHER_DOWNGRADE_VERSION (-97) +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) + #define DEFAULT_MIN_DHKEY_BITS 2048 + #define DEFAULT_MAX_DHKEY_BITS 3072 +#else + #define DEFAULT_MIN_DHKEY_BITS 1024 + #define DEFAULT_MAX_DHKEY_BITS 2048 +#endif +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) + #define DEFAULT_MIN_RSAKEY_BITS 2048 +#else + #define DEFAULT_MIN_RSAKEY_BITS 1024 +#endif +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) + #define DEFAULT_MIN_ECCKEY_BITS 256 +#else + #define DEFAULT_MIN_ECCKEY_BITS 224 +#endif + +/* all certs relative to wolfSSL home directory now */ +#if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL) +#define caCertFile "certs/ca-cert.pem" +#define eccCertFile "certs/server-ecc.pem" +#define eccKeyFile "certs/ecc-key.pem" +#define eccRsaCertFile "certs/server-ecc-rsa.pem" +#define svrCertFile "certs/server-cert.pem" +#define svrKeyFile "certs/server-key.pem" +#define cliCertFile "certs/client-cert.pem" +#define cliCertDerFile "certs/client-cert.der" +#define cliKeyFile "certs/client-key.pem" +#define ntruCertFile "certs/ntru-cert.pem" +#define ntruKeyFile "certs/ntru-key.raw" +#define dhParamFile "certs/dh2048.pem" +#define cliEccKeyFile "certs/ecc-client-key.pem" +#define cliEccCertFile "certs/client-ecc-cert.pem" +#define caEccCertFile "certs/ca-ecc-cert.pem" +#define crlPemDir "certs/crl" +#define edCertFile "certs/ed25519/server-ed25519-cert.pem" +#define edKeyFile "certs/ed25519/server-ed25519-priv.pem" +#define cliEdCertFile "certs/ed25519/client-ed25519.pem" +#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem" +#define caEdCertFile "certs/ed25519/ca-ed25519.pem" +#ifdef HAVE_WNR + /* Whitewood netRandom default config file */ + #define wnrConfig "wnr-example.conf" +#endif +#else +#define caCertFile "./certs/ca-cert.pem" +#define eccCertFile "./certs/server-ecc.pem" +#define eccKeyFile "./certs/ecc-key.pem" +#define eccRsaCertFile "./certs/server-ecc-rsa.pem" +#define svrCertFile "./certs/server-cert.pem" +#define svrKeyFile "./certs/server-key.pem" +#define cliCertFile "./certs/client-cert.pem" +#define cliCertDerFile "./certs/client-cert.der" +#define cliKeyFile "./certs/client-key.pem" +#define ntruCertFile "./certs/ntru-cert.pem" +#define ntruKeyFile "./certs/ntru-key.raw" +#define dhParamFile "./certs/dh2048.pem" +#define cliEccKeyFile "./certs/ecc-client-key.pem" +#define cliEccCertFile "./certs/client-ecc-cert.pem" +#define caEccCertFile "./certs/ca-ecc-cert.pem" +#define crlPemDir "./certs/crl" +#define edCertFile "./certs/ed25519/server-ed25519-cert.pem" +#define edKeyFile "./certs/ed25519/server-ed25519-priv.pem" +#define cliEdCertFile "./certs/ed25519/client-ed25519.pem" +#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem" +#define caEdCertFile "./certs/ed25519/ca-ed25519.pem" +#ifdef HAVE_WNR + /* Whitewood netRandom default config file */ + #define wnrConfig "./wnr-example.conf" +#endif +#endif + +typedef struct tcp_ready { + word16 ready; /* predicate */ + word16 port; + char* srfName; /* server ready file name */ +#if defined(_POSIX_THREADS) && !defined(__MINGW32__) + pthread_mutex_t mutex; + pthread_cond_t cond; +#endif +} tcp_ready; + + +static WC_INLINE void InitTcpReady(tcp_ready* ready) +{ + ready->ready = 0; + ready->port = 0; + ready->srfName = NULL; +#ifdef SINGLE_THREADED +#elif defined(_POSIX_THREADS) && !defined(__MINGW32__) + pthread_mutex_init(&ready->mutex, 0); + pthread_cond_init(&ready->cond, 0); +#endif +} + + +static WC_INLINE void FreeTcpReady(tcp_ready* ready) +{ +#ifdef SINGLE_THREADED + (void)ready; +#elif defined(_POSIX_THREADS) && !defined(__MINGW32__) + pthread_mutex_destroy(&ready->mutex); + pthread_cond_destroy(&ready->cond); +#else + (void)ready; +#endif +} + +typedef WOLFSSL_METHOD* (*method_provider)(void); +typedef void (*ctx_callback)(WOLFSSL_CTX* ctx); +typedef void (*ssl_callback)(WOLFSSL* ssl); + +typedef struct callback_functions { + method_provider method; + ctx_callback ctx_ready; + ssl_callback ssl_ready; + ssl_callback on_result; + WOLFSSL_CTX* ctx; +} callback_functions; + +typedef struct func_args { + int argc; + char** argv; + int return_code; + tcp_ready* signal; + callback_functions *callbacks; +} func_args; + + + + +void wait_tcp_ready(func_args*); + +#ifdef WOLFSSL_ZEPHYR +typedef void THREAD_FUNC(void*, void*, void*); +#else +typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*); +#endif + +void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*); +void join_thread(THREAD_TYPE); + +/* wolfSSL */ +#ifndef TEST_IPV6 + static const char* const wolfSSLIP = "127.0.0.1"; +#else + static const char* const wolfSSLIP = "::1"; +#endif +static const word16 wolfSSLPort = 11111; + + + +#ifndef MY_EX_USAGE +#define MY_EX_USAGE 2 +#endif + +#ifndef EXIT_FAILURE +#define EXIT_FAILURE 1 +#endif + +#if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR) + #ifndef EXIT_SUCCESS + #define EXIT_SUCCESS 0 + #endif + #define XEXIT(rc) return rc + #define XEXIT_T(rc) return (THREAD_RETURN)rc +#else + #define XEXIT(rc) exit((int)(rc)) + #define XEXIT_T(rc) exit((int)(rc)) +#endif + + +static WC_INLINE +#if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR) +THREAD_RETURN +#else +WC_NORETURN void +#endif +err_sys(const char* msg) +{ + printf("wolfSSL error: %s\n", msg); + +#if !defined(__GNUC__) + /* scan-build (which pretends to be gnuc) can get confused and think the + * msg pointer can be null even when hardcoded and then it won't exit, + * making null pointer checks above the err_sys() call useless. + * We could just always exit() but some compilers will complain about no + * possible return, with gcc we know the attribute to handle that with + * WC_NORETURN. */ + if (msg) +#endif + { + XEXIT_T(EXIT_FAILURE); + } +} + + +extern int myoptind; +extern char* myoptarg; + +static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) +{ + static char* next = NULL; + + char c; + char* cp; + + if (myoptind == 0) + next = NULL; /* we're starting new/over */ + + if (next == NULL || *next == '\0') { + if (myoptind == 0) + myoptind++; + + if (myoptind >= argc || argv[myoptind][0] != '-' || + argv[myoptind][1] == '\0') { + myoptarg = NULL; + if (myoptind < argc) + myoptarg = argv[myoptind]; + + return -1; + } + + if (strcmp(argv[myoptind], "--") == 0) { + myoptind++; + myoptarg = NULL; + + if (myoptind < argc) + myoptarg = argv[myoptind]; + + return -1; + } + + next = argv[myoptind]; + next++; /* skip - */ + myoptind++; + } + + c = *next++; + /* The C++ strchr can return a different value */ + cp = (char*)strchr(optstring, c); + + if (cp == NULL || c == ':') + return '?'; + + cp++; + + if (*cp == ':') { + if (*next != '\0') { + myoptarg = next; + next = NULL; + } + else if (myoptind < argc) { + myoptarg = argv[myoptind]; + myoptind++; + } + else + return '?'; + } + + return c; +} + + +#ifdef WOLFSSL_ENCRYPTED_KEYS + +static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) +{ + (void)rw; + (void)userdata; + if (userdata != NULL) { + strncpy(passwd, (char*)userdata, sz); + return (int)XSTRLEN((char*)userdata); + } + else { + strncpy(passwd, "yassl123", sz); + return 8; + } +} + +#endif + +static const char* client_showpeer_msg[][8] = { + /* English */ + { + "SSL version is", + "SSL cipher suite is", + "SSL curve name is", + "SSL DH size is", + "SSL reused session", + "Alternate cert chain used", + "peer's cert info:", + NULL + }, +#ifndef NO_MULTIBYTE_PRINT + /* Japanese */ + { + "SSL バージョンは", + "SSL 暗号スイートは", + "SSL 曲線名は", + "SSL DH サイズは", + "SSL 再利用セッション", + "代替証明チェーンを使用", + "相手方証明書情報", + NULL + }, +#endif +}; + +#if defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) || defined(SESSION_CERTS) +static const char* client_showx509_msg[][5] = { + /* English */ + { + "issuer", + "subject", + "altname", + "serial number", + NULL + }, +#ifndef NO_MULTIBYTE_PRINT + /* Japanese */ + { + "発行者", + "サブジェクト", + "代替名", + "シリアル番号", + NULL + }, +#endif +}; + +/* lng_index is to specify the language for displaying message. */ +/* 0:English, 1:Japanese */ +static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr, + int lng_index) +{ + char* altName; + char* issuer; + char* subject; + byte serial[32]; + int ret; + int sz = sizeof(serial); + const char** words = client_showx509_msg[lng_index]; + + if (x509 == NULL) { + printf("%s No Cert\n", hdr); + return; + } + + issuer = wolfSSL_X509_NAME_oneline( + wolfSSL_X509_get_issuer_name(x509), 0, 0); + subject = wolfSSL_X509_NAME_oneline( + wolfSSL_X509_get_subject_name(x509), 0, 0); + + printf("%s\n %s : %s\n %s: %s\n", hdr, words[0], issuer, words[1], subject); + + while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL) + printf(" %s = %s\n", words[2], altName); + + ret = wolfSSL_X509_get_serial_number(x509, serial, &sz); + if (ret == WOLFSSL_SUCCESS) { + int i; + int strLen; + char serialMsg[80]; + + /* testsuite has multiple threads writing to stdout, get output + message ready to write once */ + strLen = sprintf(serialMsg, " %s", words[3]); + for (i = 0; i < sz; i++) + sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]); + printf("%s\n", serialMsg); + } + + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); + +#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) + { + WOLFSSL_BIO* bio; + char buf[256]; /* should be size of ASN_NAME_MAX */ + int textSz; + + /* print out domain component if certificate has it */ + textSz = wolfSSL_X509_NAME_get_text_by_NID( + wolfSSL_X509_get_subject_name(x509), NID_domainComponent, + buf, sizeof(buf)); + if (textSz > 0) { + printf("Domain Component = %s\n", buf); + } + + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + if (bio != NULL) { + wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE); + wolfSSL_X509_print(bio, x509); + wolfSSL_BIO_free(bio); + } + } +#endif /* SHOW_CERTS && OPENSSL_EXTRA */ +} +/* original ShowX509 to maintain compatibility */ +static WC_INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr) +{ + ShowX509Ex(x509, hdr, 0); +} + +#endif /* KEEP_PEER_CERT || KEEP_OUR_CERT || SESSION_CERTS */ + +#if defined(SHOW_CERTS) && defined(SESSION_CERTS) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count, + const char* hdr) +{ + int i; + int length; + unsigned char buffer[3072]; + WOLFSSL_X509* chainX509; + + for (i = 0; i < count; i++) { + wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length); + buffer[length] = 0; + printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer); + + chainX509 = wolfSSL_get_chain_X509(chain, i); + if (chainX509) + ShowX509(chainX509, hdr); + else + printf("get_chain_X509 failed\n"); + wolfSSL_FreeX509(chainX509); + } +} +#endif /* SHOW_CERTS && SESSION_CERTS */ + +/* lng_index is to specify the language for displaying message. */ +/* 0:English, 1:Japanese */ +static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index) +{ + WOLFSSL_CIPHER* cipher; + const char** words = client_showpeer_msg[lng_index]; + +#if defined(HAVE_ECC) || !defined(NO_DH) + const char *name; +#endif +#ifndef NO_DH + int bits; +#endif +#ifdef KEEP_PEER_CERT + WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); + if (peer) + ShowX509Ex(peer, words[6], lng_index); + else + printf("peer has no cert!\n"); + wolfSSL_FreeX509(peer); +#endif +#if defined(SHOW_CERTS) && defined(KEEP_OUR_CERT) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + ShowX509(wolfSSL_get_certificate(ssl), "our cert info:"); + printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl)); +#endif /* SHOW_CERTS && KEEP_OUR_CERT */ + printf("%s %s\n", words[0], wolfSSL_get_version(ssl)); + + cipher = wolfSSL_get_current_cipher(ssl); +#ifdef HAVE_QSH + printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "", + wolfSSL_CIPHER_get_name(cipher)); +#else + printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher)); +#endif +#if defined(HAVE_ECC) || !defined(NO_DH) + if ((name = wolfSSL_get_curve_name(ssl)) != NULL) + printf("%s %s\n", words[2], name); +#endif +#ifndef NO_DH + else if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0) + printf("%s %d bits\n", words[3], bits); +#endif + if (wolfSSL_session_reused(ssl)) + printf("%s\n", words[4]); +#ifdef WOLFSSL_ALT_CERT_CHAINS + if (wolfSSL_is_peer_alt_cert_chain(ssl)) + printf("%s\n", words[5]); +#endif + +#if defined(SHOW_CERTS) && defined(SESSION_CERTS) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + { + WOLFSSL_X509_CHAIN* chain; + + chain = wolfSSL_get_peer_chain(ssl); + ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "session cert"); + + #ifdef WOLFSSL_ALT_CERT_CHAINS + if (wolfSSL_is_peer_alt_cert_chain(ssl)) { + chain = wolfSSL_get_peer_alt_chain(ssl); + ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "alt cert"); + } + #endif + } +#endif /* SHOW_CERTS && SESSION_CERTS */ + (void)ssl; +} +/* original showPeer to maintain compatibility */ +static WC_INLINE void showPeer(WOLFSSL* ssl) +{ + showPeerEx(ssl, 0); +} + +static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, + word16 port, int udp, int sctp) +{ + int useLookup = 0; + (void)useLookup; + (void)udp; + (void)sctp; + + if (addr == NULL) + err_sys("invalid argument to build_addr, addr is NULL"); + + XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T)); + +#ifndef TEST_IPV6 + /* peer could be in human readable form */ + if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) { + #ifndef WOLFSSL_USE_GETADDRINFO + #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) + int err; + struct hostent* entry = gethostbyname(peer, &err); + #elif defined(WOLFSSL_TIRTOS) + struct hostent* entry = DNSGetHostByName(peer); + #elif defined(WOLFSSL_VXWORKS) + struct hostent* entry = (struct hostent*)hostGetByName((char*)peer); + #else + struct hostent* entry = gethostbyname(peer); + #endif + + if (entry) { + XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0], + entry->h_length); + useLookup = 1; + } + #else + struct zsock_addrinfo hints, *addrInfo; + char portStr[6]; + XSNPRINTF(portStr, sizeof(portStr), "%d", port); + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM; + hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP; + if (getaddrinfo((char*)peer, portStr, &hints, &addrInfo) == 0) { + XMEMCPY(addr, addrInfo->ai_addr, sizeof(*addr)); + useLookup = 1; + } + #endif + else + err_sys("no entry for host"); + } +#endif + + +#ifndef TEST_IPV6 + #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) + addr->sin_family = PF_INET; + #else + addr->sin_family = AF_INET_V; + #endif + addr->sin_port = XHTONS(port); + if ((size_t)peer == INADDR_ANY) + addr->sin_addr.s_addr = INADDR_ANY; + else { + if (!useLookup) + addr->sin_addr.s_addr = inet_addr(peer); + } +#else + addr->sin6_family = AF_INET_V; + addr->sin6_port = XHTONS(port); + if ((size_t)peer == INADDR_ANY) { + addr->sin6_addr = in6addr_any; + } + else { + #if defined(HAVE_GETADDRINFO) || defined(WOLF_C99) + struct addrinfo hints; + struct addrinfo* answer = NULL; + int ret; + char strPort[80]; + + XMEMSET(&hints, 0, sizeof(hints)); + + hints.ai_family = AF_INET_V; + if (udp) { + hints.ai_socktype = SOCK_DGRAM; + hints.ai_protocol = IPPROTO_UDP; + } + #ifdef WOLFSSL_SCTP + else if (sctp) { + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_SCTP; + } + #endif + else { + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + } + + SNPRINTF(strPort, sizeof(strPort), "%d", port); + strPort[79] = '\0'; + + ret = getaddrinfo(peer, strPort, &hints, &answer); + if (ret < 0 || answer == NULL) + err_sys("getaddrinfo failed"); + + XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen); + freeaddrinfo(answer); + #else + printf("no ipv6 getaddrinfo, loopback only tests/examples\n"); + addr->sin6_addr = in6addr_loopback; + #endif + } +#endif +} + + +static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp) +{ + (void)sctp; + + if (udp) + *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP); +#ifdef WOLFSSL_SCTP + else if (sctp) + *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP); +#endif + else + *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP); + + if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) { + err_sys("socket failed\n"); + } + +#ifndef USE_WINDOWS_API +#ifdef SO_NOSIGPIPE + { + int on = 1; + socklen_t len = sizeof(on); + int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len); + if (res < 0) + err_sys("setsockopt SO_NOSIGPIPE failed\n"); + } +#elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\ + defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR) + /* nothing to define */ +#else /* no S_NOSIGPIPE */ + signal(SIGPIPE, SIG_IGN); +#endif /* S_NOSIGPIPE */ + +#if defined(TCP_NODELAY) + if (!udp && !sctp) + { + int on = 1; + socklen_t len = sizeof(on); + int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len); + if (res < 0) + err_sys("setsockopt TCP_NODELAY failed\n"); + } +#endif +#endif /* USE_WINDOWS_API */ +} + +static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port, + int udp, int sctp, WOLFSSL* ssl) +{ + SOCKADDR_IN_T addr; + build_addr(&addr, ip, port, udp, sctp); + if (udp) { + wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); + } + tcp_socket(sockfd, udp, sctp); + + if (!udp) { + if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp connect failed"); + } +} + + +static WC_INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz) +{ + if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0) + err_sys("tcp connect failed"); +} + + +enum { + TEST_SELECT_FAIL, + TEST_TIMEOUT, + TEST_RECV_READY, + TEST_SEND_READY, + TEST_ERROR_READY +}; + + +#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \ + !defined(WOLFSSL_TIRTOS) +static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx) +{ + fd_set fds, errfds; + fd_set* recvfds = NULL; + fd_set* sendfds = NULL; + SOCKET_T nfds = socketfd + 1; +#if !defined(__INTEGRITY) + struct timeval timeout = {(to_sec > 0) ? to_sec : 0, 0}; +#else + struct timeval timeout; +#endif + int result; + + FD_ZERO(&fds); + FD_SET(socketfd, &fds); + FD_ZERO(&errfds); + FD_SET(socketfd, &errfds); + + if (rx) + recvfds = &fds; + else + sendfds = &fds; + +#if defined(__INTEGRITY) + timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0; +#endif + result = select(nfds, recvfds, sendfds, &errfds, &timeout); + + if (result == 0) + return TEST_TIMEOUT; + else if (result > 0) { + if (FD_ISSET(socketfd, &fds)) { + if (rx) + return TEST_RECV_READY; + else + return TEST_SEND_READY; + } + else if(FD_ISSET(socketfd, &errfds)) + return TEST_ERROR_READY; + } + + return TEST_SELECT_FAIL; +} + +static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec) +{ + return tcp_select_ex(socketfd, to_sec, 1); +} + +static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec) +{ + return tcp_select_ex(socketfd, to_sec, 0); +} + +#elif defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_KEIL_TCP_NET) +static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec) +{ + return TEST_RECV_READY; +} +static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec) +{ + return TEST_SEND_READY; +} +#endif /* !WOLFSSL_MDK_ARM */ + + +static WC_INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr, + int udp, int sctp) +{ + SOCKADDR_IN_T addr; + + /* don't use INADDR_ANY by default, firewall may block, make user switch + on */ + build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp); + tcp_socket(sockfd, udp, sctp); + +#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\ + && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR) + { + int res, on = 1; + socklen_t len = sizeof(on); + res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + if (res < 0) + err_sys("setsockopt SO_REUSEADDR failed\n"); + } +#endif + + if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp bind failed"); + if (!udp) { + #ifdef WOLFSSL_KEIL_TCP_NET + #define SOCK_LISTEN_MAX_QUEUE 1 + #else + #define SOCK_LISTEN_MAX_QUEUE 5 + #endif + if (listen(*sockfd, SOCK_LISTEN_MAX_QUEUE) != 0) + err_sys("tcp listen failed"); + } + #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) \ + && !defined(WOLFSSL_ZEPHYR) + if (*port == 0) { + socklen_t len = sizeof(addr); + if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { + #ifndef TEST_IPV6 + *port = XNTOHS(addr.sin_port); + #else + *port = XNTOHS(addr.sin6_port); + #endif + } + } + #endif +} + + +#if 0 +static WC_INLINE int udp_read_connect(SOCKET_T sockfd) +{ + SOCKADDR_IN_T cliaddr; + byte b[1500]; + int n; + socklen_t len = sizeof(cliaddr); + + n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK, + (struct sockaddr*)&cliaddr, &len); + if (n > 0) { + if (connect(sockfd, (const struct sockaddr*)&cliaddr, + sizeof(cliaddr)) != 0) + err_sys("udp connect failed"); + } + else + err_sys("recvfrom failed"); + + return sockfd; +} +#endif + +static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, + int useAnyAddr, word16 port, func_args* args) +{ + SOCKADDR_IN_T addr; + + (void)args; + build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0); + tcp_socket(sockfd, 1, 0); + + +#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \ + && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR) + { + int res, on = 1; + socklen_t len = sizeof(on); + res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + if (res < 0) + err_sys("setsockopt SO_REUSEADDR failed\n"); + } +#endif + + if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp bind failed"); + + #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS) + if (port == 0) { + socklen_t len = sizeof(addr); + if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { + #ifndef TEST_IPV6 + port = XNTOHS(addr.sin_port); + #else + port = XNTOHS(addr.sin6_port); + #endif + } + } + #endif + +#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) + /* signal ready to accept data */ + { + tcp_ready* ready = args->signal; + pthread_mutex_lock(&ready->mutex); + ready->ready = 1; + ready->port = port; + pthread_cond_signal(&ready->cond); + pthread_mutex_unlock(&ready->mutex); + } +#elif defined (WOLFSSL_TIRTOS) + /* Need mutex? */ + tcp_ready* ready = args->signal; + ready->ready = 1; + ready->port = port; +#endif + + *clientfd = *sockfd; +} + +static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, + func_args* args, word16 port, int useAnyAddr, + int udp, int sctp, int ready_file, int do_listen) +{ + SOCKADDR_IN_T client; + socklen_t client_len = sizeof(client); + tcp_ready* ready = NULL; + + (void) ready; /* Account for case when "ready" is not used */ + + if (udp) { + udp_accept(sockfd, clientfd, useAnyAddr, port, args); + return; + } + + if(do_listen) { + tcp_listen(sockfd, &port, useAnyAddr, udp, sctp); + + #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) + /* signal ready to tcp_accept */ + if (args) + ready = args->signal; + if (ready) { + pthread_mutex_lock(&ready->mutex); + ready->ready = 1; + ready->port = port; + pthread_cond_signal(&ready->cond); + pthread_mutex_unlock(&ready->mutex); + } + #elif defined (WOLFSSL_TIRTOS) + /* Need mutex? */ + if (args) + ready = args->signal; + if (ready) { + ready->ready = 1; + ready->port = port; + } + #endif + + if (ready_file) { + #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) + XFILE srf = NULL; + if (args) + ready = args->signal; + + if (ready) { + srf = fopen(ready->srfName, "w"); + + if (srf) { + /* let's write port sever is listening on to ready file + external monitor can then do ephemeral ports by passing + -p 0 to server on supported platforms with -R ready_file + client can then wait for existence of ready_file and see + which port the server is listening on. */ + fprintf(srf, "%d\n", (int)port); + fclose(srf); + } + } + #endif + } + } + + *clientfd = accept(*sockfd, (struct sockaddr*)&client, + (ACCEPT_THIRD_T)&client_len); + if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) { + err_sys("tcp accept failed"); + } +} + + +static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) +{ + #ifdef USE_WINDOWS_API + unsigned long blocking = 1; + int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); + if (ret == SOCKET_ERROR) + err_sys("ioctlsocket failed"); + #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \ + || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \ + || defined(WOLFSSL_ZEPHYR) + /* non blocking not supported, for now */ + #else + int flags = fcntl(*sockfd, F_GETFL, 0); + if (flags < 0) + err_sys("fcntl get failed"); + flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); + if (flags < 0) + err_sys("fcntl set failed"); + #endif +} + + +#ifndef NO_PSK + +/* identity is OpenSSL testing default for openssl s_client, keep same */ +static const char* kIdentityStr = "Client_identity"; + +static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, + char* identity, unsigned int id_max_len, unsigned char* key, + unsigned int key_max_len) +{ + (void)ssl; + (void)hint; + (void)key_max_len; + + /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ + strncpy(identity, kIdentityStr, id_max_len); + + if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { + /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using + unsigned binary */ + key[0] = 0x1a; + key[1] = 0x2b; + key[2] = 0x3c; + key[3] = 0x4d; + + return 4; /* length of key in octets or 0 for error */ + } + else { + int i; + int b = 0x01; + + for (i = 0; i < 32; i++, b += 0x22) { + if (b >= 0x100) + b = 0x01; + key[i] = b; + } + + return 32; /* length of key in octets or 0 for error */ + } +} + + +static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, + unsigned char* key, unsigned int key_max_len) +{ + (void)ssl; + (void)key_max_len; + + /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ + if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) + return 0; + + if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { + /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using + unsigned binary */ + key[0] = 0x1a; + key[1] = 0x2b; + key[2] = 0x3c; + key[3] = 0x4d; + + return 4; /* length of key in octets or 0 for error */ + } + else { + int i; + int b = 0x01; + + for (i = 0; i < 32; i++, b += 0x22) { + if (b >= 0x100) + b = 0x01; + key[i] = b; + } + + return 32; /* length of key in octets or 0 for error */ + } +} + + +static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, + const char* hint, char* identity, unsigned int id_max_len, + unsigned char* key, unsigned int key_max_len, const char** ciphersuite) +{ + int i; + int b = 0x01; + + (void)ssl; + (void)hint; + (void)key_max_len; + + /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ + strncpy(identity, kIdentityStr, id_max_len); + + for (i = 0; i < 32; i++, b += 0x22) { + if (b >= 0x100) + b = 0x01; + key[i] = b; + } + + *ciphersuite = "TLS13-AES128-GCM-SHA256"; + + return 32; /* length of key in octets or 0 for error */ +} + + +static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, + const char* identity, unsigned char* key, unsigned int key_max_len, + const char** ciphersuite) +{ + int i; + int b = 0x01; + + (void)ssl; + (void)key_max_len; + + /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ + if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) + return 0; + + for (i = 0; i < 32; i++, b += 0x22) { + if (b >= 0x100) + b = 0x01; + key[i] = b; + } + + *ciphersuite = "TLS13-AES128-GCM-SHA256"; + + return 32; /* length of key in octets or 0 for error */ +} + +#endif /* NO_PSK */ + + +#if defined(WOLFSSL_USER_CURRTIME) + extern double current_time(int reset); + +#elif defined(USE_WINDOWS_API) + + #define WIN32_LEAN_AND_MEAN + #include + + static WC_INLINE double current_time(int reset) + { + static int init = 0; + static LARGE_INTEGER freq; + + LARGE_INTEGER count; + + if (!init) { + QueryPerformanceFrequency(&freq); + init = 1; + } + + QueryPerformanceCounter(&count); + + (void)reset; + return (double)count.QuadPart / freq.QuadPart; + } + +#elif defined(WOLFSSL_TIRTOS) + extern double current_time(); +#elif defined(WOLFSSL_ZEPHYR) + extern double current_time(); +#else + +#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS) + #include + + static WC_INLINE double current_time(int reset) + { + struct timeval tv; + gettimeofday(&tv, 0); + (void)reset; + + return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; + } +#else + extern double current_time(int reset); +#endif +#endif /* USE_WINDOWS_API */ + + +#if defined(HAVE_OCSP) && defined(WOLFSSL_NONBLOCK_OCSP) +static WC_INLINE int OCSPIOCb(void* ioCtx, const char* url, int urlSz, + unsigned char* request, int requestSz, unsigned char** response) +{ +#ifdef TEST_NONBLOCK_CERTS + static int ioCbCnt = 0; +#endif + + (void)ioCtx; + (void)url; + (void)urlSz; + (void)request; + (void)requestSz; + (void)response; + +#ifdef TEST_NONBLOCK_CERTS + if (ioCbCnt) { + ioCbCnt = 0; + return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response); + } + else { + ioCbCnt = 1; + return WOLFSSL_CBIO_ERR_WANT_READ; + } +#else + return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response); +#endif +} + +static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response) +{ + (void)ioCtx; + (void)response; +} +#endif + +#if !defined(NO_CERTS) + #if !defined(NO_FILESYSTEM) || \ + (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST)) + + /* reads file size, allocates buffer, reads into buffer, returns buffer */ + static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen) + { + int ret; + long int fileSz; + XFILE file; + + if (fname == NULL || buf == NULL || bufLen == NULL) + return BAD_FUNC_ARG; + + /* set defaults */ + *buf = NULL; + *bufLen = 0; + + /* open file (read-only binary) */ + file = fopen(fname, "rb"); + if (!file) { + printf("Error loading %s\n", fname); + return BAD_PATH_ERROR; + } + + fseek(file, 0, SEEK_END); + fileSz = (int)ftell(file); + rewind(file); + if (fileSz > 0) { + *bufLen = (size_t)fileSz; + *buf = (byte*)malloc(*bufLen); + if (*buf == NULL) { + ret = MEMORY_E; + printf("Error allocating %lu bytes\n", (unsigned long)*bufLen); + } + else { + size_t readLen = fread(*buf, *bufLen, 1, file); + + /* check response code */ + ret = (readLen > 0) ? 0 : -1; + } + } + else { + ret = BUFFER_E; + } + fclose(file); + + return ret; + } + + enum { + WOLFSSL_CA = 1, + WOLFSSL_CERT = 2, + WOLFSSL_KEY = 3, + WOLFSSL_CERT_CHAIN = 4, + }; + + static WC_INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type) + { + int format = WOLFSSL_FILETYPE_PEM; + byte* buff = NULL; + size_t sz = 0; + + if (load_file(fname, &buff, &sz) != 0) { + err_sys("can't open file for buffer load " + "Please run from wolfSSL home directory if not"); + } + + /* determine format */ + if (strstr(fname, ".der")) + format = WOLFSSL_FILETYPE_ASN1; + + if (type == WOLFSSL_CA) { + if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format) + != WOLFSSL_SUCCESS) + err_sys("can't load buffer ca file"); + } + else if (type == WOLFSSL_CERT) { + if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz, + format) != WOLFSSL_SUCCESS) + err_sys("can't load buffer cert file"); + } + else if (type == WOLFSSL_KEY) { + if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz, + format) != WOLFSSL_SUCCESS) + err_sys("can't load buffer key file"); + } + else if (type == WOLFSSL_CERT_CHAIN) { + if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff, + (long)sz, format) != WOLFSSL_SUCCESS) + err_sys("can't load cert chain buffer"); + } + + if (buff) + free(buff); + } + + static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type) + { + int format = WOLFSSL_FILETYPE_PEM; + byte* buff = NULL; + size_t sz = 0; + + if (load_file(fname, &buff, &sz) != 0) { + err_sys("can't open file for buffer load " + "Please run from wolfSSL home directory if not"); + } + + /* determine format */ + if (strstr(fname, ".der")) + format = WOLFSSL_FILETYPE_ASN1; + + if (type == WOLFSSL_CA) { + /* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */ + WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl); + if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format) + != WOLFSSL_SUCCESS) + err_sys("can't load buffer ca file"); + } + else if (type == WOLFSSL_CERT) { + if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz, + format) != WOLFSSL_SUCCESS) + err_sys("can't load buffer cert file"); + } + else if (type == WOLFSSL_KEY) { + if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz, + format) != WOLFSSL_SUCCESS) + err_sys("can't load buffer key file"); + } + else if (type == WOLFSSL_CERT_CHAIN) { + if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff, + (long)sz, format) != WOLFSSL_SUCCESS) + err_sys("can't load cert chain buffer"); + } + + if (buff) + free(buff); + } + + #ifdef TEST_PK_PRIVKEY + static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen) + { + int ret; + byte* buf = NULL; + size_t bufLen; + + ret = load_file(fname, &buf, &bufLen); + if (ret != 0) + return ret; + + *derBuf = (byte*)malloc(bufLen); + if (*derBuf == NULL) { + free(buf); + return MEMORY_E; + } + + ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL); + if (ret < 0) { + free(buf); + free(*derBuf); + return ret; + } + *derLen = ret; + free(buf); + + return 0; + } + #endif /* TEST_PK_PRIVKEY */ + + #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */ +#endif /* !NO_CERTS */ + +static int myVerifyFail = 0; +static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) +{ + char buffer[WOLFSSL_MAX_ERROR_SZ]; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_X509* peer; +#endif + (void)preverify; + + /* Verify Callback Arguments: + * preverify: 1=Verify Okay, 0=Failure + * store->error: Failure error code (0 indicates no failure) + * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA) + * store->error_depth: Current Index + * store->domain: Subject CN as string (null term) + * store->totalCerts: Number of certs presented by peer + * store->certs[i]: A `WOLFSSL_BUFFER_INFO` with plain DER for each cert + * store->store: WOLFSSL_X509_STORE with CA cert chain + * store->store->cm: WOLFSSL_CERT_MANAGER + * store->ex_data: The WOLFSSL object pointer + * store->discardSessionCerts: When set to non-zero value session certs + will be discarded (only with SESSION_CERTS) + */ + + printf("In verification callback, error = %d, %s\n", store->error, + wolfSSL_ERR_error_string(store->error, buffer)); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + peer = store->current_cert; + if (peer) { + char* issuer = wolfSSL_X509_NAME_oneline( + wolfSSL_X509_get_issuer_name(peer), 0, 0); + char* subject = wolfSSL_X509_NAME_oneline( + wolfSSL_X509_get_subject_name(peer), 0, 0); + printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer, + subject); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); + } + else + printf("\tPeer has no cert!\n"); +#else + printf("\tPeer certs: %d\n", store->totalCerts); + #ifdef SHOW_CERTS + { int i; + for (i=0; itotalCerts; i++) { + WOLFSSL_BUFFER_INFO* cert = &store->certs[i]; + printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length); + } + } + #endif /* SHOW_CERTS */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + + printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain); + + /* Testing forced fail case by return zero */ + if (myVerifyFail) { + return 0; /* test failure case */ + } + + /* If error indicate we are overriding it for testing purposes */ + if (store->error != 0) { + printf("\tAllowing failed certificate check, testing only " + "(shouldn't do this in production)\n"); + } + + /* A non-zero return code indicates failure override */ + return 1; +} + + +static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store) +{ + char buffer[WOLFSSL_MAX_ERROR_SZ]; + (void)preverify; + + printf("In verification callback, error = %d, %s\n", store->error, + wolfSSL_ERR_error_string(store->error, buffer)); + printf("Subject's domain name is %s\n", store->domain); + + if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) { + printf("Overriding cert date error as example for bad clock testing\n"); + return 1; + } + printf("Cert error is not date error, not overriding\n"); + + return 0; +} + + +#ifdef HAVE_EXT_CACHE + +static WC_INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id, + int id_len, int* copy) +{ + (void)ssl; + (void)id; + (void)id_len; + (void)copy; + + /* using internal cache, this is for testing only */ + return NULL; +} + +static WC_INLINE int mySessNewCb(WOLFSSL* ssl, WOLFSSL_SESSION* session) +{ + (void)ssl; + (void)session; + + /* using internal cache, this is for testing only */ + return 0; +} + +static WC_INLINE void mySessRemCb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) +{ + (void)ctx; + (void)session; + + /* using internal cache, this is for testing only */ +} + +#endif /* HAVE_EXT_CACHE */ + + +#ifdef HAVE_CRL + +static WC_INLINE void CRL_CallBack(const char* url) +{ + printf("CRL callback url = %s\n", url); +} + +#endif + +#ifndef NO_DH +static WC_INLINE void SetDH(WOLFSSL* ssl) +{ + /* dh1024 p */ + static const unsigned char p[] = + { + 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, + 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, + 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, + 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, + 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, + 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, + 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, + 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, + 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, + 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, + 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, + }; + + /* dh1024 g */ + static const unsigned char g[] = + { + 0x02, + }; + + wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g)); +} + +static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx) +{ + /* dh1024 p */ + static const unsigned char p[] = + { + 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, + 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, + 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, + 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, + 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, + 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, + 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, + 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, + 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, + 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, + 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, + }; + + /* dh1024 g */ + static const unsigned char g[] = + { + 0x02, + }; + + wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g)); +} +#endif /* NO_DH */ + +#ifndef NO_CERTS + +static WC_INLINE void CaCb(unsigned char* der, int sz, int type) +{ + (void)der; + printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type); +} + +#endif /* !NO_CERTS */ + + +/* Wolf Root Directory Helper */ +/* KEIL-RL File System does not support relative directory */ +#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) + /* Maximum depth to search for WolfSSL root */ + #define MAX_WOLF_ROOT_DEPTH 5 + + static WC_INLINE int ChangeToWolfRoot(void) + { + #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) + int depth, res; + XFILE file; + for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) { + file = fopen(ntruKeyFile, "rb"); + if (file != NULL) { + fclose(file); + return depth; + } + #ifdef USE_WINDOWS_API + res = SetCurrentDirectoryA("..\\"); + #else + res = chdir("../"); + #endif + if (res < 0) { + printf("chdir to ../ failed!\n"); + break; + } + } + + err_sys("wolf root not found"); + return -1; + #else + return 0; + #endif + } +#endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */ + +#ifdef HAVE_STACK_SIZE + +typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args); +#define STACK_CHECK_VAL 0x01 + +static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf) +{ + int ret, i, used; + void* status; + unsigned char* myStack = NULL; + int stackSize = 1024*128; + pthread_attr_t myAttr; + pthread_t threadId; + +#ifdef PTHREAD_STACK_MIN + if (stackSize < PTHREAD_STACK_MIN) + stackSize = PTHREAD_STACK_MIN; +#endif + + ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); + if (ret != 0 || myStack == NULL) + err_sys("posix_memalign failed\n"); + + XMEMSET(myStack, STACK_CHECK_VAL, stackSize); + + ret = pthread_attr_init(&myAttr); + if (ret != 0) + err_sys("attr_init failed"); + + ret = pthread_attr_setstack(&myAttr, myStack, stackSize); + if (ret != 0) + err_sys("attr_setstackaddr failed"); + + ret = pthread_create(&threadId, &myAttr, tf, args); + if (ret != 0) { + perror("pthread_create failed"); + exit(EXIT_FAILURE); + } + + ret = pthread_join(threadId, &status); + if (ret != 0) + err_sys("pthread_join failed"); + + for (i = 0; i < stackSize; i++) { + if (myStack[i] != STACK_CHECK_VAL) { + break; + } + } + + free(myStack); + + used = stackSize - i; + printf("stack used = %d\n", used); + + return (int)((size_t)status); +} + + +#endif /* HAVE_STACK_SIZE */ + + +#ifdef STACK_TRAP + +/* good settings + --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP" + +*/ + +#ifdef HAVE_STACK_SIZE + /* client only for now, setrlimit will fail if pthread_create() called */ + /* STACK_SIZE does pthread_create() on client */ + #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail" +#endif /* HAVE_STACK_SIZE */ + +static WC_INLINE void StackTrap(void) +{ + struct rlimit rl; + if (getrlimit(RLIMIT_STACK, &rl) != 0) + err_sys("getrlimit failed"); + printf("rlim_cur = %llu\n", rl.rlim_cur); + rl.rlim_cur = 1024*21; /* adjust trap size here */ + if (setrlimit(RLIMIT_STACK, &rl) != 0) { + perror("setrlimit"); + err_sys("setrlimit failed"); + } +} + +#else /* STACK_TRAP */ + +static WC_INLINE void StackTrap(void) +{ +} + +#endif /* STACK_TRAP */ + + +#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) + +/* Atomic Encrypt Context example */ +typedef struct AtomicEncCtx { + int keySetup; /* have we done key setup yet */ + Aes aes; /* for aes example */ +} AtomicEncCtx; + + +/* Atomic Decrypt Context example */ +typedef struct AtomicDecCtx { + int keySetup; /* have we done key setup yet */ + Aes aes; /* for aes example */ +} AtomicDecCtx; + + +static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, + const unsigned char* macIn, unsigned int macInSz, int macContent, + int macVerify, unsigned char* encOut, const unsigned char* encIn, + unsigned int encSz, void* ctx) +{ + int ret; + Hmac hmac; + byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx; + const char* tlsStr = "TLS"; + + /* example supports (d)tls aes */ + if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { + printf("myMacEncryptCb not using AES\n"); + return -1; + } + + if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { + printf("myMacEncryptCb not using (D)TLS\n"); + return -1; + } + + /* hmac, not needed if aead mode */ + wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); + + ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); + if (ret != 0) + return ret; + ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), + wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl)); + if (ret != 0) + return ret; + ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = wc_HmacUpdate(&hmac, macIn, macInSz); + if (ret != 0) + return ret; + ret = wc_HmacFinal(&hmac, macOut); + if (ret != 0) + return ret; + + + /* encrypt setup on first time */ + if (encCtx->keySetup == 0) { + int keyLen = wolfSSL_GetKeySize(ssl); + const byte* key; + const byte* iv; + + if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) { + key = wolfSSL_GetClientWriteKey(ssl); + iv = wolfSSL_GetClientWriteIV(ssl); + } + else { + key = wolfSSL_GetServerWriteKey(ssl); + iv = wolfSSL_GetServerWriteIV(ssl); + } + + ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("AesSetKey failed in myMacEncryptCb\n"); + return ret; + } + encCtx->keySetup = 1; + } + + /* encrypt */ + return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); +} + + +static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, + unsigned char* decOut, const unsigned char* decIn, + unsigned int decSz, int macContent, int macVerify, + unsigned int* padSz, void* ctx) +{ + AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx; + int ret = 0; + int macInSz = 0; + int ivExtra = 0; + int digestSz = wolfSSL_GetHmacSize(ssl); + unsigned int pad = 0; + unsigned int padByte = 0; + Hmac hmac; + byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + byte verify[WC_MAX_DIGEST_SIZE]; + const char* tlsStr = "TLS"; + + /* example supports (d)tls aes */ + if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { + printf("myMacEncryptCb not using AES\n"); + return -1; + } + + if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { + printf("myMacEncryptCb not using (D)TLS\n"); + return -1; + } + + /*decrypt */ + if (decCtx->keySetup == 0) { + int keyLen = wolfSSL_GetKeySize(ssl); + const byte* key; + const byte* iv; + + /* decrypt is from other side (peer) */ + if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { + key = wolfSSL_GetClientWriteKey(ssl); + iv = wolfSSL_GetClientWriteIV(ssl); + } + else { + key = wolfSSL_GetServerWriteKey(ssl); + iv = wolfSSL_GetServerWriteIV(ssl); + } + + ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION); + if (ret != 0) { + printf("AesSetKey failed in myDecryptVerifyCb\n"); + return ret; + } + decCtx->keySetup = 1; + } + + /* decrypt */ + ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz); + if (ret != 0) + return ret; + + if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) { + *padSz = wolfSSL_GetAeadMacSize(ssl); + return 0; /* hmac, not needed if aead mode */ + } + + if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) { + pad = *(decOut + decSz - 1); + padByte = 1; + if (wolfSSL_IsTLSv1_1(ssl)) + ivExtra = wolfSSL_GetCipherBlockSize(ssl); + } + + *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte; + macInSz = decSz - ivExtra - digestSz - pad - padByte; + + wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); + + ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); + if (ret != 0) + return ret; + ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), + wolfSSL_GetMacSecret(ssl, macVerify), digestSz); + if (ret != 0) + return ret; + ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz); + if (ret != 0) + return ret; + ret = wc_HmacFinal(&hmac, verify); + if (ret != 0) + return ret; + + if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte, + digestSz) != 0) { + printf("myDecryptVerify verify failed\n"); + return -1; + } + + return ret; +} + +#if defined(HAVE_ENCRYPT_THEN_MAC) + +static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut, + int content, int macVerify, unsigned char* encOut, + const unsigned char* encIn, unsigned int encSz, void* ctx) +{ + int ret; + Hmac hmac; + AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx; + byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + const char* tlsStr = "TLS"; + + /* example supports (d)tls aes */ + if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { + printf("myMacEncryptCb not using AES\n"); + return -1; + } + + if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { + printf("myMacEncryptCb not using (D)TLS\n"); + return -1; + } + + /* encrypt setup on first time */ + if (encCtx->keySetup == 0) { + int keyLen = wolfSSL_GetKeySize(ssl); + const byte* key; + const byte* iv; + + if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) { + key = wolfSSL_GetClientWriteKey(ssl); + iv = wolfSSL_GetClientWriteIV(ssl); + } + else { + key = wolfSSL_GetServerWriteKey(ssl); + iv = wolfSSL_GetServerWriteIV(ssl); + } + + ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("AesSetKey failed in myMacEncryptCb\n"); + return ret; + } + encCtx->keySetup = 1; + } + + /* encrypt */ + ret = wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); + if (ret != 0) + return ret; + + /* Reconstruct record header. */ + wolfSSL_SetTlsHmacInner(ssl, myInner, encSz, content, macVerify); + + ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); + if (ret != 0) + return ret; + ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), + wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl)); + if (ret != 0) + return ret; + ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = wc_HmacUpdate(&hmac, encOut, encSz); + if (ret != 0) + return ret; + return wc_HmacFinal(&hmac, macOut); +} + + +static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl, + unsigned char* decOut, const unsigned char* decIn, + unsigned int decSz, int content, int macVerify, + unsigned int* padSz, void* ctx) +{ + AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx; + int ret = 0; + int digestSz = wolfSSL_GetHmacSize(ssl); + Hmac hmac; + byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + byte verify[WC_MAX_DIGEST_SIZE]; + const char* tlsStr = "TLS"; + + /* example supports (d)tls aes */ + if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { + printf("myMacEncryptCb not using AES\n"); + return -1; + } + + if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { + printf("myMacEncryptCb not using (D)TLS\n"); + return -1; + } + + /* Reconstruct record header. */ + wolfSSL_SetTlsHmacInner(ssl, myInner, decSz, content, macVerify); + + ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); + if (ret != 0) + return ret; + ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), + wolfSSL_GetMacSecret(ssl, macVerify), digestSz); + if (ret != 0) + return ret; + ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = wc_HmacUpdate(&hmac, decIn, decSz); + if (ret != 0) + return ret; + ret = wc_HmacFinal(&hmac, verify); + if (ret != 0) + return ret; + + if (XMEMCMP(verify, decOut + decSz, digestSz) != 0) { + printf("myDecryptVerify verify failed\n"); + return -1; + } + + /* decrypt */ + if (decCtx->keySetup == 0) { + int keyLen = wolfSSL_GetKeySize(ssl); + const byte* key; + const byte* iv; + + /* decrypt is from other side (peer) */ + if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { + key = wolfSSL_GetClientWriteKey(ssl); + iv = wolfSSL_GetClientWriteIV(ssl); + } + else { + key = wolfSSL_GetServerWriteKey(ssl); + iv = wolfSSL_GetServerWriteIV(ssl); + } + + ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION); + if (ret != 0) { + printf("AesSetKey failed in myDecryptVerifyCb\n"); + return ret; + } + decCtx->keySetup = 1; + } + + /* decrypt */ + ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz); + if (ret != 0) + return ret; + + *padSz = *(decOut + decSz - 1) + 1; + + return 0; +} + +#endif + + +static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) +{ + AtomicEncCtx* encCtx; + AtomicDecCtx* decCtx; + + encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx)); + if (encCtx == NULL) + err_sys("AtomicEncCtx malloc failed"); + XMEMSET(encCtx, 0, sizeof(AtomicEncCtx)); + + decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx)); + if (decCtx == NULL) { + free(encCtx); + err_sys("AtomicDecCtx malloc failed"); + } + XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); + + wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); + wolfSSL_SetMacEncryptCtx(ssl, encCtx); + + wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb); + wolfSSL_SetDecryptVerifyCtx(ssl, decCtx); + +#if defined(HAVE_ENCRYPT_THEN_MAC) + wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb); + wolfSSL_SetEncryptMacCtx(ssl, encCtx); + + wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb); + wolfSSL_SetVerifyDecryptCtx(ssl, decCtx); +#endif +} + + +static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl) +{ + AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl); + AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl); + + /* Encrypt-Then-MAC callbacks use same contexts. */ + + free(decCtx); + free(encCtx); +} + +#endif /* ATOMIC_USER */ + +#ifdef WOLFSSL_STATIC_MEMORY +static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats) +{ + word16 i; + + if (stats == NULL) { + return 0; + } + + /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */ + fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc); + fprintf(stderr, "Total frees = %d\n", stats->totalFr); + fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc); + fprintf(stderr, "Available IO = %d\n", stats->avaIO); + fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa); + fprintf(stderr, "Max con. IO = %d\n", stats->maxIO); + fprintf(stderr, "State of memory blocks: size : available \n"); + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i], + stats->avaBlock[i]); + } + + return 1; +} +#endif /* WOLFSSL_STATIC_MEMORY */ + +#ifdef HAVE_PK_CALLBACKS + +typedef struct PkCbInfo { + const char* ourKey; +#ifdef TEST_PK_PRIVKEY + union { + #ifdef HAVE_ECC + ecc_key ecc; + #endif + #ifdef HAVE_CURVE25519 + curve25519_key curve; + #endif + } keyGen; +#endif +} PkCbInfo; + +#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY) + #define WOLFSSL_PKMSG(_f_, ...) printf(_f_, ##__VA_ARGS__) +#else + #define WOLFSSL_PKMSG(_f_, ...) +#endif + +#ifdef HAVE_ECC + +static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz, + int ecc_curve, void* ctx) +{ + int ret; + WC_RNG rng; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + ecc_key* new_key = key; +#ifdef TEST_PK_PRIVKEY + byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES]; + word32 qxLen = sizeof(qx), qyLen = sizeof(qy); + new_key = &cbInfo->keyGen.ecc; +#endif + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK ECC KeyGen: keySz %d, Curve ID %d\n", keySz, ecc_curve); + + ret = wc_InitRng(&rng); + if (ret != 0) + return ret; + + ret = wc_ecc_init(new_key); + if (ret == 0) { + /* create new key */ + ret = wc_ecc_make_key_ex(&rng, keySz, new_key, ecc_curve); + + #ifdef TEST_PK_PRIVKEY + if (ret == 0) { + /* extract public portion from new key into `key` arg */ + ret = wc_ecc_export_public_raw(new_key, qx, &qxLen, qy, &qyLen); + if (ret == 0) { + /* load public portion only into key */ + ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ecc_curve); + } + (void)qxLen; + (void)qyLen; + } + #endif + } + + WOLFSSL_PKMSG("PK ECC KeyGen: ret %d\n", ret); + + wc_FreeRng(&rng); + + return ret; +} + +static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) +{ + int ret; + WC_RNG rng; + word32 idx = 0; + ecc_key myKey; + byte* keyBuf = (byte*)key; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK ECC Sign: inSz %d, keySz %d\n", inSz, keySz); + +#ifdef TEST_PK_PRIVKEY + ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); + if (ret != 0) + return ret; +#endif + + ret = wc_InitRng(&rng); + if (ret != 0) + return ret; + + ret = wc_ecc_init(&myKey); + if (ret == 0) { + ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); + if (ret == 0) { + WOLFSSL_PKMSG("PK ECC Sign: Curve ID %d\n", myKey.dp->id); + ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey); + } + wc_ecc_free(&myKey); + } + wc_FreeRng(&rng); + +#ifdef TEST_PK_PRIVKEY + free(keyBuf); +#endif + + WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %d\n", ret, *outSz); + + return ret; +} + + +static WC_INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, + const byte* hash, word32 hashSz, const byte* key, word32 keySz, + int* result, void* ctx) +{ + int ret; + word32 idx = 0; + ecc_key myKey; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK ECC Verify: sigSz %d, hashSz %d, keySz %d\n", sigSz, hashSz, keySz); + + ret = wc_ecc_init(&myKey); + if (ret == 0) { + ret = wc_EccPublicKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey); + wc_ecc_free(&myKey); + } + + WOLFSSL_PKMSG("PK ECC Verify: ret %d, result %d\n", ret, *result); + + return ret; +} + +static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx) +{ + int ret; + ecc_key* privKey = NULL; + ecc_key* pubKey = NULL; + ecc_key tmpKey; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n", + side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id); + + ret = wc_ecc_init(&tmpKey); + if (ret != 0) { + return ret; + } + + /* for client: create and export public key */ + if (side == WOLFSSL_CLIENT_END) { + WC_RNG rng; + + privKey = &tmpKey; + pubKey = otherKey; + + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_PENDING_E) { + ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE); + } + #endif + if (ret == 0) + ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz); + wc_FreeRng(&rng); + } + } + + /* for server: import public key */ + else if (side == WOLFSSL_SERVER_END) { + #ifdef TEST_PK_PRIVKEY + privKey = &cbInfo->keyGen.ecc; + #else + privKey = otherKey; + #endif + pubKey = &tmpKey; + + ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey, + otherKey->dp->id); + } + else { + ret = BAD_FUNC_ARG; + } + + /* generate shared secret and return it */ + if (ret == 0) { + ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen); + + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_PENDING_E) { + ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + } + #endif + } + +#ifdef TEST_PK_PRIVKEY + if (side == WOLFSSL_SERVER_END) { + wc_ecc_free(&cbInfo->keyGen.ecc); + } +#endif + + wc_ecc_free(&tmpKey); + + WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen); + + return ret; +} + +#ifdef HAVE_ED25519 +static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) +{ + int ret; + word32 idx = 0; + ed25519_key myKey; + byte* keyBuf = (byte*)key; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK 25519 Sign: inSz %d, keySz %d\n", inSz, keySz); + +#ifdef TEST_PK_PRIVKEY + ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); + if (ret != 0) + return ret; +#endif + + ret = wc_ed25519_init(&myKey); + if (ret == 0) { + ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey); + wc_ed25519_free(&myKey); + } + +#ifdef TEST_PK_PRIVKEY + free(keyBuf); +#endif + + WOLFSSL_PKMSG("PK 25519 Sign: ret %d, outSz %d\n", ret, *outSz); + + return ret; +} + + +static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, + const byte* msg, word32 msgSz, const byte* key, word32 keySz, + int* result, void* ctx) +{ + int ret; + ed25519_key myKey; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK 25519 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, keySz); + + ret = wc_ed25519_init(&myKey); + if (ret == 0) { + ret = wc_ed25519_import_public(key, keySz, &myKey); + if (ret == 0) { + ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey); + } + wc_ed25519_free(&myKey); + } + + WOLFSSL_PKMSG("PK 25519 Verify: ret %d, result %d\n", ret, *result); + + return ret; +} +#endif /* HAVE_ED25519 */ + +#ifdef HAVE_CURVE25519 +static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key, + unsigned int keySz, void* ctx) +{ + int ret; + WC_RNG rng; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %d\n", keySz); + + ret = wc_InitRng(&rng); + if (ret != 0) + return ret; + + ret = wc_curve25519_make_key(&rng, keySz, key); + + wc_FreeRng(&rng); + + WOLFSSL_PKMSG("PK 25519 KeyGen: ret %d\n", ret); + + return ret; +} + +static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx) +{ + int ret; + curve25519_key* privKey = NULL; + curve25519_key* pubKey = NULL; + curve25519_key tmpKey; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK 25519 PMS: side %s\n", + side == WOLFSSL_CLIENT_END ? "client" : "server"); + + ret = wc_curve25519_init(&tmpKey); + if (ret != 0) { + return ret; + } + + /* for client: create and export public key */ + if (side == WOLFSSL_CLIENT_END) { + WC_RNG rng; + + privKey = &tmpKey; + pubKey = otherKey; + + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey); + if (ret == 0) { + ret = wc_curve25519_export_public_ex(privKey, pubKeyDer, + pubKeySz, EC25519_LITTLE_ENDIAN); + } + wc_FreeRng(&rng); + } + } + + /* for server: import public key */ + else if (side == WOLFSSL_SERVER_END) { + privKey = otherKey; + pubKey = &tmpKey; + + ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey, + EC25519_LITTLE_ENDIAN); + } + else { + ret = BAD_FUNC_ARG; + } + + /* generate shared secret and return it */ + if (ret == 0) { + ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen, + EC25519_LITTLE_ENDIAN); + } + + wc_curve25519_free(&tmpKey); + + WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %d, outLen %d\n", + ret, *pubKeySz, *outlen); + + return ret; +} +#endif /* HAVE_CURVE25519 */ + +#endif /* HAVE_ECC */ + +#ifndef NO_DH +static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key, + const unsigned char* priv, unsigned int privSz, + const unsigned char* pubKeyDer, unsigned int pubKeySz, + unsigned char* out, unsigned int* outlen, + void* ctx) +{ + int ret; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + /* return 0 on success */ + ret = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz); + + WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %d, pubKeySz %d, outlen %d\n", + ret, privSz, pubKeySz, *outlen); + + return ret; +}; + +#endif /* !NO_DH */ + +#ifndef NO_RSA + +static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) +{ + WC_RNG rng; + int ret; + word32 idx = 0; + RsaKey myKey; + byte* keyBuf = (byte*)key; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK RSA Sign: inSz %d, keySz %d\n", inSz, keySz); + +#ifdef TEST_PK_PRIVKEY + ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); + if (ret != 0) + return ret; +#endif + + ret = wc_InitRng(&rng); + if (ret != 0) + return ret; + + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng); + if (ret > 0) { /* save and convert to 0 success */ + *outSz = ret; + ret = 0; + } + wc_FreeRsaKey(&myKey); + } + wc_FreeRng(&rng); + +#ifdef TEST_PK_PRIVKEY + free(keyBuf); +#endif + + WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %d\n", ret, *outSz); + + return ret; +} + + +static WC_INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, + byte** out, const byte* key, word32 keySz, void* ctx) +{ + int ret; + word32 idx = 0; + RsaKey myKey; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz); + + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey); + wc_FreeRsaKey(&myKey); + } + + WOLFSSL_PKMSG("PK RSA Verify: ret %d\n", ret); + + return ret; +} + +static WC_INLINE int myRsaSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz, + byte** out, const byte* key, word32 keySz, void* ctx) +{ + int ret; + word32 idx = 0; + RsaKey myKey; + byte* keyBuf = (byte*)key; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %d, keySz %d\n", sigSz, keySz); + +#ifdef TEST_PK_PRIVKEY + ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); + if (ret != 0) + return ret; +#endif + + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey); + wc_FreeRsaKey(&myKey); + } +#ifdef TEST_PK_PRIVKEY + free(keyBuf); +#endif + + WOLFSSL_PKMSG("PK RSA SignCheck: ret %d\n", ret); + + return ret; +} + +#ifdef WC_RSA_PSS +static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, int hash, int mgf, const byte* key, + word32 keySz, void* ctx) +{ + enum wc_HashType hashType = WC_HASH_TYPE_NONE; + WC_RNG rng; + int ret; + word32 idx = 0; + RsaKey myKey; + byte* keyBuf = (byte*)key; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %d, hash %d, mgf %d, keySz %d\n", + inSz, hash, mgf, keySz); + +#ifdef TEST_PK_PRIVKEY + ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); + if (ret != 0) + return ret; +#endif + + switch (hash) { +#ifndef NO_SHA256 + case SHA256h: + hashType = WC_HASH_TYPE_SHA256; + break; +#endif +#ifdef WOLFSSL_SHA384 + case SHA384h: + hashType = WC_HASH_TYPE_SHA384; + break; +#endif +#ifdef WOLFSSL_SHA512 + case SHA512h: + hashType = WC_HASH_TYPE_SHA512; + break; +#endif + } + + ret = wc_InitRng(&rng); + if (ret != 0) + return ret; + + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); + if (ret == 0) { + ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey, + &rng); + } + if (ret > 0) { /* save and convert to 0 success */ + *outSz = ret; + ret = 0; + } + wc_FreeRsaKey(&myKey); + } + wc_FreeRng(&rng); + +#ifdef TEST_PK_PRIVKEY + free(keyBuf); +#endif + + WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %d\n", ret, *outSz); + + return ret; +} + + +static WC_INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, + byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx) +{ + int ret; + word32 idx = 0; + RsaKey myKey; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + enum wc_HashType hashType = WC_HASH_TYPE_NONE; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %d, hash %d, mgf %d, keySz %d\n", + sigSz, hash, mgf, keySz); + + switch (hash) { +#ifndef NO_SHA256 + case SHA256h: + hashType = WC_HASH_TYPE_SHA256; + break; +#endif +#ifdef WOLFSSL_SHA384 + case SHA384h: + hashType = WC_HASH_TYPE_SHA384; + break; +#endif +#ifdef WOLFSSL_SHA512 + case SHA512h: + hashType = WC_HASH_TYPE_SHA512; + break; +#endif + } + + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) { + ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf, + &myKey); + } + wc_FreeRsaKey(&myKey); + } + + WOLFSSL_PKMSG("PK RSA PSS Verify: ret %d\n", ret); + + return ret; +} + +static WC_INLINE int myRsaPssSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz, + byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx) +{ + int ret; + word32 idx = 0; + RsaKey myKey; + byte* keyBuf = (byte*)key; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + enum wc_HashType hashType = WC_HASH_TYPE_NONE; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %d, hash %d, mgf %d, keySz %d\n", + sigSz, hash, mgf, keySz); + +#ifdef TEST_PK_PRIVKEY + ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); + if (ret != 0) + return ret; +#endif + + switch (hash) { +#ifndef NO_SHA256 + case SHA256h: + hashType = WC_HASH_TYPE_SHA256; + break; +#endif +#ifdef WOLFSSL_SHA384 + case SHA384h: + hashType = WC_HASH_TYPE_SHA384; + break; +#endif +#ifdef WOLFSSL_SHA512 + case SHA512h: + hashType = WC_HASH_TYPE_SHA512; + break; +#endif + } + + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); + if (ret == 0) { + ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf, + &myKey); + } + wc_FreeRsaKey(&myKey); + } + +#ifdef TEST_PK_PRIVKEY + free(keyBuf); +#endif + + WOLFSSL_PKMSG("PK RSA PSS SignCheck: ret %d\n", ret); + + return ret; +} +#endif + + +static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, const byte* key, + word32 keySz, void* ctx) +{ + int ret; + word32 idx = 0; + RsaKey myKey; + WC_RNG rng; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK RSA Enc: inSz %d, keySz %d\n", inSz, keySz); + + ret = wc_InitRng(&rng); + if (ret != 0) + return ret; + + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) { + ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng); + if (ret > 0) { + *outSz = ret; + ret = 0; /* reset to success */ + } + } + wc_FreeRsaKey(&myKey); + } + wc_FreeRng(&rng); + + WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %d\n", ret, *outSz); + + return ret; +} + +static WC_INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz, + byte** out, + const byte* key, word32 keySz, void* ctx) +{ + int ret; + word32 idx = 0; + RsaKey myKey; + byte* keyBuf = (byte*)key; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + + WOLFSSL_PKMSG("PK RSA Dec: inSz %d, keySz %d\n", inSz, keySz); + +#ifdef TEST_PK_PRIVKEY + ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); + if (ret != 0) + return ret; +#endif + + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); + if (ret == 0) { + #ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl)); + if (ret != 0) { + wc_FreeRsaKey(&myKey); + return ret; + } + #endif + ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey); + } + wc_FreeRsaKey(&myKey); + } + +#ifdef TEST_PK_PRIVKEY + free(keyBuf); +#endif + + WOLFSSL_PKMSG("PK RSA Dec: ret %d\n", ret); + + return ret; +} + +#endif /* NO_RSA */ + +static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx) +{ + (void)ctx; + + #ifdef HAVE_ECC + wolfSSL_CTX_SetEccKeyGenCb(ctx, myEccKeyGen); + wolfSSL_CTX_SetEccSignCb(ctx, myEccSign); + wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify); + wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret); + #endif /* HAVE_ECC */ + #ifndef NO_DH + wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback); + #endif + #ifdef HAVE_ED25519 + wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign); + wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify); + #endif + #ifdef HAVE_CURVE25519 + wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen); + wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret); + #endif + #ifndef NO_RSA + wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign); + wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify); + wolfSSL_CTX_SetRsaSignCheckCb(ctx, myRsaSignCheck); + #ifdef WC_RSA_PSS + wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign); + wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify); + wolfSSL_CTX_SetRsaPssSignCheckCb(ctx, myRsaPssSignCheck); + #endif + wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc); + wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec); + #endif /* NO_RSA */ +} + +static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx) +{ + #ifdef HAVE_ECC + wolfSSL_SetEccKeyGenCtx(ssl, myCtx); + wolfSSL_SetEccSignCtx(ssl, myCtx); + wolfSSL_SetEccVerifyCtx(ssl, myCtx); + wolfSSL_SetEccSharedSecretCtx(ssl, myCtx); + #endif /* HAVE_ECC */ + #ifndef NO_DH + wolfSSL_SetDhAgreeCtx(ssl, myCtx); + #endif + #ifdef HAVE_ED25519 + wolfSSL_SetEd25519SignCtx(ssl, myCtx); + wolfSSL_SetEd25519VerifyCtx(ssl, myCtx); + #endif + #ifdef HAVE_CURVE25519 + wolfSSL_SetX25519KeyGenCtx(ssl, myCtx); + wolfSSL_SetX25519SharedSecretCtx(ssl, myCtx); + #endif + #ifndef NO_RSA + wolfSSL_SetRsaSignCtx(ssl, myCtx); + wolfSSL_SetRsaVerifyCtx(ssl, myCtx); + #ifdef WC_RSA_PSS + wolfSSL_SetRsaPssSignCtx(ssl, myCtx); + wolfSSL_SetRsaPssVerifyCtx(ssl, myCtx); + #endif + wolfSSL_SetRsaEncCtx(ssl, myCtx); + wolfSSL_SetRsaDecCtx(ssl, myCtx); + #endif /* NO_RSA */ +} + +#endif /* HAVE_PK_CALLBACKS */ + + + + +#if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \ + || defined(_MSC_VER) + +/* HP/UX doesn't have strsep, needed by test/suites.c */ +static WC_INLINE char* strsep(char **stringp, const char *delim) +{ + char* start; + char* end; + + start = *stringp; + if (start == NULL) + return NULL; + + if ((end = strpbrk(start, delim))) { + *end++ = '\0'; + *stringp = end; + } else { + *stringp = NULL; + } + + return start; +} + +#endif /* __hpux__ and others */ + +/* Create unique filename, len is length of tempfn name, assuming + len does not include null terminating character, + num is number of characters in tempfn name to randomize */ +static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) +{ + int x, size; + static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz"; + WC_RNG rng; + byte out; + + if (tempfn == NULL || len < 1 || num < 1 || len <= num) { + printf("Bad input\n"); + return NULL; + } + + size = len - 1; + + if (wc_InitRng(&rng) != 0) { + printf("InitRng failed\n"); + return NULL; + } + + for (x = size; x > size - num; x--) { + if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) { + printf("RNG_GenerateBlock failed\n"); + return NULL; + } + tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)]; + } + tempfn[len] = '\0'; + + wc_FreeRng(&rng); + (void)rng; /* for WC_NO_RNG case */ + + return tempfn; +} + + + +#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ + defined(HAVE_POLY1305) + + #include + + typedef struct key_ctx { + byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */ + byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */ + } key_ctx; + + static THREAD_LS_T key_ctx myKey_ctx; + static THREAD_LS_T WC_RNG myKey_rng; + + static WC_INLINE int TicketInit(void) + { + int ret = wc_InitRng(&myKey_rng); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key)); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name)); + if (ret != 0) return ret; + + return 0; + } + + static WC_INLINE void TicketCleanup(void) + { + wc_FreeRng(&myKey_rng); + } + + static WC_INLINE int myTicketEncCb(WOLFSSL* ssl, + byte key_name[WOLFSSL_TICKET_NAME_SZ], + byte iv[WOLFSSL_TICKET_IV_SZ], + byte mac[WOLFSSL_TICKET_MAC_SZ], + int enc, byte* ticket, int inLen, int* outLen, + void* userCtx) + { + (void)ssl; + (void)userCtx; + + int ret; + word16 sLen = XHTONS(inLen); + byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; + int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; + byte* tmp = aad; + + if (enc) { + XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ); + + ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ); + if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; + + /* build aad from key name, iv, and length */ + XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); + tmp += WOLFSSL_TICKET_NAME_SZ; + XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); + tmp += WOLFSSL_TICKET_IV_SZ; + XMEMCPY(tmp, &sLen, 2); + + ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv, + aad, aadSz, + ticket, inLen, + ticket, + mac); + if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; + *outLen = inLen; /* no padding in this mode */ + } else { + /* decrypt */ + + /* see if we know this key */ + if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){ + printf("client presented unknown ticket key name "); + return WOLFSSL_TICKET_RET_FATAL; + } + + /* build aad from key name, iv, and length */ + XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); + tmp += WOLFSSL_TICKET_NAME_SZ; + XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); + tmp += WOLFSSL_TICKET_IV_SZ; + XMEMCPY(tmp, &sLen, 2); + + ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv, + aad, aadSz, + ticket, inLen, + mac, + ticket); + if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; + *outLen = inLen; /* no padding in this mode */ + } + + return WOLFSSL_TICKET_RET_OK; + } + +#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */ + +static WC_INLINE word16 GetRandomPort(void) +{ + word16 port = 0; + + /* Generate random port for testing */ + WC_RNG rng; + if (wc_InitRng(&rng) == 0) { + if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) { + port |= 0xC000; /* Make sure its in the 49152 - 65535 range */ + } + wc_FreeRng(&rng); + } + (void)rng; /* for WC_NO_RNG case */ + return port; +} + +#endif /* wolfSSL_TEST_H */ diff --git a/source/libwolfssl/version.h b/source/libwolfssl/version.h new file mode 100644 index 00000000..64aaed47 --- /dev/null +++ b/source/libwolfssl/version.h @@ -0,0 +1,40 @@ +/* wolfssl_version.h.in + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_VERSION_H +#define WOLFSSL_VERSION_H + + +#ifdef __cplusplus +extern "C" { +#endif + +#define LIBWOLFSSL_VERSION_STRING "4.2.0" +#define LIBWOLFSSL_VERSION_HEX 0x04002000 + +#ifdef __cplusplus +} +#endif + + +#endif /* WOLFSSL_VERSION_H */ + diff --git a/source/libwolfssl/wolfcrypt/aes.h b/source/libwolfssl/wolfcrypt/aes.h new file mode 100644 index 00000000..e078ed84 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/aes.h @@ -0,0 +1,402 @@ +/* aes.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/aes.h +*/ + + +#ifndef WOLF_CRYPT_AES_H +#define WOLF_CRYPT_AES_H + +#include + +#ifndef NO_AES + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +/* included for fips @wc_fips */ +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) +#include +#if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER) + #define WOLFSSL_AES_COUNTER +#endif +#if !defined(WOLFSSL_AES_DIRECT) && defined(CYASSL_AES_DIRECT) + #define WOLFSSL_AES_DIRECT +#endif +#endif + +#ifndef WC_NO_RNG + #include +#endif +#ifdef STM32_CRYPTO + #include +#endif + +#ifdef WOLFSSL_AESNI + +#include +#include +#include + +#endif /* WOLFSSL_AESNI */ + + +#ifdef WOLFSSL_XILINX_CRYPT +#include "xsecure_aes.h" +#endif + +#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES) +/* included for struct msghdr */ +#include +#endif + +#if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC) +#include +#endif + +#if defined(HAVE_AESGCM) && !defined(WC_NO_RNG) + #include +#endif + +#if defined(WOLFSSL_CRYPTOCELL) + #include +#endif + +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* these are required for FIPS and non-FIPS */ +enum { + AES_128_KEY_SIZE = 16, /* for 128 bit */ + AES_192_KEY_SIZE = 24, /* for 192 bit */ + AES_256_KEY_SIZE = 32, /* for 256 bit */ + + AES_IV_SIZE = 16, /* always block size */ +}; + + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +enum { + AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */ + AES_ENCRYPTION = 0, + AES_DECRYPTION = 1, + + AES_BLOCK_SIZE = 16, + + KEYWRAP_BLOCK_SIZE = 8, + + GCM_NONCE_MAX_SZ = 16, /* wolfCrypt's maximum nonce size allowed. */ + GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */ + GCM_NONCE_MIN_SZ = 8, /* wolfCrypt's minimum nonce size allowed. */ + CCM_NONCE_MIN_SZ = 7, + CCM_NONCE_MAX_SZ = 13, + CTR_SZ = 4, + AES_IV_FIXED_SZ = 4, + +#ifdef HAVE_PKCS11 + AES_MAX_ID_LEN = 32, +#endif +}; + + +struct Aes { + /* AESNI needs key first, rounds 2nd, not sure why yet */ + ALIGN16 word32 key[60]; + word32 rounds; + int keylen; + + ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ + ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */ + +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + word32 invokeCtr[2]; + word32 nonceSz; +#endif +#ifdef HAVE_AESGCM + ALIGN16 byte H[AES_BLOCK_SIZE]; +#ifdef OPENSSL_EXTRA + word32 aadH[4]; /* additional authenticated data GHASH */ + word32 aadLen; /* additional authenticated data len */ +#endif + +#ifdef GCM_TABLE + /* key-based fast multiplication table. */ + ALIGN16 byte M0[256][AES_BLOCK_SIZE]; +#endif /* GCM_TABLE */ +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AESNI + byte use_aesni; +#endif /* WOLFSSL_AESNI */ +#ifdef WOLF_CRYPTO_CB + int devId; + void* devCtx; +#endif +#ifdef HAVE_PKCS11 + byte id[AES_MAX_ID_LEN]; + int idLen; +#endif +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) + WC_ASYNC_DEV asyncDev; +#endif /* WOLFSSL_ASYNC_CRYPT */ +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) + word32 left; /* unused bytes left from last call */ +#endif +#ifdef WOLFSSL_XILINX_CRYPT + XSecure_Aes xilAes; + XCsuDma dma; + word32 key_init[8]; + word32 kup; +#endif +#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES) + int alFd; /* server socket to bind to */ + int rdFd; /* socket to read from */ + struct msghdr msg; + int dir; /* flag for encrpyt or decrypt */ +#ifdef WOLFSSL_AFALG_XILINX_AES + word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) + + GCM_NONCE_MID_SZ)]; +#endif +#endif +#if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ + (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) + word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */ +#endif +#if defined(WOLFSSL_DEVCRYPTO) && \ + (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) + WC_CRYPTODEV ctx; +#endif +#if defined(WOLFSSL_CRYPTOCELL) + aes_context_t ctx; +#endif +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) + TSIP_AES_CTX ctx; +#endif + void* heap; /* memory hint to use */ +}; + +#ifndef WC_AES_TYPE_DEFINED + typedef struct Aes Aes; + #define WC_AES_TYPE_DEFINED +#endif + +#ifdef WOLFSSL_AES_XTS +typedef struct XtsAes { + Aes aes; + Aes tweak; +} XtsAes; +#endif + +#ifdef HAVE_AESGCM +typedef struct Gmac { + Aes aes; +} Gmac; +#endif /* HAVE_AESGCM */ +#endif /* HAVE_FIPS */ + + +/* Authenticate cipher function prototypes */ +typedef int (*wc_AesAuthEncryptFunc)(Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +typedef int (*wc_AesAuthDecryptFunc)(Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + +/* AES-CBC */ +WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir); +WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv); + +#ifdef HAVE_AES_CBC +WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif + +#ifdef WOLFSSL_AES_CFB +WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#ifdef HAVE_AES_DECRYPT +WOLFSSL_API int wc_AesCfbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_CFB */ + +#ifdef HAVE_AES_ECB +WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif + +/* AES-CTR */ +#ifdef WOLFSSL_AES_COUNTER + WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif +/* AES-DIRECT */ +#if defined(WOLFSSL_AES_DIRECT) + WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in); + WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in); + WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir); +#endif + +#ifdef HAVE_AESGCM +#ifdef WOLFSSL_XILINX_CRYPT + WOLFSSL_API int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, + word32 kup); +#elif defined(WOLFSSL_AFALG_XILINX_AES) + WOLFSSL_LOCAL int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, + word32 kup); +#endif + WOLFSSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len); + WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + WOLFSSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + +#ifndef WC_NO_RNG + WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz); + WOLFSSL_API int wc_AesGcmSetIV(Aes* aes, word32 ivSz, + const byte* ivFixed, word32 ivFixedSz, + WC_RNG* rng); + WOLFSSL_API int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, + const byte* in, word32 sz, + byte* ivOut, word32 ivOutSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* WC_NO_RNG */ + + WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len); + WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, + const byte* authIn, word32 authInSz, + byte* authTag, word32 authTagSz); +#ifndef WC_NO_RNG + WOLFSSL_API int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, + const byte* authIn, word32 authInSz, + byte* authTag, word32 authTagSz, WC_RNG* rng); + WOLFSSL_API int wc_GmacVerify(const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + const byte* authIn, word32 authInSz, + const byte* authTag, word32 authTagSz); +#endif /* WC_NO_RNG */ + WOLFSSL_LOCAL void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, + word32 cSz, byte* s, word32 sSz); +#endif /* HAVE_AESGCM */ +#ifdef HAVE_AESCCM + WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz); + WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out, + const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, + const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + WOLFSSL_API int wc_AesCcmSetNonce(Aes* aes, + const byte* nonce, word32 nonceSz); + WOLFSSL_API int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, + const byte* in, word32 sz, + byte* ivOut, word32 ivOutSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* HAVE_AESCCM */ +#ifdef HAVE_AES_KEYWRAP + WOLFSSL_API int wc_AesKeyWrap(const byte* key, word32 keySz, + const byte* in, word32 inSz, + byte* out, word32 outSz, + const byte* iv); + WOLFSSL_API int wc_AesKeyUnWrap(const byte* key, word32 keySz, + const byte* in, word32 inSz, + byte* out, word32 outSz, + const byte* iv); +#endif /* HAVE_AES_KEYWRAP */ + +#ifdef WOLFSSL_AES_XTS + +WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key, + word32 len, int dir, void* heap, int devId); + +WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out, + const byte* in, word32 sz, word64 sector); + +WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, + const byte* in, word32 sz, word64 sector); + +WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out, + const byte* in, word32 sz, const byte* i, word32 iSz); + +WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out, + const byte* in, word32 sz, const byte* i, word32 iSz); + +WOLFSSL_API int wc_AesXtsFree(XtsAes* aes); +#endif + +WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize); + +WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId); +#ifdef HAVE_PKCS11 +WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, + int devId); +#endif +WOLFSSL_API void wc_AesFree(Aes* aes); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* NO_AES */ +#endif /* WOLF_CRYPT_AES_H */ diff --git a/source/libwolfssl/wolfcrypt/arc4.h b/source/libwolfssl/wolfcrypt/arc4.h new file mode 100644 index 00000000..e339365d --- /dev/null +++ b/source/libwolfssl/wolfcrypt/arc4.h @@ -0,0 +1,68 @@ +/* arc4.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/arc4.h +*/ + +#ifndef WOLF_CRYPT_ARC4_H +#define WOLF_CRYPT_ARC4_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +enum { + ARC4_ENC_TYPE = 4, /* cipher unique type */ + ARC4_STATE_SIZE = 256, + RC4_KEY_SIZE = 16, /* always 128bit */ +}; + +/* ARC4 encryption and decryption */ +typedef struct Arc4 { + byte x; + byte y; + byte state[ARC4_STATE_SIZE]; +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif + void* heap; +} Arc4; + +WOLFSSL_API int wc_Arc4Process(Arc4*, byte*, const byte*, word32); +WOLFSSL_API int wc_Arc4SetKey(Arc4*, const byte*, word32); + +WOLFSSL_API int wc_Arc4Init(Arc4*, void*, int); +WOLFSSL_API void wc_Arc4Free(Arc4*); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLF_CRYPT_ARC4_H */ + diff --git a/source/libwolfssl/wolfcrypt/asn.h b/source/libwolfssl/wolfcrypt/asn.h new file mode 100644 index 00000000..93411be3 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/asn.h @@ -0,0 +1,1395 @@ +/* asn.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/asn.h +*/ + +#ifndef WOLF_CRYPT_ASN_H +#define WOLF_CRYPT_ASN_H + +#include + +#ifndef NO_ASN + + +#if !defined(NO_ASN_TIME) && defined(NO_TIME_H) + #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */ +#endif + +#include + +/* fips declare of RsaPrivateKeyDecode @wc_fips */ +#if defined(HAVE_FIPS) && !defined(NO_RSA) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + #include +#endif + +#ifndef NO_DH + #include +#endif +#ifndef NO_DSA + #include +#endif +#ifndef NO_SHA + #include +#endif +#ifndef NO_MD5 + #include +#endif +#include +#include /* public interface */ + +#if defined(NO_SHA) && defined(NO_SHA256) + #define WC_SHA256_DIGEST_SIZE 32 +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +enum { + ISSUER = 0, + SUBJECT = 1, + + EXTERNAL_SERIAL_SIZE = 32, + + BEFORE = 0, + AFTER = 1 +}; + +/* ASN Tags */ +enum ASN_Tags { + ASN_BOOLEAN = 0x01, + ASN_INTEGER = 0x02, + ASN_BIT_STRING = 0x03, + ASN_OCTET_STRING = 0x04, + ASN_TAG_NULL = 0x05, + ASN_OBJECT_ID = 0x06, + ASN_ENUMERATED = 0x0a, + ASN_UTF8STRING = 0x0c, + ASN_SEQUENCE = 0x10, + ASN_SET = 0x11, + ASN_PRINTABLE_STRING = 0x13, + ASN_UTC_TIME = 0x17, + ASN_OTHER_TYPE = 0x00, + ASN_RFC822_TYPE = 0x01, + ASN_DNS_TYPE = 0x02, + ASN_DIR_TYPE = 0x04, + ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */ + ASN_GENERALIZED_TIME = 0x18, + CRL_EXTENSIONS = 0xa0, + ASN_EXTENSIONS = 0xa3, + ASN_LONG_LENGTH = 0x80, + ASN_INDEF_LENGTH = 0x80, + + /* ASN_Flags - Bitmask */ + ASN_CONSTRUCTED = 0x20, + ASN_APPLICATION = 0x40, + ASN_CONTEXT_SPECIFIC = 0x80, +}; + +#define ASN_UTC_TIME_SIZE 14 +#define ASN_GENERALIZED_TIME_SIZE 16 +#define ASN_GENERALIZED_TIME_MAX 68 + +enum DN_Tags { + ASN_COMMON_NAME = 0x03, /* CN */ + ASN_SUR_NAME = 0x04, /* SN */ + ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ + ASN_COUNTRY_NAME = 0x06, /* C */ + ASN_LOCALITY_NAME = 0x07, /* L */ + ASN_STATE_NAME = 0x08, /* ST */ + ASN_ORG_NAME = 0x0a, /* O */ + ASN_ORGUNIT_NAME = 0x0b, /* OU */ + ASN_BUS_CAT = 0x0f, /* businessCategory */ + ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */ + + /* pilot attribute types + * OID values of 0.9.2342.19200300.100.1.* */ + ASN_USER_ID = 0x01, /* UID */ + ASN_DOMAIN_COMPONENT = 0x19 /* DC */ +}; + +/* DN Tag Strings */ +#define WOLFSSL_COMMON_NAME "/CN=" +#define WOLFSSL_SUR_NAME "/SN=" +#define WOLFSSL_SERIAL_NUMBER "/serialNumber=" +#define WOLFSSL_COUNTRY_NAME "/C=" +#define WOLFSSL_LOCALITY_NAME "/L=" +#define WOLFSSL_STATE_NAME "/ST=" +#define WOLFSSL_ORG_NAME "/O=" +#define WOLFSSL_ORGUNIT_NAME "/OU=" +#define WOLFSSL_DOMAIN_COMPONENT "/DC=" +#define WOLFSSL_BUS_CAT "/businessCategory=" +#define WOLFSSL_JOI_C "/jurisdictionC=" +#define WOLFSSL_JOI_ST "/jurisdictionST=" +#define WOLFSSL_EMAIL_ADDR "/emailAddress=" + +#if defined(WOLFSSL_APACHE_HTTPD) + /* otherName strings */ + #define WOLFSSL_SN_MS_UPN "msUPN" + #define WOLFSSL_LN_MS_UPN "Microsoft Universal Principal Name" + #define WOLFSSL_MS_UPN_SUM 265 + #define WOLFSSL_SN_DNS_SRV "id-on-dnsSRV" + #define WOLFSSL_LN_DNS_SRV "SRVName otherName form" + /* TLS features extension strings */ + #define WOLFSSL_SN_TLS_FEATURE "tlsfeature" + #define WOLFSSL_LN_TLS_FEATURE "TLS Feature" + #define WOLFSSL_TLS_FEATURE_SUM 92 +#endif + +/* NIDs */ +enum +{ + NID_undef = 0, + NID_des = 66, + NID_des3 = 67, + NID_sha256 = 672, + NID_sha384 = 673, + NID_sha512 = 674, + NID_hw_name_oid = 73, + NID_id_pkix_OCSP_basic = 74, + NID_any_policy = 75, + NID_anyExtendedKeyUsage = 76, + NID_givenName = 99, + NID_initials = 101, + NID_title = 106, + NID_description = 107, + NID_basic_constraints = 133, + NID_key_usage = 129, /* 2.5.29.15 */ + NID_ext_key_usage = 151, /* 2.5.29.37 */ + NID_subject_key_identifier = 128, + NID_authority_key_identifier = 149, + NID_private_key_usage_period = 130, /* 2.5.29.16 */ + NID_subject_alt_name = 131, + NID_issuer_alt_name = 132, + NID_info_access = 69, + NID_sinfo_access = 79, /* id-pe 11 */ + NID_name_constraints = 144, /* 2.5.29.30 */ + NID_crl_distribution_points = 145, /* 2.5.29.31 */ + NID_certificate_policies = 146, + NID_policy_mappings = 147, + NID_policy_constraints = 150, + NID_inhibit_any_policy = 168, /* 2.5.29.54 */ + NID_tlsfeature = 1020, /* id-pe 24 */ + NID_commonName = 0x03, /* matchs ASN_COMMON_NAME in asn.h */ + + + NID_surname = 0x04, /* SN */ + NID_serialNumber = 0x05, /* serialNumber */ + NID_countryName = 0x06, /* C */ + NID_localityName = 0x07, /* L */ + NID_stateOrProvinceName = 0x08, /* ST */ + NID_organizationName = 0x0a, /* O */ + NID_organizationalUnitName = 0x0b, /* OU */ + NID_domainComponent = 0x19, /* matchs ASN_DOMAIN_COMPONENT in asn.h */ + NID_emailAddress = 0x30, /* emailAddress */ + NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */ + NID_ms_upn = 265 /* 1.3.6.1.4.1.311.20.2.3 */ +}; + +enum ECC_TYPES +{ + ECC_PREFIX_0 = 160, + ECC_PREFIX_1 = 161 +}; + +#ifdef WOLFSSL_CERT_PIV + enum PIV_Tags { + ASN_PIV_CERT = 0x0A, + ASN_PIV_NONCE = 0x0B, + ASN_PIV_SIGNED_NONCE = 0x0C, + + ASN_PIV_TAG_CERT = 0x70, + ASN_PIV_TAG_CERT_INFO = 0x71, + ASN_PIV_TAG_MSCUID = 0x72, + ASN_PIV_TAG_ERR_DET = 0xFE, + + /* certificate info masks */ + ASN_PIV_CERT_INFO_COMPRESSED = 0x03, + ASN_PIV_CERT_INFO_ISX509 = 0x04, + }; +#endif /* WOLFSSL_CERT_PIV */ + + +#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01" +#define ASN_JOI_C 0x3 +#define ASN_JOI_ST 0x2 + +#ifndef WC_ASN_NAME_MAX + #ifdef OPENSSL_EXTRA + #define WC_ASN_NAME_MAX 300 + #else + #define WC_ASN_NAME_MAX 256 + #endif +#endif +#define ASN_NAME_MAX WC_ASN_NAME_MAX + +enum Misc_ASN { + MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ + MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ + ASN_BOOL_SIZE = 2, /* including type */ + ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ + ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ +#ifdef NO_SHA + KEYID_SIZE = WC_SHA256_DIGEST_SIZE, +#else + KEYID_SIZE = WC_SHA_DIGEST_SIZE, +#endif + RSA_INTS = 8, /* RSA ints in private key */ + DSA_INTS = 5, /* DSA ints in private key */ + MIN_DATE_SIZE = 13, + MAX_DATE_SIZE = 32, + ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ +#ifndef NO_RSA + MAX_ENCODED_SIG_SZ = 512, +#elif defined(HAVE_ECC) + MAX_ENCODED_SIG_SZ = 140, +#else + MAX_ENCODED_SIG_SZ = 64, +#endif + MAX_SIG_SZ = 256, + MAX_ALGO_SZ = 20, + MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */ + MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ + MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ + MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ + MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ + MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ + MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ + MAX_ENCODED_DIG_ASN_SZ= 9, /* enum(bit or octet) + length(4) */ + MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */ + MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ + MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ + MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ + MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ + MAX_RSA_E_SZ = 16, /* Max RSA public e size */ + MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ + MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ + MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, + /* Maximum DER digest size */ + MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, + /* Maximum DER digest ASN header size */ +#ifdef WOLFSSL_CERT_GEN + #ifdef WOLFSSL_CERT_REQ + /* Max encoded cert req attributes length */ + MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + + MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ + #endif + #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) + MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, + #else + MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, + #endif + /* Max total extensions, id + len + others */ +#endif +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) + MAX_OID_SZ = 32, /* Max DER length of OID*/ + MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ +#endif +#ifdef WOLFSSL_CERT_EXT + MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ + MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ + MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) + + CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage + (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + + (6 * (SEQ + OID))) */ + MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ + MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, +#endif + MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */ + OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ + MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ + MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ + EIGHTK_BUF = 8192, /* Tmp buffer size */ + MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, + /* use bigger NTRU size */ +#ifdef WOLFSSL_ENCRYPTED_KEYS + HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ +#else + HEADER_ENCRYPTED_KEY_SIZE = 0, +#endif + TRAILING_ZERO = 1, /* Used for size of zero pad */ + ASN_TAG_SZ = 1, /* single byte ASN.1 tag */ + MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) + MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */ +#endif + + PKCS5_SALT_SZ = 8, + + PEM_LINE_LEN = 80, /* PEM line max + fudge */ +}; + + +enum Oid_Types { + oidHashType = 0, + oidSigType = 1, + oidKeyType = 2, + oidCurveType = 3, + oidBlkType = 4, + oidOcspType = 5, + oidCertExtType = 6, + oidCertAuthInfoType = 7, + oidCertPolicyType = 8, + oidCertAltNameType = 9, + oidCertKeyUseType = 10, + oidKdfType = 11, + oidKeyWrapType = 12, + oidCmsKeyAgreeType = 13, + oidPBEType = 14, + oidHmacType = 15, + oidCompressType = 16, + oidCertNameType = 17, + oidTlsExtType = 18, + oidIgnoreType +}; + + +enum Hash_Sum { + MD2h = 646, + MD5h = 649, + SHAh = 88, + SHA224h = 417, + SHA256h = 414, + SHA384h = 415, + SHA512h = 416, + SHA3_224h = 420, + SHA3_256h = 421, + SHA3_384h = 422, + SHA3_512h = 423 +}; + + +#if !defined(NO_DES3) || !defined(NO_AES) +enum Block_Sum { +#ifdef WOLFSSL_AES_128 + AES128CBCb = 414, + AES128GCMb = 418, + AES128CCMb = 419, +#endif +#ifdef WOLFSSL_AES_192 + AES192CBCb = 434, + AES192GCMb = 438, + AES192CCMb = 439, +#endif +#ifdef WOLFSSL_AES_256 + AES256CBCb = 454, + AES256GCMb = 458, + AES256CCMb = 459, +#endif +#ifndef NO_DES3 + DESb = 69, + DES3b = 652 +#endif +}; +#endif /* !NO_DES3 || !NO_AES */ + + +enum Key_Sum { + DSAk = 515, + RSAk = 645, + NTRUk = 274, + ECDSAk = 518, + ED25519k = 256 +}; + + +#if !defined(NO_AES) || defined(HAVE_PKCS7) +enum KeyWrap_Sum { +#ifdef WOLFSSL_AES_128 + AES128_WRAP = 417, +#endif +#ifdef WOLFSSL_AES_192 + AES192_WRAP = 437, +#endif +#ifdef WOLFSSL_AES_256 + AES256_WRAP = 457, +#endif +#ifdef HAVE_PKCS7 + PWRI_KEK_WRAP = 680 /*id-alg-PWRI-KEK, 1.2.840.113549.1.9.16.3.9 */ +#endif +}; +#endif /* !NO_AES || PKCS7 */ + +enum Key_Agree { + dhSinglePass_stdDH_sha1kdf_scheme = 464, + dhSinglePass_stdDH_sha224kdf_scheme = 188, + dhSinglePass_stdDH_sha256kdf_scheme = 189, + dhSinglePass_stdDH_sha384kdf_scheme = 190, + dhSinglePass_stdDH_sha512kdf_scheme = 191, +}; + + + +enum KDF_Sum { + PBKDF2_OID = 660 +}; + + +enum HMAC_Sum { + HMAC_SHA224_OID = 652, + HMAC_SHA256_OID = 653, + HMAC_SHA384_OID = 654, + HMAC_SHA512_OID = 655, + HMAC_SHA3_224_OID = 426, + HMAC_SHA3_256_OID = 427, + HMAC_SHA3_384_OID = 428, + HMAC_SHA3_512_OID = 429 +}; + + +enum Extensions_Sum { + BASIC_CA_OID = 133, + ALT_NAMES_OID = 131, + CRL_DIST_OID = 145, + AUTH_INFO_OID = 69, /* id-pe 1 */ + AUTH_KEY_OID = 149, + SUBJ_KEY_OID = 128, + CERT_POLICY_OID = 146, + KEY_USAGE_OID = 129, /* 2.5.29.15 */ + INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ + EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ + NAME_CONS_OID = 144, /* 2.5.29.30 */ + PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ + SUBJECT_INFO_ACCESS = 79, /* id-pe 11 */ + POLICY_MAP_OID = 147, + POLICY_CONST_OID = 150, + ISSUE_ALT_NAMES_OID = 132, + TLS_FEATURE_OID = 92 /* id-pe 24 */ +}; + +enum CertificatePolicy_Sum { + CP_ANY_OID = 146 /* id-ce 32 0 */ +}; + +enum SepHardwareName_Sum { + HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ +}; + +enum AuthInfo_Sum { + AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ + AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ +}; + +enum ExtKeyUsage_Sum { /* From RFC 5280 */ + EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ + EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ + EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ + EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */ + EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */ + EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */ + EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */ +}; + +#ifdef HAVE_LIBZ +enum CompressAlg_Sum { + ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */ +}; +#endif + +enum VerifyType { + NO_VERIFY = 0, + VERIFY = 1, + VERIFY_CRL = 2, + VERIFY_OCSP = 3, + VERIFY_NAME = 4, + VERIFY_SKIP_DATE = 5 +}; + +#ifdef WOLFSSL_CERT_EXT +enum KeyIdType { + SKID_TYPE = 0, + AKID_TYPE = 1 +}; +#endif + +/* Key usage extension bits (based on RFC 5280) */ +#define KEYUSE_DIGITAL_SIG 0x0080 +#define KEYUSE_CONTENT_COMMIT 0x0040 +#define KEYUSE_KEY_ENCIPHER 0x0020 +#define KEYUSE_DATA_ENCIPHER 0x0010 +#define KEYUSE_KEY_AGREE 0x0008 +#define KEYUSE_KEY_CERT_SIGN 0x0004 +#define KEYUSE_CRL_SIGN 0x0002 +#define KEYUSE_ENCIPHER_ONLY 0x0001 +#define KEYUSE_DECIPHER_ONLY 0x8000 + +/* Extended Key Usage bits (internal mapping only) */ +#define EXTKEYUSE_USER 0x80 +#define EXTKEYUSE_OCSP_SIGN 0x40 +#define EXTKEYUSE_TIMESTAMP 0x20 +#define EXTKEYUSE_EMAILPROT 0x10 +#define EXTKEYUSE_CODESIGN 0x08 +#define EXTKEYUSE_CLIENT_AUTH 0x04 +#define EXTKEYUSE_SERVER_AUTH 0x02 +#define EXTKEYUSE_ANY 0x01 + +typedef struct DNS_entry DNS_entry; + +struct DNS_entry { + DNS_entry* next; /* next on DNS list */ + int type; /* i.e. ASN_DNS_TYPE */ + int len; /* actual DNS len */ + char* name; /* actual DNS name */ +}; + + +typedef struct Base_entry Base_entry; + +struct Base_entry { + Base_entry* next; /* next on name base list */ + char* name; /* actual name base */ + int nameSz; /* name length */ + byte type; /* Name base type (DNS or RFC822) */ +}; + +#define DOMAIN_COMPONENT_MAX 10 +#define DN_NAMES_MAX 9 + +struct DecodedName { + char* fullName; + int fullNameLen; + int entryCount; + int cnIdx; + int cnLen; + int cnNid; + int snIdx; + int snLen; + int snNid; + int cIdx; + int cLen; + int cNid; + int lIdx; + int lLen; + int lNid; + int stIdx; + int stLen; + int stNid; + int oIdx; + int oLen; + int oNid; + int ouIdx; + int ouLen; +#ifdef WOLFSSL_CERT_EXT + int bcIdx; + int bcLen; + int jcIdx; + int jcLen; + int jsIdx; + int jsLen; +#endif + int ouNid; + int emailIdx; + int emailLen; + int emailNid; + int uidIdx; + int uidLen; + int uidNid; + int serialIdx; + int serialLen; + int serialNid; + int dcIdx[DOMAIN_COMPONENT_MAX]; + int dcLen[DOMAIN_COMPONENT_MAX]; + int dcNum; + int dcMode; +#ifdef OPENSSL_EXTRA + /* hold the location / order with which each of the DN tags was found + * + * example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on. + */ + int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX]; + int locSz; +#endif +}; + +enum SignatureState { + SIG_STATE_BEGIN, + SIG_STATE_HASH, + SIG_STATE_KEY, + SIG_STATE_DO, + SIG_STATE_CHECK, +}; + + +#ifdef HAVE_PK_CALLBACKS +#ifdef HAVE_ECC + typedef int (*wc_CallbackEccVerify)( + const unsigned char* sig, unsigned int sigSz, + const unsigned char* hash, unsigned int hashSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx); +#endif +#ifndef NO_RSA + typedef int (*wc_CallbackRsaVerify)( + unsigned char* sig, unsigned int sigSz, + unsigned char** out, + const unsigned char* keyDer, unsigned int keySz, + void* ctx); +#endif +#endif /* HAVE_PK_CALLBACKS */ + +struct SignatureCtx { + void* heap; + byte* digest; +#ifndef NO_RSA + byte* out; + byte* plain; +#endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + int verify; +#endif + union { + #ifndef NO_RSA + struct RsaKey* rsa; + #endif + #ifdef HAVE_ECC + struct ecc_key* ecc; + #endif + #ifdef HAVE_ED25519 + struct ed25519_key* ed25519; + #endif + void* ptr; + } key; + int devId; + int state; + int typeH; + int digestSz; + word32 keyOID; +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV* asyncDev; + void* asyncCtx; +#endif + +#ifdef HAVE_PK_CALLBACKS +#ifdef HAVE_ECC + wc_CallbackEccVerify pkCbEcc; + void* pkCtxEcc; +#endif +#ifndef NO_RSA + wc_CallbackRsaVerify pkCbRsa; + void* pkCtxRsa; +#endif +#endif /* HAVE_PK_CALLBACKS */ +#ifndef NO_RSA +#ifdef WOLFSSL_RENESAS_TSIP_TLS + byte verifyByTSIP; + word32 certBegin; + word32 pubkey_n_start; + word32 pubkey_n_len; + word32 pubkey_e_start; + word32 pubkey_e_len; +#endif +#endif +}; + +enum CertSignState { + CERTSIGN_STATE_BEGIN, + CERTSIGN_STATE_DIGEST, + CERTSIGN_STATE_ENCODE, + CERTSIGN_STATE_DO, +}; + +struct CertSignCtx { + byte* sig; + byte* digest; + #ifndef NO_RSA + byte* encSig; + int encSigSz; + #endif + int state; /* enum CertSignState */ +}; + +#ifndef WOLFSSL_MAX_PATH_LEN + /* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines + * (k) max_path_length: this integer is initialized to "n", is + * decremented for each non-self-issued certificate in the path, + * and may be reduced to the value in the path length constraint + * field within the basic constraints extension of a CA + * certificate. + * + * wolfSSL has arbitrarily selected the value 127 for "n" in the above + * description. Users can modify the maximum path length by setting + * WOLFSSL_MAX_PATH_LEN to a preferred value at build time + */ + #define WOLFSSL_MAX_PATH_LEN 127 +#endif + +typedef struct DecodedCert DecodedCert; +typedef struct DecodedName DecodedName; +typedef struct Signer Signer; +#ifdef WOLFSSL_TRUST_PEER_CERT +typedef struct TrustedPeerCert TrustedPeerCert; +#endif /* WOLFSSL_TRUST_PEER_CERT */ +typedef struct SignatureCtx SignatureCtx; +typedef struct CertSignCtx CertSignCtx; + + +struct DecodedCert { + const byte* publicKey; + word32 pubKeySize; + int pubKeyStored; + word32 certBegin; /* offset to start of cert */ + word32 sigIndex; /* offset to start of signature */ + word32 sigLength; /* length of signature */ + word32 signatureOID; /* sum of algorithm object id */ + word32 keyOID; /* sum of key algo object id */ + int version; /* cert version, 1 or 3 */ + DNS_entry* altNames; /* alt names list of dns entries */ +#ifndef IGNORE_NAME_CONSTRAINTS + DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ + Base_entry* permittedNames; /* Permitted name bases */ + Base_entry* excludedNames; /* Excluded name bases */ +#endif /* IGNORE_NAME_CONSTRAINTS */ + byte subjectHash[KEYID_SIZE]; /* hash of all Names */ + byte issuerHash[KEYID_SIZE]; /* hash of all Names */ +#ifdef HAVE_OCSP + byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */ + byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ +#endif /* HAVE_OCSP */ + const byte* signature; /* not owned, points into raw cert */ + char* subjectCN; /* CommonName */ + int subjectCNLen; /* CommonName Length */ + char subjectCNEnc; /* CommonName Encoding */ + char issuer[ASN_NAME_MAX]; /* full name including common name */ + char subject[ASN_NAME_MAX]; /* full name including common name */ + int verify; /* Default to yes, but could be off */ + const byte* source; /* byte buffer holder cert, NOT owner */ + word32 srcIdx; /* current offset into buffer */ + word32 maxIdx; /* max offset based on init size */ + void* heap; /* for user memory overrides */ + byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ + int serialSz; /* raw serial bytes stored */ + const byte* extensions; /* not owned, points into raw cert */ + int extensionsSz; /* length of cert extensions */ + word32 extensionsIdx; /* if want to go back and parse later */ + const byte* extAuthInfo; /* Authority Information Access URI */ + int extAuthInfoSz; /* length of the URI */ + const byte* extCrlInfo; /* CRL Distribution Points */ + int extCrlInfoSz; /* length of the URI */ + byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ + byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */ + byte pathLength; /* CA basic constraint path length */ + byte maxPathLen; /* max_path_len see RFC 5280 section + * 6.1.2 "Initialization" - (k) for + * description of max_path_len */ + word16 extKeyUsage; /* Key usage bitfield */ + byte extExtKeyUsage; /* Extended Key usage bitfield */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + const byte* extExtKeyUsageSrc; + word32 extExtKeyUsageSz; + word32 extExtKeyUsageCount; + const byte* extAuthKeyIdSrc; + word32 extAuthKeyIdSz; + const byte* extSubjKeyIdSrc; + word32 extSubjKeyIdSz; +#endif + +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + word32 pkCurveOID; /* Public Key's curve OID */ +#endif /* HAVE_ECC */ + const byte* beforeDate; + int beforeDateLen; + const byte* afterDate; + int afterDateLen; +#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) + const byte* issuerRaw; /* pointer to issuer inside source */ + int issuerRawLen; +#endif +#ifndef IGNORE_NAME_CONSTRAINT + const byte* subjectRaw; /* pointer to subject inside source */ + int subjectRawLen; +#endif +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + /* easy access to subject info for other sign */ + char* subjectSN; + int subjectSNLen; + char subjectSNEnc; + char* subjectC; + int subjectCLen; + char subjectCEnc; + char* subjectL; + int subjectLLen; + char subjectLEnc; + char* subjectST; + int subjectSTLen; + char subjectSTEnc; + char* subjectO; + int subjectOLen; + char subjectOEnc; + char* subjectOU; + int subjectOULen; + char subjectOUEnc; + char* subjectSND; + int subjectSNDLen; + char subjectSNDEnc; +#ifdef WOLFSSL_CERT_EXT + char* subjectBC; + int subjectBCLen; + char subjectBCEnc; + char* subjectJC; + int subjectJCLen; + char subjectJCEnc; + char* subjectJS; + int subjectJSLen; + char subjectJSEnc; +#endif + char* subjectEmail; + int subjectEmailLen; +#endif /* WOLFSSL_CERT_GEN */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + DecodedName issuerName; + DecodedName subjectName; +#endif /* OPENSSL_EXTRA */ +#ifdef WOLFSSL_SEP + int deviceTypeSz; + byte* deviceType; + int hwTypeSz; + byte* hwType; + int hwSerialNumSz; + byte* hwSerialNum; +#endif /* WOLFSSL_SEP */ +#ifdef WOLFSSL_CERT_EXT + char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; + int extCertPoliciesNb; +#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ + + Signer* ca; +#ifndef NO_CERTS + SignatureCtx sigCtx; +#endif + byte* tsip_encRsaKeyIdx; + + /* Option Bits */ + byte subjectCNStored : 1; /* have we saved a copy we own */ + byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */ + byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */ +#ifndef IGNORE_NAME_CONSTRAINTS + byte extNameConstraintSet : 1; +#endif + byte isCA : 1; /* CA basic constraint true */ + byte pathLengthSet : 1; /* CA basic const path length set */ + byte weOwnAltNames : 1; /* altNames haven't been given to copy */ + byte extKeyUsageSet : 1; + byte extExtKeyUsageSet : 1; /* Extended Key Usage set */ + byte extCRLdistSet : 1; + byte extAuthInfoSet : 1; + byte extBasicConstSet : 1; + byte extSubjAltNameSet : 1; + byte inhibitAnyOidSet : 1; + byte selfSigned : 1; /* Indicates subject and issuer are same */ +#ifdef WOLFSSL_SEP + byte extCertPolicySet : 1; +#endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + byte extCRLdistCrit : 1; + byte extAuthInfoCrit : 1; + byte extBasicConstCrit : 1; + byte extSubjAltNameCrit : 1; + byte extAuthKeyIdCrit : 1; + #ifndef IGNORE_NAME_CONSTRAINTS + byte extNameConstraintCrit : 1; + #endif + byte extSubjKeyIdCrit : 1; + byte extKeyUsageCrit : 1; + byte extExtKeyUsageCrit : 1; +#endif /* OPENSSL_EXTRA */ +#ifdef WOLFSSL_SEP + byte extCertPolicyCrit : 1; +#endif + +}; + + +#ifdef NO_SHA + #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#else + #define SIGNER_DIGEST_SIZE WC_SHA_DIGEST_SIZE +#endif + +/* CA Signers */ +/* if change layout change PERSIST_CERT_CACHE functions too */ +struct Signer { + word32 pubKeySize; + word32 keyOID; /* key type */ + word16 keyUsage; + byte maxPathLen; + byte pathLength; + byte pathLengthSet : 1; + byte selfSigned : 1; + const byte* publicKey; + int nameLen; + char* name; /* common name */ +#ifndef IGNORE_NAME_CONSTRAINTS + Base_entry* permittedNames; + Base_entry* excludedNames; +#endif /* IGNORE_NAME_CONSTRAINTS */ + byte subjectNameHash[SIGNER_DIGEST_SIZE]; + /* sha hash of names in certificate */ + #ifndef NO_SKID + byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; + /* sha hash of names in certificate */ + #endif + #ifdef HAVE_OCSP + byte subjectKeyHash[KEYID_SIZE]; + #endif +#ifdef WOLFSSL_SIGNER_DER_CERT + DerBuffer* derCert; +#endif +#ifdef WOLFSSL_RENESAS_TSIP_TLS + word32 cm_idx; +#endif + Signer* next; +}; + + +#ifdef WOLFSSL_TRUST_PEER_CERT +/* used for having trusted peer certs rather then CA */ +struct TrustedPeerCert { + int nameLen; + char* name; /* common name */ + #ifndef IGNORE_NAME_CONSTRAINTS + Base_entry* permittedNames; + Base_entry* excludedNames; + #endif /* IGNORE_NAME_CONSTRAINTS */ + byte subjectNameHash[SIGNER_DIGEST_SIZE]; + /* sha hash of names in certificate */ + #ifndef NO_SKID + byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; + /* sha hash of names in certificate */ + #endif + word32 sigLen; + byte* sig; + struct TrustedPeerCert* next; +}; +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + +/* for testing or custom openssl wrappers */ +#if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) + #define WOLFSSL_ASN_API WOLFSSL_API +#else + #define WOLFSSL_ASN_API WOLFSSL_LOCAL +#endif + +WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); + +WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, + word32* derSz); + +WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*); +#ifndef IGNORE_NAME_CONSTRAINTS + WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*); +#endif /* IGNORE_NAME_CONSTRAINTS */ +WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*); +WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*); +WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm); + +WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz, + const byte *in, word32 inSz); +WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz, + const char *in, void* heap); +WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm); +WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz, + void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID); +WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); +WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); +WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate); + +WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); +WOLFSSL_LOCAL Signer* MakeSigner(void*); +WOLFSSL_LOCAL void FreeSigner(Signer*, void*); +WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*); +#ifdef WOLFSSL_TRUST_PEER_CERT +WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*); +WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); +#endif /* WOLFSSL_TRUST_PEER_CERT */ + +WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length); +WOLFSSL_ASN_API int ToTraditional_ex(byte* buffer, word32 length, + word32* algId); +WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, + word32 length); +WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, + word32 length, word32* algId); +WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int, + word32* algId); +WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out, + word32* outSz, const char* password, int passwordSz, int vPKCS, + int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); +WOLFSSL_ASN_API int TraditionalEnc(byte* key, word32 keySz, byte* out, + word32* outSz, const char* password, int passwordSz, int vPKCS, + int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt, + WC_RNG* rng, void* heap); +WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); +WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz, + const char* password,int passwordSz, int vPKCS, int vAlgo, + byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); +WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, + word32* oidSz, int* algoID, void* heap); + +typedef struct tm wolfssl_tm; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); +#endif +#if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7) +WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len); +#endif +WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, + wolfssl_tm* certTime, int* idx); +WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b); +WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); +WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); + +/* ASN.1 helper functions */ +#ifdef WOLFSSL_CERT_GEN +WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); +#endif +WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, + word32 maxIdx); +WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number, + word32 maxIdx); + +WOLFSSL_LOCAL char* GetSigName(int oid); +WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); +WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx, int check); +WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); +WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx, int check); +WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); +WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx, int check); +WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, + int* version, word32 maxIdx); +WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, + word32 maxIdx); +#ifdef HAVE_OID_ENCODING + WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, + byte* out, word32* outSz); +#endif +#ifdef HAVE_OID_DECODING + WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz, + word16* out, word32* outSz); +#endif +WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); +WOLFSSL_LOCAL int SetObjectId(int len, byte* output); +WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx); +WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx); +WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag, + word32 inputSz); +WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); +WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); +WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); +WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); +WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); +WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); +WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); +WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); +WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, + int maxSnSz); +WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, + byte* serial, int* serialSz, word32 maxIdx); +WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, + int maxIdx); +WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); + +#ifdef HAVE_ECC + /* ASN sig helpers */ + WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, + mp_int* s); + WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, + mp_int* r, mp_int* s); +#endif + +WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId); +WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); + +#ifndef NO_CERTS + +WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info, char** pBuffer, + size_t bufSz); + +WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, + DerBuffer** pDer, void* heap, EncryptedInfo* info, + int* eccKey); +WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap); +WOLFSSL_LOCAL void FreeDer(DerBuffer** der); + +#endif /* !NO_CERTS */ + +#ifdef WOLFSSL_CERT_GEN + +enum cert_enums { +#ifdef WOLFSSL_CERT_EXT + NAME_ENTRIES = 10, +#else + NAME_ENTRIES = 9, +#endif + JOINT_LEN = 2, + EMAIL_JOINT_LEN = 9, + PILOT_JOINT_LEN = 10, + RSA_KEY = 10, + NTRU_KEY = 11, + ECC_KEY = 12, + ED25519_KEY = 13 +}; + +#endif /* WOLFSSL_CERT_GEN */ + + + +/* for pointer use */ +typedef struct CertStatus CertStatus; + +#ifdef HAVE_OCSP + +enum Ocsp_Response_Status { + OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ + OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ + OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ + OCSP_TRY_LATER = 3, /* Try again later */ + OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ + OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ +}; + + +enum Ocsp_Cert_Status { + CERT_GOOD = 0, + CERT_REVOKED = 1, + CERT_UNKNOWN = 2 +}; + + +enum Ocsp_Sums { + OCSP_BASIC_OID = 117, + OCSP_NONCE_OID = 118 +}; + +#ifdef OPENSSL_EXTRA +enum Ocsp_Verify_Error { + OCSP_VERIFY_ERROR_NONE = 0, + OCSP_BAD_ISSUER = 1 +}; +#endif + + +typedef struct OcspRequest OcspRequest; +typedef struct OcspResponse OcspResponse; + + +struct CertStatus { + CertStatus* next; + + byte serial[EXTERNAL_SERIAL_SIZE]; + int serialSz; + + int status; + + byte thisDate[MAX_DATE_SIZE]; + byte nextDate[MAX_DATE_SIZE]; + byte thisDateFormat; + byte nextDateFormat; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + byte* thisDateAsn; + byte* nextDateAsn; +#endif + + byte* rawOcspResponse; + word32 rawOcspResponseSz; +}; + + +struct OcspResponse { + int responseStatus; /* return code from Responder */ + + byte* response; /* Pointer to beginning of OCSP Response */ + word32 responseSz; /* length of the OCSP Response */ + + byte producedDate[MAX_DATE_SIZE]; + /* Date at which this response was signed */ + byte producedDateFormat; /* format of the producedDate */ + byte* issuerHash; + byte* issuerKeyHash; + + byte* cert; + word32 certSz; + + byte* sig; /* Pointer to sig in source */ + word32 sigSz; /* Length in octets for the sig */ + word32 sigOID; /* OID for hash used for sig */ + + CertStatus* status; /* certificate status to fill out */ + + byte* nonce; /* pointer to nonce inside ASN.1 response */ + int nonceSz; /* length of the nonce string */ + + byte* source; /* pointer to source buffer, not owned */ + word32 maxIdx; /* max offset based on init size */ + +#ifdef OPENSSL_EXTRA + int verifyError; +#endif +}; + + +struct OcspRequest { + byte issuerHash[KEYID_SIZE]; + byte issuerKeyHash[KEYID_SIZE]; + byte* serial; /* copy of the serial number in source cert */ + int serialSz; +#ifdef OPENSSL_EXTRA + WOLFSSL_ASN1_INTEGER* serialInt; +#endif + byte* url; /* copy of the extAuthInfo in source cert */ + int urlSz; + + byte nonce[MAX_OCSP_NONCE_SZ]; + int nonceSz; + void* heap; + void* ssl; +}; + +typedef struct OcspEntry OcspEntry; + +#ifdef NO_SHA +#define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#else +#define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE +#endif + +struct OcspEntry +{ + OcspEntry *next; /* next entry */ + byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ + byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ + CertStatus *status; /* OCSP response list */ + int totalStatus; /* number on list */ +}; + +WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); +WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); + +WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*); +WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*); +WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32); +WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32); + + +WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); + + +#endif /* HAVE_OCSP */ + + +/* for pointer use */ +typedef struct RevokedCert RevokedCert; + +#ifdef HAVE_CRL + +struct RevokedCert { + byte serialNumber[EXTERNAL_SERIAL_SIZE]; + int serialSz; + RevokedCert* next; +}; + +typedef struct DecodedCRL DecodedCRL; + +struct DecodedCRL { + word32 certBegin; /* offset to start of cert */ + word32 sigIndex; /* offset to start of signature */ + word32 sigLength; /* length of signature */ + word32 signatureOID; /* sum of algorithm object id */ + byte* signature; /* pointer into raw source, not owned */ + byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */ + byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ + byte lastDate[MAX_DATE_SIZE]; /* last date updated */ + byte nextDate[MAX_DATE_SIZE]; /* next update date */ + byte lastDateFormat; /* format of last date */ + byte nextDateFormat; /* format of next date */ + RevokedCert* certs; /* revoked cert list */ + int totalCerts; /* number on list */ + void* heap; +}; + +WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap); +WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx, + const byte* toBeSigned, word32 tbsSz, + const byte* signature, word32 sigSz, + word32 signatureOID, Signer *ca, + void* heap); +WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); +WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*); + + +#endif /* HAVE_CRL */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* !NO_ASN */ + + +#if !defined(NO_ASN) || !defined(NO_PWDBASED) + +#ifndef MAX_KEY_SIZE + #define MAX_KEY_SIZE 64 /* MAX PKCS Key length */ +#endif +#ifndef MAX_UNICODE_SZ + #define MAX_UNICODE_SZ 256 +#endif + +enum PBESTypes { + PBE_MD5_DES = 0, + PBE_SHA1_RC4_128 = 1, + PBE_SHA1_DES = 2, + PBE_SHA1_DES3 = 3, + PBE_AES256_CBC = 4, + + PBE_SHA1_RC4_128_SUM = 657, + PBE_SHA1_DES3_SUM = 659, + PBES2 = 13 /* algo ID */ +}; + +enum PKCSTypes { + PKCS5v2 = 6, /* PKCS #5 v2.0 */ + PKCS12v1 = 12, /* PKCS #12 */ + PKCS5 = 5, /* PKCS oid tag */ + PKCS8v0 = 0, /* default PKCS#8 version */ +}; + +#endif /* !NO_ASN || !NO_PWDBASED */ + +#endif /* WOLF_CRYPT_ASN_H */ diff --git a/source/libwolfssl/wolfcrypt/asn_public.h b/source/libwolfssl/wolfcrypt/asn_public.h new file mode 100644 index 00000000..a466abc0 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/asn_public.h @@ -0,0 +1,577 @@ +/* asn_public.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/asn_public.h +*/ + +#ifndef WOLF_CRYPT_ASN_PUBLIC_H +#define WOLF_CRYPT_ASN_PUBLIC_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* guard on redeclaration */ +#ifndef WC_ECCKEY_TYPE_DEFINED + typedef struct ecc_key ecc_key; + #define WC_ECCKEY_TYPE_DEFINED +#endif +#ifndef WC_ED25519KEY_TYPE_DEFINED + typedef struct ed25519_key ed25519_key; + #define WC_ED25519KEY_TYPE_DEFINED +#endif +#ifndef WC_RSAKEY_TYPE_DEFINED + typedef struct RsaKey RsaKey; + #define WC_RSAKEY_TYPE_DEFINED +#endif +#ifndef WC_RNG_TYPE_DEFINED + typedef struct WC_RNG WC_RNG; + #define WC_RNG_TYPE_DEFINED +#endif + +enum Ecc_Sum { + ECC_SECP112R1_OID = 182, + ECC_SECP112R2_OID = 183, + ECC_SECP128R1_OID = 204, + ECC_SECP128R2_OID = 205, + ECC_SECP160R1_OID = 184, + ECC_SECP160R2_OID = 206, + ECC_SECP160K1_OID = 185, + ECC_BRAINPOOLP160R1_OID = 98, + ECC_SECP192R1_OID = 520, + ECC_PRIME192V2_OID = 521, + ECC_PRIME192V3_OID = 522, + ECC_SECP192K1_OID = 207, + ECC_BRAINPOOLP192R1_OID = 100, + ECC_SECP224R1_OID = 209, + ECC_SECP224K1_OID = 208, + ECC_BRAINPOOLP224R1_OID = 102, + ECC_PRIME239V1_OID = 523, + ECC_PRIME239V2_OID = 524, + ECC_PRIME239V3_OID = 525, + ECC_SECP256R1_OID = 526, + ECC_SECP256K1_OID = 186, + ECC_BRAINPOOLP256R1_OID = 104, + ECC_X25519_OID = 365, + ECC_ED25519_OID = 256, + ECC_BRAINPOOLP320R1_OID = 106, + ECC_SECP384R1_OID = 210, + ECC_BRAINPOOLP384R1_OID = 108, + ECC_BRAINPOOLP512R1_OID = 110, + ECC_SECP521R1_OID = 211, +}; + + +/* Certificate file Type */ +enum CertType { + CERT_TYPE = 0, + PRIVATEKEY_TYPE, + DH_PARAM_TYPE, + DSA_PARAM_TYPE, + CRL_TYPE, + CA_TYPE, + ECC_PRIVATEKEY_TYPE, + DSA_PRIVATEKEY_TYPE, + CERTREQ_TYPE, + DSA_TYPE, + ECC_TYPE, + RSA_TYPE, + PUBLICKEY_TYPE, + RSA_PUBLICKEY_TYPE, + ECC_PUBLICKEY_TYPE, + TRUSTED_PEER_TYPE, + EDDSA_PRIVATEKEY_TYPE, + ED25519_TYPE, + PKCS12_TYPE, + PKCS8_PRIVATEKEY_TYPE, + PKCS8_ENC_PRIVATEKEY_TYPE, + DETECT_CERT_TYPE, + DH_PRIVATEKEY_TYPE, +}; + + +/* Signature type, by OID sum */ +enum Ctc_SigType { + CTC_SHAwDSA = 517, + CTC_MD2wRSA = 646, + CTC_MD5wRSA = 648, + CTC_SHAwRSA = 649, + CTC_SHAwECDSA = 520, + CTC_SHA224wRSA = 658, + CTC_SHA224wECDSA = 523, + CTC_SHA256wRSA = 655, + CTC_SHA256wECDSA = 524, + CTC_SHA384wRSA = 656, + CTC_SHA384wECDSA = 525, + CTC_SHA512wRSA = 657, + CTC_SHA512wECDSA = 526, + CTC_ED25519 = 256 +}; + +enum Ctc_Encoding { + CTC_UTF8 = 0x0c, /* utf8 */ + CTC_PRINTABLE = 0x13 /* printable */ +}; + +#ifndef WC_CTC_NAME_SIZE + #define WC_CTC_NAME_SIZE 64 +#endif +#ifndef WC_CTC_MAX_ALT_SIZE + #define WC_CTC_MAX_ALT_SIZE 16384 +#endif + +enum Ctc_Misc { + CTC_COUNTRY_SIZE = 2, + CTC_NAME_SIZE = WC_CTC_NAME_SIZE, + CTC_DATE_SIZE = 32, + CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ + CTC_SERIAL_SIZE = 16, +#ifdef WOLFSSL_CERT_EXT + /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum + * We support only hash */ + CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ + CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ + CTC_MAX_CERTPOL_SZ = 64, + CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */ +#endif /* WOLFSSL_CERT_EXT */ +}; + +/* DER buffer */ +typedef struct DerBuffer { + byte* buffer; + void* heap; + word32 length; + int type; /* enum CertType */ + int dynType; /* DYNAMIC_TYPE_* */ +} DerBuffer; + +enum { + IV_SZ = 32, /* max iv sz */ + NAME_SZ = 80, /* max one line */ + + PEM_PASS_READ = 0, + PEM_PASS_WRITE = 1, +}; + + +typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata); + +typedef struct EncryptedInfo { + pem_password_cb* passwd_cb; + void* passwd_userdata; + + long consumed; /* tracks PEM bytes consumed */ + + int cipherType; + word32 keySz; + word32 ivSz; /* salt or encrypted IV size */ + + char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */ + byte iv[IV_SZ]; /* salt or encrypted IV */ + + word16 set:1; /* if encryption set */ +} EncryptedInfo; + + +#define WOLFSSL_ASN1_INTEGER_MAX 20 +typedef struct WOLFSSL_ASN1_INTEGER { + /* size can be increased set at 20 for tag, length then to hold at least 16 + * byte type */ + unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; + /* ASN_INTEGER | LENGTH | hex of number */ + unsigned char negative; /* negative number flag */ + + unsigned char* data; + unsigned int dataMax; /* max size of data buffer */ + unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ + + int length; + int type; +} WOLFSSL_ASN1_INTEGER; + + +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) +#ifdef WOLFSSL_EKU_OID + #ifndef CTC_MAX_EKU_NB + #define CTC_MAX_EKU_NB 1 + #endif + #ifndef CTC_MAX_EKU_OID_SZ + #define CTC_MAX_EKU_OID_SZ 30 + #endif +#else + #undef CTC_MAX_EKU_OID_SZ + #define CTC_MAX_EKU_OID_SZ 0 +#endif +#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + +#ifdef WOLFSSL_CERT_GEN + +#ifdef WOLFSSL_MULTI_ATTRIB +#ifndef CTC_MAX_ATTRIB + #define CTC_MAX_ATTRIB 4 +#endif + +/* ASN Encoded Name field */ +typedef struct NameAttrib { + int sz; /* actual string value length */ + int id; /* id of name */ + int type; /* enc of name */ + char value[CTC_NAME_SIZE]; /* name */ +} NameAttrib; +#endif /* WOLFSSL_MULTI_ATTRIB */ + + +typedef struct CertName { + char country[CTC_NAME_SIZE]; + char countryEnc; + char state[CTC_NAME_SIZE]; + char stateEnc; + char locality[CTC_NAME_SIZE]; + char localityEnc; + char sur[CTC_NAME_SIZE]; + char surEnc; + char org[CTC_NAME_SIZE]; + char orgEnc; + char unit[CTC_NAME_SIZE]; + char unitEnc; + char commonName[CTC_NAME_SIZE]; + char commonNameEnc; + char serialDev[CTC_NAME_SIZE]; + char serialDevEnc; +#ifdef WOLFSSL_CERT_EXT + char busCat[CTC_NAME_SIZE]; + char busCatEnc; + char joiC[CTC_NAME_SIZE]; + char joiCEnc; + char joiSt[CTC_NAME_SIZE]; + char joiStEnc; +#endif + char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ +#ifdef WOLFSSL_MULTI_ATTRIB + NameAttrib name[CTC_MAX_ATTRIB]; +#endif +} CertName; + + +/* for user to fill for certificate generation */ +typedef struct Cert { + int version; /* x509 version */ + byte serial[CTC_SERIAL_SIZE]; /* serial number */ + int serialSz; /* serial size */ + int sigType; /* signature algo type */ + CertName issuer; /* issuer info */ + int daysValid; /* validity days */ + int selfSigned; /* self signed flag */ + CertName subject; /* subject info */ + int isCA; /* is this going to be a CA */ + /* internal use only */ + int bodySz; /* pre sign total size */ + int keyType; /* public key type of subject */ +#ifdef WOLFSSL_ALT_NAMES + byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */ + int altNamesSz; /* altNames size in bytes */ + byte beforeDate[CTC_DATE_SIZE]; /* before date copy */ + int beforeDateSz; /* size of copy */ + byte afterDate[CTC_DATE_SIZE]; /* after date copy */ + int afterDateSz; /* size of copy */ +#endif +#ifdef WOLFSSL_CERT_EXT + byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ + int skidSz; /* SKID size in bytes */ + byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */ + int akidSz; /* AKID size in bytes */ + word16 keyUsage; /* Key Usage */ + byte extKeyUsage; /* Extended Key Usage */ +#ifdef WOLFSSL_EKU_OID + /* Extended Key Usage OIDs */ + byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ]; + byte extKeyUsageOIDSz[CTC_MAX_EKU_NB]; +#endif + char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ]; + word16 certPoliciesNb; /* Number of Cert Policy */ + byte issRaw[sizeof(CertName)]; /* raw issuer info */ + byte sbjRaw[sizeof(CertName)]; /* raw subject info */ +#endif +#ifdef WOLFSSL_CERT_REQ + char challengePw[CTC_NAME_SIZE]; + int challengePwPrintableString; /* encode as PrintableString */ +#endif + void* decodedCert; /* internal DecodedCert allocated from heap */ + byte* der; /* Pointer to buffer of current DecodedCert cache */ + void* heap; /* heap hint */ +} Cert; + + +/* Initialize and Set Certificate defaults: + version = 3 (0x2) + serial = 0 (Will be randomly generated) + sigType = SHA_WITH_RSA + issuer = blank + daysValid = 500 + selfSigned = 1 (true) use subject as issuer + subject = blank + isCA = 0 (false) + keyType = RSA_KEY (default) +*/ +WOLFSSL_API int wc_InitCert(Cert*); +WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, + int keyType, void* key, WC_RNG* rng); +WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, + ecc_key*, WC_RNG*); +#ifdef WOLFSSL_CERT_REQ + WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz, + int, void*); + WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, + RsaKey*, ecc_key*); +#endif +WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer, + word32 buffSz, int keyType, void* key, + WC_RNG* rng); +WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, + word32 derSz, RsaKey*, ecc_key*, WC_RNG*); +WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, + WC_RNG*); +WOLFSSL_API int wc_SetIssuer(Cert*, const char*); +WOLFSSL_API int wc_SetSubject(Cert*, const char*); +#ifdef WOLFSSL_ALT_NAMES + WOLFSSL_API int wc_SetAltNames(Cert*, const char*); +#endif + +#ifdef WOLFSSL_CERT_GEN_CACHE +WOLFSSL_API void wc_SetCert_Free(Cert* cert); +#endif + +WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); + +#ifndef NO_ASN_TIME +WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, + struct tm* after); +#endif + +#ifdef WOLFSSL_CERT_EXT +WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, + void* key); +WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, + ecc_key *eckey); +WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz); +WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file); +WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, + void* key); +WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, + ecc_key *eckey); +WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); +WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert); +WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz); +WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz); + +#ifdef HAVE_NTRU +WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey, + word16 ntruKeySz); +#endif + +/* Set the KeyUsage. + * Value is a string separated tokens with ','. Accepted tokens are : + * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign, + * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly. + * + * nonRepudiation and contentCommitment are for the same usage. + */ +WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value); + +/* Set ExtendedKeyUsage + * Value is a string separated tokens with ','. Accepted tokens are : + * any,serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,OCSPSigning + */ +WOLFSSL_API int wc_SetExtKeyUsage(Cert *cert, const char *value); + + +#ifdef WOLFSSL_EKU_OID +/* Set ExtendedKeyUsage with unique OID + * oid is expected to be in byte representation + */ +WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz, + byte idx, void* heap); +#endif /* WOLFSSL_EKU_OID */ +#endif /* WOLFSSL_CERT_EXT */ + + #ifdef HAVE_NTRU + WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, + const byte* ntruKey, word16 keySz, + WC_RNG*); + #endif + +#endif /* WOLFSSL_CERT_GEN */ + +WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz, + const byte** date, byte* format, int* length); +#ifndef NO_ASN_TIME +WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length, + byte format, struct tm* time); +#endif + +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + + WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header, + const char** footer); + +#endif + +WOLFSSL_API int wc_AllocDer(DerBuffer** pDer, word32 length, int type, void* heap); +WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); + +#ifdef WOLFSSL_PEM_TO_DER + WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type, + DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey); + + WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int, + unsigned char*, int, const char*); + WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int, + unsigned char*, int, int); +#endif /* WOLFSSL_PEM_TO_DER */ + +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) + #ifndef NO_FILESYSTEM + WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz); + #endif + + WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int, + unsigned char*, int); +#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ + +#ifdef WOLFSSL_CERT_GEN + #ifndef NO_FILESYSTEM + WOLFSSL_API int wc_PemCertToDer(const char* fileName, + unsigned char* derBuf, int derSz); + #endif +#endif /* WOLFSSL_CERT_GEN */ + +#ifdef WOLFSSL_DER_TO_PEM + WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, + word32 outputSz, int type); + WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, + word32 outputSz, byte *cipherIno, int type); +#endif + +#ifndef NO_RSA + #if !defined(HAVE_USER_RSA) + WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, + word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz); + #endif + WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header); +#endif + +#ifdef HAVE_ECC + /* private key helpers */ + WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*, + ecc_key*, word32); + WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen); + WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, + word32 inLen); + WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, + word32* outLen); + + /* public key helper */ + WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, + ecc_key*, word32); + WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, + word32 inLen, int with_AlgCurve); + WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key*, int with_AlgCurve); +#endif + +#ifdef HAVE_ED25519 + /* private key helpers */ + WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*, + ed25519_key*, word32); + WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output, + word32 inLen); + WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, + word32 inLen); + + /* public key helper */ + WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*, + ed25519_key*, word32); + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output, + word32 inLen, int with_AlgCurve); + #endif +#endif + +/* DER encode signature */ +WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, + word32 digSz, int hashOID); +WOLFSSL_API int wc_GetCTC_HashOID(int type); + +WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input, + word32* inOutIdx, word32 sz); +WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz, + byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz); + +#ifndef NO_ASN_TIME +/* Time */ +/* Returns seconds (Epoch/UTC) + * timePtr: is "time_t", which is typically "long" + * Example: + long lTime; + rc = wc_GetTime(&lTime, (word32)sizeof(lTime)); +*/ +WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); +#endif + +#ifdef WOLFSSL_ENCRYPTED_KEYS + WOLFSSL_API int wc_EncryptedInfoGet(EncryptedInfo* info, + const char* cipherInfo); +#endif + + +#ifdef WOLFSSL_CERT_PIV + +typedef struct _wc_CertPIV { + const byte* cert; + word32 certSz; + const byte* certErrDet; + word32 certErrDetSz; + const byte* nonce; /* Identiv Only */ + word32 nonceSz; /* Identiv Only */ + const byte* signedNonce; /* Identiv Only */ + word32 signedNonceSz; /* Identiv Only */ + + /* flags */ + word16 compression:2; + word16 isX509:1; + word16 isIdentiv:1; +} wc_CertPIV; + +WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz); +#endif /* WOLFSSL_CERT_PIV */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_ASN_PUBLIC_H */ diff --git a/source/libwolfssl/wolfcrypt/blake2-impl.h b/source/libwolfssl/wolfcrypt/blake2-impl.h new file mode 100644 index 00000000..1286261d --- /dev/null +++ b/source/libwolfssl/wolfcrypt/blake2-impl.h @@ -0,0 +1,155 @@ +/* + BLAKE2 reference source code package - reference C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along with + this software. If not, see . +*/ +/* blake2-impl.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLFCRYPT_BLAKE2_IMPL_H +#define WOLFCRYPT_BLAKE2_IMPL_H + +#include + +static WC_INLINE word32 load32( const void *src ) +{ +#if defined(LITTLE_ENDIAN_ORDER) + return *( word32 * )( src ); +#else + const byte *p = ( byte * )src; + word32 w = *p++; + w |= ( word32 )( *p++ ) << 8; + w |= ( word32 )( *p++ ) << 16; + w |= ( word32 )( *p++ ) << 24; + return w; +#endif +} + +static WC_INLINE word64 load64( const void *src ) +{ +#if defined(LITTLE_ENDIAN_ORDER) + return *( word64 * )( src ); +#else + const byte *p = ( byte * )src; + word64 w = *p++; + w |= ( word64 )( *p++ ) << 8; + w |= ( word64 )( *p++ ) << 16; + w |= ( word64 )( *p++ ) << 24; + w |= ( word64 )( *p++ ) << 32; + w |= ( word64 )( *p++ ) << 40; + w |= ( word64 )( *p++ ) << 48; + w |= ( word64 )( *p++ ) << 56; + return w; +#endif +} + +static WC_INLINE void store32( void *dst, word32 w ) +{ +#if defined(LITTLE_ENDIAN_ORDER) + *( word32 * )( dst ) = w; +#else + byte *p = ( byte * )dst; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; +#endif +} + +static WC_INLINE void store64( void *dst, word64 w ) +{ +#if defined(LITTLE_ENDIAN_ORDER) + *( word64 * )( dst ) = w; +#else + byte *p = ( byte * )dst; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; +#endif +} + +static WC_INLINE word64 load48( const void *src ) +{ + const byte *p = ( const byte * )src; + word64 w = *p++; + w |= ( word64 )( *p++ ) << 8; + w |= ( word64 )( *p++ ) << 16; + w |= ( word64 )( *p++ ) << 24; + w |= ( word64 )( *p++ ) << 32; + w |= ( word64 )( *p++ ) << 40; + return w; +} + +static WC_INLINE void store48( void *dst, word64 w ) +{ + byte *p = ( byte * )dst; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; +} + +static WC_INLINE word32 rotl32( const word32 w, const unsigned c ) +{ + return ( w << c ) | ( w >> ( 32 - c ) ); +} + +static WC_INLINE word64 rotl64( const word64 w, const unsigned c ) +{ + return ( w << c ) | ( w >> ( 64 - c ) ); +} + +static WC_INLINE word32 rotr32( const word32 w, const unsigned c ) +{ + return ( w >> c ) | ( w << ( 32 - c ) ); +} + +static WC_INLINE word64 rotr64( const word64 w, const unsigned c ) +{ + return ( w >> c ) | ( w << ( 64 - c ) ); +} + +/* prevents compiler optimizing out memset() */ +static WC_INLINE void secure_zero_memory( void *v, word64 n ) +{ + volatile byte *p = ( volatile byte * )v; + + while( n-- ) *p++ = 0; +} + +#endif /* WOLFCRYPT_BLAKE2_IMPL_H */ + diff --git a/source/libwolfssl/wolfcrypt/blake2-int.h b/source/libwolfssl/wolfcrypt/blake2-int.h new file mode 100644 index 00000000..9da822b6 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/blake2-int.h @@ -0,0 +1,184 @@ +/* + BLAKE2 reference source code package - reference C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along with + this software. If not, see . +*/ +/* blake2-int.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + + +#ifndef WOLFCRYPT_BLAKE2_INT_H +#define WOLFCRYPT_BLAKE2_INT_H + +#include + + +#if defined(_MSC_VER) + #define ALIGN(x) __declspec(align(x)) +#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define ALIGN(x) __attribute__((aligned(x))) +#else + #define ALIGN(x) +#endif + + +#if defined(__cplusplus) + extern "C" { +#endif + + enum blake2s_constant + { + BLAKE2S_BLOCKBYTES = 64, + BLAKE2S_OUTBYTES = 32, + BLAKE2S_KEYBYTES = 32, + BLAKE2S_SALTBYTES = 8, + BLAKE2S_PERSONALBYTES = 8 + }; + + enum blake2b_constant + { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_OUTBYTES = 64, + BLAKE2B_KEYBYTES = 64, + BLAKE2B_SALTBYTES = 16, + BLAKE2B_PERSONALBYTES = 16 + }; + +#pragma pack(push, 1) + typedef struct __blake2s_param + { + byte digest_length; /* 1 */ + byte key_length; /* 2 */ + byte fanout; /* 3 */ + byte depth; /* 4 */ + word32 leaf_length; /* 8 */ + byte node_offset[6];/* 14 */ + byte node_depth; /* 15 */ + byte inner_length; /* 16 */ + /* byte reserved[0]; */ + byte salt[BLAKE2B_SALTBYTES]; /* 24 */ + byte personal[BLAKE2S_PERSONALBYTES]; /* 32 */ + } blake2s_param; + + ALIGN( 32 ) typedef struct __blake2s_state + { + word32 h[8]; + word32 t[2]; + word32 f[2]; + byte buf[2 * BLAKE2S_BLOCKBYTES]; + word32 buflen; + byte last_node; + } blake2s_state ; + + typedef struct __blake2b_param + { + byte digest_length; /* 1 */ + byte key_length; /* 2 */ + byte fanout; /* 3 */ + byte depth; /* 4 */ + word32 leaf_length; /* 8 */ + word64 node_offset; /* 16 */ + byte node_depth; /* 17 */ + byte inner_length; /* 18 */ + byte reserved[14]; /* 32 */ + byte salt[BLAKE2B_SALTBYTES]; /* 48 */ + byte personal[BLAKE2B_PERSONALBYTES]; /* 64 */ + } blake2b_param; + + ALIGN( 64 ) typedef struct __blake2b_state + { + word64 h[8]; + word64 t[2]; + word64 f[2]; + byte buf[2 * BLAKE2B_BLOCKBYTES]; + word64 buflen; + byte last_node; + } blake2b_state; + + typedef struct __blake2sp_state + { + blake2s_state S[8][1]; + blake2s_state R[1]; + byte buf[8 * BLAKE2S_BLOCKBYTES]; + word32 buflen; + } blake2sp_state; + + typedef struct __blake2bp_state + { + blake2b_state S[4][1]; + blake2b_state R[1]; + byte buf[4 * BLAKE2B_BLOCKBYTES]; + word64 buflen; + } blake2bp_state; +#pragma pack(pop) + + /* Streaming API */ + int blake2s_init( blake2s_state *S, const byte outlen ); + int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2s_init_param( blake2s_state *S, const blake2s_param *P ); + int blake2s_update( blake2s_state *S, const byte *in, word32 inlen ); + int blake2s_final( blake2s_state *S, byte *out, byte outlen ); + + int blake2b_init( blake2b_state *S, const byte outlen ); + int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2b_init_param( blake2b_state *S, const blake2b_param *P ); + int blake2b_update( blake2b_state *S, const byte *in, word64 inlen ); + int blake2b_final( blake2b_state *S, byte *out, byte outlen ); + + int blake2sp_init( blake2sp_state *S, const byte outlen ); + int blake2sp_init_key( blake2sp_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2sp_update( blake2sp_state *S, const byte *in, word32 inlen ); + int blake2sp_final( blake2sp_state *S, byte *out, byte outlen ); + + int blake2bp_init( blake2bp_state *S, const byte outlen ); + int blake2bp_init_key( blake2bp_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2bp_update( blake2bp_state *S, const byte *in, word64 inlen ); + int blake2bp_final( blake2bp_state *S, byte *out, byte outlen ); + + /* Simple API */ + int blake2s( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen ); + int blake2b( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ); + + int blake2sp( byte *out, const void *in, const void *key, const byte outlen, const word32 inlen, byte keylen ); + int blake2bp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ); + + static WC_INLINE int blake2( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ) + { + return blake2b( out, in, key, outlen, inlen, keylen ); + } + + + +#if defined(__cplusplus) + } +#endif + +#endif /* WOLFCRYPT_BLAKE2_INT_H */ + diff --git a/source/libwolfssl/wolfcrypt/blake2.h b/source/libwolfssl/wolfcrypt/blake2.h new file mode 100644 index 00000000..57494be9 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/blake2.h @@ -0,0 +1,96 @@ +/* blake2.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/blake2.h +*/ + +#ifndef WOLF_CRYPT_BLAKE2_H +#define WOLF_CRYPT_BLAKE2_H + +#include + +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + +#include + +/* call old functions if using fips for the sake of hmac @wc_fips */ +#ifdef HAVE_FIPS + /* Since hmac can call blake functions provide original calls */ + #define wc_InitBlake2b InitBlake2b + #define wc_Blake2bUpdate Blake2bUpdate + #define wc_Blake2bFinal Blake2bFinal +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* in bytes, variable digest size up to 512 bits (64 bytes) */ +enum { +#ifdef HAVE_BLAKE2B + BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B, + BLAKE2B_256 = 32, /* 256 bit type, SSL default */ +#endif +#ifdef HAVE_BLAKE2S + BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S, + BLAKE2S_256 = 32 /* 256 bit type */ +#endif +}; + + +#ifdef HAVE_BLAKE2B +/* BLAKE2b digest */ +typedef struct Blake2b { + blake2b_state S[1]; /* our state */ + word32 digestSz; /* digest size used on init */ +} Blake2b; +#endif + +#ifdef HAVE_BLAKE2S +/* BLAKE2s digest */ +typedef struct Blake2s { + blake2s_state S[1]; /* our state */ + word32 digestSz; /* digest size used on init */ +} Blake2s; +#endif + + +#ifdef HAVE_BLAKE2B +WOLFSSL_API int wc_InitBlake2b(Blake2b*, word32); +WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32); +WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32); +#endif + +#ifdef HAVE_BLAKE2S +WOLFSSL_API int wc_InitBlake2s(Blake2s*, word32); +WOLFSSL_API int wc_Blake2sUpdate(Blake2s*, const byte*, word32); +WOLFSSL_API int wc_Blake2sFinal(Blake2s*, byte*, word32); +#endif + + +#ifdef __cplusplus + } +#endif + +#endif /* HAVE_BLAKE2 || HAVE_BLAKE2S */ +#endif /* WOLF_CRYPT_BLAKE2_H */ + diff --git a/source/libwolfssl/wolfcrypt/camellia.h b/source/libwolfssl/wolfcrypt/camellia.h new file mode 100644 index 00000000..454c2ca7 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/camellia.h @@ -0,0 +1,101 @@ +/* camellia.h ver 1.2.0 + * + * Copyright (c) 2006,2007 + * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer as + * the first lines of this file unmodified. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* camellia.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/camellia.h +*/ + + +#ifndef WOLF_CRYPT_CAMELLIA_H +#define WOLF_CRYPT_CAMELLIA_H + +#include + +#ifdef HAVE_CAMELLIA + +#ifdef __cplusplus + extern "C" { +#endif + +enum { + CAMELLIA_BLOCK_SIZE = 16 +}; + +#define CAMELLIA_TABLE_BYTE_LEN 272 +#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / sizeof(word32)) + +typedef word32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; + +typedef struct Camellia { + word32 keySz; + KEY_TABLE_TYPE key; + word32 reg[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ + word32 tmp[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ +} Camellia; + + +WOLFSSL_API int wc_CamelliaSetKey(Camellia* cam, + const byte* key, word32 len, const byte* iv); +WOLFSSL_API int wc_CamelliaSetIV(Camellia* cam, const byte* iv); +WOLFSSL_API int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, + const byte* in); +WOLFSSL_API int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, + const byte* in); +WOLFSSL_API int wc_CamelliaCbcEncrypt(Camellia* cam, + byte* out, const byte* in, word32 sz); +WOLFSSL_API int wc_CamelliaCbcDecrypt(Camellia* cam, + byte* out, const byte* in, word32 sz); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_CAMELLIA */ +#endif /* WOLF_CRYPT_CAMELLIA_H */ + diff --git a/source/libwolfssl/wolfcrypt/chacha.h b/source/libwolfssl/wolfcrypt/chacha.h new file mode 100644 index 00000000..569859ee --- /dev/null +++ b/source/libwolfssl/wolfcrypt/chacha.h @@ -0,0 +1,82 @@ +/* chacha.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/chacha.h +*/ + + +#ifndef WOLF_CRYPT_CHACHA_H +#define WOLF_CRYPT_CHACHA_H + +#include + +#ifdef HAVE_CHACHA + +#ifdef __cplusplus + extern "C" { +#endif + +/* Size of the IV */ +#define CHACHA_IV_WORDS 3 +#define CHACHA_IV_BYTES (CHACHA_IV_WORDS * sizeof(word32)) + +/* Size of ChaCha chunks */ +#define CHACHA_CHUNK_WORDS 16 +#define CHACHA_CHUNK_BYTES (CHACHA_CHUNK_WORDS * sizeof(word32)) + +#ifdef WOLFSSL_X86_64_BUILD +#if defined(USE_INTEL_SPEEDUP) && !defined(NO_CHACHA_ASM) + #define USE_INTEL_CHACHA_SPEEDUP + #define HAVE_INTEL_AVX1 +#endif +#endif + +enum { + CHACHA_ENC_TYPE = WC_CIPHER_CHACHA, /* cipher unique type */ + CHACHA_MAX_KEY_SZ = 32, +}; + +typedef struct ChaCha { + word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */ +#ifdef HAVE_INTEL_AVX1 + /* vpshufd reads 16 bytes but we only use bottom 4. */ + byte extra[12]; +#endif +} ChaCha; + +/** + * IV(nonce) changes with each record + * counter is for what value the block counter should start ... usually 0 + */ +WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter); + +WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain, + word32 msglen); +WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_CHACHA */ +#endif /* WOLF_CRYPT_CHACHA_H */ + diff --git a/source/libwolfssl/wolfcrypt/chacha20_poly1305.h b/source/libwolfssl/wolfcrypt/chacha20_poly1305.h new file mode 100644 index 00000000..097af8ff --- /dev/null +++ b/source/libwolfssl/wolfcrypt/chacha20_poly1305.h @@ -0,0 +1,84 @@ +/* chacha20_poly1305.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20 + * and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10): + * https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 + */ + +/*! + \file wolfssl/wolfcrypt/chacha20_poly1305.h +*/ + +#ifndef WOLF_CRYPT_CHACHA20_POLY1305_H +#define WOLF_CRYPT_CHACHA20_POLY1305_H + +#include + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + +#ifdef __cplusplus + extern "C" { +#endif + +#define CHACHA20_POLY1305_AEAD_KEYSIZE 32 +#define CHACHA20_POLY1305_AEAD_IV_SIZE 12 +#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16 + +enum { + CHACHA20_POLY_1305_ENC_TYPE = 8 /* cipher unique type */ +}; + + /* + * The IV for this implementation is 96 bits to give the most flexibility. + * + * Some protocols may have unique per-invocation inputs that are not + * 96-bit in length. For example, IPsec may specify a 64-bit nonce. In + * such a case, it is up to the protocol document to define how to + * transform the protocol nonce into a 96-bit nonce, for example by + * concatenating a constant value. + */ + +WOLFSSL_API +int wc_ChaCha20Poly1305_Encrypt( + const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], + const byte* inAAD, const word32 inAADLen, + const byte* inPlaintext, const word32 inPlaintextLen, + byte* outCiphertext, + byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); + +WOLFSSL_API +int wc_ChaCha20Poly1305_Decrypt( + const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], + const byte* inAAD, const word32 inAADLen, + const byte* inCiphertext, const word32 inCiphertextLen, + const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], + byte* outPlaintext); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_CHACHA && HAVE_POLY1305 */ +#endif /* WOLF_CRYPT_CHACHA20_POLY1305_H */ diff --git a/source/libwolfssl/wolfcrypt/cmac.h b/source/libwolfssl/wolfcrypt/cmac.h new file mode 100644 index 00000000..05335cbf --- /dev/null +++ b/source/libwolfssl/wolfcrypt/cmac.h @@ -0,0 +1,97 @@ +/* cmac.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_CMAC_H +#define WOLF_CRYPT_CMAC_H + +#include +#include + +#if !defined(NO_AES) && defined(WOLFSSL_CMAC) + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#ifdef __cplusplus + extern "C" { +#endif + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifndef WC_CMAC_TYPE_DEFINED + typedef struct Cmac Cmac; + #define WC_CMAC_TYPE_DEFINED +#endif +struct Cmac { + Aes aes; + byte buffer[AES_BLOCK_SIZE]; /* partially stored block */ + byte digest[AES_BLOCK_SIZE]; /* running digest */ + byte k1[AES_BLOCK_SIZE]; + byte k2[AES_BLOCK_SIZE]; + word32 bufferSz; + word32 totalSz; +}; + + + +typedef enum CmacType { + WC_CMAC_AES = 1 +} CmacType; + +#define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE +#define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4) + +#endif /* HAVE_FIPS */ + +WOLFSSL_API +int wc_InitCmac(Cmac* cmac, + const byte* key, word32 keySz, + int type, void* unused); +WOLFSSL_API +int wc_CmacUpdate(Cmac* cmac, + const byte* in, word32 inSz); +WOLFSSL_API +int wc_CmacFinal(Cmac* cmac, + byte* out, word32* outSz); + +WOLFSSL_API +int wc_AesCmacGenerate(byte* out, word32* outSz, + const byte* in, word32 inSz, + const byte* key, word32 keySz); + +WOLFSSL_API +int wc_AesCmacVerify(const byte* check, word32 checkSz, + const byte* in, word32 inSz, + const byte* key, word32 keySz); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* NO_AES && WOLFSSL_CMAC */ +#endif /* WOLF_CRYPT_CMAC_H */ + diff --git a/source/libwolfssl/wolfcrypt/coding.h b/source/libwolfssl/wolfcrypt/coding.h new file mode 100644 index 00000000..0c4711cb --- /dev/null +++ b/source/libwolfssl/wolfcrypt/coding.h @@ -0,0 +1,88 @@ +/* coding.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/coding.h +*/ + +#ifndef WOLF_CRYPT_CODING_H +#define WOLF_CRYPT_CODING_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out, + word32* outLen); + +#if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(WOLFSSL_KEY_GEN) \ + || defined(WOLFSSL_CERT_GEN) || defined(HAVE_WEBSERVER) || !defined(NO_DSA) + #ifndef WOLFSSL_BASE64_ENCODE + #define WOLFSSL_BASE64_ENCODE + #endif +#endif + + +#ifdef WOLFSSL_BASE64_ENCODE + enum Escaped { + WC_STD_ENC = 0, /* normal \n line ending encoding */ + WC_ESC_NL_ENC, /* use escape sequence encoding */ + WC_NO_NL_ENC /* no encoding at all */ + }; /* Encoding types */ + + /* encode isn't */ + WOLFSSL_API + int Base64_Encode(const byte* in, word32 inLen, byte* out, + word32* outLen); + WOLFSSL_API + int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, + word32* outLen); + WOLFSSL_API + int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, + word32* outLen); +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_FIPS) || \ + defined(HAVE_ECC_CDH) || defined(HAVE_SELFTEST) || \ + defined(WOLFSSL_ENCRYPTED_KEYS) + #ifndef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 + #endif +#endif + +#ifdef WOLFSSL_BASE16 + WOLFSSL_API + int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen); + WOLFSSL_API + int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen); +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_CODING_H */ + diff --git a/source/libwolfssl/wolfcrypt/compress.h b/source/libwolfssl/wolfcrypt/compress.h new file mode 100644 index 00000000..1ab2a2f0 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/compress.h @@ -0,0 +1,58 @@ +/* compress.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/compress.h +*/ + + +#ifndef WOLF_CRYPT_COMPRESS_H +#define WOLF_CRYPT_COMPRESS_H + +#include + +#ifdef HAVE_LIBZ + +#ifdef __cplusplus + extern "C" { +#endif + + +#define COMPRESS_FIXED 1 + +#define LIBZ_WINBITS_GZIP 16 + + +WOLFSSL_API int wc_Compress(byte*, word32, const byte*, word32, word32); +WOLFSSL_API int wc_Compress_ex(byte* out, word32 outSz, const byte* in, + word32 inSz, word32 flags, word32 windowBits); +WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32); +WOLFSSL_API int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in, + word32 inSz, int windowBits); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* HAVE_LIBZ */ +#endif /* WOLF_CRYPT_COMPRESS_H */ + diff --git a/source/libwolfssl/wolfcrypt/cpuid.h b/source/libwolfssl/wolfcrypt/cpuid.h new file mode 100644 index 00000000..8c09b47f --- /dev/null +++ b/source/libwolfssl/wolfcrypt/cpuid.h @@ -0,0 +1,62 @@ +/* cpuid.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLF_CRYPT_CPUID_H +#define WOLF_CRYPT_CPUID_H + + +#include + + +#ifdef __cplusplus + extern "C" { +#endif + +#if defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \ + defined(WOLFSSL_AESNI) + #define CPUID_AVX1 0x0001 + #define CPUID_AVX2 0x0002 + #define CPUID_RDRAND 0x0004 + #define CPUID_RDSEED 0x0008 + #define CPUID_BMI2 0x0010 /* MULX, RORX */ + #define CPUID_AESNI 0x0020 + #define CPUID_ADX 0x0040 /* ADCX, ADOX */ + + #define IS_INTEL_AVX1(f) ((f) & CPUID_AVX1) + #define IS_INTEL_AVX2(f) ((f) & CPUID_AVX2) + #define IS_INTEL_RDRAND(f) ((f) & CPUID_RDRAND) + #define IS_INTEL_RDSEED(f) ((f) & CPUID_RDSEED) + #define IS_INTEL_BMI2(f) ((f) & CPUID_BMI2) + #define IS_INTEL_AESNI(f) ((f) & CPUID_AESNI) + #define IS_INTEL_ADX(f) ((f) & CPUID_ADX) + + void cpuid_set_flags(void); + word32 cpuid_get_flags(void); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLF_CRYPT_CPUID_H */ diff --git a/source/libwolfssl/wolfcrypt/cryptocb.h b/source/libwolfssl/wolfcrypt/cryptocb.h new file mode 100644 index 00000000..5d029855 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/cryptocb.h @@ -0,0 +1,299 @@ +/* cryptocb.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef _WOLF_CRYPTO_CB_H_ +#define _WOLF_CRYPTO_CB_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* Defines the Crypto Callback interface version, for compatibility */ +/* Increment this when Crypto Callback interface changes are made */ +#define CRYPTO_CB_VER 2 + + +#ifdef WOLF_CRYPTO_CB + +#ifndef NO_RSA + #include +#endif +#ifdef HAVE_ECC + #include +#endif +#ifndef NO_AES + #include +#endif +#ifndef NO_SHA + #include +#endif +#ifndef NO_SHA256 + #include +#endif +#ifndef NO_HMAC + #include +#endif +#ifndef WC_NO_RNG + #include +#endif +#ifndef NO_DES3 + #include +#endif + + +/* Crypto Information Structure for callbacks */ +typedef struct wc_CryptoInfo { + int algo_type; /* enum wc_AlgoType */ +#if !defined(NO_RSA) || defined(HAVE_ECC) + struct { + int type; /* enum wc_PkType */ + union { + #ifndef NO_RSA + struct { + const byte* in; + word32 inLen; + byte* out; + word32* outLen; + int type; + RsaKey* key; + WC_RNG* rng; + } rsa; + #ifdef WOLFSSL_KEY_GEN + struct { + RsaKey* key; + int size; + long e; + WC_RNG* rng; + } rsakg; + #endif + #endif + #ifdef HAVE_ECC + struct { + WC_RNG* rng; + int size; + ecc_key* key; + int curveId; + } eckg; + struct { + ecc_key* private_key; + ecc_key* public_key; + byte* out; + word32* outlen; + } ecdh; + struct { + const byte* in; + word32 inlen; + byte* out; + word32* outlen; + WC_RNG* rng; + ecc_key* key; + } eccsign; + struct { + const byte* sig; + word32 siglen; + const byte* hash; + word32 hashlen; + int* res; + ecc_key* key; + } eccverify; + #endif + }; + } pk; +#endif /* !NO_RSA || HAVE_ECC */ +#if !defined(NO_AES) || !defined(NO_DES3) + struct { + int type; /* enum wc_CipherType */ + int enc; + union { + #ifdef HAVE_AESGCM + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + const byte* iv; + word32 ivSz; + byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; + } aesgcm_enc; + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + const byte* iv; + word32 ivSz; + const byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; + } aesgcm_dec; + #endif /* HAVE_AESGCM */ + #ifdef HAVE_AES_CBC + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + } aescbc; + #endif /* HAVE_AES_CBC */ + #ifndef NO_DES3 + struct { + Des3* des; + byte* out; + const byte* in; + word32 sz; + } des3; + #endif + }; + } cipher; +#endif /* !NO_AES || !NO_DES3 */ +#if !defined(NO_SHA) || !defined(NO_SHA256) + struct { + int type; /* enum wc_HashType */ + const byte* in; + word32 inSz; + byte* digest; + union { + #ifndef NO_SHA + wc_Sha* sha1; + #endif + #ifndef NO_SHA256 + wc_Sha256* sha256; + #endif + }; + } hash; +#endif /* !NO_SHA || !NO_SHA256 */ +#ifndef NO_HMAC + struct { + int macType; /* enum wc_HashType */ + const byte* in; + word32 inSz; + byte* digest; + Hmac* hmac; + } hmac; +#endif +#ifndef WC_NO_RNG + struct { + WC_RNG* rng; + byte* out; + word32 sz; + } rng; + struct { + OS_Seed* os; + byte* seed; + word32 sz; + } seed; +#endif +} wc_CryptoInfo; + + +typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); + +WOLFSSL_LOCAL void wc_CryptoCb_Init(void); + +WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx); +WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId); + +/* old function names */ +#define wc_CryptoDev_RegisterDevice wc_CryptoCb_RegisterDevice +#define wc_CryptoDev_UnRegisterDevice wc_CryptoCb_UnRegisterDevice + + +#ifndef NO_RSA +WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng); + +#ifdef WOLFSSL_KEY_GEN +WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, + WC_RNG* rng); +#endif /* WOLFSSL_KEY_GEN */ +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +WOLFSSL_LOCAL int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, + ecc_key* key, int curveId); + +WOLFSSL_LOCAL int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen); + +WOLFSSL_LOCAL int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key); + +WOLFSSL_LOCAL int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key); +#endif /* HAVE_ECC */ + +#ifndef NO_AES +#ifdef HAVE_AESGCM +WOLFSSL_LOCAL int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz, const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); + +WOLFSSL_LOCAL int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz, const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* HAVE_AESGCM */ +#ifdef HAVE_AES_CBC +WOLFSSL_LOCAL int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_LOCAL int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif /* HAVE_AES_CBC */ +#endif /* !NO_AES */ + +#ifndef NO_DES3 +WOLFSSL_LOCAL int wc_CryptoCb_Des3Encrypt(Des3* des3, byte* out, + const byte* in, word32 sz); +WOLFSSL_LOCAL int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out, + const byte* in, word32 sz); +#endif /* !NO_DES3 */ + +#ifndef NO_SHA +WOLFSSL_LOCAL int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in, + word32 inSz, byte* digest); +#endif /* !NO_SHA */ + +#ifndef NO_SHA256 +WOLFSSL_LOCAL int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in, + word32 inSz, byte* digest); +#endif /* !NO_SHA256 */ +#ifndef NO_HMAC +WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, + word32 inSz, byte* digest); +#endif /* !NO_HMAC */ + +#ifndef WC_NO_RNG +WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz); +WOLFSSL_LOCAL int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz); +#endif + +#endif /* WOLF_CRYPTO_CB */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* _WOLF_CRYPTO_CB_H_ */ diff --git a/source/libwolfssl/wolfcrypt/curve25519.h b/source/libwolfssl/wolfcrypt/curve25519.h new file mode 100644 index 00000000..70d163cd --- /dev/null +++ b/source/libwolfssl/wolfcrypt/curve25519.h @@ -0,0 +1,159 @@ +/* curve25519.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/curve25519.h +*/ + + +#ifndef WOLF_CRYPT_CURVE25519_H +#define WOLF_CRYPT_CURVE25519_H + +#include + +#ifdef HAVE_CURVE25519 + +#include +#include + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +#define CURVE25519_KEYSIZE 32 + +/* curve25519 set type */ +typedef struct { + int size; /* The size of the curve in octets */ + const char* name; /* name of this curve */ +} curve25519_set_type; + + +/* ECC point, the internal structure is Little endian + * the mathematical functions used the endianess */ +typedef struct { + byte point[CURVE25519_KEYSIZE]; + #ifdef FREESCALE_LTC_ECC + byte pointY[CURVE25519_KEYSIZE]; + #endif +} ECPoint; + +/* A CURVE25519 Key */ +typedef struct curve25519_key { + int idx; /* Index into the ecc_sets[] for the parameters of + this curve if -1, this key is using user supplied + curve in dp */ + const curve25519_set_type* dp; /* domain parameters, either points to + curves (idx >= 0) or user supplied */ + ECPoint p; /* public key */ + ECPoint k; /* private key */ + +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif +} curve25519_key; + +enum { + EC25519_LITTLE_ENDIAN=0, + EC25519_BIG_ENDIAN=1 +}; + +WOLFSSL_API +int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); + +WOLFSSL_API +int wc_curve25519_shared_secret(curve25519_key* private_key, + curve25519_key* public_key, + byte* out, word32* outlen); + +WOLFSSL_API +int wc_curve25519_shared_secret_ex(curve25519_key* private_key, + curve25519_key* public_key, + byte* out, word32* outlen, int endian); + +WOLFSSL_API +int wc_curve25519_init(curve25519_key* key); + +WOLFSSL_API +void wc_curve25519_free(curve25519_key* key); + + +/* raw key helpers */ +WOLFSSL_API +int wc_curve25519_import_private(const byte* priv, word32 privSz, + curve25519_key* key); +WOLFSSL_API +int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, + curve25519_key* key, int endian); + +WOLFSSL_API +int wc_curve25519_import_private_raw(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, curve25519_key* key); +WOLFSSL_API +int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve25519_key* key, int endian); +WOLFSSL_API +int wc_curve25519_export_private_raw(curve25519_key* key, byte* out, + word32* outLen); +WOLFSSL_API +int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out, + word32* outLen, int endian); + +WOLFSSL_API +int wc_curve25519_import_public(const byte* in, word32 inLen, + curve25519_key* key); +WOLFSSL_API +int wc_curve25519_import_public_ex(const byte* in, word32 inLen, + curve25519_key* key, int endian); +WOLFSSL_API +int wc_curve25519_check_public(const byte* pub, word32 pubSz, int endian); + +WOLFSSL_API +int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_curve25519_export_public_ex(curve25519_key* key, byte* out, + word32* outLen, int endian); + +WOLFSSL_API +int wc_curve25519_export_key_raw(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); +WOLFSSL_API +int wc_curve25519_export_key_raw_ex(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz, + int endian); +/* size helper */ +WOLFSSL_API +int wc_curve25519_size(curve25519_key* key); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_CURVE25519 */ +#endif /* WOLF_CRYPT_CURVE25519_H */ + diff --git a/source/libwolfssl/wolfcrypt/des3.h b/source/libwolfssl/wolfcrypt/des3.h new file mode 100644 index 00000000..f30f5968 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/des3.h @@ -0,0 +1,158 @@ +/* des3.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/des3.h +*/ + +#ifndef WOLF_CRYPT_DES3_H +#define WOLF_CRYPT_DES3_H + +#include + +#ifndef NO_DES3 + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) +/* included for fips @wc_fips */ +#include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* these are required for FIPS and non-FIPS */ +enum { + DES_KEY_SIZE = 8, /* des */ + DES3_KEY_SIZE = 24, /* 3 des ede */ + DES_IV_SIZE = 8, /* should be the same as DES_BLOCK_SIZE */ +}; + + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +enum { + DES_ENC_TYPE = WC_CIPHER_DES, /* cipher unique type */ + DES3_ENC_TYPE = WC_CIPHER_DES3, /* cipher unique type */ + + DES_BLOCK_SIZE = 8, + DES_KS_SIZE = 32, /* internal DES key buffer size */ + + DES_ENCRYPTION = 0, + DES_DECRYPTION = 1 +}; + +#define DES_IVLEN 8 +#define DES_KEYLEN 8 +#define DES3_IVLEN 8 +#define DES3_KEYLEN 24 + + +#if defined(STM32_CRYPTO) +enum { + DES_CBC = 0, + DES_ECB = 1 +}; +#endif + + +/* DES encryption and decryption */ +typedef struct Des { + word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ + word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */ + word32 key[DES_KS_SIZE]; +} Des; + + +/* DES3 encryption and decryption */ +struct Des3 { + word32 key[3][DES_KS_SIZE]; + word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ + word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */ +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES) + WC_ASYNC_DEV asyncDev; +#endif +#if defined(WOLF_CRYPTO_CB) || \ + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) + word32 devKey[DES3_KEYLEN/sizeof(word32)]; /* raw key */ +#endif +#ifdef WOLF_CRYPTO_CB + int devId; + void* devCtx; +#endif + void* heap; +}; + +#ifndef WC_DES3_TYPE_DEFINED + typedef struct Des3 Des3; + #define WC_DES3_TYPE_DEFINED +#endif +#endif /* HAVE_FIPS */ + + +WOLFSSL_API int wc_Des_SetKey(Des* des, const byte* key, + const byte* iv, int dir); +WOLFSSL_API void wc_Des_SetIV(Des* des, const byte* iv); +WOLFSSL_API int wc_Des_CbcEncrypt(Des* des, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_Des_CbcDecrypt(Des* des, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_Des_EcbEncrypt(Des* des, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out, + const byte* in, word32 sz); + +/* ECB decrypt same process as encrypt but with decrypt key */ +#define wc_Des_EcbDecrypt wc_Des_EcbEncrypt +#define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt + +WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key, + const byte* iv,int dir); +WOLFSSL_API int wc_Des3_SetIV(Des3* des, const byte* iv); +WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out, + const byte* in,word32 sz); +WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out, + const byte* in,word32 sz); + +/* These are only required when using either: + static memory (WOLFSSL_STATIC_MEMORY) or asynchronous (WOLFSSL_ASYNC_CRYPT) */ +WOLFSSL_API int wc_Des3Init(Des3*, void*, int); +WOLFSSL_API void wc_Des3Free(Des3*); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_DES3 */ +#endif /* WOLF_CRYPT_DES3_H */ + diff --git a/source/libwolfssl/wolfcrypt/dh.h b/source/libwolfssl/wolfcrypt/dh.h new file mode 100644 index 00000000..07e16155 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/dh.h @@ -0,0 +1,131 @@ +/* dh.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/dh.h +*/ + +#ifndef WOLF_CRYPT_DH_H +#define WOLF_CRYPT_DH_H + +#include + +#ifndef NO_DH + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif +typedef struct DhParams { + #ifdef HAVE_FFDHE_Q + const byte* q; + word32 q_len; + #endif /* HAVE_FFDHE_Q */ + const byte* p; + word32 p_len; + const byte* g; + word32 g_len; +} DhParams; + +/* Diffie-Hellman Key */ +struct DhKey { + mp_int p, g, q; /* group parameters */ + void* heap; +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif +}; + +#ifndef WC_DH_TYPE_DEFINED + typedef struct DhKey DhKey; + #define WC_DH_TYPE_DEFINED +#endif + +#ifdef HAVE_FFDHE_2048 +WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void); +#endif +#ifdef HAVE_FFDHE_3072 +WOLFSSL_API const DhParams* wc_Dh_ffdhe3072_Get(void); +#endif +#ifdef HAVE_FFDHE_4096 +WOLFSSL_API const DhParams* wc_Dh_ffdhe4096_Get(void); +#endif +#ifdef HAVE_FFDHE_6144 +WOLFSSL_API const DhParams* wc_Dh_ffdhe6144_Get(void); +#endif +#ifdef HAVE_FFDHE_8192 +WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void); +#endif + +WOLFSSL_API int wc_InitDhKey(DhKey* key); +WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId); +WOLFSSL_API int wc_FreeDhKey(DhKey* key); + +WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, + word32* privSz, byte* pub, word32* pubSz); +WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, + const byte* priv, word32 privSz, const byte* otherPub, + word32 pubSz); + +WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, + word32); +WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, + word32 gSz); +WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, + const byte* g, word32 gSz, const byte* q, word32 qSz); +WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, + const byte* g, word32 gSz, const byte* q, word32 qSz, + int trusted, WC_RNG* rng); +WOLFSSL_API int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, + word32* pInOutSz, byte* g, word32* gInOutSz); +WOLFSSL_API int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz); +WOLFSSL_API int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz, + const byte* prime, word32 primeSz); +WOLFSSL_API int wc_DhCheckPubValue(const byte* prime, word32 primeSz, + const byte* pub, word32 pubSz); +WOLFSSL_API int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz); +WOLFSSL_API int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 pubSz, + const byte* prime, word32 primeSz); +WOLFSSL_API int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz, + const byte* priv, word32 privSz); +WOLFSSL_API int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh); +WOLFSSL_API int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz, + byte* q, word32* qSz, byte* g, word32* gSz); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_DH */ +#endif /* WOLF_CRYPT_DH_H */ + diff --git a/source/libwolfssl/wolfcrypt/dsa.h b/source/libwolfssl/wolfcrypt/dsa.h new file mode 100644 index 00000000..fe62e653 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/dsa.h @@ -0,0 +1,97 @@ +/* dsa.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/dsa.h +*/ + +#ifndef WOLF_CRYPT_DSA_H +#define WOLF_CRYPT_DSA_H + +#include + +#ifndef NO_DSA + +#include +#include + +/* for DSA reverse compatibility */ +#define InitDsaKey wc_InitDsaKey +#define FreeDsaKey wc_FreeDsaKey +#define DsaSign wc_DsaSign +#define DsaVerify wc_DsaVerify +#define DsaPublicKeyDecode wc_DsaPublicKeyDecode +#define DsaPrivateKeyDecode wc_DsaPrivateKeyDecode +#define DsaKeyToDer wc_DsaKeyToDer + +#ifdef __cplusplus + extern "C" { +#endif + + +enum { + DSA_PUBLIC = 0, + DSA_PRIVATE = 1 +}; + +/* DSA */ +typedef struct DsaKey { + mp_int p, q, g, y, x; + int type; /* public or private */ + void* heap; /* memory hint */ +} DsaKey; + +WOLFSSL_API int wc_InitDsaKey(DsaKey* key); +WOLFSSL_API int wc_InitDsaKey_h(DsaKey* key, void* h); +WOLFSSL_API void wc_FreeDsaKey(DsaKey* key); +WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, + DsaKey* key, WC_RNG* rng); +WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig, + DsaKey* key, int* answer); +WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, + DsaKey*, word32); +WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, + DsaKey*, word32); +WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen); + +#ifdef WOLFSSL_KEY_GEN +WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa); +WOLFSSL_API int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa); +#endif + +/* raw export functions */ +WOLFSSL_API int wc_DsaImportParamsRaw(DsaKey* dsa, const char* p, + const char* q, const char* g); +WOLFSSL_API int wc_DsaImportParamsRawCheck(DsaKey* dsa, const char* p, + const char* q, const char* g, + int trusted, WC_RNG* rng); +WOLFSSL_API int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz, + byte* q, word32* qSz, byte* g, + word32* gSz); +WOLFSSL_API int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, + word32* ySz); +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_DSA */ +#endif /* WOLF_CRYPT_DSA_H */ + diff --git a/source/libwolfssl/wolfcrypt/ecc.h b/source/libwolfssl/wolfcrypt/ecc.h new file mode 100644 index 00000000..0848c93b --- /dev/null +++ b/source/libwolfssl/wolfcrypt/ecc.h @@ -0,0 +1,720 @@ +/* ecc.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/ecc.h +*/ + + +#ifndef WOLF_CRYPT_ECC_H +#define WOLF_CRYPT_ECC_H + +#include + +#ifdef HAVE_ECC + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#include +#include + +#ifdef HAVE_X963_KDF + #include +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #include + #ifdef WOLFSSL_CERT_GEN + #include + #endif +#endif + +#ifdef WOLFSSL_ATECC508A + #include +#endif /* WOLFSSL_ATECC508A */ + +#if defined(WOLFSSL_CRYPTOCELL) + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +/* Enable curve B parameter if needed */ +#if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE) + #ifndef USE_ECC_B_PARAM /* Allow someone to force enable */ + #define USE_ECC_B_PARAM + #endif +#endif + + +/* Use this as the key->idx if a custom ecc_set is used for key->dp */ +#define ECC_CUSTOM_IDX (-1) + + +/* Determine max ECC bits based on enabled curves */ +#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) + #define MAX_ECC_BITS 521 +#elif defined(HAVE_ECC512) + #define MAX_ECC_BITS 512 +#elif defined(HAVE_ECC384) + #define MAX_ECC_BITS 384 +#elif defined(HAVE_ECC320) + #define MAX_ECC_BITS 320 +#elif !defined(NO_ECC256) + #define MAX_ECC_BITS 256 +#elif defined(HAVE_ECC239) + #define MAX_ECC_BITS 239 +#elif defined(HAVE_ECC224) + #define MAX_ECC_BITS 224 +#elif defined(HAVE_ECC192) + #define MAX_ECC_BITS 192 +#elif defined(HAVE_ECC160) + #define MAX_ECC_BITS 160 +#elif defined(HAVE_ECC128) + #define MAX_ECC_BITS 128 +#elif defined(HAVE_ECC112) + #define MAX_ECC_BITS 112 +#endif + +/* calculate max ECC bytes */ +#if ((MAX_ECC_BITS * 2) % 8) == 0 + #define MAX_ECC_BYTES (MAX_ECC_BITS / 8) +#else + /* add byte if not aligned */ + #define MAX_ECC_BYTES ((MAX_ECC_BITS / 8) + 1) +#endif + +#ifndef ECC_MAX_PAD_SZ + /* ECC maximum padding size (when MSB is set extra byte required for R and S) */ + #define ECC_MAX_PAD_SZ 2 +#endif + +enum { + ECC_PUBLICKEY = 1, + ECC_PRIVATEKEY = 2, + ECC_PRIVATEKEY_ONLY = 3, + ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */ + SIG_HEADER_SZ = 7, /* ECC signature header size (30 81 87 02 42 [R] 02 42 [S]) */ + ECC_BUFSIZE = 256, /* for exported keys temp buffer */ + ECC_MINSIZE = 20, /* MIN Private Key size */ + ECC_MAXSIZE = 66, /* MAX Private Key size */ + ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/ + ECC_MAX_OID_LEN = 16, + ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ), + + /* max crypto hardware size */ +#ifdef WOLFSSL_ATECC508A + ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ + ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), +#elif defined(PLUTON_CRYPTO_ECC) + ECC_MAX_CRYPTO_HW_SIZE = 32, +#elif defined(WOLFSSL_CRYPTOCELL) + #ifndef CRYPTOCELL_KEY_SIZE + CRYPTOCELL_KEY_SIZE = ECC_MAXSIZE, + #endif + ECC_MAX_CRYPTO_HW_SIZE = CRYPTOCELL_KEY_SIZE, +#endif + + /* point compression type */ + ECC_POINT_COMP_EVEN = 0x02, + ECC_POINT_COMP_ODD = 0x03, + ECC_POINT_UNCOMP = 0x04, + + /* Shamir's dual add constants */ + SHAMIR_PRECOMP_SZ = 16, + +#ifdef HAVE_PKCS11 + ECC_MAX_ID_LEN = 32, +#endif +}; + +/* Curve Types */ +typedef enum ecc_curve_id { + ECC_CURVE_INVALID = -1, + ECC_CURVE_DEF = 0, /* NIST or SECP */ + + /* NIST Prime Curves */ + ECC_SECP192R1, + ECC_PRIME192V2, + ECC_PRIME192V3, + ECC_PRIME239V1, + ECC_PRIME239V2, + ECC_PRIME239V3, + ECC_SECP256R1, + + /* SECP Curves */ + ECC_SECP112R1, + ECC_SECP112R2, + ECC_SECP128R1, + ECC_SECP128R2, + ECC_SECP160R1, + ECC_SECP160R2, + ECC_SECP224R1, + ECC_SECP384R1, + ECC_SECP521R1, + + /* Koblitz */ + ECC_SECP160K1, + ECC_SECP192K1, + ECC_SECP224K1, + ECC_SECP256K1, + + /* Brainpool Curves */ + ECC_BRAINPOOLP160R1, + ECC_BRAINPOOLP192R1, + ECC_BRAINPOOLP224R1, + ECC_BRAINPOOLP256R1, + ECC_BRAINPOOLP320R1, + ECC_BRAINPOOLP384R1, + ECC_BRAINPOOLP512R1, + + /* Twisted Edwards Curves */ +#ifdef HAVE_CURVE25519 + ECC_X25519, +#endif +#ifdef HAVE_X448 + ECC_X448, +#endif + +#ifdef WOLFSSL_CUSTOM_CURVES + ECC_CURVE_CUSTOM, +#endif +} ecc_curve_id; + +#ifdef HAVE_OID_ENCODING +typedef word16 ecc_oid_t; +#else +typedef byte ecc_oid_t; + /* OID encoded with ASN scheme: + first element = (oid[0] * 40) + oid[1] + if any element > 127 then MSB 0x80 indicates additional byte */ +#endif + +/* ECC set type defined a GF(p) curve */ +#ifndef USE_WINDOWS_API +typedef struct ecc_set_type { + int size; /* The size of the curve in octets */ + int id; /* id of this curve */ + const char* name; /* name of this curve */ + const char* prime; /* prime that defines the field, curve is in (hex) */ + const char* Af; /* fields A param (hex) */ + const char* Bf; /* fields B param (hex) */ + const char* order; /* order of the curve (hex) */ + const char* Gx; /* x coordinate of the base point on curve (hex) */ + const char* Gy; /* y coordinate of the base point on curve (hex) */ + const ecc_oid_t* oid; + word32 oidSz; + word32 oidSum; /* sum of encoded OID bytes */ + int cofactor; +} ecc_set_type; +#else +/* MSC does something different with the pointers to the arrays than GCC, + * and it causes the FIPS checksum to fail. In the case of windows builds, + * store everything as arrays instead of pointers to strings. */ + +#define MAX_ECC_NAME 16 +#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1) + /* The values are stored as text strings. */ + +typedef struct ecc_set_type { + int size; /* The size of the curve in octets */ + int id; /* id of this curve */ + const char name[MAX_ECC_NAME]; /* name of this curve */ + const char prime[MAX_ECC_STRING]; /* prime that defines the field, curve is in (hex) */ + const char Af[MAX_ECC_STRING]; /* fields A param (hex) */ + const char Bf[MAX_ECC_STRING]; /* fields B param (hex) */ + const char order[MAX_ECC_STRING]; /* order of the curve (hex) */ + const char Gx[MAX_ECC_STRING]; /* x coordinate of the base point on curve (hex) */ + const char Gy[MAX_ECC_STRING]; /* y coordinate of the base point on curve (hex) */ + const ecc_oid_t oid[10]; + word32 oidSz; + word32 oidSum; /* sum of encoded OID bytes */ + int cofactor; +} ecc_set_type; +#endif + + +#ifdef ALT_ECC_SIZE + +/* Note on ALT_ECC_SIZE: + * The fast math code uses an array of a fixed size to store the big integers. + * By default, the array is big enough for RSA keys. There is a size, + * FP_MAX_BITS which can be used to make the array smaller when one wants ECC + * but not RSA. Some people want fast math sized for both RSA and ECC, where + * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate + * ecc_point structure that uses an alternate fp_int that has a shorter array + * of fp_digits. + * + * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of + * mp_ints for the components of the point. With ALT_ECC_SIZE, the components + * of the point are pointers that are set to each of a three item array of + * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the + * structure, the alt_fp_int will only have 528 bits. A size value was added + * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The + * functions fp_zero() and fp_copy() use the size parameter. An int needs to + * be initialized before using it instead of just fp_zeroing it, the init will + * call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the + * number of bits used in the alternate FP_INT. + * + * Do not enable ALT_ECC_SIZE and disable fast math in the configuration. + */ + +#ifndef USE_FAST_MATH + #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE +#endif + +/* determine max bits required for ECC math */ +#ifndef FP_MAX_BITS_ECC + /* check alignment */ + #if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0 + /* max bits is double */ + #define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2) + #else + /* max bits is doubled, plus one digit of fudge */ + #define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT) + #endif +#else + /* verify alignment */ + #if FP_MAX_BITS_ECC % CHAR_BIT + #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT + #endif +#endif + +/* determine buffer size */ +#define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT) + + +/* This needs to match the size of the fp_int struct, except the + * fp_digit array will be shorter. */ +typedef struct alt_fp_int { + int used, sign, size; + mp_digit dp[FP_SIZE_ECC]; +} alt_fp_int; +#endif /* ALT_ECC_SIZE */ + +#ifndef WC_ECCKEY_TYPE_DEFINED + typedef struct ecc_key ecc_key; + #define WC_ECCKEY_TYPE_DEFINED +#endif + + +/* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) => + (x/z^2, y/z^3, 1) when interpreted as affine */ +typedef struct { +#ifndef ALT_ECC_SIZE + mp_int x[1]; /* The x coordinate */ + mp_int y[1]; /* The y coordinate */ + mp_int z[1]; /* The z coordinate */ +#else + mp_int* x; /* The x coordinate */ + mp_int* y; /* The y coordinate */ + mp_int* z; /* The z coordinate */ + alt_fp_int xyz[3]; +#endif +#ifdef WOLFSSL_SMALL_STACK_CACHE + ecc_key* key; +#endif +} ecc_point; + +/* ECC Flags */ +enum { + WC_ECC_FLAG_NONE = 0x00, +#ifdef HAVE_ECC_CDH + WC_ECC_FLAG_COFACTOR = 0x01, +#endif +}; + +/* An ECC Key */ +struct ecc_key { + int type; /* Public or Private */ + int idx; /* Index into the ecc_sets[] for the parameters of + this curve if -1, this key is using user supplied + curve in dp */ + int state; + word32 flags; + const ecc_set_type* dp; /* domain parameters, either points to NIST + curves (idx >= 0) or user supplied */ +#ifdef WOLFSSL_CUSTOM_CURVES + int deallocSet; +#endif + void* heap; /* heap hint */ + ecc_point pubkey; /* public key */ + mp_int k; /* private key */ +#ifdef WOLFSSL_ATECC508A + int slot; /* Key Slot Number (-1 unknown) */ + byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; +#endif +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_CB) + int devId; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + mp_int* r; /* sign/verify temps */ + mp_int* s; + WC_ASYNC_DEV asyncDev; + #ifdef HAVE_CAVIUM_V + mp_int* e; /* Sign, Verify and Shared Secret */ + mp_int* signK; + #endif + #ifdef WOLFSSL_CERT_GEN + CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ + #endif +#endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef HAVE_PKCS11 + byte id[ECC_MAX_ID_LEN]; + int idLen; +#endif +#if defined(WOLFSSL_CRYPTOCELL) + ecc_context_t ctx; +#endif + +#ifdef WOLFSSL_SMALL_STACK_CACHE + mp_int* t1; + mp_int* t2; +#ifdef ALT_ECC_SIZE + mp_int* x; + mp_int* y; + mp_int* z; +#endif +#endif +}; + + +/* ECC predefined curve sets */ +extern const ecc_set_type ecc_sets[]; + +WOLFSSL_API +const char* wc_ecc_get_name(int curve_id); + +#ifndef WOLFSSL_ATECC508A + +#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL + #define ECC_API WOLFSSL_API +#else + #define ECC_API WOLFSSL_LOCAL +#endif + +ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA, + ecc_point* B, mp_int* kB, + ecc_point* C, mp_int* a, mp_int* modulus, void* heap); + +ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit); +ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, + mp_int* a, mp_int* modulus, mp_digit mp); +ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, + mp_int* modulus, mp_digit mp); + +#endif + +WOLFSSL_API +int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); +WOLFSSL_API +int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, + int curve_id); +WOLFSSL_API +int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); +WOLFSSL_API +int wc_ecc_check_key(ecc_key* key); +WOLFSSL_API +int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime); + +#ifdef HAVE_ECC_DHE +WOLFSSL_API +int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, + word32* outlen); +WOLFSSL_LOCAL +int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point, + byte* out, word32 *outlen); +WOLFSSL_API +int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, + byte* out, word32 *outlen); + +#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) +#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret +#else +#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */ +#endif + +#endif /* HAVE_ECC_DHE */ + +#ifdef HAVE_ECC_SIGN +WOLFSSL_API +int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, + WC_RNG* rng, ecc_key* key); +WOLFSSL_API +int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, + ecc_key* key, mp_int *r, mp_int *s); +#endif /* HAVE_ECC_SIGN */ + +#ifdef HAVE_ECC_VERIFY +WOLFSSL_API +int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, + word32 hashlen, int* stat, ecc_key* key); +WOLFSSL_API +int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, + word32 hashlen, int* stat, ecc_key* key); +#endif /* HAVE_ECC_VERIFY */ + +WOLFSSL_API +int wc_ecc_init(ecc_key* key); +WOLFSSL_API +int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); +#ifdef HAVE_PKCS11 +WOLFSSL_API +int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, + int devId); +#endif +#ifdef WOLFSSL_CUSTOM_CURVES +WOLFSSL_LOCAL +void wc_ecc_free_curve(const ecc_set_type* curve, void* heap); +#endif +WOLFSSL_API +int wc_ecc_free(ecc_key* key); +WOLFSSL_API +int wc_ecc_set_flags(ecc_key* key, word32 flags); +WOLFSSL_API +void wc_ecc_fp_free(void); + +WOLFSSL_API +int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); + +WOLFSSL_API +int wc_ecc_is_valid_idx(int n); +WOLFSSL_API +int wc_ecc_get_curve_idx(int curve_id); +WOLFSSL_API +int wc_ecc_get_curve_id(int curve_idx); +#define wc_ecc_get_curve_name_from_id wc_ecc_get_name +WOLFSSL_API +int wc_ecc_get_curve_size_from_id(int curve_id); + +WOLFSSL_API +int wc_ecc_get_curve_idx_from_name(const char* curveName); +WOLFSSL_API +int wc_ecc_get_curve_size_from_name(const char* curveName); +WOLFSSL_API +int wc_ecc_get_curve_id_from_name(const char* curveName); +WOLFSSL_API +int wc_ecc_get_curve_id_from_params(int fieldSize, + const byte* prime, word32 primeSz, const byte* Af, word32 AfSz, + const byte* Bf, word32 BfSz, const byte* order, word32 orderSz, + const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor); +WOLFSSL_API +int wc_ecc_get_curve_id_from_dp_params(const ecc_set_type* dp); + +WOLFSSL_API +int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len); + +WOLFSSL_API const ecc_set_type* wc_ecc_get_curve_params(int curve_idx); + +WOLFSSL_API +ecc_point* wc_ecc_new_point(void); +WOLFSSL_API +ecc_point* wc_ecc_new_point_h(void* h); +WOLFSSL_API +void wc_ecc_del_point(ecc_point* p); +WOLFSSL_API +void wc_ecc_del_point_h(ecc_point* p, void* h); +WOLFSSL_API +int wc_ecc_copy_point(ecc_point* p, ecc_point *r); +WOLFSSL_API +int wc_ecc_cmp_point(ecc_point* a, ecc_point *b); +WOLFSSL_API +int wc_ecc_point_is_at_infinity(ecc_point *p); + +#ifndef WOLFSSL_ATECC508A +WOLFSSL_API +int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, + mp_int* a, mp_int* modulus, int map); +WOLFSSL_LOCAL +int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, + mp_int* a, mp_int* modulus, int map, void* heap); +#endif /* !WOLFSSL_ATECC508A */ + + +#ifdef HAVE_ECC_KEY_EXPORT +/* ASN key helpers */ +WOLFSSL_API +int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen); +WOLFSSL_API +int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed); + /* extended functionality with compressed option */ +#endif /* HAVE_ECC_KEY_EXPORT */ + +#ifdef HAVE_ECC_KEY_IMPORT +WOLFSSL_API +int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key); +WOLFSSL_API +int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, + int curve_id); +WOLFSSL_API +int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, + word32 pubSz, ecc_key* key); +WOLFSSL_API +int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, ecc_key* key, int curve_id); +WOLFSSL_API +int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen); +WOLFSSL_API +int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, + byte* out, word32* outlen); +WOLFSSL_API +int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen, + byte* s, word32* sLen); +WOLFSSL_API +int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, + const char* d, const char* curveName); +WOLFSSL_API +int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy, + const char* d, int curve_id); +WOLFSSL_API +int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy, + byte* d, int curve_id); +#endif /* HAVE_ECC_KEY_IMPORT */ + +#ifdef HAVE_ECC_KEY_EXPORT +WOLFSSL_API +int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, + byte* qy, word32* qyLen, byte* d, word32* dLen, + int encType); +WOLFSSL_API +int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen, + byte* qy, word32* qyLen); +WOLFSSL_API +int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen, + byte* qy, word32* qyLen, byte* d, word32* dLen); +#endif /* HAVE_ECC_KEY_EXPORT */ + +#ifdef HAVE_ECC_KEY_EXPORT + +WOLFSSL_API +int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, + byte* out, word32* outLen); +#endif /* HAVE_ECC_KEY_EXPORT */ + + +#ifdef HAVE_ECC_KEY_IMPORT +WOLFSSL_API +int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, + ecc_point* point); +#endif /* HAVE_ECC_KEY_IMPORT */ + +/* size helper */ +WOLFSSL_API +int wc_ecc_size(ecc_key* key); +WOLFSSL_API +int wc_ecc_sig_size_calc(int sz); +WOLFSSL_API +int wc_ecc_sig_size(ecc_key* key); + +WOLFSSL_API +int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz); + +#ifdef WOLFSSL_CUSTOM_CURVES + WOLFSSL_API + int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp); +#endif + +#ifdef HAVE_ECC_ENCRYPT +/* ecc encrypt */ + +enum ecEncAlgo { + ecAES_128_CBC = 1, /* default */ + ecAES_256_CBC = 2 +}; + +enum ecKdfAlgo { + ecHKDF_SHA256 = 1, /* default */ + ecHKDF_SHA1 = 2 +}; + +enum ecMacAlgo { + ecHMAC_SHA256 = 1, /* default */ + ecHMAC_SHA1 = 2 +}; + +enum { + KEY_SIZE_128 = 16, + KEY_SIZE_256 = 32, + IV_SIZE_64 = 8, + IV_SIZE_128 = 16, + EXCHANGE_SALT_SZ = 16, + EXCHANGE_INFO_SZ = 23 +}; + +enum ecFlags { + REQ_RESP_CLIENT = 1, + REQ_RESP_SERVER = 2 +}; + + +typedef struct ecEncCtx ecEncCtx; + +WOLFSSL_API +ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); +WOLFSSL_API +ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap); +WOLFSSL_API +void wc_ecc_ctx_free(ecEncCtx*); +WOLFSSL_API +int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */ + +WOLFSSL_API +const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*); +WOLFSSL_API +int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt); +WOLFSSL_API +int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz); + +WOLFSSL_API +int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, + word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); +WOLFSSL_API +int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, + word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); + +#endif /* HAVE_ECC_ENCRYPT */ + +#ifdef HAVE_X963_KDF +WOLFSSL_API int wc_X963_KDF(enum wc_HashType type, const byte* secret, + word32 secretSz, const byte* sinfo, word32 sinfoSz, + byte* out, word32 outSz); +#endif + +#ifdef ECC_CACHE_CURVE +WOLFSSL_API int wc_ecc_curve_cache_init(void); +WOLFSSL_API void wc_ecc_curve_cache_free(void); +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_ECC */ +#endif /* WOLF_CRYPT_ECC_H */ diff --git a/source/libwolfssl/wolfcrypt/ed25519.h b/source/libwolfssl/wolfcrypt/ed25519.h new file mode 100644 index 00000000..0e00368e --- /dev/null +++ b/source/libwolfssl/wolfcrypt/ed25519.h @@ -0,0 +1,169 @@ +/* ed25519.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/ed25519.h +*/ + + +#ifndef WOLF_CRYPT_ED25519_H +#define WOLF_CRYPT_ED25519_H + +#include + +#ifdef HAVE_ED25519 + +#include +#include +#include +#include + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +/* info about EdDSA curve specifically ed25519, defined as an elliptic curve + over GF(p) */ +/* + 32, key size + "ED25519", curve name + "2^255-19", prime number + "SHA512", hash function + "-121665/121666", value of d +*/ + +#define ED25519_KEY_SIZE 32 /* private key only */ +#define ED25519_SIG_SIZE 64 + +#define ED25519_PUB_KEY_SIZE 32 /* compressed */ +/* both private and public key */ +#define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE) + + +enum { + Ed25519 = -1, + Ed25519ctx = 0, + Ed25519ph = 1, +}; + +#ifndef WC_ED25519KEY_TYPE_DEFINED + typedef struct ed25519_key ed25519_key; + #define WC_ED25519KEY_TYPE_DEFINED +#endif + +/* An ED25519 Key */ +struct ed25519_key { + byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */ + byte k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */ +#ifdef FREESCALE_LTC_ECC + /* uncompressed point coordinates */ + byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */ + byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ +#endif + word16 pubKeySet:1; +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif +}; + + +WOLFSSL_API +int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey, + word32 pubKeySz); +WOLFSSL_API +int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key); +WOLFSSL_API +int wc_ed25519_sign_msg(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed25519_key* key); +WOLFSSL_API +int wc_ed25519ctx_sign_msg(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed25519_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed25519ph_sign_hash(const byte* hash, word32 hashLen, byte* out, + word32 *outLen, ed25519_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed25519_key* key, const byte* context, + byte contextLen); +WOLFSSL_API +int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* stat, ed25519_key* key); +WOLFSSL_API +int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* stat, ed25519_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash, + word32 hashLen, int* stat, ed25519_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, + word32 msgLen, int* stat, ed25519_key* key, + const byte* context, byte contextLen); +WOLFSSL_API +int wc_ed25519_init(ed25519_key* key); +WOLFSSL_API +void wc_ed25519_free(ed25519_key* key); +WOLFSSL_API +int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); +WOLFSSL_API +int wc_ed25519_import_private_only(const byte* priv, word32 privSz, + ed25519_key* key); +WOLFSSL_API +int wc_ed25519_import_private_key(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, ed25519_key* key); +WOLFSSL_API +int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed25519_export_key(ed25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); + +int wc_ed25519_check_key(ed25519_key* key); + +/* size helper */ +WOLFSSL_API +int wc_ed25519_size(ed25519_key* key); +WOLFSSL_API +int wc_ed25519_priv_size(ed25519_key* key); +WOLFSSL_API +int wc_ed25519_pub_size(ed25519_key* key); +WOLFSSL_API +int wc_ed25519_sig_size(ed25519_key* key); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_ED25519 */ +#endif /* WOLF_CRYPT_ED25519_H */ + diff --git a/source/libwolfssl/wolfcrypt/error-crypt.h b/source/libwolfssl/wolfcrypt/error-crypt.h new file mode 100644 index 00000000..525141bf --- /dev/null +++ b/source/libwolfssl/wolfcrypt/error-crypt.h @@ -0,0 +1,252 @@ +/* error-crypt.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/error-crypt.h +*/ + +#ifndef WOLF_CRYPT_ERROR_H +#define WOLF_CRYPT_ERROR_H + +#include + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + #include +#endif /* HAVE_FIPS V1 */ + +#ifdef __cplusplus + extern "C" { +#endif + + +/* error codes, add string for new errors !!! */ +enum { + MAX_CODE_E = -100, /* errors -101 - -299 */ + OPEN_RAN_E = -101, /* opening random device error */ + READ_RAN_E = -102, /* reading random device error */ + WINCRYPT_E = -103, /* windows crypt init error */ + CRYPTGEN_E = -104, /* windows crypt generation error */ + RAN_BLOCK_E = -105, /* reading random device would block */ + BAD_MUTEX_E = -106, /* Bad mutex operation */ + WC_TIMEOUT_E = -107, /* timeout error */ + WC_PENDING_E = -108, /* wolfCrypt operation pending (would block) */ + WC_NOT_PENDING_E = -109, /* wolfCrypt operation not pending */ + + MP_INIT_E = -110, /* mp_init error state */ + MP_READ_E = -111, /* mp_read error state */ + MP_EXPTMOD_E = -112, /* mp_exptmod error state */ + MP_TO_E = -113, /* mp_to_xxx error state, can't convert */ + MP_SUB_E = -114, /* mp_sub error state, can't subtract */ + MP_ADD_E = -115, /* mp_add error state, can't add */ + MP_MUL_E = -116, /* mp_mul error state, can't multiply */ + MP_MULMOD_E = -117, /* mp_mulmod error state, can't multiply mod */ + MP_MOD_E = -118, /* mp_mod error state, can't mod */ + MP_INVMOD_E = -119, /* mp_invmod error state, can't inv mod */ + MP_CMP_E = -120, /* mp_cmp error state */ + MP_ZERO_E = -121, /* got a mp zero result, not expected */ + + MEMORY_E = -125, /* out of memory error */ + VAR_STATE_CHANGE_E = -126, /* var state modified by different thread */ + + RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */ + RSA_BUFFER_E = -131, /* RSA buffer error, output too small or + input too large */ + BUFFER_E = -132, /* output buffer too small or input too large */ + ALGO_ID_E = -133, /* setting algo id error */ + PUBLIC_KEY_E = -134, /* setting public key error */ + DATE_E = -135, /* setting date validity error */ + SUBJECT_E = -136, /* setting subject name error */ + ISSUER_E = -137, /* setting issuer name error */ + CA_TRUE_E = -138, /* setting CA basic constraint true error */ + EXTENSIONS_E = -139, /* setting extensions error */ + + ASN_PARSE_E = -140, /* ASN parsing error, invalid input */ + ASN_VERSION_E = -141, /* ASN version error, invalid number */ + ASN_GETINT_E = -142, /* ASN get big int error, invalid data */ + ASN_RSA_KEY_E = -143, /* ASN key init error, invalid input */ + ASN_OBJECT_ID_E = -144, /* ASN object id error, invalid id */ + ASN_TAG_NULL_E = -145, /* ASN tag error, not null */ + ASN_EXPECT_0_E = -146, /* ASN expect error, not zero */ + ASN_BITSTR_E = -147, /* ASN bit string error, wrong id */ + ASN_UNKNOWN_OID_E = -148, /* ASN oid error, unknown sum id */ + ASN_DATE_SZ_E = -149, /* ASN date error, bad size */ + ASN_BEFORE_DATE_E = -150, /* ASN date error, current date before */ + ASN_AFTER_DATE_E = -151, /* ASN date error, current date after */ + ASN_SIG_OID_E = -152, /* ASN signature error, mismatched oid */ + ASN_TIME_E = -153, /* ASN time error, unknown time type */ + ASN_INPUT_E = -154, /* ASN input error, not enough data */ + ASN_SIG_CONFIRM_E = -155, /* ASN sig error, confirm failure */ + ASN_SIG_HASH_E = -156, /* ASN sig error, unsupported hash type */ + ASN_SIG_KEY_E = -157, /* ASN sig error, unsupported key type */ + ASN_DH_KEY_E = -158, /* ASN key init error, invalid input */ + ASN_NTRU_KEY_E = -159, /* ASN ntru key decode error, invalid input */ + ASN_CRIT_EXT_E = -160, /* ASN unsupported critical extension */ + ASN_ALT_NAME_E = -161, /* ASN alternate name error */ + ASN_NO_PEM_HEADER = -162, /* ASN no PEM header found */ + + ECC_BAD_ARG_E = -170, /* ECC input argument of wrong type */ + ASN_ECC_KEY_E = -171, /* ASN ECC bad input */ + ECC_CURVE_OID_E = -172, /* Unsupported ECC OID curve type */ + BAD_FUNC_ARG = -173, /* Bad function argument provided */ + NOT_COMPILED_IN = -174, /* Feature not compiled in */ + UNICODE_SIZE_E = -175, /* Unicode password too big */ + NO_PASSWORD = -176, /* no password provided by user */ + ALT_NAME_E = -177, /* alt name size problem, too big */ + BAD_OCSP_RESPONDER = -178, /* missing key usage extensions */ + + AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */ + AES_CCM_AUTH_E = -181, /* AES-CCM Authentication check failure */ + + ASYNC_INIT_E = -182, /* Async Init type error */ + + COMPRESS_INIT_E = -183, /* Compress init error */ + COMPRESS_E = -184, /* Compress error */ + DECOMPRESS_INIT_E = -185, /* DeCompress init error */ + DECOMPRESS_E = -186, /* DeCompress error */ + + BAD_ALIGN_E = -187, /* Bad alignment for operation, no alloc */ + ASN_NO_SIGNER_E = -188, /* ASN no signer to confirm failure */ + ASN_CRL_CONFIRM_E = -189, /* ASN CRL signature confirm failure */ + ASN_CRL_NO_SIGNER_E = -190, /* ASN CRL no signer to confirm failure */ + ASN_OCSP_CONFIRM_E = -191, /* ASN OCSP signature confirm failure */ + + BAD_STATE_E = -192, /* Bad state operation */ + BAD_PADDING_E = -193, /* Bad padding, msg not correct length */ + + REQ_ATTRIBUTE_E = -194, /* setting cert request attributes error */ + + PKCS7_OID_E = -195, /* PKCS#7, mismatched OID error */ + PKCS7_RECIP_E = -196, /* PKCS#7, recipient error */ + FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */ + ASN_NAME_INVALID_E = -198, /* ASN name constraint error */ + + RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */ + HMAC_MIN_KEYLEN_E = -200, /* FIPS Mode HMAC Minimum Key Length error */ + RSA_PAD_E = -201, /* RSA Padding Error */ + LENGTH_ONLY_E = -202, /* Returning output length only */ + + IN_CORE_FIPS_E = -203, /* In Core Integrity check failure */ + AES_KAT_FIPS_E = -204, /* AES KAT failure */ + DES3_KAT_FIPS_E = -205, /* DES3 KAT failure */ + HMAC_KAT_FIPS_E = -206, /* HMAC KAT failure */ + RSA_KAT_FIPS_E = -207, /* RSA KAT failure */ + DRBG_KAT_FIPS_E = -208, /* HASH DRBG KAT failure */ + DRBG_CONT_FIPS_E = -209, /* HASH DRBG Continuous test failure */ + AESGCM_KAT_FIPS_E = -210, /* AESGCM KAT failure */ + THREAD_STORE_KEY_E = -211, /* Thread local storage key create failure */ + THREAD_STORE_SET_E = -212, /* Thread local storage key set failure */ + + MAC_CMP_FAILED_E = -213, /* MAC comparison failed */ + IS_POINT_E = -214, /* ECC is point on curve failed */ + ECC_INF_E = -215, /* ECC point infinity error */ + ECC_PRIV_KEY_E = -216, /* ECC private key not valid error */ + ECC_OUT_OF_RANGE_E = -217, /* ECC key component out of range */ + + SRP_CALL_ORDER_E = -218, /* SRP function called in the wrong order. */ + SRP_VERIFY_E = -219, /* SRP proof verification failed. */ + SRP_BAD_KEY_E = -220, /* SRP bad ephemeral values. */ + + ASN_NO_SKID = -221, /* ASN no Subject Key Identifier found */ + ASN_NO_AKID = -222, /* ASN no Authority Key Identifier found */ + ASN_NO_KEYUSAGE = -223, /* ASN no Key Usage found */ + SKID_E = -224, /* setting Subject Key Identifier error */ + AKID_E = -225, /* setting Authority Key Identifier error */ + KEYUSAGE_E = -226, /* Bad Key Usage value */ + CERTPOLICIES_E = -227, /* setting Certificate Policies error */ + + WC_INIT_E = -228, /* wolfcrypt failed to initialize */ + SIG_VERIFY_E = -229, /* wolfcrypt signature verify error */ + BAD_COND_E = -230, /* Bad condition variable operation */ + SIG_TYPE_E = -231, /* Signature Type not enabled/available */ + HASH_TYPE_E = -232, /* Hash Type not enabled/available */ + + WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */ + ASN_COUNTRY_SIZE_E = -235, /* ASN Cert Gen, invalid country code size */ + MISSING_RNG_E = -236, /* RNG required but not provided */ + ASN_PATHLEN_SIZE_E = -237, /* ASN CA path length too large error */ + ASN_PATHLEN_INV_E = -238, /* ASN CA path length inversion error */ + + BAD_KEYWRAP_ALG_E = -239, + BAD_KEYWRAP_IV_E = -240, /* Decrypted AES key wrap IV incorrect */ + WC_CLEANUP_E = -241, /* wolfcrypt cleanup failed */ + ECC_CDH_KAT_FIPS_E = -242, /* ECC CDH Known Answer Test failure */ + DH_CHECK_PUB_E = -243, /* DH Check Pub Key error */ + BAD_PATH_ERROR = -244, /* Bad path for opendir */ + + ASYNC_OP_E = -245, /* Async operation error */ + + ECC_PRIVATEONLY_E = -246, /* Invalid use of private only ECC key*/ + EXTKEYUSAGE_E = -247, /* Bad Extended Key Usage value */ + WC_HW_E = -248, /* Error with hardware crypto use */ + WC_HW_WAIT_E = -249, /* Hardware waiting on resource */ + + PSS_SALTLEN_E = -250, /* PSS length of salt is to long for hash */ + PRIME_GEN_E = -251, /* Failure finding a prime. */ + BER_INDEF_E = -252, /* Cannot decode indefinite length BER. */ + RSA_OUT_OF_RANGE_E = -253, /* Ciphertext to decrypt out of range. */ + RSAPSS_PAT_FIPS_E = -254, /* RSA-PSS PAT failure */ + ECDSA_PAT_FIPS_E = -255, /* ECDSA PAT failure */ + DH_KAT_FIPS_E = -256, /* DH KAT failure */ + AESCCM_KAT_FIPS_E = -257, /* AESCCM KAT failure */ + SHA3_KAT_FIPS_E = -258, /* SHA-3 KAT failure */ + ECDHE_KAT_FIPS_E = -259, /* ECDHE KAT failure */ + AES_GCM_OVERFLOW_E = -260, /* AES-GCM invocation counter overflow. */ + AES_CCM_OVERFLOW_E = -261, /* AES-CCM invocation counter overflow. */ + RSA_KEY_PAIR_E = -262, /* RSA Key Pair-Wise Consistency check fail. */ + DH_CHECK_PRIV_E = -263, /* DH Check Priv Key error */ + + WC_AFALG_SOCK_E = -264, /* AF_ALG socket error */ + WC_DEVCRYPTO_E = -265, /* /dev/crypto error */ + + ZLIB_INIT_ERROR = -266, /* zlib init error */ + ZLIB_COMPRESS_ERROR = -267, /* zlib compression error */ + ZLIB_DECOMPRESS_ERROR = -268, /* zlib decompression error */ + + PKCS7_NO_SIGNER_E = -269, /* No signer in PKCS#7 signed data msg */ + WC_PKCS7_WANT_READ_E= -270, /* PKCS7 operations wants more input */ + + CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */ + PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */ + + WC_LAST_E = -272, /* Update this to indicate last error */ + MIN_CODE_E = -300 /* errors -101 - -299 */ + + /* add new companion error id strings for any new error codes + wolfcrypt/src/error.c !!! */ +}; + + +#ifdef NO_ERROR_STRINGS + #define wc_GetErrorString(error) "no support for error strings built in" + #define wc_ErrorString(err, buf) \ + (void)err; XSTRNCPY((buf), wc_GetErrorString((err)), \ + WOLFSSL_MAX_ERROR_SZ); + +#else +WOLFSSL_API void wc_ErrorString(int err, char* buff); +WOLFSSL_API const char* wc_GetErrorString(int error); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif +#endif /* WOLF_CRYPT_ERROR_H */ diff --git a/source/libwolfssl/wolfcrypt/fe_operations.h b/source/libwolfssl/wolfcrypt/fe_operations.h new file mode 100644 index 00000000..1d4624ec --- /dev/null +++ b/source/libwolfssl/wolfcrypt/fe_operations.h @@ -0,0 +1,210 @@ +/* fe_operations.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_FE_OPERATIONS_H +#define WOLF_CRYPT_FE_OPERATIONS_H + +#include + +#if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) + +#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) + #include +#endif + +#include + +#if defined(USE_INTEL_SPEEDUP) && !defined(NO_CURVED25519_X64) + #define CURVED25519_X64 +#elif defined(HAVE___UINT128_T) && !defined(NO_CURVED25519_128BIT) + #define CURVED25519_128BIT +#endif + +#if defined(CURVED25519_X64) + #define CURVED25519_ASM_64BIT + #define CURVED25519_ASM +#endif +#if defined(WOLFSSL_ARMASM) + #ifdef __aarch64__ + #define CURVED25519_ASM_64BIT + #else + #define CURVED25519_ASM_32BIT + #endif + #define CURVED25519_ASM +#endif + +/* +fe means field element. +Here the field is \Z/(2^255-19). +An element t, entries t[0]...t[9], represents the integer +t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. +Bounds on each t[i] vary depending on context. +*/ + +#ifdef __cplusplus + extern "C" { +#endif + +#if defined(CURVE25519_SMALL) || defined(ED25519_SMALL) + #define F25519_SIZE 32 + + WOLFSSL_LOCAL void lm_copy(byte*, const byte*); + WOLFSSL_LOCAL void lm_add(byte*, const byte*, const byte*); + WOLFSSL_LOCAL void lm_sub(byte*, const byte*, const byte*); + WOLFSSL_LOCAL void lm_neg(byte*,const byte*); + WOLFSSL_LOCAL void lm_invert(byte*, const byte*); + WOLFSSL_LOCAL void lm_mul(byte*,const byte*,const byte*); +#endif + + +#if !defined(FREESCALE_LTC_ECC) +WOLFSSL_LOCAL void fe_init(void); + +WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p); +#endif + +/* default to be faster but take more memory */ +#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) + +#ifdef CURVED25519_ASM_64BIT + typedef int64_t fe[4]; +#elif defined(CURVED25519_ASM_32BIT) + typedef int32_t fe[8]; +#elif defined(CURVED25519_128BIT) + typedef int64_t fe[5]; +#else + typedef int32_t fe[10]; +#endif + +WOLFSSL_LOCAL void fe_copy(fe, const fe); +WOLFSSL_LOCAL void fe_add(fe, const fe, const fe); +WOLFSSL_LOCAL void fe_neg(fe,const fe); +WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe); +WOLFSSL_LOCAL void fe_invert(fe, const fe); +WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe); + + +/* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10 + work. */ + +WOLFSSL_LOCAL void fe_0(fe); +WOLFSSL_LOCAL void fe_1(fe); +WOLFSSL_LOCAL int fe_isnonzero(const fe); +WOLFSSL_LOCAL int fe_isnegative(const fe); +WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe); +WOLFSSL_LOCAL void fe_sq(fe, const fe); +WOLFSSL_LOCAL void fe_sq2(fe,const fe); +WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *); +WOLFSSL_LOCAL void fe_cswap(fe, fe, int); +WOLFSSL_LOCAL void fe_mul121666(fe,fe); +WOLFSSL_LOCAL void fe_cmov(fe,const fe, int); +WOLFSSL_LOCAL void fe_pow22523(fe,const fe); + +/* 64 type needed for SHA512 */ +WOLFSSL_LOCAL uint64_t load_3(const unsigned char *in); +WOLFSSL_LOCAL uint64_t load_4(const unsigned char *in); + +#ifdef CURVED25519_ASM +WOLFSSL_LOCAL void fe_ge_to_p2(fe rx, fe ry, fe rz, const fe px, const fe py, + const fe pz, const fe pt); +WOLFSSL_LOCAL void fe_ge_to_p3(fe rx, fe ry, fe rz, fe rt, const fe px, + const fe py, const fe pz, const fe pt); +WOLFSSL_LOCAL void fe_ge_dbl(fe rx, fe ry, fe rz, fe rt, const fe px, + const fe py, const fe pz); +WOLFSSL_LOCAL void fe_ge_madd(fe rx, fe ry, fe rz, fe rt, const fe px, + const fe py, const fe pz, const fe pt, + const fe qxy2d, const fe qyplusx, + const fe qyminusx); +WOLFSSL_LOCAL void fe_ge_msub(fe rx, fe ry, fe rz, fe rt, const fe px, + const fe py, const fe pz, const fe pt, + const fe qxy2d, const fe qyplusx, + const fe qyminusx); +WOLFSSL_LOCAL void fe_ge_add(fe rx, fe ry, fe rz, fe rt, const fe px, + const fe py, const fe pz, const fe pt, const fe qz, + const fe qt2d, const fe qyplusx, + const fe qyminusx); +WOLFSSL_LOCAL void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, + const fe py, const fe pz, const fe pt, const fe qz, + const fe qt2d, const fe qyplusx, + const fe qyminusx); +WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b); +#endif /* CURVED25519_ASM */ +#endif /* !CURVE25519_SMALL || !ED25519_SMALL */ + +/* Use less memory and only 32bit types or less, but is slower + Based on Daniel Beer's public domain work. */ +#if defined(CURVE25519_SMALL) || defined(ED25519_SMALL) +static const byte c25519_base_x[F25519_SIZE] = {9}; +static const byte f25519_zero[F25519_SIZE] = {0}; +static const byte f25519_one[F25519_SIZE] = {1}; +static const byte fprime_zero[F25519_SIZE] = {0}; +static const byte fprime_one[F25519_SIZE] = {1}; + +WOLFSSL_LOCAL void fe_load(byte *x, word32 c); +WOLFSSL_LOCAL void fe_normalize(byte *x); +WOLFSSL_LOCAL void fe_inv__distinct(byte *r, const byte *x); + +/* Conditional copy. If condition == 0, then zero is copied to dst. If + * condition == 1, then one is copied to dst. Any other value results in + * undefined behavior. + */ +WOLFSSL_LOCAL void fe_select(byte *dst, const byte *zero, const byte *one, + byte condition); + +/* Multiply a point by a small constant. The two pointers are not + * required to be distinct. + * + * The constant must be less than 2^24. + */ +WOLFSSL_LOCAL void fe_mul_c(byte *r, const byte *a, word32 b); +WOLFSSL_LOCAL void fe_mul__distinct(byte *r, const byte *a, const byte *b); + +/* Compute one of the square roots of the field element, if the element + * is square. The other square is -r. + * + * If the input is not square, the returned value is a valid field + * element, but not the correct answer. If you don't already know that + * your element is square, you should square the return value and test. + */ +WOLFSSL_LOCAL void fe_sqrt(byte *r, const byte *x); + +/* Conditional copy. If condition == 0, then zero is copied to dst. If + * condition == 1, then one is copied to dst. Any other value results in + * undefined behavior. + */ +WOLFSSL_LOCAL void fprime_select(byte *dst, const byte *zero, const byte *one, + byte condition); +WOLFSSL_LOCAL void fprime_add(byte *r, const byte *a, const byte *modulus); +WOLFSSL_LOCAL void fprime_sub(byte *r, const byte *a, const byte *modulus); +WOLFSSL_LOCAL void fprime_mul(byte *r, const byte *a, const byte *b, + const byte *modulus); +WOLFSSL_LOCAL void fprime_copy(byte *x, const byte *a); + +#endif /* CURVE25519_SMALL || ED25519_SMALL */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_CURVE25519 || HAVE_ED25519 */ + +#endif /* WOLF_CRYPT_FE_OPERATIONS_H */ diff --git a/source/libwolfssl/wolfcrypt/fips_test.h b/source/libwolfssl/wolfcrypt/fips_test.h new file mode 100644 index 00000000..06e467a3 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/fips_test.h @@ -0,0 +1,59 @@ +/* fips_test.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLF_CRYPT_FIPS_TEST_H +#define WOLF_CRYPT_FIPS_TEST_H + +#include + + +#ifdef __cplusplus + extern "C" { +#endif + +/* Known Answer Test string inputs are hex, internal */ +WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int); + + +/* FIPS failure callback */ +typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash); + +/* Public set function */ +WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf); + +/* Public get status functions */ +WOLFSSL_API int wolfCrypt_GetStatus_fips(void); +WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void); + +#ifdef HAVE_FORCE_FIPS_FAILURE + /* Public function to force failure mode for operational testing */ + WOLFSSL_API int wolfCrypt_SetStatus_fips(int); +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_FIPS_TEST_H */ + diff --git a/source/libwolfssl/wolfcrypt/ge_operations.h b/source/libwolfssl/wolfcrypt/ge_operations.h new file mode 100644 index 00000000..53d40fef --- /dev/null +++ b/source/libwolfssl/wolfcrypt/ge_operations.h @@ -0,0 +1,113 @@ +/* ge_operations.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */ + +#ifndef WOLF_CRYPT_GE_OPERATIONS_H +#define WOLF_CRYPT_GE_OPERATIONS_H + +#include + +#ifdef HAVE_ED25519 + +#include + +/* +ge means group element. + +Here the group is the set of pairs (x,y) of field elements (see fe.h) +satisfying -x^2 + y^2 = 1 + d x^2y^2 +where d = -121665/121666. + +Representations: + ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z + ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT + ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T + ge_precomp (Duif): (y+x,y-x,2dxy) +*/ + +#ifdef ED25519_SMALL + typedef byte ge[F25519_SIZE]; +#elif defined(CURVED25519_ASM_64BIT) + typedef int64_t ge[4]; +#elif defined(CURVED25519_ASM_32BIT) + typedef int32_t ge[8]; +#elif defined(CURVED25519_128BIT) + typedef int64_t ge[5]; +#else + typedef int32_t ge[10]; +#endif + +typedef struct { + ge X; + ge Y; + ge Z; +} ge_p2; + +typedef struct { + ge X; + ge Y; + ge Z; + ge T; +} ge_p3; + + +WOLFSSL_LOCAL int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, + word32 keySz); +WOLFSSL_LOCAL int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *); + +WOLFSSL_LOCAL int ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *, + const ge_p3 *,const unsigned char *); +WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *); +WOLFSSL_LOCAL void sc_reduce(byte* s); +WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b, + const byte* c); +WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *); +WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *); + + +#ifndef ED25519_SMALL +typedef struct { + ge X; + ge Y; + ge Z; + ge T; +} ge_p1p1; + +typedef struct { + ge yplusx; + ge yminusx; + ge xy2d; +} ge_precomp; + +typedef struct { + ge YplusX; + ge YminusX; + ge Z; + ge T2d; +} ge_cached; + +#endif /* !ED25519_SMALL */ + +#endif /* HAVE_ED25519 */ + +#endif /* WOLF_CRYPT_GE_OPERATIONS_H */ diff --git a/source/libwolfssl/wolfcrypt/hash.h b/source/libwolfssl/wolfcrypt/hash.h new file mode 100644 index 00000000..e26dadb4 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/hash.h @@ -0,0 +1,242 @@ +/* hash.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/hash.h +*/ + +#ifndef WOLF_CRYPT_HASH_H +#define WOLF_CRYPT_HASH_H + +#include + +#ifndef NO_MD5 + #include +#endif +#ifndef NO_SHA + #include +#endif +#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) + #include +#endif +#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) + #include +#endif +#ifdef HAVE_BLAKE2 + #include +#endif +#ifdef WOLFSSL_SHA3 + #include +#endif +#ifndef NO_MD4 + #include +#endif +#ifdef WOLFSSL_MD2 + #include +#endif +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + #include +#endif + + +#ifdef __cplusplus + extern "C" { +#endif + +#if !defined(HAVE_FIPS) && !defined(NO_OLD_WC_NAMES) + #define MAX_DIGEST_SIZE WC_MAX_DIGEST_SIZE +#endif + + +/* Supported Message Authentication Codes from page 43 */ +enum wc_MACAlgorithm { + no_mac, + md5_mac, + sha_mac, + sha224_mac, + sha256_mac, /* needs to match external KDF_MacAlgorithm */ + sha384_mac, + sha512_mac, + rmd_mac, + blake2b_mac +}; + +enum wc_HashFlags { + WC_HASH_FLAG_NONE = 0x00000000, + WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */ + WC_HASH_FLAG_ISCOPY = 0x00000002, /* hash is copy */ +#ifdef WOLFSSL_SHA3 + WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */ +#endif +}; + + +typedef union { + #ifndef NO_MD5 + wc_Md5 md5; + #endif + #ifndef NO_SHA + wc_Sha sha; + #endif + #ifdef WOLFSSL_SHA224 + wc_Sha224 sha224; + #endif + #ifndef NO_SHA256 + wc_Sha256 sha256; + #endif + #ifdef WOLFSSL_SHA384 + wc_Sha384 sha384; + #endif + #ifdef WOLFSSL_SHA512 + wc_Sha512 sha512; + #endif + #ifdef WOLFSSL_SHA3 + wc_Sha3 sha3; + #endif +} wc_HashAlg; + +/* Find largest possible digest size + Note if this gets up to the size of 80 or over check smallstack build */ +#if defined(WOLFSSL_SHA3) + #define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA3_224_BLOCK_SIZE /* 224 is the largest block size */ +#elif defined(WOLFSSL_SHA512) + #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA512_BLOCK_SIZE +#elif defined(HAVE_BLAKE2) + #define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES + #define WC_MAX_BLOCK_SIZE BLAKE2B_BLOCKBYTES +#elif defined(WOLFSSL_SHA384) + #define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA384_BLOCK_SIZE +#elif !defined(NO_SHA256) + #define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA256_BLOCK_SIZE +#elif defined(WOLFSSL_SHA224) + #define WC_MAX_DIGEST_SIZE WC_SHA224_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA224_BLOCK_SIZE +#elif !defined(NO_SHA) + #define WC_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA_BLOCK_SIZE +#elif !defined(NO_MD5) + #define WC_MAX_DIGEST_SIZE WC_MD5_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_MD5_BLOCK_SIZE +#else + #define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */ + #define WC_MAX_BLOCK_SIZE 128 +#endif + +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) +WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type); +WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid); +#endif + +WOLFSSL_API enum wc_HashType wc_HashTypeConvert(int hashType); + +WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type); +WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type); +WOLFSSL_API int wc_Hash(enum wc_HashType hash_type, + const byte* data, word32 data_len, + byte* hash, word32 hash_len); + +/* generic hash operation wrappers */ +WOLFSSL_API int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type); +WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, + const byte* data, word32 dataSz); +WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, + byte* out); +WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); + +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, + word32 flags); + WOLFSSL_API int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, + word32* flags); +#endif + +#ifndef NO_MD5 +#include +WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash); +#endif + +#ifndef NO_SHA +#include +WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); +#endif + +#ifdef WOLFSSL_SHA224 +#include +WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*); +#endif /* defined(WOLFSSL_SHA224) */ + +#ifndef NO_SHA256 +#include +WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); +#endif + +#ifdef WOLFSSL_SHA384 +#include +WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); +#endif /* defined(WOLFSSL_SHA384) */ + +#ifdef WOLFSSL_SHA512 +#include +WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); +#endif /* WOLFSSL_SHA512 */ + +#ifdef WOLFSSL_SHA3 +#include +WOLFSSL_API int wc_Sha3_224Hash(const byte*, word32, byte*); +WOLFSSL_API int wc_Sha3_256Hash(const byte*, word32, byte*); +WOLFSSL_API int wc_Sha3_384Hash(const byte*, word32, byte*); +WOLFSSL_API int wc_Sha3_512Hash(const byte*, word32, byte*); +#endif /* WOLFSSL_SHA3 */ + +enum max_prf { +#ifdef HAVE_FFDHE_8192 + MAX_PRF_HALF = 516, /* Maximum half secret len */ +#elif defined(HAVE_FFDHE_6144) + MAX_PRF_HALF = 388, /* Maximum half secret len */ +#else + MAX_PRF_HALF = 260, /* Maximum half secret len */ +#endif + MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ + MAX_PRF_DIG = 224 /* Maximum digest len */ +}; + +#ifdef WOLFSSL_HAVE_PRF +WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret, + word32 secLen, const byte* seed, word32 seedLen, int hash, + void* heap, int devId); +WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret, + word32 secLen, const byte* label, word32 labLen, + const byte* seed, word32 seedLen, void* heap, int devId); +WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, + word32 secLen, const byte* label, word32 labLen, + const byte* seed, word32 seedLen, int useAtLeastSha256, + int hash_type, void* heap, int devId); +#endif /* WOLFSSL_HAVE_PRF */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_HASH_H */ diff --git a/source/libwolfssl/wolfcrypt/hc128.h b/source/libwolfssl/wolfcrypt/hc128.h new file mode 100644 index 00000000..6dff6e7c --- /dev/null +++ b/source/libwolfssl/wolfcrypt/hc128.h @@ -0,0 +1,67 @@ +/* hc128.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/hc128.h +*/ + + +#ifndef WOLF_CRYPT_HC128_H +#define WOLF_CRYPT_HC128_H + +#include + +#ifndef NO_HC128 + +#ifdef __cplusplus + extern "C" { +#endif + +enum { + HC128_ENC_TYPE = WC_CIPHER_HC128, /* cipher unique type */ +}; + +/* HC-128 stream cipher */ +typedef struct HC128 { + word32 T[1024]; /* P[i] = T[i]; Q[i] = T[1024 + i ]; */ + word32 X[16]; + word32 Y[16]; + word32 counter1024; /* counter1024 = i mod 1024 at the ith step */ + word32 key[8]; + word32 iv[8]; +#ifdef XSTREAM_ALIGN + void* heap; /* heap hint, currently XMALLOC only used with aligning */ +#endif +} HC128; + + +WOLFSSL_API int wc_Hc128_Process(HC128*, byte*, const byte*, word32); +WOLFSSL_API int wc_Hc128_SetKey(HC128*, const byte* key, const byte* iv); + +WOLFSSL_LOCAL int wc_Hc128_SetHeap(HC128* ctx, void* heap); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_HC128 */ +#endif /* WOLF_CRYPT_HC128_H */ + diff --git a/source/libwolfssl/wolfcrypt/hmac.h b/source/libwolfssl/wolfcrypt/hmac.h new file mode 100644 index 00000000..19fd2838 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/hmac.h @@ -0,0 +1,216 @@ +/* hmac.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/hmac.h +*/ + +#ifndef NO_HMAC + +#ifndef WOLF_CRYPT_HMAC_H +#define WOLF_CRYPT_HMAC_H + +#include + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) +/* for fips @wc_fips */ + #include + #define WC_HMAC_BLOCK_SIZE HMAC_BLOCK_SIZE +#endif + + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +#ifndef NO_OLD_WC_NAMES + #define HMAC_BLOCK_SIZE WC_HMAC_BLOCK_SIZE +#endif + +#define WC_HMAC_INNER_HASH_KEYED_SW 1 +#define WC_HMAC_INNER_HASH_KEYED_DEV 2 + +enum { + HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */ + + IPAD = 0x36, + OPAD = 0x5C, + +/* If any hash is not enabled, add the ID here. */ +#ifdef NO_MD5 + WC_MD5 = WC_HASH_TYPE_MD5, +#endif +#ifdef NO_SHA + WC_SHA = WC_HASH_TYPE_SHA, +#endif +#ifdef NO_SHA256 + WC_SHA256 = WC_HASH_TYPE_SHA256, +#endif +#ifndef WOLFSSL_SHA512 + WC_SHA512 = WC_HASH_TYPE_SHA512, +#endif +#ifndef WOLFSSL_SHA384 + WC_SHA384 = WC_HASH_TYPE_SHA384, +#endif +#ifndef HAVE_BLAKE2B + BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B, +#endif +#ifndef HAVE_BLAKE2S + BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S, +#endif +#ifndef WOLFSSL_SHA224 + WC_SHA224 = WC_HASH_TYPE_SHA224, +#endif +#ifndef WOLFSSL_SHA3 + WC_SHA3_224 = WC_HASH_TYPE_SHA3_224, + WC_SHA3_256 = WC_HASH_TYPE_SHA3_256, + WC_SHA3_384 = WC_HASH_TYPE_SHA3_384, + WC_SHA3_512 = WC_HASH_TYPE_SHA3_512, +#endif +#ifdef HAVE_PKCS11 + HMAC_MAX_ID_LEN = 32, +#endif +}; + +/* Select the largest available hash for the buffer size. */ +#define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE + +#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && !defined(HAVE_BLAKE2) && \ + !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && defined(WOLFSSL_SHA224) && \ + defined(NO_SHA) && defined(NO_MD5) + #error "You have to have some kind of hash if you want to use HMAC." +#endif + + +/* hash union */ +typedef union { +#ifndef NO_MD5 + wc_Md5 md5; +#endif +#ifndef NO_SHA + wc_Sha sha; +#endif +#ifdef WOLFSSL_SHA224 + wc_Sha224 sha224; +#endif +#ifndef NO_SHA256 + wc_Sha256 sha256; +#endif +#ifdef WOLFSSL_SHA384 + wc_Sha384 sha384; +#endif +#ifdef WOLFSSL_SHA512 + wc_Sha512 sha512; +#endif +#ifdef HAVE_BLAKE2 + Blake2b blake2b; +#endif +#ifdef WOLFSSL_SHA3 + wc_Sha3 sha3; +#endif +} Hash; + +/* Hmac digest */ +struct Hmac { + Hash hash; + word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ + word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; + word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)]; + void* heap; /* heap hint */ + byte macType; /* md5 sha or sha256 */ + byte innerHashKeyed; /* keyed flag */ +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLF_CRYPTO_CB + int devId; + void* devCtx; + const byte* keyRaw; +#endif +#ifdef HAVE_PKCS11 + byte id[HMAC_MAX_ID_LEN]; + int idLen; +#endif +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + word16 keyLen; /* hmac key length (key in ipad) */ +#endif +}; + +#ifndef WC_HMAC_TYPE_DEFINED + typedef struct Hmac Hmac; + #define WC_HMAC_TYPE_DEFINED +#endif + + +#endif /* HAVE_FIPS */ + +/* does init */ +WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); +WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32); +WOLFSSL_API int wc_HmacFinal(Hmac*, byte*); +WOLFSSL_API int wc_HmacSizeByType(int type); + +WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId); +WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap, + int devId); +WOLFSSL_API void wc_HmacFree(Hmac*); + +WOLFSSL_API int wolfSSL_GetHmacMaxSize(void); + +WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap); + +#ifdef HAVE_HKDF + +WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz, + const byte* inKey, word32 inKeySz, byte* out); +WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, + const byte* info, word32 infoSz, + byte* out, word32 outSz); + +WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz, + const byte* salt, word32 saltSz, + const byte* info, word32 infoSz, + byte* out, word32 outSz); + +#endif /* HAVE_HKDF */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_HMAC_H */ + +#endif /* NO_HMAC */ + diff --git a/source/libwolfssl/wolfcrypt/idea.h b/source/libwolfssl/wolfcrypt/idea.h new file mode 100644 index 00000000..b8c196aa --- /dev/null +++ b/source/libwolfssl/wolfcrypt/idea.h @@ -0,0 +1,70 @@ +/* idea.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/idea.h +*/ + +#ifndef WOLF_CRYPT_IDEA_H +#define WOLF_CRYPT_IDEA_H + +#include + +#ifdef HAVE_IDEA + +#ifdef __cplusplus + extern "C" { +#endif + +enum { + IDEA_MODULO = 0x10001, /* 2^16+1 */ + IDEA_2EXP16 = 0x10000, /* 2^16 */ + IDEA_MASK = 0xFFFF, /* 16 bits set to one */ + IDEA_ROUNDS = 8, /* number of rounds for IDEA */ + IDEA_SK_NUM = (6*IDEA_ROUNDS + 4), /* number of subkeys */ + IDEA_KEY_SIZE = 16, /* size of key in bytes */ + IDEA_BLOCK_SIZE = 8, /* size of IDEA blocks in bytes */ + IDEA_IV_SIZE = 8, /* size of IDEA IV in bytes */ + IDEA_ENCRYPTION = 0, + IDEA_DECRYPTION = 1 +}; + +/* IDEA encryption and decryption */ +typedef struct Idea { + word32 reg[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ + word32 tmp[IDEA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ + word16 skey[IDEA_SK_NUM]; /* 832 bits expanded key */ +} Idea; + +WOLFSSL_API int wc_IdeaSetKey(Idea *idea, const byte* key, word16 keySz, + const byte *iv, int dir); +WOLFSSL_API int wc_IdeaSetIV(Idea *idea, const byte* iv); +WOLFSSL_API int wc_IdeaCipher(Idea *idea, byte* out, const byte* in); +WOLFSSL_API int wc_IdeaCbcEncrypt(Idea *idea, byte* out, + const byte* in, word32 len); +WOLFSSL_API int wc_IdeaCbcDecrypt(Idea *idea, byte* out, + const byte* in, word32 len); +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_IDEA */ +#endif /* WOLF_CRYPT_IDEA_H */ diff --git a/source/libwolfssl/wolfcrypt/integer.h b/source/libwolfssl/wolfcrypt/integer.h new file mode 100644 index 00000000..77c8df3a --- /dev/null +++ b/source/libwolfssl/wolfcrypt/integer.h @@ -0,0 +1,405 @@ +/* integer.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* + * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca, + * http://math.libtomcrypt.com + */ + + +#ifndef WOLF_CRYPT_INTEGER_H +#define WOLF_CRYPT_INTEGER_H + +/* may optionally use fast math instead, not yet supported on all platforms and + may not be faster on all +*/ +#include /* will set MP_xxBIT if not default */ +#ifdef WOLFSSL_SP_MATH + #include +#elif defined(USE_FAST_MATH) + #include +#else + +#include + +#ifndef CHAR_BIT + #include +#endif + +#include + + +#ifdef __cplusplus +extern "C" { + +/* C++ compilers don't like assigning void * to mp_digit * */ +#define OPT_CAST(x) (x *) + +#elif defined(_SH3) + +/* SuperH SH3 compiler doesn't like assigning voi* to mp_digit* */ +#define OPT_CAST(x) (x *) + +#else + +/* C on the other hand doesn't care */ +#define OPT_CAST(x) + +#endif /* __cplusplus */ + + +/* detect 64-bit mode if possible */ +#if defined(__x86_64__) && !(defined (_MSC_VER) && defined(__clang__)) + #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT)) + #define MP_64BIT + #endif +#endif +/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ +#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) + #undef MP_64BIT +#endif + + +/* allow user to define on mp_digit, mp_word, DIGIT_BIT types */ +#ifndef WOLFSSL_BIGINT_TYPES + +/* some default configurations. + * + * A "mp_digit" must be able to hold DIGIT_BIT + 1 bits + * A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits + * + * At the very least a mp_digit must be able to hold 7 bits + * [any size beyond that is ok provided it doesn't overflow the data type] + */ +#ifdef MP_8BIT + /* 8-bit */ + typedef unsigned char mp_digit; + typedef unsigned short mp_word; + /* don't define DIGIT_BIT, so its calculated below */ +#elif defined(MP_16BIT) + /* 16-bit */ + typedef unsigned int mp_digit; + typedef unsigned long mp_word; + /* don't define DIGIT_BIT, so its calculated below */ +#elif defined(NO_64BIT) + /* 32-bit forced to 16-bit */ + typedef unsigned short mp_digit; + typedef unsigned int mp_word; + #define DIGIT_BIT 12 +#elif defined(MP_64BIT) + /* 64-bit */ + /* for GCC only on supported platforms */ + typedef unsigned long long mp_digit; /* 64 bit type, 128 uses mode(TI) */ + typedef unsigned long mp_word __attribute__ ((mode(TI))); + #define DIGIT_BIT 60 +#else + /* 32-bit default case */ + + #if defined(_MSC_VER) || defined(__BORLANDC__) + typedef unsigned __int64 ulong64; + #else + typedef unsigned long long ulong64; + #endif + + typedef unsigned int mp_digit; /* long could be 64 now, changed TAO */ + typedef ulong64 mp_word; + + #ifdef MP_31BIT + /* this is an extension that uses 31-bit digits */ + #define DIGIT_BIT 31 + #else + /* default case is 28-bit digits, defines MP_28BIT as a handy test macro */ + #define DIGIT_BIT 28 + #define MP_28BIT + #endif +#endif + +#endif /* WOLFSSL_BIGINT_TYPES */ + +/* otherwise the bits per digit is calculated automatically from the size of + a mp_digit */ +#ifndef DIGIT_BIT + #define DIGIT_BIT ((int)((CHAR_BIT * sizeof(mp_digit) - 1))) + /* bits per digit */ +#endif + +#define MP_DIGIT_BIT DIGIT_BIT +#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1)) +#define MP_DIGIT_MAX MP_MASK + +/* equalities */ +#define MP_LT -1 /* less than */ +#define MP_EQ 0 /* equal to */ +#define MP_GT 1 /* greater than */ + +#define MP_ZPOS 0 /* positive integer */ +#define MP_NEG 1 /* negative */ + +#define MP_OKAY 0 /* ok result */ +#define MP_MEM -2 /* out of mem */ +#define MP_VAL -3 /* invalid input */ +#define MP_NOT_INF -4 /* point not at infinity */ +#define MP_RANGE MP_NOT_INF + +#define MP_YES 1 /* yes response */ +#define MP_NO 0 /* no response */ + +/* Primality generation flags */ +#define LTM_PRIME_BBS 0x0001 /* BBS style prime */ +#define LTM_PRIME_SAFE 0x0002 /* Safe prime (p-1)/2 == prime */ +#define LTM_PRIME_2MSB_ON 0x0008 /* force 2nd MSB to 1 */ + +typedef int mp_err; + +/* define this to use lower memory usage routines (exptmods mostly) */ +#define MP_LOW_MEM + +/* default precision */ +#ifndef MP_PREC + #ifndef MP_LOW_MEM + #define MP_PREC 32 /* default digits of precision */ + #else + #define MP_PREC 1 /* default digits of precision */ + #endif +#endif + +/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - + BITS_PER_DIGIT*2) */ +#define MP_WARRAY ((mp_word)1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1)) + +#ifdef HAVE_WOLF_BIGINT + /* raw big integer */ + typedef struct WC_BIGINT { + byte* buf; + word32 len; + void* heap; + } WC_BIGINT; + #define WOLF_BIGINT_DEFINED +#endif + +/* the mp_int structure */ +typedef struct mp_int { + int used, alloc, sign; + mp_digit *dp; + +#ifdef HAVE_WOLF_BIGINT + struct WC_BIGINT raw; /* unsigned binary (big endian) */ +#endif +} mp_int; + +/* wolf big int and common functions */ +#include + + +/* callback for mp_prime_random, should fill dst with random bytes and return + how many read [up to len] */ +typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat); + + +#define USED(m) ((m)->used) +#define DIGIT(m,k) ((m)->dp[(k)]) +#define SIGN(m) ((m)->sign) + + +/* ---> Basic Manipulations <--- */ +#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO) +#define mp_isone(a) \ + (((((a)->used == 1)) && ((a)->dp[0] == 1u)) ? MP_YES : MP_NO) +#define mp_iseven(a) \ + (((a)->used > 0 && (((a)->dp[0] & 1u) == 0u)) ? MP_YES : MP_NO) +#define mp_isodd(a) \ + (((a)->used > 0 && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO) +#define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO) + +/* number of primes */ +#ifdef MP_8BIT + #define PRIME_SIZE 31 +#else + #define PRIME_SIZE 256 +#endif + +#ifndef MAX_INVMOD_SZ + #if defined(WOLFSSL_MYSQL_COMPATIBLE) + #define MAX_INVMOD_SZ 8192 + #else + #define MAX_INVMOD_SZ 4096 + #endif +#endif + +#define mp_prime_random(a, t, size, bbs, cb, dat) \ + mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat) + +#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len)) +#define mp_raw_size(mp) mp_signed_bin_size(mp) +#define mp_toraw(mp, str) mp_to_signed_bin((mp), (str)) +#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len)) +#define mp_mag_size(mp) mp_unsigned_bin_size(mp) +#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str)) + +#define MP_RADIX_BIN 2 +#define MP_RADIX_OCT 8 +#define MP_RADIX_DEC 10 +#define MP_RADIX_HEX 16 +#define MP_RADIX_MAX 64 + +#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN) +#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT) +#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC) +#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX) + +#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1) + +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) +extern const char *mp_s_rmap; +#endif + +/* 6 functions needed by Rsa */ +MP_API int mp_init (mp_int * a); +MP_API void mp_clear (mp_int * a); +MP_API void mp_free (mp_int * a); +MP_API void mp_forcezero(mp_int * a); +MP_API int mp_unsigned_bin_size(mp_int * a); +MP_API int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c); +MP_API int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b); +MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b); +MP_API int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c); +MP_API int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y); +MP_API int mp_exptmod_ex (mp_int * G, mp_int * X, int digits, mp_int * P, + mp_int * Y); +/* end functions needed by Rsa */ + +/* functions added to support above needed, removed TOOM and KARATSUBA */ +MP_API int mp_count_bits (mp_int * a); +MP_API int mp_leading_bit (mp_int * a); +MP_API int mp_init_copy (mp_int * a, mp_int * b); +MP_API int mp_copy (mp_int * a, mp_int * b); +MP_API int mp_grow (mp_int * a, int size); +MP_API int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d); +MP_API void mp_zero (mp_int * a); +MP_API void mp_clamp (mp_int * a); +MP_API void mp_exch (mp_int * a, mp_int * b); +MP_API void mp_rshd (mp_int * a, int b); +MP_API void mp_rshb (mp_int * a, int b); +MP_API int mp_mod_2d (mp_int * a, int b, mp_int * c); +MP_API int mp_mul_2d (mp_int * a, int b, mp_int * c); +MP_API int mp_lshd (mp_int * a, int b); +MP_API int mp_abs (mp_int * a, mp_int * b); +MP_API int mp_invmod (mp_int * a, mp_int * b, mp_int * c); +int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_cmp_mag (mp_int * a, mp_int * b); +MP_API int mp_cmp (mp_int * a, mp_int * b); +MP_API int mp_cmp_d(mp_int * a, mp_digit b); +MP_API int mp_set (mp_int * a, mp_digit b); +MP_API int mp_is_bit_set (mp_int * a, mp_digit b); +MP_API int mp_mod (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d); +MP_API int mp_div_2(mp_int * a, mp_int * b); +MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c); +int s_mp_add (mp_int * a, mp_int * b, mp_int * c); +int s_mp_sub (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_sub (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_reduce_is_2k_l(mp_int *a); +MP_API int mp_reduce_is_2k(mp_int *a); +MP_API int mp_dr_is_modulus(mp_int *a); +MP_API int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, + int); +MP_API int mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y); +MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho); +int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho); +MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho); +MP_API void mp_dr_setup(mp_int *a, mp_digit *d); +MP_API int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k); +MP_API int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d); +int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs); +int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs); +MP_API int mp_reduce_2k_setup_l(mp_int *a, mp_int *d); +MP_API int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d); +MP_API int mp_reduce (mp_int * x, mp_int * m, mp_int * mu); +MP_API int mp_reduce_setup (mp_int * a, mp_int * b); +int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode); +MP_API int mp_montgomery_calc_normalization (mp_int * a, mp_int * b); +int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs); +int s_mp_sqr (mp_int * a, mp_int * b); +int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs); +int fast_s_mp_sqr (mp_int * a, mp_int * b); +MP_API int mp_init_size (mp_int * a, int size); +MP_API int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d); +MP_API int mp_mul_2(mp_int * a, mp_int * b); +MP_API int mp_mul (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_sqr (mp_int * a, mp_int * b); +MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d); +MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); +MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); +MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c); +MP_API int mp_2expt (mp_int * a, int b); +MP_API int mp_set_bit (mp_int * a, int b); +MP_API int mp_reduce_2k_setup(mp_int *a, mp_digit *d); +MP_API int mp_add_d (mp_int* a, mp_digit b, mp_int* c); +MP_API int mp_set_int (mp_int * a, unsigned long b); +MP_API int mp_sub_d (mp_int * a, mp_digit b, mp_int * c); +/* end support added functions */ + +/* added */ +MP_API int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, + mp_int* f); +MP_API int mp_toradix (mp_int *a, char *str, int radix); +MP_API int mp_radix_size (mp_int * a, int radix, int *size); + +#ifdef WOLFSSL_DEBUG_MATH + MP_API void mp_dump(const char* desc, mp_int* a, byte verbose); +#else + #define mp_dump(desc, a, verbose) +#endif + +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || \ + !defined(NO_DSA) || !defined(NO_DH) + MP_API int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c); +#endif +#if !defined(NO_DSA) || defined(HAVE_ECC) + MP_API int mp_read_radix(mp_int* a, const char* str, int radix); +#endif + +#if defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) + MP_API int mp_prime_is_prime (mp_int * a, int t, int *result); + MP_API int mp_prime_is_prime_ex (mp_int * a, int t, int *result, WC_RNG*); +#endif /* WOLFSSL_KEY_GEN NO_RSA NO_DSA NO_DH */ +#ifdef WOLFSSL_KEY_GEN + MP_API int mp_gcd (mp_int * a, mp_int * b, mp_int * c); + MP_API int mp_lcm (mp_int * a, mp_int * b, mp_int * c); + MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); +#endif + +MP_API int mp_cnt_lsb(mp_int *a); +MP_API int mp_mod_d(mp_int* a, mp_digit b, mp_digit* c); + + +#ifdef __cplusplus + } +#endif + + +#endif /* USE_FAST_MATH */ + +#endif /* WOLF_CRYPT_INTEGER_H */ + diff --git a/source/libwolfssl/wolfcrypt/logging.h b/source/libwolfssl/wolfcrypt/logging.h new file mode 100644 index 00000000..2e7aebee --- /dev/null +++ b/source/libwolfssl/wolfcrypt/logging.h @@ -0,0 +1,188 @@ +/* logging.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/logging.h +*/ + + +/* submitted by eof */ + + +#ifndef WOLFSSL_LOGGING_H +#define WOLFSSL_LOGGING_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +enum wc_LogLevels { + ERROR_LOG = 0, + INFO_LOG, + ENTER_LOG, + LEAVE_LOG, + OTHER_LOG +}; + +#ifdef WOLFSSL_FUNC_TIME +/* WARNING: This code is only to be used for debugging performance. + * The code is not thread-safe. + * Do not use WOLFSSL_FUNC_TIME in production code. + */ +enum wc_FuncNum { + WC_FUNC_HELLO_REQUEST_SEND = 0, + WC_FUNC_HELLO_REQUEST_DO, + WC_FUNC_CLIENT_HELLO_SEND, + WC_FUNC_CLIENT_HELLO_DO, + WC_FUNC_SERVER_HELLO_SEND, + WC_FUNC_SERVER_HELLO_DO, + WC_FUNC_ENCRYPTED_EXTENSIONS_SEND, + WC_FUNC_ENCRYPTED_EXTENSIONS_DO, + WC_FUNC_CERTIFICATE_REQUEST_SEND, + WC_FUNC_CERTIFICATE_REQUEST_DO, + WC_FUNC_CERTIFICATE_SEND, + WC_FUNC_CERTIFICATE_DO, + WC_FUNC_CERTIFICATE_VERIFY_SEND, + WC_FUNC_CERTIFICATE_VERIFY_DO, + WC_FUNC_FINISHED_SEND, + WC_FUNC_FINISHED_DO, + WC_FUNC_KEY_UPDATE_SEND, + WC_FUNC_KEY_UPDATE_DO, + WC_FUNC_EARLY_DATA_SEND, + WC_FUNC_EARLY_DATA_DO, + WC_FUNC_NEW_SESSION_TICKET_SEND, + WC_FUNC_NEW_SESSION_TICKET_DO, + WC_FUNC_SERVER_HELLO_DONE_SEND, + WC_FUNC_SERVER_HELLO_DONE_DO, + WC_FUNC_TICKET_SEND, + WC_FUNC_TICKET_DO, + WC_FUNC_CLIENT_KEY_EXCHANGE_SEND, + WC_FUNC_CLIENT_KEY_EXCHANGE_DO, + WC_FUNC_CERTIFICATE_STATUS_SEND, + WC_FUNC_CERTIFICATE_STATUS_DO, + WC_FUNC_SERVER_KEY_EXCHANGE_SEND, + WC_FUNC_SERVER_KEY_EXCHANGE_DO, + WC_FUNC_END_OF_EARLY_DATA_SEND, + WC_FUNC_END_OF_EARLY_DATA_DO, + WC_FUNC_COUNT +}; +#endif + +typedef void (*wolfSSL_Logging_cb)(const int logLevel, + const char *const logMessage); + +WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); + +/* turn logging on, only if compiled in */ +WOLFSSL_API int wolfSSL_Debugging_ON(void); +/* turn logging off */ +WOLFSSL_API void wolfSSL_Debugging_OFF(void); + + +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + WOLFSSL_LOCAL int wc_LoggingInit(void); + WOLFSSL_LOCAL int wc_LoggingCleanup(void); + WOLFSSL_LOCAL int wc_AddErrorNode(int error, int line, char* buf, + char* file); + WOLFSSL_LOCAL int wc_PeekErrorNode(int index, const char **file, + const char **reason, int *line); + WOLFSSL_LOCAL void wc_RemoveErrorNode(int index); + WOLFSSL_LOCAL void wc_ClearErrorNodes(void); + WOLFSSL_LOCAL int wc_PullErrorNode(const char **file, const char **reason, + int *line); + WOLFSSL_API int wc_SetLoggingHeap(void* h); + WOLFSSL_API int wc_ERR_remove_state(void); + #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); + #endif +#endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ + +#ifdef WOLFSSL_FUNC_TIME + /* WARNING: This code is only to be used for debugging performance. + * The code is not thread-safe. + * Do not use WOLFSSL_FUNC_TIME in production code. + */ + WOLFSSL_API void WOLFSSL_START(int funcNum); + WOLFSSL_API void WOLFSSL_END(int funcNum); + WOLFSSL_API void WOLFSSL_TIME(int count); +#else + #define WOLFSSL_START(n) + #define WOLFSSL_END(n) + #define WOLFSSL_TIME(n) +#endif + +#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY) + #if defined(_WIN32) + #if defined(INTIME_RTOS) + #define __func__ NULL + #else + #define __func__ __FUNCTION__ + #endif + #endif + + /* a is prepended to m and b is appended, creating a log msg a + m + b */ + #define WOLFSSL_LOG_CAT(a, m, b) #a " " m " " #b + + WOLFSSL_API void WOLFSSL_ENTER(const char* msg); + WOLFSSL_API void WOLFSSL_LEAVE(const char* msg, int ret); + #define WOLFSSL_STUB(m) \ + WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented)) + + WOLFSSL_API void WOLFSSL_MSG(const char* msg); + WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length); + +#else + + #define WOLFSSL_ENTER(m) + #define WOLFSSL_LEAVE(m, r) + #define WOLFSSL_STUB(m) + + #define WOLFSSL_MSG(m) + #define WOLFSSL_BUFFER(b, l) + +#endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */ + +#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) + + #if (defined(OPENSSL_EXTRA) && !defined(_WIN32)) || defined(DEBUG_WOLFSSL_VERBOSE) + WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, + const char* file, void* ctx); + #define WOLFSSL_ERROR(x) \ + WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL) + #else + WOLFSSL_API void WOLFSSL_ERROR(int err); + #endif + WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg); + +#else + #define WOLFSSL_ERROR(e) + #define WOLFSSL_ERROR_MSG(m) +#endif + +#ifdef __cplusplus +} +#endif +#endif /* WOLFSSL_LOGGING_H */ + diff --git a/source/libwolfssl/wolfcrypt/md2.h b/source/libwolfssl/wolfcrypt/md2.h new file mode 100644 index 00000000..42b85e88 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/md2.h @@ -0,0 +1,69 @@ +/* md2.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/md2.h +*/ + + +#ifndef WOLF_CRYPT_MD2_H +#define WOLF_CRYPT_MD2_H + +#include + +#ifdef WOLFSSL_MD2 + +#ifdef __cplusplus + extern "C" { +#endif + +/* in bytes */ +enum { + MD2 = WC_HASH_TYPE_MD2, + MD2_BLOCK_SIZE = 16, + MD2_DIGEST_SIZE = 16, + MD2_PAD_SIZE = 16, + MD2_X_SIZE = 48 +}; + + +/* Md2 digest */ +typedef struct Md2 { + word32 count; /* bytes % PAD_SIZE */ + byte X[MD2_X_SIZE]; + byte C[MD2_BLOCK_SIZE]; + byte buffer[MD2_BLOCK_SIZE]; +} Md2; + + +WOLFSSL_API void wc_InitMd2(Md2*); +WOLFSSL_API void wc_Md2Update(Md2*, const byte*, word32); +WOLFSSL_API void wc_Md2Final(Md2*, byte*); +WOLFSSL_API int wc_Md2Hash(const byte*, word32, byte*); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_MD2 */ +#endif /* WOLF_CRYPT_MD2_H */ + diff --git a/source/libwolfssl/wolfcrypt/md4.h b/source/libwolfssl/wolfcrypt/md4.h new file mode 100644 index 00000000..821689cd --- /dev/null +++ b/source/libwolfssl/wolfcrypt/md4.h @@ -0,0 +1,67 @@ +/* md4.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/md4.h +*/ + +#ifndef WOLF_CRYPT_MD4_H +#define WOLF_CRYPT_MD4_H + +#include + +#ifndef NO_MD4 + +#ifdef __cplusplus + extern "C" { +#endif + +/* in bytes */ +enum { + MD4 = WC_HASH_TYPE_MD4, + MD4_BLOCK_SIZE = 64, + MD4_DIGEST_SIZE = 16, + MD4_PAD_SIZE = 56 +}; + + +/* MD4 digest */ +typedef struct Md4 { + word32 buffLen; /* in bytes */ + word32 loLen; /* length in bytes */ + word32 hiLen; /* length in bytes */ + word32 digest[MD4_DIGEST_SIZE / sizeof(word32)]; + word32 buffer[MD4_BLOCK_SIZE / sizeof(word32)]; +} Md4; + + +WOLFSSL_API void wc_InitMd4(Md4*); +WOLFSSL_API void wc_Md4Update(Md4*, const byte*, word32); +WOLFSSL_API void wc_Md4Final(Md4*, byte*); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_MD4 */ +#endif /* WOLF_CRYPT_MD4_H */ + diff --git a/source/libwolfssl/wolfcrypt/md5.h b/source/libwolfssl/wolfcrypt/md5.h new file mode 100644 index 00000000..f4a8857a --- /dev/null +++ b/source/libwolfssl/wolfcrypt/md5.h @@ -0,0 +1,130 @@ +/* md5.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/md5.h +*/ + + +#ifndef WOLF_CRYPT_MD5_H +#define WOLF_CRYPT_MD5_H + +#include + +#ifndef NO_MD5 + +#ifdef HAVE_FIPS + #define wc_InitMd5 InitMd5 + #define wc_Md5Update Md5Update + #define wc_Md5Final Md5Final + #define wc_Md5Hash Md5Hash +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +#ifndef NO_OLD_WC_NAMES + #define Md5 wc_Md5 + #define MD5 WC_MD5 + #define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE + #define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE + #define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE +#endif + +/* in bytes */ +enum { + WC_MD5 = WC_HASH_TYPE_MD5, + WC_MD5_BLOCK_SIZE = 64, + WC_MD5_DIGEST_SIZE = 16, + WC_MD5_PAD_SIZE = 56 +}; + + +#ifdef WOLFSSL_MICROCHIP_PIC32MZ + #include +#endif +#ifdef STM32_HASH + #include +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +#ifdef WOLFSSL_TI_HASH + #include "wolfssl/wolfcrypt/port/ti/ti-hash.h" +#elif defined(WOLFSSL_IMX6_CAAM) + #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" +#else + +/* MD5 digest */ +typedef struct wc_Md5 { +#ifdef STM32_HASH + STM32_HASH_Context stmCtx; +#else + word32 buffLen; /* in bytes */ + word32 loLen; /* length in bytes */ + word32 hiLen; /* length in bytes */ + word32 buffer[WC_MD5_BLOCK_SIZE / sizeof(word32)]; +#ifdef WOLFSSL_PIC32MZ_HASH + word32 digest[PIC32_DIGEST_SIZE / sizeof(word32)]; +#else + word32 digest[WC_MD5_DIGEST_SIZE / sizeof(word32)]; +#endif + void* heap; +#ifdef WOLFSSL_PIC32MZ_HASH + hashUpdCache cache; /* cache for updates */ +#endif +#endif /* STM32_HASH */ +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif /* WOLFSSL_ASYNC_CRYPT */ +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + word32 flags; /* enum wc_HashFlags in hash.h */ +#endif +} wc_Md5; + +#endif /* WOLFSSL_TI_HASH */ + +WOLFSSL_API int wc_InitMd5(wc_Md5*); +WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int); +WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32); +WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*); +WOLFSSL_API void wc_Md5Free(wc_Md5*); + +WOLFSSL_API int wc_Md5GetHash(wc_Md5*, byte*); +WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*); + +#ifdef WOLFSSL_PIC32MZ_HASH +WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len); +#endif + +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wc_Md5SetFlags(wc_Md5* md5, word32 flags); + WOLFSSL_API int wc_Md5GetFlags(wc_Md5* md5, word32* flags); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_MD5 */ +#endif /* WOLF_CRYPT_MD5_H */ diff --git a/source/libwolfssl/wolfcrypt/mem_track.h b/source/libwolfssl/wolfcrypt/mem_track.h new file mode 100644 index 00000000..97547973 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/mem_track.h @@ -0,0 +1,401 @@ +/* mem_track.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* The memory tracker overrides the wolfSSL memory callback system and uses a + * static to track the total, peak and currently allocated bytes. + * + * If you are already using the memory callbacks then enabling this will + * override the memory callbacks and prevent your memory callbacks from + * working. This assumes malloc() and free() are available. Feel free to + * customize this for your needs. + + * The enable this feature define the following: + * #define USE_WOLFSSL_MEMORY + * #define WOLFSSL_TRACK_MEMORY + * + * On startup call: + * InitMemoryTracker(); + * + * When ready to dump the memory report call: + * ShowMemoryTracker(); + * + * Report example: + * total Allocs = 228 + * total Bytes = 93442 + * peak Bytes = 8840 + * current Bytes = 0 + * + * + * You can also: + * #define WOLFSSL_DEBUG_MEMORY + * + * To print every alloc/free along with the function and line number. + * Example output: + * Alloc: 0x7fa14a500010 -> 120 at wc_InitRng:496 + * Free: 0x7fa14a500010 -> 120 at wc_FreeRng:606 + */ + + +#ifndef WOLFSSL_MEM_TRACK_H +#define WOLFSSL_MEM_TRACK_H + +#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) + + #include "wolfssl/wolfcrypt/logging.h" + + #if defined(WOLFSSL_TRACK_MEMORY) + #define DO_MEM_STATS + #if defined(__linux__) || defined(__MACH__) + #define DO_MEM_LIST + #endif + #endif + + + typedef struct memoryStats { + long totalAllocs; /* number of allocations */ + long totalDeallocs; /* number of deallocations */ + long totalBytes; /* total number of bytes allocated */ + long peakBytes; /* concurrent max bytes */ + long currentBytes; /* total current bytes in use */ + } memoryStats; + + typedef struct memHint { + size_t thisSize; /* size of this memory */ + + #ifdef DO_MEM_LIST + struct memHint* next; + struct memHint* prev; + #ifdef WOLFSSL_DEBUG_MEMORY + const char* func; + unsigned int line; + #endif + #endif + void* thisMemory; /* actual memory for user */ + } memHint; + + typedef struct memoryTrack { + union { + memHint hint; + byte alignit[sizeof(memHint) + ((16-1) & ~(16-1))]; /* make sure we have strong alignment */ + } u; + } memoryTrack; + +#ifdef DO_MEM_LIST + /* track allocations and report at end */ + typedef struct memoryList { + memHint* head; + memHint* tail; + word32 count; + } memoryList; +#endif + +#if defined(WOLFSSL_TRACK_MEMORY) + static memoryStats ourMemStats; + + #ifdef DO_MEM_LIST + #include + static memoryList ourMemList; + static pthread_mutex_t memLock = PTHREAD_MUTEX_INITIALIZER; + #endif +#endif + + + /* if defined to not using inline then declare function prototypes */ + #ifdef NO_INLINE + #define WC_STATIC + #ifdef WOLFSSL_DEBUG_MEMORY + WOLFSSL_LOCAL void* TrackMalloc(size_t sz, const char* func, unsigned int line); + WOLFSSL_LOCAL void TrackFree(void* ptr, const char* func, unsigned int line); + WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line); + #else + WOLFSSL_LOCAL void* TrackMalloc(size_t sz); + WOLFSSL_LOCAL void TrackFree(void* ptr); + WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz); + #endif + WOLFSSL_LOCAL int InitMemoryTracker(void); + WOLFSSL_LOCAL void ShowMemoryTracker(void); + #else + #define WC_STATIC static + #endif + +#ifdef WOLFSSL_DEBUG_MEMORY + WC_STATIC WC_INLINE void* TrackMalloc(size_t sz, const char* func, unsigned int line) +#else + WC_STATIC WC_INLINE void* TrackMalloc(size_t sz) +#endif + { + memoryTrack* mt; + memHint* header; + + if (sz == 0) + return NULL; + + mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); + if (mt == NULL) + return NULL; + + header = &mt->u.hint; + header->thisSize = sz; + header->thisMemory = (byte*)mt + sizeof(memoryTrack); + + #ifdef WOLFSSL_DEBUG_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY_PRINT + printf("Alloc: %p -> %u at %s:%d\n", header->thisMemory, (word32)sz, func, line); + #else + (void)func; + (void)line; + #endif + #endif + + #ifdef DO_MEM_STATS + ourMemStats.totalAllocs++; + ourMemStats.totalBytes += sz; + ourMemStats.currentBytes += sz; + if (ourMemStats.currentBytes > ourMemStats.peakBytes) + ourMemStats.peakBytes = ourMemStats.currentBytes; + #endif + #ifdef DO_MEM_LIST + if (pthread_mutex_lock(&memLock) == 0) { + #ifdef WOLFSSL_DEBUG_MEMORY + header->func = func; + header->line = line; + #endif + + /* Setup event */ + header->next = NULL; + if (ourMemList.tail == NULL) { + ourMemList.head = header; + header->prev = NULL; + } + else { + ourMemList.tail->next = header; + header->prev = ourMemList.tail; + } + ourMemList.tail = header; /* add to the end either way */ + ourMemList.count++; + + pthread_mutex_unlock(&memLock); + } + #endif + + return header->thisMemory; + } + + +#ifdef WOLFSSL_DEBUG_MEMORY + WC_STATIC WC_INLINE void TrackFree(void* ptr, const char* func, unsigned int line) +#else + WC_STATIC WC_INLINE void TrackFree(void* ptr) +#endif + { + memoryTrack* mt; + memHint* header; + size_t sz; + + if (ptr == NULL) { + return; + } + + mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); + header = &mt->u.hint; + sz = header->thisSize; + + #ifdef DO_MEM_LIST + if (pthread_mutex_lock(&memLock) == 0) + { + #endif + + #ifdef DO_MEM_STATS + ourMemStats.currentBytes -= header->thisSize; + ourMemStats.totalDeallocs++; + #endif + + #ifdef DO_MEM_LIST + if (header == ourMemList.head && header == ourMemList.tail) { + ourMemList.head = NULL; + ourMemList.tail = NULL; + } + else if (header == ourMemList.head) { + ourMemList.head = header->next; + ourMemList.head->prev = NULL; + } + else if (header == ourMemList.tail) { + ourMemList.tail = header->prev; + ourMemList.tail->next = NULL; + } + else { + memHint* next = header->next; + memHint* prev = header->prev; + if (next) + next->prev = prev; + if (prev) + prev->next = next; + } + ourMemList.count--; + + pthread_mutex_unlock(&memLock); + } + #endif + +#ifdef WOLFSSL_DEBUG_MEMORY +#ifdef WOLFSSL_DEBUG_MEMORY_PRINT + printf("Free: %p -> %u at %s:%d\n", ptr, (word32)sz, func, line); +#else + (void)func; + (void)line; +#endif +#endif + (void)sz; + + free(mt); + } + + +#ifdef WOLFSSL_DEBUG_MEMORY + WC_STATIC WC_INLINE void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line) +#else + WC_STATIC WC_INLINE void* TrackRealloc(void* ptr, size_t sz) +#endif + { + #ifdef WOLFSSL_DEBUG_MEMORY + void* ret = TrackMalloc(sz, func, line); + #else + void* ret = TrackMalloc(sz); + #endif + + if (ptr) { + /* if realloc is bigger, don't overread old ptr */ + memoryTrack* mt; + memHint* header; + + mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); + header = &mt->u.hint; + + if (header->thisSize < sz) + sz = header->thisSize; + } + + if (ret && ptr) + XMEMCPY(ret, ptr, sz); + + if (ret) { + #ifdef WOLFSSL_DEBUG_MEMORY + TrackFree(ptr, func, line); + #else + TrackFree(ptr); + #endif + } + + return ret; + } + +#ifdef WOLFSSL_TRACK_MEMORY + static wolfSSL_Malloc_cb mfDefault = NULL; + static wolfSSL_Free_cb ffDefault = NULL; + static wolfSSL_Realloc_cb rfDefault = NULL; + + WC_STATIC WC_INLINE int InitMemoryTracker(void) + { + int ret; + + ret = wolfSSL_GetAllocators(&mfDefault, &ffDefault, &rfDefault); + if (ret < 0) { + printf("wolfSSL GetAllocators failed to get the defaults\n"); + } + ret = wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc); + if (ret < 0) { + printf("wolfSSL SetAllocators failed for track memory\n"); + return ret; + } + + #ifdef DO_MEM_LIST + if (pthread_mutex_lock(&memLock) == 0) + { + #endif + + #ifdef DO_MEM_STATS + ourMemStats.totalAllocs = 0; + ourMemStats.totalDeallocs = 0; + ourMemStats.totalBytes = 0; + ourMemStats.peakBytes = 0; + ourMemStats.currentBytes = 0; + #endif + + #ifdef DO_MEM_LIST + XMEMSET(&ourMemList, 0, sizeof(ourMemList)); + + pthread_mutex_unlock(&memLock); + } + #endif + + return ret; + } + + WC_STATIC WC_INLINE void ShowMemoryTracker(void) + { + #ifdef DO_MEM_LIST + if (pthread_mutex_lock(&memLock) == 0) + { + #endif + + #ifdef DO_MEM_STATS + printf("total Allocs = %9ld\n", ourMemStats.totalAllocs); + printf("total Deallocs = %9ld\n", ourMemStats.totalDeallocs); + printf("total Bytes = %9ld\n", ourMemStats.totalBytes); + printf("peak Bytes = %9ld\n", ourMemStats.peakBytes); + printf("current Bytes = %9ld\n", ourMemStats.currentBytes); + #endif + + #ifdef DO_MEM_LIST + if (ourMemList.count > 0) { + /* print list of allocations */ + memHint* header; + for (header = ourMemList.head; header != NULL; header = header->next) { + printf("Leak: Ptr %p, Size %u" + #ifdef WOLFSSL_DEBUG_MEMORY + ", Func %s, Line %d" + #endif + "\n", + (byte*)header + sizeof(memHint), (unsigned int)header->thisSize + #ifdef WOLFSSL_DEBUG_MEMORY + , header->func, header->line + #endif + ); + } + } + + pthread_mutex_unlock(&memLock); + } + #endif + } + + WC_STATIC WC_INLINE int CleanupMemoryTracker(void) + { + /* restore default allocators */ + return wolfSSL_SetAllocators(mfDefault, ffDefault, rfDefault); + } +#endif + +#endif /* USE_WOLFSSL_MEMORY */ + +#endif /* WOLFSSL_MEM_TRACK_H */ + diff --git a/source/libwolfssl/wolfcrypt/memory.h b/source/libwolfssl/wolfcrypt/memory.h new file mode 100644 index 00000000..52883513 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/memory.h @@ -0,0 +1,233 @@ +/* memory.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* submitted by eof */ + +/*! + \file wolfssl/wolfcrypt/memory.h +*/ + +#ifndef WOLFSSL_MEMORY_H +#define WOLFSSL_MEMORY_H + +#ifndef STRING_USER +#include +#endif +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST + WOLFSSL_API void wolfSSL_SetMemFailCount(int memFailCount); +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY + typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type, const char* func, unsigned int line); + typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type, const char* func, unsigned int line); + typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line); + WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type, const char* func, unsigned int line); + WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, unsigned int line); + WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line); + #else + typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type); + typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type); + typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, void* heap, int type); + WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type); + WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type); + WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type); + #endif /* WOLFSSL_DEBUG_MEMORY */ +#else + #ifdef WOLFSSL_DEBUG_MEMORY + typedef void *(*wolfSSL_Malloc_cb)(size_t size, const char* func, unsigned int line); + typedef void (*wolfSSL_Free_cb)(void *ptr, const char* func, unsigned int line); + typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, const char* func, unsigned int line); + + /* Public in case user app wants to use XMALLOC/XFREE */ + WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line); + WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line); + WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line); + #else + typedef void *(*wolfSSL_Malloc_cb)(size_t size); + typedef void (*wolfSSL_Free_cb)(void *ptr); + typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size); + /* Public in case user app wants to use XMALLOC/XFREE */ + WOLFSSL_API void* wolfSSL_Malloc(size_t size); + WOLFSSL_API void wolfSSL_Free(void *ptr); + WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size); + #endif /* WOLFSSL_DEBUG_MEMORY */ +#endif /* WOLFSSL_STATIC_MEMORY */ + +/* Public get/set functions */ +WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb, + wolfSSL_Free_cb, + wolfSSL_Realloc_cb); +WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, + wolfSSL_Free_cb*, + wolfSSL_Realloc_cb*); + +#ifdef WOLFSSL_STATIC_MEMORY + #define WOLFSSL_STATIC_TIMEOUT 1 + #ifndef WOLFSSL_STATIC_ALIGN + #define WOLFSSL_STATIC_ALIGN 16 + #endif + #ifndef WOLFMEM_MAX_BUCKETS + #define WOLFMEM_MAX_BUCKETS 9 + #endif + #define WOLFMEM_DEF_BUCKETS 9 /* number of default memory blocks */ + #ifndef WOLFMEM_IO_SZ + #define WOLFMEM_IO_SZ 16992 /* 16 byte aligned */ + #endif + #ifndef WOLFMEM_BUCKETS + #ifndef SESSION_CERTS + /* default size of chunks of memory to separate into */ + #ifndef LARGEST_MEM_BUCKET + #define LARGEST_MEM_BUCKET 16128 + #endif + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ + LARGEST_MEM_BUCKET + #elif defined (OPENSSL_EXTRA) + /* extra storage in structs for multiple attributes and order */ + #ifndef LARGEST_MEM_BUCKET + #define LARGEST_MEM_BUCKET 25536 + #endif + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ + LARGEST_MEM_BUCKET + #elif defined (WOLFSSL_CERT_EXT) + /* certificate extensions requires 24k for the SSL struct */ + #ifndef LARGEST_MEM_BUCKET + #define LARGEST_MEM_BUCKET 24576 + #endif + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ + LARGEST_MEM_BUCKET + #else + /* increase 23k for object member of WOLFSSL_X509_NAME_ENTRY */ + #ifndef LARGEST_MEM_BUCKET + #define LARGEST_MEM_BUCKET 23440 + #endif + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ + LARGEST_MEM_BUCKET + #endif + #endif + #ifndef WOLFMEM_DIST + #ifndef WOLFSSL_STATIC_MEMORY_SMALL + #define WOLFMEM_DIST 49,10,6,14,5,6,9,1,1 + #else + /* Low resource and not RSA */ + #define WOLFMEM_DIST 29, 7,6, 9,4,4,0,0,0 + #endif + #endif + + /* flags for loading static memory (one hot bit) */ + #define WOLFMEM_GENERAL 0x01 + #define WOLFMEM_IO_POOL 0x02 + #define WOLFMEM_IO_POOL_FIXED 0x04 + #define WOLFMEM_TRACK_STATS 0x08 + + #ifndef WOLFSSL_MEM_GUARD + #define WOLFSSL_MEM_GUARD + typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS; + typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS; + #endif + + struct WOLFSSL_MEM_CONN_STATS { + word32 peakMem; /* peak memory usage */ + word32 curMem; /* current memory usage */ + word32 peakAlloc; /* peak memory allocations */ + word32 curAlloc; /* current memory allocations */ + word32 totalAlloc;/* total memory allocations for lifetime */ + word32 totalFr; /* total frees for lifetime */ + }; + + struct WOLFSSL_MEM_STATS { + word32 curAlloc; /* current memory allocations */ + word32 totalAlloc;/* total memory allocations for lifetime */ + word32 totalFr; /* total frees for lifetime */ + word32 totalUse; /* total amount of memory used in blocks */ + word32 avaIO; /* available IO specific pools */ + word32 maxHa; /* max number of concurent handshakes allowed */ + word32 maxIO; /* max number of concurent IO connections allowed */ + word32 blockSz[WOLFMEM_MAX_BUCKETS]; /* block sizes in stacks */ + word32 avaBlock[WOLFMEM_MAX_BUCKETS];/* ava block sizes */ + word32 usedBlock[WOLFMEM_MAX_BUCKETS]; + int flag; /* flag used */ + }; + + typedef struct wc_Memory wc_Memory; /* internal structure for mem bucket */ + typedef struct WOLFSSL_HEAP { + wc_Memory* ava[WOLFMEM_MAX_BUCKETS]; + wc_Memory* io; /* list of buffers to use for IO */ + word32 maxHa; /* max concurent handshakes */ + word32 curHa; + word32 maxIO; /* max concurrent IO connections */ + word32 curIO; + word32 sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */ + word32 distList[WOLFMEM_MAX_BUCKETS];/* general distribution */ + word32 inUse; /* amount of memory currently in use */ + word32 ioUse; + word32 alloc; /* total number of allocs */ + word32 frAlc; /* total number of frees */ + int flag; + wolfSSL_Mutex memory_mutex; + } WOLFSSL_HEAP; + + /* structure passed into XMALLOC as heap hint + * having this abstraction allows tracking statistics of individual ssl's + */ + typedef struct WOLFSSL_HEAP_HINT { + WOLFSSL_HEAP* memory; + WOLFSSL_MEM_CONN_STATS* stats; /* hold individual connection stats */ + wc_Memory* outBuf; /* set if using fixed io buffers */ + wc_Memory* inBuf; + byte haFlag; /* flag used for checking handshake count */ + } WOLFSSL_HEAP_HINT; + + WOLFSSL_API int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, + unsigned char* buf, unsigned int sz, int flag, int max); + + WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap); + WOLFSSL_LOCAL int wolfSSL_load_static_memory(byte* buffer, word32 sz, + int flag, WOLFSSL_HEAP* heap); + WOLFSSL_LOCAL int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, + WOLFSSL_MEM_STATS* stats); + WOLFSSL_LOCAL int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); + WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); + + WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag); + WOLFSSL_API int wolfSSL_MemoryPaddingSz(void); +#endif /* WOLFSSL_STATIC_MEMORY */ + +#ifdef WOLFSSL_STACK_LOG + WOLFSSL_API void __attribute__((no_instrument_function)) + __cyg_profile_func_enter(void *func, void *caller); + WOLFSSL_API void __attribute__((no_instrument_function)) + __cyg_profile_func_exit(void *func, void *caller); +#endif /* WOLFSSL_STACK_LOG */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_MEMORY_H */ + diff --git a/source/libwolfssl/wolfcrypt/misc.h b/source/libwolfssl/wolfcrypt/misc.h new file mode 100644 index 00000000..659715bc --- /dev/null +++ b/source/libwolfssl/wolfcrypt/misc.h @@ -0,0 +1,116 @@ +/* misc.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLF_CRYPT_MISC_H +#define WOLF_CRYPT_MISC_H + + +#include + + +#ifdef __cplusplus + extern "C" { +#endif + + +#ifdef NO_INLINE +WOLFSSL_LOCAL +word32 rotlFixed(word32, word32); +WOLFSSL_LOCAL +word32 rotrFixed(word32, word32); + +WOLFSSL_LOCAL +word32 ByteReverseWord32(word32); +WOLFSSL_LOCAL +void ByteReverseWords(word32*, const word32*, word32); + +WOLFSSL_LOCAL +void XorWords(wolfssl_word*, const wolfssl_word*, word32); +WOLFSSL_LOCAL +void xorbuf(void*, const void*, word32); + +WOLFSSL_LOCAL +void ForceZero(const void*, word32); + +WOLFSSL_LOCAL +int ConstantCompare(const byte*, const byte*, int); + +#ifdef WORD64_AVAILABLE +WOLFSSL_LOCAL +word64 rotlFixed64(word64, word64); +WOLFSSL_LOCAL +word64 rotrFixed64(word64, word64); + +WOLFSSL_LOCAL +word64 ByteReverseWord64(word64); +WOLFSSL_LOCAL +void ByteReverseWords64(word64*, const word64*, word32); +#endif /* WORD64_AVAILABLE */ + +#ifndef WOLFSSL_HAVE_MIN + #if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */ + #define min min + #endif + WOLFSSL_LOCAL word32 min(word32 a, word32 b); +#endif + +#ifndef WOLFSSL_HAVE_MAX + #if defined(HAVE_FIPS) && !defined(max) /* so ifdef check passes */ + #define max max + #endif + WOLFSSL_LOCAL word32 max(word32 a, word32 b); +#endif /* WOLFSSL_HAVE_MAX */ + + +void c32to24(word32 in, word24 out); +void c16toa(word16 u16, byte* c); +void c32toa(word32 u32, byte* c); +void c24to32(const word24 u24, word32* u32); +void ato16(const byte* c, word16* u16); +void ato24(const byte* c, word32* u24); +void ato32(const byte* c, word32* u32); +word32 btoi(byte b); + + +WOLFSSL_LOCAL byte ctMaskGT(int a, int b); +WOLFSSL_LOCAL byte ctMaskGTE(int a, int b); +WOLFSSL_LOCAL int ctMaskIntGTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskLT(int a, int b); +WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskEq(int a, int b); +WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b); +WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b); +WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); +WOLFSSL_LOCAL int ctMaskSelInt(byte m, int a, int b); +WOLFSSL_LOCAL byte ctSetLTE(int a, int b); + +#endif /* NO_INLINE */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLF_CRYPT_MISC_H */ + diff --git a/source/libwolfssl/wolfcrypt/mpi_class.h b/source/libwolfssl/wolfcrypt/mpi_class.h new file mode 100644 index 00000000..30f0a9fc --- /dev/null +++ b/source/libwolfssl/wolfcrypt/mpi_class.h @@ -0,0 +1,1021 @@ +/* mpi_class.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#if !(defined(LTM1) && defined(LTM2) && defined(LTM3)) +#if defined(LTM2) +#define LTM3 +#endif +#if defined(LTM1) +#define LTM2 +#endif +#define LTM1 + +#if defined(LTM_ALL) +#define BN_ERROR_C +#define BN_FAST_MP_INVMOD_C +#define BN_FAST_MP_MONTGOMERY_REDUCE_C +#define BN_FAST_S_MP_MUL_DIGS_C +#define BN_FAST_S_MP_MUL_HIGH_DIGS_C +#define BN_FAST_S_MP_SQR_C +#define BN_MP_2EXPT_C +#define BN_MP_ABS_C +#define BN_MP_ADD_C +#define BN_MP_ADD_D_C +#define BN_MP_ADDMOD_C +#define BN_MP_AND_C +#define BN_MP_CLAMP_C +#define BN_MP_CLEAR_C +#define BN_MP_CLEAR_MULTI_C +#define BN_MP_CMP_C +#define BN_MP_CMP_D_C +#define BN_MP_CMP_MAG_C +#define BN_MP_CNT_LSB_C +#define BN_MP_COPY_C +#define BN_MP_COUNT_BITS_C +#define BN_MP_DIV_C +#define BN_MP_DIV_2_C +#define BN_MP_DIV_2D_C +#define BN_MP_DIV_3_C +#define BN_MP_DIV_D_C +#define BN_MP_DR_IS_MODULUS_C +#define BN_MP_DR_REDUCE_C +#define BN_MP_DR_SETUP_C +#define BN_MP_EXCH_C +#define BN_MP_EXPT_D_C +#define BN_MP_EXPTMOD_BASE_2 +#define BN_MP_EXPTMOD_C +#define BN_MP_EXPTMOD_FAST_C +#define BN_MP_EXTEUCLID_C +#define BN_MP_FREAD_C +#define BN_MP_FWRITE_C +#define BN_MP_GCD_C +#define BN_MP_GET_INT_C +#define BN_MP_GROW_C +#define BN_MP_INIT_C +#define BN_MP_INIT_COPY_C +#define BN_MP_INIT_MULTI_C +#define BN_MP_INIT_SET_C +#define BN_MP_INIT_SET_INT_C +#define BN_MP_INIT_SIZE_C +#define BN_MP_INVMOD_C +#define BN_MP_INVMOD_SLOW_C +#define BN_MP_IS_SQUARE_C +#define BN_MP_JACOBI_C +#define BN_MP_KARATSUBA_MUL_C +#define BN_MP_KARATSUBA_SQR_C +#define BN_MP_LCM_C +#define BN_MP_LSHD_C +#define BN_MP_MOD_C +#define BN_MP_MOD_2D_C +#define BN_MP_MOD_D_C +#define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C +#define BN_MP_MONTGOMERY_REDUCE_C +#define BN_MP_MONTGOMERY_SETUP_C +#define BN_MP_MUL_C +#define BN_MP_MUL_2_C +#define BN_MP_MUL_2D_C +#define BN_MP_MUL_D_C +#define BN_MP_MULMOD_C +#define BN_MP_N_ROOT_C +#define BN_MP_NEG_C +#define BN_MP_OR_C +#define BN_MP_PRIME_FERMAT_C +#define BN_MP_PRIME_IS_DIVISIBLE_C +#define BN_MP_PRIME_IS_PRIME_C +#define BN_MP_PRIME_MILLER_RABIN_C +#define BN_MP_PRIME_NEXT_PRIME_C +#define BN_MP_PRIME_RABIN_MILLER_TRIALS_C +#define BN_MP_PRIME_RANDOM_EX_C +#define BN_MP_RADIX_SIZE_C +#define BN_MP_RADIX_SMAP_C +#define BN_MP_RAND_C +#define BN_MP_READ_RADIX_C +#define BN_MP_READ_SIGNED_BIN_C +#define BN_MP_READ_UNSIGNED_BIN_C +#define BN_MP_REDUCE_C +#define BN_MP_REDUCE_2K_C +#define BN_MP_REDUCE_2K_L_C +#define BN_MP_REDUCE_2K_SETUP_C +#define BN_MP_REDUCE_2K_SETUP_L_C +#define BN_MP_REDUCE_IS_2K_C +#define BN_MP_REDUCE_IS_2K_L_C +#define BN_MP_REDUCE_SETUP_C +#define BN_MP_RSHD_C +#define BN_MP_SET_C +#define BN_MP_SET_INT_C +#define BN_MP_SHRINK_C +#define BN_MP_SIGNED_BIN_SIZE_C +#define BN_MP_SQR_C +#define BN_MP_SQRMOD_C +#define BN_MP_SQRT_C +#define BN_MP_SUB_C +#define BN_MP_SUB_D_C +#define BN_MP_SUBMOD_C +#define BN_MP_TO_SIGNED_BIN_C +#define BN_MP_TO_SIGNED_BIN_N_C +#define BN_MP_TO_UNSIGNED_BIN_C +#define BN_MP_TO_UNSIGNED_BIN_N_C +#define BN_MP_TOOM_MUL_C +#define BN_MP_TOOM_SQR_C +#define BN_MP_TORADIX_C +#define BN_MP_TORADIX_N_C +#define BN_MP_UNSIGNED_BIN_SIZE_C +#define BN_MP_XOR_C +#define BN_MP_ZERO_C +#define BN_PRIME_TAB_C +#define BN_REVERSE_C +#define BN_S_MP_ADD_C +#define BN_S_MP_EXPTMOD_C +#define BN_S_MP_MUL_DIGS_C +#define BN_S_MP_MUL_HIGH_DIGS_C +#define BN_S_MP_SQR_C +#define BN_S_MP_SUB_C +#define BNCORE_C +#endif + +#if defined(BN_ERROR_C) + #define BN_MP_ERROR_TO_STRING_C +#endif + +#if defined(BN_FAST_MP_INVMOD_C) + #define BN_MP_ISEVEN_C + #define BN_MP_INIT_MULTI_C + #define BN_MP_COPY_C + #define BN_MP_MOD_C + #define BN_MP_SET_C + #define BN_MP_DIV_2_C + #define BN_MP_ISODD_C + #define BN_MP_SUB_C + #define BN_MP_CMP_C + #define BN_MP_ISZERO_C + #define BN_MP_CMP_D_C + #define BN_MP_ADD_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_FAST_MP_MONTGOMERY_REDUCE_C) + #define BN_MP_GROW_C + #define BN_MP_RSHD_C + #define BN_MP_CLAMP_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_FAST_S_MP_MUL_DIGS_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_FAST_S_MP_SQR_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_2EXPT_C) + #define BN_MP_ZERO_C + #define BN_MP_GROW_C +#endif + +#if defined(BN_MP_ABS_C) + #define BN_MP_COPY_C +#endif + +#if defined(BN_MP_ADD_C) + #define BN_S_MP_ADD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_ADD_D_C) + #define BN_MP_GROW_C + #define BN_MP_SUB_D_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_ADDMOD_C) + #define BN_MP_INIT_C + #define BN_MP_ADD_C + #define BN_MP_CLEAR_C + #define BN_MP_MOD_C +#endif + +#if defined(BN_MP_AND_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_CLAMP_C) +#endif + +#if defined(BN_MP_CLEAR_C) +#endif + +#if defined(BN_MP_CLEAR_MULTI_C) + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_CMP_C) + #define BN_MP_CMP_MAG_C +#endif + +#if defined(BN_MP_CMP_D_C) +#endif + +#if defined(BN_MP_CMP_MAG_C) +#endif + +#if defined(BN_MP_CNT_LSB_C) + #define BN_MP_ISZERO_C +#endif + +#if defined(BN_MP_COPY_C) + #define BN_MP_GROW_C +#endif + +#if defined(BN_MP_COUNT_BITS_C) +#endif + +#if defined(BN_MP_DIV_C) + #define BN_MP_ISZERO_C + #define BN_MP_CMP_MAG_C + #define BN_MP_COPY_C + #define BN_MP_ZERO_C + #define BN_MP_INIT_MULTI_C + #define BN_MP_SET_C + #define BN_MP_COUNT_BITS_C + #define BN_MP_ABS_C + #define BN_MP_MUL_2D_C + #define BN_MP_CMP_C + #define BN_MP_SUB_C + #define BN_MP_ADD_C + #define BN_MP_DIV_2D_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_MULTI_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_INIT_C + #define BN_MP_INIT_COPY_C + #define BN_MP_LSHD_C + #define BN_MP_RSHD_C + #define BN_MP_MUL_D_C + #define BN_MP_CLAMP_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_DIV_2_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_DIV_2D_C) + #define BN_MP_COPY_C + #define BN_MP_ZERO_C + #define BN_MP_INIT_C + #define BN_MP_MOD_2D_C + #define BN_MP_CLEAR_C + #define BN_MP_RSHD_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C +#endif + +#if defined(BN_MP_DIV_3_C) + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_DIV_D_C) + #define BN_MP_ISZERO_C + #define BN_MP_COPY_C + #define BN_MP_DIV_2D_C + #define BN_MP_DIV_3_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_DR_IS_MODULUS_C) +#endif + +#if defined(BN_MP_DR_REDUCE_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_DR_SETUP_C) +#endif + +#if defined(BN_MP_EXCH_C) +#endif + +#if defined(BN_MP_EXPT_D_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_SET_C + #define BN_MP_SQR_C + #define BN_MP_CLEAR_C + #define BN_MP_MUL_C +#endif + +#if defined(BN_MP_EXPTMOD_C) + #define BN_MP_INIT_C + #define BN_MP_INVMOD_C + #define BN_MP_CLEAR_C + #define BN_MP_ABS_C + #define BN_MP_CLEAR_MULTI_C + #define BN_MP_REDUCE_IS_2K_L_C + #define BN_S_MP_EXPTMOD_C + #define BN_MP_DR_IS_MODULUS_C + #define BN_MP_REDUCE_IS_2K_C + #define BN_MP_ISODD_C + #define BN_MP_EXPTMOD_FAST_C + #define BN_MP_EXPTMOD_BASE_2 +#endif + +#if defined(BN_MP_EXPTMOD_FAST_C) + #define BN_MP_COUNT_BITS_C + #define BN_MP_INIT_C + #define BN_MP_CLEAR_C + #define BN_MP_MONTGOMERY_SETUP_C + #define BN_FAST_MP_MONTGOMERY_REDUCE_C + #define BN_MP_MONTGOMERY_REDUCE_C + #define BN_MP_DR_SETUP_C + #define BN_MP_DR_REDUCE_C + #define BN_MP_REDUCE_2K_SETUP_C + #define BN_MP_REDUCE_2K_C + #define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C + #define BN_MP_MULMOD_C + #define BN_MP_SET_C + #define BN_MP_MOD_C + #define BN_MP_COPY_C + #define BN_MP_SQR_C + #define BN_MP_MUL_C + #define BN_MP_EXCH_C +#endif + +#if defined(BN_MP_EXTEUCLID_C) + #define BN_MP_INIT_MULTI_C + #define BN_MP_SET_C + #define BN_MP_COPY_C + #define BN_MP_ISZERO_C + #define BN_MP_DIV_C + #define BN_MP_MUL_C + #define BN_MP_SUB_C + #define BN_MP_NEG_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_FREAD_C) + #define BN_MP_ZERO_C + #define BN_MP_S_RMAP_C + #define BN_MP_MUL_D_C + #define BN_MP_ADD_D_C + #define BN_MP_CMP_D_C +#endif + +#if defined(BN_MP_FWRITE_C) + #define BN_MP_RADIX_SIZE_C + #define BN_MP_TORADIX_C +#endif + +#if defined(BN_MP_GCD_C) + #define BN_MP_ISZERO_C + #define BN_MP_ABS_C + #define BN_MP_ZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_CNT_LSB_C + #define BN_MP_DIV_2D_C + #define BN_MP_CMP_MAG_C + #define BN_MP_EXCH_C + #define BN_S_MP_SUB_C + #define BN_MP_MUL_2D_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_GET_INT_C) +#endif + +#if defined(BN_MP_GROW_C) +#endif + +#if defined(BN_MP_INIT_C) +#endif + +#if defined(BN_MP_INIT_COPY_C) + #define BN_MP_COPY_C +#endif + +#if defined(BN_MP_INIT_MULTI_C) + #define BN_MP_ERR_C + #define BN_MP_INIT_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_INIT_SET_C) + #define BN_MP_INIT_C + #define BN_MP_SET_C +#endif + +#if defined(BN_MP_INIT_SET_INT_C) + #define BN_MP_INIT_C + #define BN_MP_SET_INT_C +#endif + +#if defined(BN_MP_INIT_SIZE_C) + #define BN_MP_INIT_C +#endif + +#if defined(BN_MP_INVMOD_C) + #define BN_MP_ISZERO_C + #define BN_MP_ISODD_C + #define BN_FAST_MP_INVMOD_C + #define BN_MP_INVMOD_SLOW_C +#endif + +#if defined(BN_MP_INVMOD_SLOW_C) + #define BN_MP_ISZERO_C + #define BN_MP_INIT_MULTI_C + #define BN_MP_MOD_C + #define BN_MP_COPY_C + #define BN_MP_ISEVEN_C + #define BN_MP_SET_C + #define BN_MP_DIV_2_C + #define BN_MP_ISODD_C + #define BN_MP_ADD_C + #define BN_MP_SUB_C + #define BN_MP_CMP_C + #define BN_MP_CMP_D_C + #define BN_MP_CMP_MAG_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_IS_SQUARE_C) + #define BN_MP_MOD_D_C + #define BN_MP_INIT_SET_INT_C + #define BN_MP_MOD_C + #define BN_MP_GET_INT_C + #define BN_MP_SQRT_C + #define BN_MP_SQR_C + #define BN_MP_CMP_MAG_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_JACOBI_C) + #define BN_MP_CMP_D_C + #define BN_MP_ISZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_CNT_LSB_C + #define BN_MP_DIV_2D_C + #define BN_MP_MOD_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_KARATSUBA_MUL_C) + #define BN_MP_MUL_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_SUB_C + #define BN_MP_ADD_C + #define BN_MP_LSHD_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_KARATSUBA_SQR_C) + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_SQR_C + #define BN_MP_SUB_C + #define BN_S_MP_ADD_C + #define BN_MP_LSHD_C + #define BN_MP_ADD_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_LCM_C) + #define BN_MP_INIT_MULTI_C + #define BN_MP_GCD_C + #define BN_MP_CMP_MAG_C + #define BN_MP_DIV_C + #define BN_MP_MUL_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_LSHD_C) + #define BN_MP_GROW_C + #define BN_MP_RSHD_C +#endif + +#if defined(BN_MP_MOD_C) + #define BN_MP_INIT_C + #define BN_MP_DIV_C + #define BN_MP_CLEAR_C + #define BN_MP_ADD_C + #define BN_MP_EXCH_C +#endif + +#if defined(BN_MP_MOD_2D_C) + #define BN_MP_ZERO_C + #define BN_MP_COPY_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_MOD_D_C) + #define BN_MP_DIV_D_C +#endif + +#if defined(BN_MP_MONTGOMERY_CALC_NORMALIZATION_C) + #define BN_MP_COUNT_BITS_C + #define BN_MP_2EXPT_C + #define BN_MP_SET_C + #define BN_MP_MUL_2_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_MONTGOMERY_REDUCE_C) + #define BN_FAST_MP_MONTGOMERY_REDUCE_C + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C + #define BN_MP_RSHD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_MONTGOMERY_SETUP_C) +#endif + +#if defined(BN_MP_MUL_C) + #define BN_MP_TOOM_MUL_C + #define BN_MP_KARATSUBA_MUL_C + #define BN_FAST_S_MP_MUL_DIGS_C + #define BN_S_MP_MUL_C + #define BN_S_MP_MUL_DIGS_C +#endif + +#if defined(BN_MP_MUL_2_C) + #define BN_MP_GROW_C +#endif + +#if defined(BN_MP_MUL_2D_C) + #define BN_MP_COPY_C + #define BN_MP_GROW_C + #define BN_MP_LSHD_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_MUL_D_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_MULMOD_C) + #define BN_MP_INIT_C + #define BN_MP_MUL_C + #define BN_MP_CLEAR_C + #define BN_MP_MOD_C +#endif + +#if defined(BN_MP_N_ROOT_C) + #define BN_MP_INIT_C + #define BN_MP_SET_C + #define BN_MP_COPY_C + #define BN_MP_EXPT_D_C + #define BN_MP_MUL_C + #define BN_MP_SUB_C + #define BN_MP_MUL_D_C + #define BN_MP_DIV_C + #define BN_MP_CMP_C + #define BN_MP_SUB_D_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_NEG_C) + #define BN_MP_COPY_C + #define BN_MP_ISZERO_C +#endif + +#if defined(BN_MP_OR_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_FERMAT_C) + #define BN_MP_CMP_D_C + #define BN_MP_INIT_C + #define BN_MP_EXPTMOD_C + #define BN_MP_CMP_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_IS_DIVISIBLE_C) + #define BN_MP_MOD_D_C +#endif + +#if defined(BN_MP_PRIME_IS_PRIME_C) + #define BN_MP_CMP_D_C + #define BN_MP_PRIME_IS_DIVISIBLE_C + #define BN_MP_INIT_C + #define BN_MP_SET_C + #define BN_MP_PRIME_MILLER_RABIN_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_MILLER_RABIN_C) + #define BN_MP_CMP_D_C + #define BN_MP_INIT_COPY_C + #define BN_MP_SUB_D_C + #define BN_MP_CNT_LSB_C + #define BN_MP_DIV_2D_C + #define BN_MP_EXPTMOD_C + #define BN_MP_CMP_C + #define BN_MP_SQRMOD_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_NEXT_PRIME_C) + #define BN_MP_CMP_D_C + #define BN_MP_SET_C + #define BN_MP_SUB_D_C + #define BN_MP_ISEVEN_C + #define BN_MP_MOD_D_C + #define BN_MP_INIT_C + #define BN_MP_ADD_D_C + #define BN_MP_PRIME_MILLER_RABIN_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_RABIN_MILLER_TRIALS_C) +#endif + +#if defined(BN_MP_PRIME_RANDOM_EX_C) + #define BN_MP_READ_UNSIGNED_BIN_C + #define BN_MP_PRIME_IS_PRIME_C + #define BN_MP_SUB_D_C + #define BN_MP_DIV_2_C + #define BN_MP_MUL_2_C + #define BN_MP_ADD_D_C +#endif + +#if defined(BN_MP_RADIX_SIZE_C) + #define BN_MP_COUNT_BITS_C + #define BN_MP_INIT_COPY_C + #define BN_MP_ISZERO_C + #define BN_MP_DIV_D_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_RADIX_SMAP_C) + #define BN_MP_S_RMAP_C +#endif + +#if defined(BN_MP_RAND_C) + #define BN_MP_ZERO_C + #define BN_MP_ADD_D_C + #define BN_MP_LSHD_C +#endif + +#if defined(BN_MP_READ_RADIX_C) + #define BN_MP_ZERO_C + #define BN_MP_S_RMAP_C + #define BN_MP_RADIX_SMAP_C + #define BN_MP_MUL_D_C + #define BN_MP_ADD_D_C + #define BN_MP_ISZERO_C +#endif + +#if defined(BN_MP_READ_SIGNED_BIN_C) + #define BN_MP_READ_UNSIGNED_BIN_C +#endif + +#if defined(BN_MP_READ_UNSIGNED_BIN_C) + #define BN_MP_GROW_C + #define BN_MP_ZERO_C + #define BN_MP_MUL_2D_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_REDUCE_C) + #define BN_MP_REDUCE_SETUP_C + #define BN_MP_INIT_COPY_C + #define BN_MP_RSHD_C + #define BN_MP_MUL_C + #define BN_S_MP_MUL_HIGH_DIGS_C + #define BN_FAST_S_MP_MUL_HIGH_DIGS_C + #define BN_MP_MOD_2D_C + #define BN_S_MP_MUL_DIGS_C + #define BN_MP_SUB_C + #define BN_MP_CMP_D_C + #define BN_MP_SET_C + #define BN_MP_LSHD_C + #define BN_MP_ADD_C + #define BN_MP_CMP_C + #define BN_S_MP_SUB_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_REDUCE_2K_C) + #define BN_MP_INIT_C + #define BN_MP_COUNT_BITS_C + #define BN_MP_DIV_2D_C + #define BN_MP_MUL_D_C + #define BN_S_MP_ADD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_REDUCE_2K_L_C) + #define BN_MP_INIT_C + #define BN_MP_COUNT_BITS_C + #define BN_MP_DIV_2D_C + #define BN_MP_MUL_C + #define BN_S_MP_ADD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_REDUCE_2K_SETUP_C) + #define BN_MP_INIT_C + #define BN_MP_COUNT_BITS_C + #define BN_MP_2EXPT_C + #define BN_MP_CLEAR_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_REDUCE_2K_SETUP_L_C) + #define BN_MP_INIT_C + #define BN_MP_2EXPT_C + #define BN_MP_COUNT_BITS_C + #define BN_S_MP_SUB_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_REDUCE_IS_2K_C) + #define BN_MP_REDUCE_2K_C + #define BN_MP_COUNT_BITS_C +#endif + +#if defined(BN_MP_REDUCE_IS_2K_L_C) +#endif + +#if defined(BN_MP_REDUCE_SETUP_C) + #define BN_MP_2EXPT_C + #define BN_MP_DIV_C +#endif + +#if defined(BN_MP_RSHD_C) + #define BN_MP_ZERO_C +#endif + +#if defined(BN_MP_SET_C) + #define BN_MP_ZERO_C +#endif + +#if defined(BN_MP_SET_INT_C) + #define BN_MP_ZERO_C + #define BN_MP_MUL_2D_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_SHRINK_C) +#endif + +#if defined(BN_MP_SIGNED_BIN_SIZE_C) + #define BN_MP_UNSIGNED_BIN_SIZE_C +#endif + +#if defined(BN_MP_SQR_C) + #define BN_MP_TOOM_SQR_C + #define BN_MP_KARATSUBA_SQR_C + #define BN_FAST_S_MP_SQR_C + #define BN_S_MP_SQR_C +#endif + +#if defined(BN_MP_SQRMOD_C) + #define BN_MP_INIT_C + #define BN_MP_SQR_C + #define BN_MP_CLEAR_C + #define BN_MP_MOD_C +#endif + +#if defined(BN_MP_SQRT_C) + #define BN_MP_N_ROOT_C + #define BN_MP_ISZERO_C + #define BN_MP_ZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_RSHD_C + #define BN_MP_DIV_C + #define BN_MP_ADD_C + #define BN_MP_DIV_2_C + #define BN_MP_CMP_MAG_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_SUB_C) + #define BN_S_MP_ADD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_SUB_D_C) + #define BN_MP_GROW_C + #define BN_MP_ADD_D_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_SUBMOD_C) + #define BN_MP_INIT_C + #define BN_MP_SUB_C + #define BN_MP_CLEAR_C + #define BN_MP_MOD_C +#endif + +#if defined(BN_MP_TO_SIGNED_BIN_C) + #define BN_MP_TO_UNSIGNED_BIN_C +#endif + +#if defined(BN_MP_TO_SIGNED_BIN_N_C) + #define BN_MP_SIGNED_BIN_SIZE_C + #define BN_MP_TO_SIGNED_BIN_C +#endif + +#if defined(BN_MP_TO_UNSIGNED_BIN_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_ISZERO_C + #define BN_MP_DIV_2D_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_TO_UNSIGNED_BIN_N_C) + #define BN_MP_UNSIGNED_BIN_SIZE_C + #define BN_MP_TO_UNSIGNED_BIN_C +#endif + +#if defined(BN_MP_TOOM_MUL_C) + #define BN_MP_INIT_MULTI_C + #define BN_MP_MOD_2D_C + #define BN_MP_COPY_C + #define BN_MP_RSHD_C + #define BN_MP_MUL_C + #define BN_MP_MUL_2_C + #define BN_MP_ADD_C + #define BN_MP_SUB_C + #define BN_MP_DIV_2_C + #define BN_MP_MUL_2D_C + #define BN_MP_MUL_D_C + #define BN_MP_DIV_3_C + #define BN_MP_LSHD_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_TOOM_SQR_C) + #define BN_MP_INIT_MULTI_C + #define BN_MP_MOD_2D_C + #define BN_MP_COPY_C + #define BN_MP_RSHD_C + #define BN_MP_SQR_C + #define BN_MP_MUL_2_C + #define BN_MP_ADD_C + #define BN_MP_SUB_C + #define BN_MP_DIV_2_C + #define BN_MP_MUL_2D_C + #define BN_MP_MUL_D_C + #define BN_MP_DIV_3_C + #define BN_MP_LSHD_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_TORADIX_C) + #define BN_MP_ISZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_DIV_D_C + #define BN_MP_CLEAR_C + #define BN_MP_S_RMAP_C +#endif + +#if defined(BN_MP_TORADIX_N_C) + #define BN_MP_ISZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_DIV_D_C + #define BN_MP_CLEAR_C + #define BN_MP_S_RMAP_C +#endif + +#if defined(BN_MP_UNSIGNED_BIN_SIZE_C) + #define BN_MP_COUNT_BITS_C +#endif + +#if defined(BN_MP_XOR_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_ZERO_C) +#endif + +#if defined(BN_PRIME_TAB_C) +#endif + +#if defined(BN_REVERSE_C) +#endif + +#if defined(BN_S_MP_ADD_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_S_MP_EXPTMOD_C) + #define BN_MP_COUNT_BITS_C + #define BN_MP_INIT_C + #define BN_MP_CLEAR_C + #define BN_MP_REDUCE_SETUP_C + #define BN_MP_REDUCE_C + #define BN_MP_REDUCE_2K_SETUP_L_C + #define BN_MP_REDUCE_2K_L_C + #define BN_MP_MOD_C + #define BN_MP_COPY_C + #define BN_MP_SQR_C + #define BN_MP_MUL_C + #define BN_MP_SET_C + #define BN_MP_EXCH_C +#endif + +#if defined(BN_S_MP_MUL_DIGS_C) + #define BN_FAST_S_MP_MUL_DIGS_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_S_MP_MUL_HIGH_DIGS_C) + #define BN_FAST_S_MP_MUL_HIGH_DIGS_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_S_MP_SQR_C) + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_S_MP_SUB_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BNCORE_C) +#endif + +#ifdef LTM3 +#define LTM_LAST +#endif +#include "mpi_superclass.h" +#include "mpi_class.h" +#else +#define LTM_LAST +#endif + diff --git a/source/libwolfssl/wolfcrypt/mpi_superclass.h b/source/libwolfssl/wolfcrypt/mpi_superclass.h new file mode 100644 index 00000000..73472684 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/mpi_superclass.h @@ -0,0 +1,96 @@ +/* mpi_superclass.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* super class file for PK algos */ + +/* default ... include all MPI */ +#define LTM_ALL + +/* RSA only (does not support DH/DSA/ECC) */ +/* #define SC_RSA_1 */ + +/* For reference.... On an Athlon64 optimizing for speed... + + LTM's mpi.o with all functions [striped] is 142KiB in size. + +*/ + +/* Works for RSA only, mpi.o is 68KiB */ +#ifdef SC_RSA_1 + #define BN_MP_SHRINK_C + #define BN_MP_LCM_C + #define BN_MP_PRIME_RANDOM_EX_C + #define BN_MP_INVMOD_C + #define BN_MP_GCD_C + #define BN_MP_MOD_C + #define BN_MP_MULMOD_C + #define BN_MP_ADDMOD_C + #define BN_MP_EXPTMOD_C + #define BN_MP_SET_INT_C + #define BN_MP_INIT_MULTI_C + #define BN_MP_CLEAR_MULTI_C + #define BN_MP_UNSIGNED_BIN_SIZE_C + #define BN_MP_TO_UNSIGNED_BIN_C + #define BN_MP_MOD_D_C + #define BN_MP_PRIME_RABIN_MILLER_TRIALS_C + #define BN_REVERSE_C + #define BN_PRIME_TAB_C + + /* other modifiers */ + #define BN_MP_DIV_SMALL /* Slower division, not critical */ + + /* here we are on the last pass so we turn things off. The functions classes are still there + * but we remove them specifically from the build. This also invokes tweaks in functions + * like removing support for even moduli, etc... + */ +#ifdef LTM_LAST + #undef BN_MP_TOOM_MUL_C + #undef BN_MP_TOOM_SQR_C + #undef BN_MP_KARATSUBA_MUL_C + #undef BN_MP_KARATSUBA_SQR_C + #undef BN_MP_REDUCE_C + #undef BN_MP_REDUCE_SETUP_C + #undef BN_MP_DR_IS_MODULUS_C + #undef BN_MP_DR_SETUP_C + #undef BN_MP_DR_REDUCE_C + #undef BN_MP_REDUCE_IS_2K_C + #undef BN_MP_REDUCE_2K_SETUP_C + #undef BN_MP_REDUCE_2K_C + #undef BN_S_MP_EXPTMOD_C + #undef BN_MP_DIV_3_C + #undef BN_S_MP_MUL_HIGH_DIGS_C + #undef BN_FAST_S_MP_MUL_HIGH_DIGS_C + #undef BN_FAST_MP_INVMOD_C + + /* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold + * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines] + * which means roughly speaking you can handle up to 2536-bit RSA keys with these defined without + * trouble. + */ + #undef BN_S_MP_MUL_DIGS_C + #undef BN_S_MP_SQR_C + #undef BN_MP_MONTGOMERY_REDUCE_C +#endif + +#endif + diff --git a/source/libwolfssl/wolfcrypt/pkcs11.h b/source/libwolfssl/wolfcrypt/pkcs11.h new file mode 100644 index 00000000..0e5e7b21 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/pkcs11.h @@ -0,0 +1,537 @@ +/* pkcs11.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _PKCS11_H_ +#define _PKCS11_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef NULL_PTR +#define NULL_PTR 0 +#endif +#define CK_TRUE 1 +#define CK_FALSE 0 + + +#define CK_INVALID_HANDLE 0UL + +#define CKN_SURRENDER 0UL + +#define CKF_TOKEN_PRESENT 0x00000001UL +#define CKF_REMOVABLE_DEVICE 0x00000002UL +#define CKF_HW_SLOT 0x00000004UL + +#define CKF_HW 0x00000001UL +#define CKF_ENCRYPT 0x00000100UL +#define CKF_DECRYPT 0x00000200UL +#define CKF_DIGEST 0x00000400UL +#define CKF_SIGN 0x00000800UL +#define CKF_SIGN_RECOVER 0x00001000UL +#define CKF_VERIFY 0x00002000UL +#define CKF_VERIFY_RECOVER 0x00004000UL +#define CKF_GENERATE 0x00008000UL +#define CKF_GENERATE_KEY_PAIR 0x00010000UL +#define CKF_WRAP 0x00020000UL +#define CKF_UNWRAP 0x00040000UL +#define CKF_DERIVE 0x00080000UL +#define CKF_EC_F_P 0x00100000UL +#define CKF_EC_F_2M 0x00200000UL +#define CKF_EC_ECPARAMETERS 0x00400000UL +#define CKF_EC_NAMEDCURVE 0x00800000UL +#define CKF_EC_UNCOMPRESS 0x01000000UL +#define CKF_EC_COMPRESS 0x02000000UL + +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL +#define CKF_OS_LOCKING_OK 0x00000002UL + +#define CKU_SO 0UL +#define CKU_USER 1UL +#define CKU_CONTEXT_SPECIFIC 2UL + +#define CKF_RW_SESSION 0x00000002UL +#define CKF_SERIAL_SESSION 0x00000004UL + +#define CKO_PUBLIC_KEY 0x00000002UL +#define CKO_PRIVATE_KEY 0x00000003UL +#define CKO_SECRET_KEY 0x00000004UL + +#define CKK_RSA 0x00000000UL +#define CKK_DH 0x00000002UL +#define CKK_EC 0x00000003UL +#define CKK_GENERIC_SECRET 0x00000010UL +#define CKK_AES 0x0000001FUL +#define CKK_MD5_HMAC 0x00000027UL +#define CKK_SHA_1_HMAC 0x00000028UL +#define CKK_SHA256_HMAC 0x0000002bUL +#define CKK_SHA384_HMAC 0x0000002cUL +#define CKK_SHA512_HMAC 0x0000002dUL +#define CKK_SHA224_HMAC 0x0000002eUL + +#define CKA_CLASS 0x00000000UL +#define CKA_TOKEN 0x00000001UL +#define CKA_PRIVATE 0x00000002UL +#define CKA_LABEL 0x00000003UL +#define CKA_VALUE 0x00000011UL +#define CKA_OBJECT_ID 0x00000012UL +#define CKA_OWNER 0x00000084UL +#define CKA_TRUSTED 0x00000086UL +#define CKA_KEY_TYPE 0x00000100UL +#define CKA_ID 0x00000102UL +#define CKA_SENSITIVE 0x00000103UL +#define CKA_ENCRYPT 0x00000104UL +#define CKA_DECRYPT 0x00000105UL +#define CKA_WRAP 0x00000106UL +#define CKA_UNWRAP 0x00000107UL +#define CKA_SIGN 0x00000108UL +#define CKA_SIGN_RECOVER 0x00000109UL +#define CKA_VERIFY 0x0000010AUL +#define CKA_VERIFY_RECOVER 0x0000010BUL +#define CKA_DERIVE 0x0000010CUL +#define CKA_MODULUS 0x00000120UL +#define CKA_MODULUS_BITS 0x00000121UL +#define CKA_PUBLIC_EXPONENT 0x00000122UL +#define CKA_PRIVATE_EXPONENT 0x00000123UL +#define CKA_PRIME_1 0x00000124UL +#define CKA_PRIME_2 0x00000125UL +#define CKA_EXPONENT_1 0x00000126UL +#define CKA_EXPONENT_2 0x00000127UL +#define CKA_COEFFICIENT 0x00000128UL +#define CKA_PUBLIC_KEY_INFO 0x00000129UL +#define CKA_PRIME 0x00000130UL +#define CKA_BASE 0x00000132UL +#define CKA_PRIME_BITS 0x00000133UL +#define CKA_VALUE_BITS 0x00000160UL +#define CKA_VALUE_LEN 0x00000161UL +#define CKA_EXTRACTABLE 0x00000162UL +#define CKA_LOCAL 0x00000163UL +#define CKA_NEVER_EXTRACTABLE 0x00000164UL +#define CKA_ALWAYS_SENSITIVE 0x00000165UL +#define CKA_KEY_GEN_MECHANISM 0x00000166UL +#define CKA_MODIFIABLE 0x00000170UL +#define CKA_COPYABLE 0x00000171UL +#define CKA_DESTROYABLE 0x00000172UL +#define CKA_EC_PARAMS 0x00000180UL +#define CKA_EC_POINT 0x00000181UL +#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL +#define CKA_HW_FEATURE_TYPE 0x00000300UL +#define CKA_RESET_ON_INIT 0x00000301UL +#define CKA_HAS_RESET 0x00000302UL + +#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +#define CKM_RSA_X_509 0x00000003UL +#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL +#define CKM_DH_PKCS_DERIVE 0x00000021UL +#define CKM_MD5_HMAC 0x00000211UL +#define CKM_SHA_1_HMAC 0x00000221UL +#define CKM_SHA256_HMAC 0x00000251UL +#define CKM_SHA224_HMAC 0x00000256UL +#define CKM_SHA384_HMAC 0x00000261UL +#define CKM_SHA512_HMAC 0x00000271UL +#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL +#define CKM_EC_KEY_PAIR_GEN 0x00001040UL +#define CKM_ECDSA 0x00001041UL +#define CKM_ECDH1_DERIVE 0x00001050UL +#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL +#define CKM_AES_KEY_GEN 0x00001080UL +#define CKM_AES_CBC 0x00001082UL +#define CKM_AES_GCM 0x00001087UL + +#define CKR_OK 0x00000000UL +#define CKR_MECHANISM_INVALID 0x00000070UL +#define CKR_SIGNATURE_INVALID 0x000000C0UL + +#define CKD_NULL 0x00000001UL + + +typedef unsigned char CK_BYTE; +typedef CK_BYTE CK_CHAR; +typedef CK_BYTE CK_UTF8CHAR; +typedef CK_BYTE CK_BBOOL; +typedef unsigned long int CK_ULONG; +typedef long int CK_LONG; +typedef CK_ULONG CK_FLAGS; +typedef CK_BYTE* CK_BYTE_PTR; +typedef CK_CHAR* CK_CHAR_PTR; +typedef CK_UTF8CHAR* CK_UTF8CHAR_PTR; +typedef CK_ULONG* CK_ULONG_PTR; +typedef void* CK_VOID_PTR; +typedef CK_VOID_PTR* CK_VOID_PTR_PTR; + + +typedef CK_ULONG CK_RV; + + +typedef struct CK_VERSION { + CK_BYTE major; + CK_BYTE minor; +} CK_VERSION; +typedef CK_VERSION* CK_VERSION_PTR; + + +/* Info Types */ +typedef struct CK_INFO { + CK_VERSION cryptokiVersion; + CK_UTF8CHAR manufacturerID[32]; + CK_FLAGS flags; + CK_UTF8CHAR libraryDescription[32]; + CK_VERSION libraryVersion; +} CK_INFO; +typedef CK_INFO* CK_INFO_PTR; + + +/* Slot Types */ +typedef CK_ULONG CK_SLOT_ID; +typedef CK_SLOT_ID* CK_SLOT_ID_PTR; + +typedef struct CK_SLOT_INFO { + CK_UTF8CHAR slotDescription[64]; + CK_UTF8CHAR manufacturerID[32]; + CK_FLAGS flags; + + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; +} CK_SLOT_INFO; +typedef CK_SLOT_INFO* CK_SLOT_INFO_PTR; + + +/* Token Types */ +typedef struct CK_TOKEN_INFO { + CK_UTF8CHAR label[32]; + CK_UTF8CHAR manufacturerID[32]; + CK_UTF8CHAR model[16]; + CK_CHAR serialNumber[16]; + CK_FLAGS flags; + CK_ULONG ulMaxSessionCount; + CK_ULONG ulSessionCount; + CK_ULONG ulMaxRwSessionCount; + CK_ULONG ulRwSessionCount; + CK_ULONG ulMaxPinLen; + CK_ULONG ulMinPinLen; + CK_ULONG ulTotalPublicMemory; + CK_ULONG ulFreePublicMemory; + CK_ULONG ulTotalPrivateMemory; + CK_ULONG ulFreePrivateMemory; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; + CK_CHAR utcTime[16]; +} CK_TOKEN_INFO; +typedef CK_TOKEN_INFO* CK_TOKEN_INFO_PTR; + + +/* Session Types */ +typedef CK_ULONG CK_SESSION_HANDLE; +typedef CK_SESSION_HANDLE* CK_SESSION_HANDLE_PTR; + +typedef CK_ULONG CK_USER_TYPE; + +typedef CK_ULONG CK_STATE; + +typedef struct CK_SESSION_INFO { + CK_SLOT_ID slotID; + CK_STATE state; + CK_FLAGS flags; + CK_ULONG ulDeviceError; +} CK_SESSION_INFO; +typedef CK_SESSION_INFO* CK_SESSION_INFO_PTR; + + +/* Object Types */ +typedef CK_ULONG CK_OBJECT_HANDLE; +typedef CK_OBJECT_HANDLE* CK_OBJECT_HANDLE_PTR; + +typedef CK_ULONG CK_OBJECT_CLASS; +typedef CK_OBJECT_CLASS* CK_OBJECT_CLASS_PTR; + +typedef CK_ULONG CK_KEY_TYPE; + +typedef CK_ULONG CK_ATTRIBUTE_TYPE; + +typedef struct CK_ATTRIBUTE { + CK_ATTRIBUTE_TYPE type; + CK_VOID_PTR pValue; + CK_ULONG ulValueLen; +} CK_ATTRIBUTE; +typedef CK_ATTRIBUTE* CK_ATTRIBUTE_PTR; + + +/* Mechanism Types */ +typedef CK_ULONG CK_MECHANISM_TYPE; +typedef CK_MECHANISM_TYPE* CK_MECHANISM_TYPE_PTR; + +typedef struct CK_MECHANISM { + CK_MECHANISM_TYPE mechanism; + CK_VOID_PTR pParameter; + CK_ULONG ulParameterLen; +} CK_MECHANISM; +typedef CK_MECHANISM* CK_MECHANISM_PTR; + +typedef struct CK_MECHANISM_INFO { + CK_ULONG ulMinKeySize; + CK_ULONG ulMaxKeySize; + CK_FLAGS flags; +} CK_MECHANISM_INFO; +typedef CK_MECHANISM_INFO * CK_MECHANISM_INFO_PTR; + + +typedef CK_ULONG CK_NOTIFICATION; + +typedef CK_RV (*CK_NOTIFY)(CK_SESSION_HANDLE hSession, CK_NOTIFICATION event, + CK_VOID_PTR pApplication); + + +/* Threading types. */ +typedef CK_RV (*CK_CREATEMUTEX)(CK_VOID_PTR_PTR ppMutex); +typedef CK_RV (*CK_DESTROYMUTEX)(CK_VOID_PTR pMutex); +typedef CK_RV (*CK_LOCKMUTEX)(CK_VOID_PTR pMutex); +typedef CK_RV (*CK_UNLOCKMUTEX)(CK_VOID_PTR pMutex); + +typedef struct CK_C_INITIALIZE_ARGS { + CK_CREATEMUTEX CreateMutex; + CK_DESTROYMUTEX DestroyMutex; + CK_LOCKMUTEX LockMutex; + CK_UNLOCKMUTEX UnlockMutex; + CK_FLAGS flags; + CK_VOID_PTR pReserved; +} CK_C_INITIALIZE_ARGS; +typedef CK_C_INITIALIZE_ARGS* CK_C_INITIALIZE_ARGS_PTR; + + +/* Cryptographic algorithm types. */ +typedef CK_ULONG CK_EC_KDF_TYPE; + +typedef struct CK_ECDH1_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; +} CK_ECDH1_DERIVE_PARAMS; +typedef CK_ECDH1_DERIVE_PARAMS* CK_ECDH1_DERIVE_PARAMS_PTR; + + +typedef struct CK_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_GCM_PARAMS; +typedef CK_GCM_PARAMS* CK_GCM_PARAMS_PTR; + +/* Function list types. */ +typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; +typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR; +typedef CK_FUNCTION_LIST_PTR* CK_FUNCTION_LIST_PTR_PTR; + +typedef CK_RV (*CK_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); + +struct CK_FUNCTION_LIST { + CK_VERSION version; + + CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs); + CK_RV (*C_Finalize)(CK_VOID_PTR pReserved); + CK_RV (*C_GetInfo)(CK_INFO_PTR pInfo); + CK_RV (*C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); + CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount); + CK_RV (*C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo); + CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo); + CK_RV (*C_GetMechanismList)(CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount); + CK_RV (*C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo); + CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel); + CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen); + CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, + CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, + CK_ULONG ulNewLen); + CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, + CK_VOID_PTR pApplication, CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); + CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CloseAllSessions)(CK_SLOT_ID slotID); + CK_RV (*C_GetSessionInfo)(CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo); + CK_RV (*C_GetOperationState)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen); + CK_RV (*C_SetOperationState)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey); + CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, + CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen); + CK_RV (*C_Logout)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CreateObject)(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject); + CK_RV (*C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject); + CK_RV (*C_DestroyObject)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject); + CK_RV (*C_GetObjectSize)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize); + CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_SetAttributeValue)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount); + CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_EncryptInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen); + CK_RV (*C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_EncryptFinal)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen); + CK_RV (*C_DecryptInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); + CK_RV (*C_DecryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); + CK_RV (*C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen); + CK_RV (*C_DigestInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); + CK_RV (*C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + CK_RV (*C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + CK_RV (*C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_SignRecoverInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_VerifyInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + CK_RV (*C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_VerifyFinal)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); + CK_RV (*C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_VerifyRecover)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen); + CK_RV (*C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); + CK_RV (*C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); + CK_RV (*C_GenerateKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_GenerateKeyPair)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey); + CK_RV (*C_WrapKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen); + CK_RV (*C_UnwrapKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_DeriveKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen); + CK_RV (*C_GenerateRandom)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR RandomData, CK_ULONG ulRandomLen); + CK_RV (*C_GetFunctionStatus)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CancelFunction)(CK_SESSION_HANDLE hSession); + CK_RV (*C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pRserved); + +}; + +#ifdef __cplusplus +} +#endif + +#endif /* _PKCS11_H_ */ + diff --git a/source/libwolfssl/wolfcrypt/pkcs12.h b/source/libwolfssl/wolfcrypt/pkcs12.h new file mode 100644 index 00000000..1244fc39 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/pkcs12.h @@ -0,0 +1,72 @@ +/* pkcs12.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_PKCS12_H +#define WOLF_CRYPT_PKCS12_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifndef WOLFSSL_TYPES_DEFINED /* do not redeclare from ssl.h */ + typedef struct WC_PKCS12 WC_PKCS12; +#endif + +typedef struct WC_DerCertList { /* dereferenced in ssl.c */ + byte* buffer; + word32 bufferSz; + struct WC_DerCertList* next; +} WC_DerCertList; + +/* default values for creating PKCS12 */ +enum { + WC_PKCS12_ITT_DEFAULT = 2048, + WC_PKCS12_VERSION_DEFAULT = 3, + WC_PKCS12_MAC_DEFAULT = 1, +}; + +WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void); +WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12); +WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12); +WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz); +WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, + byte** pkey, word32* pkeySz, byte** cert, word32* certSz, + WC_DerCertList** ca); +WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, + char* name, byte* key, word32 keySz, byte* cert, word32 certSz, + WC_DerCertList* ca, int nidKey, int nidCert, int iter, int macIter, + int keyType, void* heap); + + +WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap); +WOLFSSL_LOCAL void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12); + +WOLFSSL_LOCAL void wc_FreeCertList(WC_DerCertList* list, void* heap); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_PKCS12_H */ + diff --git a/source/libwolfssl/wolfcrypt/pkcs7.h b/source/libwolfssl/wolfcrypt/pkcs7.h new file mode 100644 index 00000000..cd385261 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/pkcs7.h @@ -0,0 +1,483 @@ +/* pkcs7.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/pkcs7.h +*/ + +#ifndef WOLF_CRYPT_PKCS7_H +#define WOLF_CRYPT_PKCS7_H + +#include + +#ifdef HAVE_PKCS7 + +#ifndef NO_ASN + #include +#endif +#include +#include +#ifndef NO_AES + #include +#endif +#ifndef NO_DES3 + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* Max number of certificates that PKCS7 structure can parse */ +#ifndef MAX_PKCS7_CERTS + #define MAX_PKCS7_CERTS 4 +#endif + +#ifndef MAX_ORI_TYPE_SZ + #define MAX_ORI_TYPE_SZ MAX_OID_SZ +#endif +#ifndef MAX_ORI_VALUE_SZ + #define MAX_ORI_VALUE_SZ 512 +#endif + +#ifndef MAX_SIGNED_ATTRIBS_SZ + #define MAX_SIGNED_ATTRIBS_SZ 7 +#endif + +#ifndef MAX_AUTH_ATTRIBS_SZ + #define MAX_AUTH_ATTRIBS_SZ 7 +#endif + +#ifndef MAX_UNAUTH_ATTRIBS_SZ + #define MAX_UNAUTH_ATTRIBS_SZ 7 +#endif + +/* PKCS#7 content types, ref RFC 2315 (Section 14) */ +enum PKCS7_TYPES { + PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */ + DATA = 651, /* 1.2.840.113549.1.7.1 */ + SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */ + ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */ + SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */ + DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */ + ENCRYPTED_DATA = 656, /* 1.2.840.113549.1.7.6 */ +#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + COMPRESSED_DATA = 678, /* 1.2.840.113549.1.9.16.1.9, RFC 3274 */ +#endif + FIRMWARE_PKG_DATA = 685, /* 1.2.840.113549.1.9.16.1.16, RFC 4108 */ + AUTH_ENVELOPED_DATA = 692 /* 1.2.840.113549.1.9.16.1.23, RFC 5083 */ +}; + +enum PKCS7_STATE { + WC_PKCS7_START = 0, + + /* decode encrypted */ + WC_PKCS7_STAGE2, + WC_PKCS7_STAGE3, + WC_PKCS7_STAGE4, + WC_PKCS7_STAGE5, + WC_PKCS7_STAGE6, + + WC_PKCS7_VERIFY_STAGE2, + WC_PKCS7_VERIFY_STAGE3, + WC_PKCS7_VERIFY_STAGE4, + WC_PKCS7_VERIFY_STAGE5, + WC_PKCS7_VERIFY_STAGE6, + + /* parse info set */ + WC_PKCS7_INFOSET_START, + WC_PKCS7_INFOSET_BER, + WC_PKCS7_INFOSET_STAGE1, + WC_PKCS7_INFOSET_STAGE2, + WC_PKCS7_INFOSET_END, + + /* decode enveloped data */ + WC_PKCS7_ENV_2, + WC_PKCS7_ENV_3, + WC_PKCS7_ENV_4, + WC_PKCS7_ENV_5, + + /* decode auth enveloped */ + WC_PKCS7_AUTHENV_2, + WC_PKCS7_AUTHENV_3, + WC_PKCS7_AUTHENV_4, + WC_PKCS7_AUTHENV_5, + WC_PKCS7_AUTHENV_6, + WC_PKCS7_AUTHENV_ATRB, + WC_PKCS7_AUTHENV_ATRBEND, + WC_PKCS7_AUTHENV_7, + + /* decryption state types */ + WC_PKCS7_DECRYPT_KTRI, + WC_PKCS7_DECRYPT_KTRI_2, + WC_PKCS7_DECRYPT_KTRI_3, + + + WC_PKCS7_DECRYPT_KARI, + WC_PKCS7_DECRYPT_KEKRI, + WC_PKCS7_DECRYPT_PWRI, + WC_PKCS7_DECRYPT_ORI, + + WC_PKCS7_DECRYPT_DONE, + +}; + +enum Pkcs7_Misc { + PKCS7_NONCE_SZ = 16, + MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */ + MAX_CONTENT_KEY_LEN = 32, /* highest current cipher is AES-256-CBC */ + MAX_CONTENT_IV_SIZE = 16, /* highest current is AES128 */ +#ifndef NO_AES + MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE, +#else + MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE, +#endif + MAX_RECIP_SZ = MAX_VERSION_SZ + + MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + + MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, +#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 2)) || defined(HAVE_SELFTEST) + /* In the event of fips cert 3389 or CAVP selftest build, these enums are + * not in aes.h for use with pkcs7 so enumerate it here outside the fips + * boundary */ + GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */ + CCM_NONCE_MIN_SZ = 7, +#endif +}; + +enum Cms_Options { + CMS_SKID = 1, + CMS_ISSUER_AND_SERIAL_NUMBER = 2, +}; +#define DEGENERATE_SID 3 + +/* CMS/PKCS#7 RecipientInfo types, RFC 5652, Section 6.2 */ +enum Pkcs7_RecipientInfo_Types { + PKCS7_KTRI = 0, + PKCS7_KARI = 1, + PKCS7_KEKRI = 2, + PKCS7_PWRI = 3, + PKCS7_ORI = 4 +}; + +typedef struct PKCS7Attrib { + const byte* oid; + word32 oidSz; + const byte* value; + word32 valueSz; +} PKCS7Attrib; + + +typedef struct PKCS7DecodedAttrib { + struct PKCS7DecodedAttrib* next; + byte* oid; + word32 oidSz; + byte* value; + word32 valueSz; +} PKCS7DecodedAttrib; + +typedef struct PKCS7State PKCS7State; +typedef struct Pkcs7Cert Pkcs7Cert; +typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip; +typedef struct PKCS7 PKCS7; +typedef struct PKCS7 PKCS7_SIGNED; +typedef struct PKCS7SignerInfo PKCS7SignerInfo; + +/* OtherRecipientInfo decrypt callback prototype */ +typedef int (*CallbackOriDecrypt)(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, + byte* oriValue, word32 oriValueSz, + byte* decryptedKey, word32* decryptedKeySz, + void* ctx); +typedef int (*CallbackOriEncrypt)(PKCS7* pkcs7, byte* cek, word32 cekSz, + byte* oriType, word32* oriTypeSz, + byte* oriValue, word32* oriValueSz, + void* ctx); +typedef int (*CallbackDecryptContent)(PKCS7* pkcs7, int encryptOID, + byte* iv, int ivSz, byte* aad, word32 aadSz, + byte* authTag, word32 authTagSz, byte* in, + int inSz, byte* out, void* ctx); +typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz, + byte* keyId, word32 keyIdSz, + byte* originKey, word32 originKeySz, + byte* out, word32 outSz, + int keyWrapAlgo, int type, int dir); + +/* Public Structure Warning: + * Existing members must not be changed to maintain backwards compatibility! + */ +struct PKCS7 { + WC_RNG* rng; + PKCS7Attrib* signedAttribs; + byte* content; /* inner content, not owner */ + byte* contentDynamic; /* content if constructed OCTET_STRING */ + byte* singleCert; /* recipient cert, DER, not owner */ + const byte* issuer; /* issuer name of singleCert */ + byte* privateKey; /* private key, DER, not owner */ + void* heap; /* heap hint for dynamic memory */ +#ifdef ASN_BER_TO_DER + byte* der; /* DER encoded version of message */ + word32 derSz; +#endif + byte* cert[MAX_PKCS7_CERTS]; + + /* Encrypted-data Content Type */ + byte* encryptionKey; /* block cipher encryption key */ + PKCS7Attrib* unprotectedAttribs; /* optional */ + PKCS7DecodedAttrib* decodedAttrib; /* linked list of decoded attribs */ + + /* Enveloped-data optional ukm, not owner */ + byte* ukm; + word32 ukmSz; + + word32 encryptionKeySz; /* size of key buffer, bytes */ + word32 unprotectedAttribsSz; + word32 contentSz; /* content size */ + word32 singleCertSz; /* size of recipient cert buffer, bytes */ + word32 issuerSz; /* length of issuer name */ + word32 issuerSnSz; /* length of serial number */ + + word32 publicKeySz; + word32 publicKeyOID; /* key OID (RSAk, ECDSAk, etc) */ + word32 privateKeySz; /* size of private key buffer, bytes */ + word32 signedAttribsSz; + int contentOID; /* PKCS#7 content type OID sum */ + int hashOID; + int encryptOID; /* key encryption algorithm OID */ + int keyWrapOID; /* key wrap algorithm OID */ + int keyAgreeOID; /* key agreement algorithm OID */ + int devId; /* device ID for HW based private key */ + byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ + byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ + byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/ + word32 certSz[MAX_PKCS7_CERTS]; + + /* flags - up to 16-bits */ + word16 isDynamic:1; + word16 noDegenerate:1; /* allow degenerate case in verify function */ + word16 detached:1; /* generate detached SignedData signature bundles */ + + byte contentType[MAX_OID_SZ]; /* custom contentType byte array */ + word32 contentTypeSz; /* size of contentType, bytes */ + + int sidType; /* SignerIdentifier type to use, of type + Pkcs7_SignerIdentifier_Types, default to + SID_ISSUER_AND_SERIAL_NUMBER */ + byte issuerSubjKeyId[KEYID_SIZE]; /* SubjectKeyIdentifier of singleCert */ + Pkcs7Cert* certList; /* certificates list for SignedData set */ + Pkcs7EncodedRecip* recipList; /* recipients list */ + byte* cek; /* content encryption key, random, dynamic */ + word32 cekSz; /* size of cek, bytes */ + byte* pass; /* password, for PWRI decryption */ + word32 passSz; /* size of pass, bytes */ + int kekEncryptOID; /* KEK encryption algorithm OID */ + + CallbackOriEncrypt oriEncryptCb; /* ORI encrypt callback */ + CallbackOriDecrypt oriDecryptCb; /* ORI decrypt callback */ + void* oriEncryptCtx; /* ORI encrypt user context ptr */ + void* oriDecryptCtx; /* ORI decrypt user context ptr */ + + PKCS7Attrib* authAttribs; /* authenticated attribs */ + word32 authAttribsSz; + PKCS7Attrib* unauthAttribs; /* unauthenticated attribs */ + word32 unauthAttribsSz; + +#ifndef NO_PKCS7_STREAM + PKCS7State* stream; +#endif + word32 state; + + word16 skipDefaultSignedAttribs:1; /* skip adding default signed attribs */ + + byte version; /* 1 for RFC 2315 and 3 for RFC 4108 */ + PKCS7SignerInfo* signerInfo; + CallbackDecryptContent decryptionCb; + CallbackWrapCEK wrapCEKCb; + void* decryptionCtx; + + byte* signature; + byte* plainDigest; + byte* pkcs7Digest; + word32 signatureSz; + word32 plainDigestSz; + word32 pkcs7DigestSz; + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ +}; + +WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); +WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); +WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz); +WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz); +WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7); + +WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, + word32 oidSz, byte* out, word32* outSz); + +WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type); +WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, + word32 sz); +WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz); +WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, + word32 blockSz); + +/* CMS/PKCS#7 Data */ +WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, + word32 outputSz); + +/* CMS/PKCS#7 SignedData */ +WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag); +WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7); +WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, + byte* output, word32 outputSz); +WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, + word32 hashSz, byte* outputHead, + word32* outputHeadSz, + byte* outputFoot, + word32* outputFootSz); +WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag); +WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, + byte* pkiMsg, word32 pkiMsgSz); +WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, + word32 hashSz, byte* pkiMsgHead, + word32 pkiMsgHeadSz, byte* pkiMsgFoot, + word32 pkiMsgFootSz); + +WOLFSSL_API int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz); + +/* CMS single-shot API for Signed FirmwarePkgData */ +WOLFSSL_API int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey, + word32 privateKeySz, int signOID, + int hashOID, byte* content, + word32 contentSz, + PKCS7Attrib* signedAttribs, + word32 signedAttribsSz, byte* output, + word32 outputSz); +#ifndef NO_PKCS7_ENCRYPTED_DATA +/* CMS single-shot API for Signed Encrypted FirmwarePkgData */ +WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, + byte* encryptKey, word32 encryptKeySz, + byte* privateKey, word32 privateKeySz, + int encryptOID, int signOID, + int hashOID, byte* content, + word32 contentSz, + PKCS7Attrib* unprotectedAttribs, + word32 unprotectedAttribsSz, + PKCS7Attrib* signedAttribs, + word32 signedAttribsSz, + byte* output, word32 outputSz); +#endif /* NO_PKCS7_ENCRYPTED_DATA */ +#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) +/* CMS single-shot API for Signed Compressed FirmwarePkgData */ +WOLFSSL_API int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, + byte* privateKey, word32 privateKeySz, + int signOID, int hashOID, + byte* content, word32 contentSz, + PKCS7Attrib* signedAttribs, + word32 signedAttribsSz, byte* output, + word32 outputSz); + +#ifndef NO_PKCS7_ENCRYPTED_DATA +/* CMS single-shot API for Signed Encrypted Compressed FirmwarePkgData */ +WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, + byte* encryptKey, word32 encryptKeySz, + byte* privateKey, word32 privateKeySz, + int encryptOID, int signOID, + int hashOID, byte* content, + word32 contentSz, + PKCS7Attrib* unprotectedAttribs, + word32 unprotectedAttribsSz, + PKCS7Attrib* signedAttribs, + word32 signedAttribsSz, + byte* output, word32 outputSz); +#endif /* !NO_PKCS7_ENCRYPTED_DATA */ +#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + +/* EnvelopedData and AuthEnvelopedData RecipientInfo functions */ +WOLFSSL_API int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, + word32 certSz, int options); +WOLFSSL_API int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, + word32 certSz, int keyWrapOID, + int keyAgreeOID, byte* ukm, + word32 ukmSz, int options); + +WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz); +WOLFSSL_API int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, + byte* kek, word32 kekSz, + byte* keyID, word32 keyIdSz, + void* timePtr, byte* otherOID, + word32 otherOIDSz, byte* other, + word32 otherSz, int options); + +WOLFSSL_API int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen); +WOLFSSL_API int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, + word32 pLen, byte* salt, + word32 saltSz, int kdfOID, + int prfOID, int iterations, + int kekEncryptOID, int options); +WOLFSSL_API int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx); +WOLFSSL_API int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx); +WOLFSSL_API int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb); +WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb, + int options); +WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, + CallbackWrapCEK wrapCEKCb); + +/* CMS/PKCS#7 EnvelopedData */ +WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, + byte* output, word32 outputSz); +WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, + word32 outputSz); + +/* CMS/PKCS#7 AuthEnvelopedData */ +WOLFSSL_API int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, + byte* output, word32 outputSz); +WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, + word32 outputSz); + +/* CMS/PKCS#7 EncryptedData */ +#ifndef NO_PKCS7_ENCRYPTED_DATA +WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, + byte* output, word32 outputSz); +WOLFSSL_API int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, + word32 outputSz); +WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7, + CallbackDecryptContent decryptionCb); +WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx); +#endif /* NO_PKCS7_ENCRYPTED_DATA */ + +/* CMS/PKCS#7 CompressedData */ +#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) +WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, + word32 outputSz); +WOLFSSL_API int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, + word32 outputSz); +#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_PKCS7 */ +#endif /* WOLF_CRYPT_PKCS7_H */ + diff --git a/source/libwolfssl/wolfcrypt/poly1305.h b/source/libwolfssl/wolfcrypt/poly1305.h new file mode 100644 index 00000000..6ef6e58b --- /dev/null +++ b/source/libwolfssl/wolfcrypt/poly1305.h @@ -0,0 +1,127 @@ +/* poly1305.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/poly1305.h +*/ + +#ifndef WOLF_CRYPT_POLY1305_H +#define WOLF_CRYPT_POLY1305_H + +#include + +#ifdef HAVE_POLY1305 + +#ifdef __cplusplus + extern "C" { +#endif + +/* auto detect between 32bit / 64bit */ +#if defined(__SIZEOF_INT128__) && defined(__LP64__) +#define WC_HAS_SIZEOF_INT128_64BIT +#endif + +#if defined(_MSC_VER) && defined(_M_X64) +#define WC_HAS_MSVC_64BIT +#endif + +#if (defined(__GNUC__) && defined(__LP64__) && \ + ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)))) +#define WC_HAS_GCC_4_4_64BIT +#endif + +#ifdef USE_INTEL_SPEEDUP +#elif (defined(WC_HAS_SIZEOF_INT128_64BIT) || defined(WC_HAS_MSVC_64BIT) || \ + defined(WC_HAS_GCC_4_4_64BIT)) +#define POLY130564 +#else +#define POLY130532 +#endif + +enum { + POLY1305 = 7, + POLY1305_BLOCK_SIZE = 16, + POLY1305_DIGEST_SIZE = 16, +}; + +#define WC_POLY1305_PAD_SZ 16 +#define WC_POLY1305_MAC_SZ 16 + +/* Poly1305 state */ +typedef struct Poly1305 { +#ifdef USE_INTEL_SPEEDUP + word64 r[3]; + word64 h[3]; + word64 pad[2]; + word64 hh[20]; + word32 r1[8]; + word32 r2[8]; + word32 r3[8]; + word32 r4[8]; + word64 hm[16]; + unsigned char buffer[8*POLY1305_BLOCK_SIZE]; + size_t leftover; + unsigned char finished; + unsigned char started; +#else +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ALIGN128 word32 r[5]; + ALIGN128 word32 r_2[5]; // r^2 + ALIGN128 word32 r_4[5]; // r^4 + ALIGN128 word32 h[5]; + word32 pad[4]; + word64 leftover; +#else +#if defined(POLY130564) + word64 r[3]; + word64 h[3]; + word64 pad[2]; +#else + word32 r[5]; + word32 h[5]; + word32 pad[4]; +#endif + size_t leftover; +#endif /* WOLFSSL_ARMASM */ + unsigned char buffer[POLY1305_BLOCK_SIZE]; + unsigned char finished; +#endif +} Poly1305; + +/* does init */ + +WOLFSSL_API int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key, + word32 kySz); +WOLFSSL_API int wc_Poly1305Update(Poly1305* poly1305, const byte*, word32); +WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag); +WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, + byte* input, word32 sz, byte* tag, word32 tagSz); + +void poly1305_block(Poly1305* ctx, const unsigned char *m); +void poly1305_blocks(Poly1305* ctx, const unsigned char *m, + size_t bytes); +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_POLY1305 */ +#endif /* WOLF_CRYPT_POLY1305_H */ + diff --git a/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h new file mode 100644 index 00000000..433066af --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -0,0 +1,152 @@ +/* esp32-crypt.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef __ESP32_CRYPT_H__ + +#define __ESP32_CRYPT_H__ + +#include "esp_idf_version.h" +#include "esp_types.h" +#include "esp_log.h" + +#ifdef WOLFSSL_ESP32WROOM32_CRYPT_DEBUG +#undef LOG_LOCAL_LEVEL +#define LOG_LOCAL_LEVEL ESP_LOG_DEBUG +#else +#undef LOG_LOCAL_LEVEL +#define LOG_LOCAL_LEVEL ESP_LOG_ERROR +#endif + +#include +#include "soc/dport_reg.h" +#include "soc/hwcrypto_reg.h" +#include "soc/cpu.h" +#include "driver/periph_ctrl.h" +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#include +#else +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex); +int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t xBloxkTime); +int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex); + +#ifndef NO_AES + +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#include "esp32/rom/aes.h" +#else +#include "rom/aes.h" +#endif + +typedef enum tagES32_AES_PROCESS { + ESP32_AES_LOCKHW = 1, + ESP32_AES_UPDATEKEY_ENCRYPT = 2, + ESP32_AES_UPDATEKEY_DECRYPT = 3, + ESP32_AES_UNLOCKHW = 4 +} ESP32_AESPROCESS; + +struct Aes; +int wc_esp32AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); +int wc_esp32AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); +int wc_esp32AesEncrypt(struct Aes *aes, const byte* in, byte* out); +int wc_esp32AesDecrypt(struct Aes *aes, const byte* in, byte* out); + +#endif + +#ifdef WOLFSSL_ESP32WROOM32_CRYPT_DEBUG + +void wc_esp32TimerStart(); +uint64_t wc_esp32elapsedTime(); + +#endif /* WOLFSSL_ESP32WROOM32_CRYPT_DEBUG */ + +#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || \ + defined(WOLFSSL_SHA512)) && \ + !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) + +/* RAW hash function APIs are not implemented with esp32 hardware acceleration*/ +#define WOLFSSL_NO_HASH_RAW +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#include "esp32/rom/sha.h" +#else +#include "rom/sha.h" +#endif + +typedef enum { + ESP32_SHA_INIT = 0, + ESP32_SHA_HW = 1, + ESP32_SHA_SW = 2, +} ESP32_DOSHA; + +typedef struct { + byte isfirstblock; + /* 0 , 1 hard, 2 soft */ + byte mode; + /* sha_type */ + enum SHA_TYPE sha_type; +} WC_ESP32SHA; + +int esp_sha_try_hw_lock(WC_ESP32SHA* ctx); +void esp_sha_hw_unlock( void ); + +struct wc_Sha; +int esp_sha_digest_process(struct wc_Sha* sha, byte bockprocess); +int esp_sha_process(struct wc_Sha* sha, const byte* data); + +#ifndef NO_SHA256 + struct wc_Sha256; + int esp_sha256_digest_process(struct wc_Sha256* sha, byte bockprocess); + int esp_sha256_process(struct wc_Sha256* sha, const byte* data); +#endif + +#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + struct wc_Sha512; + int esp_sha512_process(struct wc_Sha512* sha); + int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc); +#endif + +#endif /* NO_SHA && */ + +#if !defined(NO_RSA) || defined(HAVE_ECC) + +#ifndef ESP_RSA_TIMEOUT + #define ESP_RSA_TIMEOUT 0xFFFFF +#endif + +struct fp_int; +int esp_mp_mul(struct fp_int* X, struct fp_int* Y, struct fp_int* Z); +int esp_mp_exptmod(struct fp_int* G, struct fp_int* X, word32 Xbits, struct fp_int* P, + struct fp_int* Y); +int esp_mp_mulmod(struct fp_int* X, struct fp_int* Y, struct fp_int* M, + struct fp_int* Z); + +#endif /* NO_RSA || HAVE_ECC*/ + +#ifdef __cplusplus +} +#endif + +#endif /* __ESP32_CRYPT_H__ */ diff --git a/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h new file mode 100644 index 00000000..4c61269e --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -0,0 +1,153 @@ +/* renesas-tsip-crypt.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef __RENESAS_TSIP_CRYPT_H__ +#define __RENESAS_TSIP_CRYPT_H__ + +#if defined(WOLFSSL_RENESAS_TSIP_IAREWRX) + #include "r_bsp/mcu/all/r_rx_compiler.h" + #include "r_bsp/platform.h" +#else + #include "platform.h" +#endif + +#include "r_tsip_rx_if.h" +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + tsip_Key_SESSION = 1, + tsip_Key_AES128 = 2, + tsip_Key_AES256 = 3, + tsip_Key_RSA1024 = 4, + tsip_Key_RSA2048 = 5, + tsip_Key_tls_Rsa2048 = 6, + UNKNOW = -1, +} wolfssl_TSIP_KEY_IV; + +enum { + l_TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, + l_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, + l_TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, + l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, +}; + +typedef struct +{ + uint8_t *encrypted_session_key; + uint8_t *iv; + uint8_t *encrypted_user_tls_key; + tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; +} tsip_key_data; + +struct WOLFSSL; + +int tsip_Open( ); +void tsip_Close( ); +int tsip_hw_lock(); +void tsip_hw_unlock( void ); +int tsip_usable(const struct WOLFSSL *ssl); +void tsip_inform_sflash_signedcacert(const byte *ps_flash, + const byte *psigned_ca_cert, word32 len); +void tsip_inform_cert_sign(const byte *sign); +/* set / get key */ +void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv, + byte *encrypted_user_tls_key); + +byte tsip_rootCAverified( ); +byte tsip_checkCA(word32 cmIdx); +int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len, + word32 key_n_start, word32 key_n_len, + word32 key_e_start, word32 key_e_len, + word32 cm_row); +int tsip_tls_CertVerify(const byte *cert, word32 certSz, + const byte *signature, word32 sigSz, + word32 key_n_start, word32 key_n_len, + word32 key_e_start, word32 key_e_len, + byte *tsip_encRsaKeyIdx); +void tsip_inform_key_position(const word32 key_n_start, const word32 key_n_len, + const word32 key_e_start, const word32 key_e_len); +int tsip_generatePremasterSecret(byte *premaster, word32 preSz); +int tsip_generateEncryptPreMasterSecret(struct WOLFSSL *ssl, byte *out, + word32 *outSz); +int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr, + byte *ms); +int tsip_generateSeesionKey(struct WOLFSSL *ssl); +int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner, + word32 innerSz, const byte *in, word32 sz, byte *digest, + word32 verify); +int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner, + word32 innerSz, const byte *in, word32 sz, byte *digest, + word32 verify); + +#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) + +typedef enum { + TSIP_SHA1 = 0, + TSIP_SHA256 = 1, +} TSIP_SHA_TYPE; + +typedef struct { + byte* msg; + void* heap; + word32 used; + word32 len; + word32 sha_type; +} wolfssl_TSIP_Hash; + +/* RAW hash function APIs are not implemented with TSIP */ +#define WOLFSSL_NO_HASH_RAW + +typedef wolfssl_TSIP_Hash wc_Sha; + +#if !defined(NO_SHA256) + typedef wolfssl_TSIP_Hash wc_Sha256; +#endif + +#endif /* NO_SHA */ + +#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) +typedef struct { + tsip_aes_key_index_t tsip_keyIdx; + word32 keySize; +} TSIP_AES_CTX; + + struct Aes; + int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); + int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); + +#endif /* WOLFSSL_RENESAS_TSIP_TLS_AES */ + +#if defined(WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG) +byte *ret2err(word32 ret); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __RENESAS_TSIP_CRYPT_H__ */ diff --git a/source/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h b/source/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h new file mode 100644 index 00000000..b0e970ad --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/af_alg/afalg_hash.h @@ -0,0 +1,50 @@ +/* afalg_hash.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_AFALG_HASH_H +#define WOLF_CRYPT_AFALG_HASH_H + +#include + +#undef WOLFSSL_NO_HASH_RAW +#define WOLFSSL_NO_HASH_RAW + +typedef struct { + byte* msg; + void* heap; + word32 used; + word32 len; + int alFd; + int rdFd; +} wolfssl_AFALG_Hash; + + + +#if !defined(NO_SHA256) && defined(WOLFSSL_AFALG_HASH) + typedef wolfssl_AFALG_Hash wc_Sha256; +#endif +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_AFALG_XILINX_SHA3) + typedef wolfssl_AFALG_Hash wc_Sha3; +#endif + +#endif /* WOLF_CRYPT_AFALG_HASH_H */ + diff --git a/source/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h b/source/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h new file mode 100644 index 00000000..eb0c6392 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/af_alg/wc_afalg.h @@ -0,0 +1,53 @@ +/* wc_afalg.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_AFALG_H +#define WOLFSSL_AFALG_H + +#include + +#include +#include +#include + +#define WC_SOCK_NOTSET -1 + +/* In some cases these flags are not set in AF_ALG header files. + * Documentation provided at kernel.org/doc/html/v4.16/crypto/userspace-if.html + * suggests using these values if not set */ +#ifndef AF_ALG + #define AF_ALG 38 +#endif +#ifndef SOL_ALG + #define SOL_ALG 279 +#endif + +WOLFSSL_LOCAL void wc_Afalg_SockAddr(struct sockaddr_alg* in, const char* type, const char* name); +WOLFSSL_LOCAL int wc_Afalg_Accept(struct sockaddr_alg* in, int inSz, int sock); +WOLFSSL_LOCAL int wc_Afalg_Socket(void); +WOLFSSL_LOCAL int wc_Afalg_CreateRead(int sock, const char* type, const char* name); +WOLFSSL_LOCAL int wc_Afalg_SetIv(struct cmsghdr* cmsg, byte* iv, word32 ivSz); +WOLFSSL_LOCAL int wc_Afalg_SetOp(struct cmsghdr* cmsg, int dir); +WOLFSSL_LOCAL int wc_Afalg_SetAad(struct cmsghdr* cmsg, word32 sz); + +#endif /* WOLFSSL_AFALG_H */ + diff --git a/source/libwolfssl/wolfcrypt/port/arm/cryptoCell.h b/source/libwolfssl/wolfcrypt/port/arm/cryptoCell.h new file mode 100644 index 00000000..1dd1a334 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/arm/cryptoCell.h @@ -0,0 +1,117 @@ +/* cryptoCell.h + * + * Copyright (C) 2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_CRYPTOCELL_H +#define WOLFSSL_CRYPTOCELL_H + +#if defined(WOLFSSL_CRYPTOCELL) +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#include "sns_silib.h" + +#ifndef NO_SHA256 + #include "crys_hash.h" + #include "crys_hash_error.h" + /* largest possible input data on CC310 DMA. */ + #define CC310_MAX_LENGTH_DMA (0xFFFF) +#endif + +#ifndef NO_AES + #include "ssi_aes.h" + + typedef struct aes_context_t { + SaSiAesUserContext_t user_ctx; /* CC310 AES User context */ + SaSiAesUserKeyData_t key; /* CC310 AES key structure */ + SaSiAesEncryptMode_t mode; /* encrypt or decrypt */ + } aes_context_t; + #define CC310_MAX_LENGTH_DMA_AES (0xFFF0) +#endif /* NO_AES */ + +#if !defined(WC_NO_RNG) + #if defined(WOLFSSL_nRF5x_SDK_15_2) + +/* To fix warning. MIN/MAX are defined in tfm.h and Nordic (re)defines them */ + #undef MIN + #undef MAX +/* includes to use RNG on the nRF52 */ + #include "nrf_drv_rng.h" + #include "nrf_assert.h" + #endif + + /*RNG Global variables*/ + extern CRYS_RND_State_t wc_rndState; + extern CRYS_RND_WorkBuff_t wc_rndWorkBuff; + extern SaSiRndGenerateVectWorkFunc_t wc_rndGenVectFunc; + int cc310_random_generate(byte* output, word32 size); +#endif + +#ifndef NO_RSA + #include "crys_rsa_types.h" + #include "crys_rnd.h" + #include "crys_rsa_schemes.h" + #include "crys_rsa_kg.h" + #include "crys_rsa_build.h" + + typedef struct rsa_context_t { + CRYS_RSAUserPrivKey_t privKey; + CRYS_RSAUserPubKey_t pubKey; + } rsa_context_t; +CRYS_RSA_HASH_OpMode_t cc310_hashModeRSA(enum wc_HashType hash_type); +#endif + +#ifdef HAVE_ECC + #include "crys_ecpki_kg.h" + #include "crys_ecpki_dh.h" + #include "crys_ecpki_build.h" + #include "crys_ecpki_domain.h" + #include "crys_ecpki_ecdsa.h" + + typedef struct ecc_context_t { + CRYS_ECPKI_UserPrivKey_t privKey; + CRYS_ECPKI_UserPublKey_t pubKey; + } ecc_context_t; + +CRYS_ECPKI_DomainID_t cc310_mapCurve(int curve_id); +CRYS_ECPKI_HASH_OpMode_t cc310_hashModeECC(int hash_size); +#endif /* HAVE_ECC */ + +#if !defined(NO_CRYPT_BENCHMARK) && defined(WOLFSSL_nRF5x_SDK_15_2) + /* includes to use Real-time counter (RTC) on nRF52840 */ + #include "nrf_gpio.h" + #include "nrf_drv_rtc.h" + #include "nrf_drv_clock.h" + #include "boards.h" + #include + #include +#endif /* NO_CRYPT_BENCHMARK && WOLFSSL_nRF5x_SDK_15_2*/ + +int cc310_Init(void); +void cc310_Free(void); + +#ifdef __cplusplus +} +#endif +#endif /* WOLFSSL_CRYPTOCELL */ +#endif /* WOLFSSL_CRYPTOCELL_H */ diff --git a/source/libwolfssl/wolfcrypt/port/atmel/atmel.h b/source/libwolfssl/wolfcrypt/port/atmel/atmel.h new file mode 100644 index 00000000..4075c910 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/atmel/atmel.h @@ -0,0 +1,134 @@ +/* atmel.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _ATECC508_H_ +#define _ATECC508_H_ + +#include + +#include +#include + +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC_PKCB) + #undef SHA_BLOCK_SIZE + #define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP + #include + #undef SHA_BLOCK_SIZE +#endif + +/* ATECC508A only supports ECC P-256 */ +#define ATECC_KEY_SIZE (32) +#define ATECC_PUBKEY_SIZE (ATECC_KEY_SIZE*2) /* X and Y */ +#define ATECC_SIG_SIZE (ATECC_KEY_SIZE*2) /* R and S */ +#ifndef ATECC_MAX_SLOT +#define ATECC_MAX_SLOT (0x8) /* Only use 0-7 */ +#endif +#define ATECC_INVALID_SLOT (0xFF) + +/* Device Key for signing */ +#ifndef ATECC_SLOT_AUTH_PRIV +#define ATECC_SLOT_AUTH_PRIV (0x0) +#endif +/* Ephemeral key */ +#ifndef ATECC_SLOT_ECDHE_PRIV +#define ATECC_SLOT_ECDHE_PRIV (0x2) +#endif +/* Symmetric encryption key */ +#ifndef ATECC_SLOT_I2C_ENC +#define ATECC_SLOT_I2C_ENC (0x04) +#endif +/* Parent encryption key */ +#ifndef ATECC_SLOT_ENC_PARENT +#define ATECC_SLOT_ENC_PARENT (0x7) +#endif + +/* ATECC_KEY_SIZE required for ecc.h */ +#include + +struct WOLFSSL; +struct WOLFSSL_CTX; +struct WOLFSSL_X509_STORE_CTX; +struct ecc_key; + +/* Atmel port functions */ +int atmel_init(void); +void atmel_finish(void); +int atmel_get_random_number(uint32_t count, uint8_t* rand_out); +#ifndef ATMEL_GET_RANDOM_BLOCK_DEFINED + int atmel_get_random_block(unsigned char* output, unsigned int sz); + #define ATMEL_GET_RANDOM_BLOCK_DEFINED +#endif +long atmel_get_curr_time_and_date(long* tm); + +#ifdef WOLFSSL_ATECC508A + +enum atmelSlotType { + ATMEL_SLOT_ANY, + ATMEL_SLOT_ENCKEY, + ATMEL_SLOT_DEVICE, + ATMEL_SLOT_ECDHE, + ATMEL_SLOT_ECDHE_ENC, +}; + +int atmel_ecc_alloc(int slotType); +void atmel_ecc_free(int slotId); + +typedef int (*atmel_slot_alloc_cb)(int); +typedef void (*atmel_slot_dealloc_cb)(int); +int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, + atmel_slot_dealloc_cb dealloc); + +int atmel_ecc_translate_err(int status); +int atmel_get_rev_info(word32* revision); +void atmel_show_rev_info(void); + +/* The macro ATECC_GET_ENC_KEY can be set to override the default + encryption key with your own at build-time */ +#ifndef ATECC_GET_ENC_KEY + #define ATECC_GET_ENC_KEY(enckey, keysize) atmel_get_enc_key_default((enckey), (keysize)) +#endif +int atmel_get_enc_key_default(byte* enckey, word16 keysize); +int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms); +int atmel_ecc_create_key(int slotId, byte* peerKey); +int atmel_ecc_sign(int slotId, const byte* message, byte* signature); +int atmel_ecc_verify(const byte* message, const byte* signature, + const byte* pubkey, int* verified); + +#endif /* WOLFSSL_ATECC508A */ + +#ifdef HAVE_PK_CALLBACKS + int atcatls_create_key_cb(struct WOLFSSL* ssl, struct ecc_key* key, unsigned int keySz, + int ecc_curve, void* ctx); + int atcatls_create_pms_cb(struct WOLFSSL* ssl, struct ecc_key* otherKey, + unsigned char* pubKeyDer, word32* pubKeySz, + unsigned char* out, word32* outlen, + int side, void* ctx); + int atcatls_sign_certificate_cb(struct WOLFSSL* ssl, const byte* in, unsigned int inSz, + byte* out, word32* outSz, const byte* key, unsigned int keySz, void* ctx); + int atcatls_verify_signature_cb(struct WOLFSSL* ssl, const byte* sig, unsigned int sigSz, + const byte* hash, unsigned int hashSz, const byte* key, unsigned int keySz, + int* result, void* ctx); + + int atcatls_set_callbacks(struct WOLFSSL_CTX* ctx); + int atcatls_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx); +#endif + +#endif /* _ATECC508_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/caam/caam_driver.h b/source/libwolfssl/wolfcrypt/port/caam/caam_driver.h new file mode 100644 index 00000000..5e493127 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/caam/caam_driver.h @@ -0,0 +1,187 @@ +/* caam_driver.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef CAAM_DRIVER_H +#define CAAM_DRIVER_H + +#define CAAM_BASE 0xf2100000 + +#define CAAM_PAGE 0xf0100000 +#define CAAM_PAGE_MAX 6 + +/****************************************************************************** + Basic Descriptors + ****************************************************************************/ + +/* descriptor commands */ +#define CAAM_KEY 0x00000000 +#define CAAM_LOAD 0x10000000 +#define CAAM_LOAD_CTX 0x10200000 +#define CAAM_IMM 0x00800000 +#define CAAM_FIFO_L 0x20000000 +#define CAAM_FIFO_S 0x60000000 +#define CAAM_FIFO_S_SKEY 0x60260000 +#define CAAM_STORE 0x50000000 +#define CAAM_STORE_CTX 0x50200000 +#define CAAM_MOVE 0x78000000 +#define CAAM_OP 0x80000000 +#define CAAM_SIG 0x90000000 +#define CAAM_JUMP 0xA0000000 +#define CAAM_SEQI 0xF0000000/* SEQ in */ +#define CAAM_SEQO 0xF8000000/* SEQ out */ +#define CAAM_HEAD 0xB0800000 +#define CAAM_NWB 0x00200000 + +#define CAAM_BLOB_ENCAP 0x07000000 +#define CAAM_BLOB_DECAP 0x06000000 +#define CAAM_OPID_BLOB 0x000D0000 + +/* algorithms modes and types */ +#define CAAM_CLASS1 0x02000000/* i.e. AES */ +#define CAAM_CLASS2 0x04000000/* i.e. hash algos */ + +#define CAAM_ENC 0x00000001 +#define CAAM_DEC 0x00000000 +#define CAAM_ALG_INIT 0x00000004 +#define CAAM_ALG_INITF 0x0000000C +#define CAAM_ALG_UPDATE 0x00000000 +#define CAAM_ALG_FINAL 0x00000008 + + /* AES 10h */ +#define CAAM_AESCTR 0x00100000 +#define CAAM_AESCBC 0x00100100 +#define CAAM_AESECB 0x00100200 +#define CAAM_AESCFB 0x00100300 +#define CAAM_AESOFB 0x00100400 +#define CAAM_CMAC 0x00100600 +#define CAAM_AESCCM 0x00100800 + + /* HASH 40h */ +#define CAAM_MD5 0x00400000 +#define CAAM_SHA 0x00410000 +#define CAAM_SHA224 0x00420000 +#define CAAM_SHA256 0x00430000 +#define CAAM_SHA384 0x00440000 +#define CAAM_SHA512 0x00450000 + + /* HMAC 40h + 10 AAI */ +#define CAAM_HMAC_MD5 0x00400010 +#define CAAM_HMAC_SHA 0x00410010 +#define CAAM_HMAC_SHA224 0x00420010 +#define CAAM_HMAC_SHA256 0x00430010 +#define CAAM_HMAC_SHA384 0x00440010 +#define CAAM_HMAC_SHA512 0x00450010 + +#define CAAM_MD5_CTXSZ (16 + 8) +#define CAAM_SHA_CTXSZ (20 + 8) +#define CAAM_SHA224_CTXSZ (32 + 8) +#define CAAM_SHA256_CTXSZ (32 + 8) +#define CAAM_SHA384_CTXSZ (64 + 8) +#define CAAM_SHA512_CTXSZ (64 + 8) + + /* RNG 50h */ +#define CAAM_RNG 0x00500000 + + /* Used to get raw entropy from TRNG */ +#define CAAM_ENTROPY 0x00500001 + +#define FIFOL_TYPE_MSG 0x00100000 +#define FIFOL_TYPE_AAD 0x00300000 +#define FIFOL_TYPE_FC1 0x00010000 +#define FIFOL_TYPE_LC1 0x00020000 +#define FIFOL_TYPE_LC2 0x00040000 + +#define FIFOS_TYPE_MSG 0x00300000 + +/* continue bit set if more output is expected */ +#define CAAM_FIFOS_CONT 0x00800000 + +#define CAAM_PAGE_SZ 4096 + +/* RNG Registers */ +#define CAAM_RTMCTL CAAM_BASE + 0X0600 +#define CAAM_RTSDCTL CAAM_BASE + 0X0610 +#define CAAM_RTFRQMIN CAAM_BASE + 0X0618 +#define CAAM_RTFRQMAX CAAM_BASE + 0X061C +#define CAAM_RDSTA CAAM_BASE + 0X06C0 +#define CAAM_RTSTATUS CAAM_BASE + 0x063C + +/* each of the following 11 RTENT registers are an offset of 4 from RTENT0 */ +#define CAAM_RTENT0 CAAM_BASE + 0x0640 +#define CAAM_RTENT11 CAAM_BASE + 0x066C /* Max RTENT register */ + +/* RNG Masks/Values */ +#ifndef CAAM_ENT_DLY + #define CAAM_ENT_DLY 1200 /* @TODO lower value may gain performance */ +#endif +#define CAAM_PRGM 0x00010000 /* Set RTMCTL to program state */ +#define CAAM_TRNG 0x00000020 /* Set TRNG access */ +#define CAAM_CTLERR 0x00001000 +#define CAAM_ENTVAL 0x00000400 /* checking RTMCTL for entropy ready */ + +/* Input Job Ring Registers */ +#define CAAM_IRBAR0 CAAM_BASE + 0x1004 +#define CAAM_IRSR0 CAAM_BASE + 0x100C +#define CAAM_IRJAR0 CAAM_BASE + 0x101C + +/* Ouput Job Ring Registers */ +#define CAAM_ORBAR0 CAAM_BASE + 0x1024 +#define CAAM_ORSR0 CAAM_BASE + 0x102C +#define CAAM_ORJAR0 CAAM_BASE + 0x103C + + +/* Status Registers */ +#define CAAM_STATUS CAAM_BASE + 0x0FD4 +#define CAAM_VERSION_MS CAAM_BASE + 0x0FE8 +#define CAAM_VERSION_LS CAAM_BASE + 0x0FEC +#define CAMM_SUPPORT_MS CAAM_BASE + 0x0FF0 +#define CAMM_SUPPORT_LS CAAM_BASE + 0x0FF4 + + +#define CAAM_C1DSR_LS CAAM_BASE + 0x8014 +#define CAAM_C1MR CAAM_BASE + 0x8004 + + +/* output FIFO is 16 entries deep and each entry has a two 4 byte registers */ +#define CAAM_FIFOO_MS CAAM_BASE + 0x87F0 +#define CAAM_FIFOO_LS CAAM_BASE + 0x87F4 + +/* input FIFO is 16 entries deep with each entry having two 4 byte registers + All data writin to it from IP bus should be in big endian format */ +#define CAAM_FIFOI_LS CAAM_BASE + 0x87E0 + +/* offset of 4 with range 0 .. 13 */ +#define CAAM_CTX1 CAAM_BASE + 0x8100 +#define CAAM_CTRIV CAAM_CTX1 + 8 /* AES-CTR iv is in 2 and 3 */ +#define CAAM_CBCIV CAAM_CTX1 /* AES-CBC iv is in 1 and 2 */ + + +/* instantiate RNG and create JDKEK, TDKEK, and TDSK key */ +static unsigned int wc_rng_start[] = { + CAAM_HEAD | 0x00000006, + CAAM_OP | CAAM_CLASS1 | CAAM_RNG | 0x00000004, /* Instantiate RNG handle 0 with TRNG */ + CAAM_JUMP | 0x02000001, /* wait for Class1 RNG and jump to next cmd */ + CAAM_LOAD | 0x00880004, /* Load to clear written register */ + 0x00000001, /* reset done interupt */ + CAAM_OP | CAAM_CLASS1 | CAAM_RNG | 0x00001000 /* Generate secure keys */ +}; + +#endif /* CAAM_DRIVER_H */ diff --git a/source/libwolfssl/wolfcrypt/port/caam/wolfcaam.h b/source/libwolfssl/wolfcrypt/port/caam/wolfcaam.h new file mode 100644 index 00000000..3e2ffdd0 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/caam/wolfcaam.h @@ -0,0 +1,63 @@ +/* wolfcaam.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLF_CRYPT_CAAM_INIT_H +#define WOLF_CRYPT_CAAM_INIT_H + +#include + +#if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) + +#include + +#if defined(__INTEGRITY) || defined(INTEGRITY) + #include +#endif + +WOLFSSL_LOCAL int wc_caamInit(void); +WOLFSSL_LOCAL int wc_caamFree(void); +WOLFSSL_LOCAL int wc_caamInitRng(void); +WOLFSSL_LOCAL int wc_caamFreeRng(void); + +WOLFSSL_LOCAL word32 wc_caamReadRegister(word32 reg); +WOLFSSL_LOCAL void wc_caamWriteRegister(word32 reg, word32 value); +WOLFSSL_LOCAL int wc_caamAddAndWait(Buffer* buf, word32 arg[4], word32 type); + +WOLFSSL_API int wc_caamSetResource(IODevice ioDev); + +WOLFSSL_API int wc_caamOpenBlob(byte* data, word32 dataSz, byte* out, + word32* outSz); +WOLFSSL_API int wc_caamCreateBlob(byte* data, word32 dataSz, byte* out, + word32* outSz); + +/* additional size that is added by CAAM when creating a blob */ +#define WC_CAAM_BLOB_SZ 48 + +#ifndef WC_CAAM_READ + #define WC_CAAM_READ(reg) wc_caamReadRegister((reg)) +#endif +#ifndef WC_CAAM_WRITE + #define WC_CAAM_WRITE(reg, x) wc_caamWriteRegister((reg), (x)) +#endif + +#endif /* WOLFSSL_IMX6_CAAM */ + +#endif /* WOLF_CRYPT_CAAM_INIT_H */ diff --git a/source/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/source/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h new file mode 100644 index 00000000..2a611f0d --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/caam/wolfcaam_sha.h @@ -0,0 +1,88 @@ +/* wolfcaam_sha.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLF_CRYPT_CAAM_SHA_H +#define WOLF_CRYPT_CAAM_SHA_H + +#include + +#ifdef WOLFSSL_IMX6_CAAM + +#include + +#define WOLFSSL_NO_HASH_RAW + +#ifndef WC_CAAM_CTXLEN +/* last 8 bytes of context is for length */ +#define WC_CAAM_CTXLEN 8 +#endif + +#ifndef WC_CAAM_HASH_BLOCK +/* define sha structures and also get the max possible digest. Start with SHA + digest size */ +#define WC_CAAM_HASH_BLOCK 64 +#endif + +#ifndef WC_CAAM_MAX_DIGEST +#define WC_CAAM_MAX_DIGEST 20 +#ifdef WOLFSSL_SHA224 + #undef WC_CAAM_MAX_DIGEST + #define WC_CAAM_MAX_DIGEST 32 +#endif + +#ifndef NO_SHA256 + #undef WC_CAAM_MAX_DIGEST + #define WC_CAAM_MAX_DIGEST 32 +#endif + +#ifdef WOLFSSL_SHA384 + #undef WC_CAAM_MAX_DIGEST + #define WC_CAAM_MAX_DIGEST 64 +#endif + +#ifdef WOLFSSL_SHA512 + #undef WC_CAAM_MAX_DIGEST + #define WC_CAAM_MAX_DIGEST 64 +#endif +#endif /* WC_CAAM_MAX_DIGEST */ + + +typedef struct wc_Sha { + word32 ctx[(WC_CAAM_MAX_DIGEST + WC_CAAM_CTXLEN) / sizeof(word32)]; + word32 buffLen; /* in bytes */ + word32 buffer[WC_CAAM_HASH_BLOCK / sizeof(word32)]; +} wc_Sha; + +#ifndef NO_MD5 + typedef struct wc_Sha wc_Md5; +#endif + +#ifndef NO_SHA256 + typedef struct wc_Sha wc_Sha256; +#endif + +#ifdef WOLFSSL_SHA512 + typedef struct wc_Sha wc_Sha512; +#endif + +#endif /* WOLFSSL_IMX6_CAAM */ + +#endif /* WOLF_CRYPT_CAAM_SHA_H */ diff --git a/source/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h b/source/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h new file mode 100644 index 00000000..c6369c04 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h @@ -0,0 +1,53 @@ +/* wc_devcrypto.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_DEVCRYPTO_H +#define WOLFSSL_DEVCRYPTO_H + +#include + +#ifdef WOLFSSL_DEVCRYPTO + +#include +#include +#include +#include + +typedef struct WC_CRYPTODEV { + int cfd; + struct session_op sess; +} WC_CRYPTODEV; + +WOLFSSL_LOCAL int wc_DevCryptoCreate(WC_CRYPTODEV* ctx, int type, byte* key, word32 keySz); +WOLFSSL_LOCAL void wc_DevCryptoFree(WC_CRYPTODEV* ctx); +WOLFSSL_LOCAL void wc_SetupCrypt(struct crypt_op* crt, WC_CRYPTODEV* dev, + byte* src, int srcSz, byte* dst, byte* dig, int flag); +WOLFSSL_LOCAL void wc_SetupCryptSym(struct crypt_op* crt, WC_CRYPTODEV* dev, + byte* src, word32 srcSz, byte* dst, byte* iv, int flag); +WOLFSSL_LOCAL void wc_SetupCryptAead(struct crypt_auth_op* crt, WC_CRYPTODEV* dev, + byte* src, word32 srcSz, byte* dst, byte* iv, word32 ivSz, int flag, + byte* authIn, word32 authInSz, byte* authTag, word32 authTagSz); + +#endif /* WOLFSSL_DEVCRYPTO */ +#endif /* WOLFSSL_DEVCRYPTO_H */ + + diff --git a/source/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h b/source/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h new file mode 100644 index 00000000..974d2b50 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/intel/quickassist_sync.h @@ -0,0 +1,229 @@ +/* quickassist_sync.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef _INTEL_QUICKASSIST_SYNC_H_ +#define _INTEL_QUICKASSIST_SYNC_H_ + +#ifdef HAVE_INTEL_QA_SYNC + +#include "cpa.h" +#include "cpa_cy_im.h" +#include "cpa_cy_sym.h" +#include "cpa_cy_rsa.h" +#include "cpa_cy_ln.h" +#include "cpa_cy_ecdh.h" +#include "cpa_cy_ecdsa.h" +#include "cpa_cy_dh.h" +#include "cpa_cy_drbg.h" +#include "cpa_cy_nrbg.h" +#include "cpa_cy_prime.h" + +/* User space utils */ +#include +#include +#include +#include + + +#if 0 + /* Optional feature for partial QAT hashing support */ + /* This will process updates through hardware instead of caching them */ + #define QAT_HASH_ENABLE_PARTIAL +#endif +#ifdef QAT_HASH_ENABLE_PARTIAL + #define MAX_QAT_HASH_BUFFERS 2 +#endif + +/* Detect QAT driver version */ +#if defined(CPA_CY_API_VERSION_NUM_MAJOR) && CPA_CY_API_VERSION_NUM_MAJOR > 1 + #define QAT_V2 +#endif + +#ifdef QAT_V2 + /* quickassist/utilities/libusdm_drv/qae_mem.h */ + /* Provides user-space API's for accessing NUMA allocated memory through usdm_drv */ + #include "qae_mem.h" +#include "linux/include/qae_mem_utils.h" +#endif + +#ifdef QAT_USE_POLLING_THREAD + #include +#endif +#ifdef QA_DEMO_MAIN + #include +#endif + + +/* Tunable parameters */ +#ifndef QAT_PROCESS_NAME + #define QAT_PROCESS_NAME "SSL" +#endif +#ifndef QAT_LIMIT_DEV_ACCESS + #define QAT_LIMIT_DEV_ACCESS CPA_FALSE +#endif +#ifndef QAT_MAX_DEVICES + #define QAT_MAX_DEVICES (1) /* maximum number of QAT cards */ +#endif + +#ifndef QAT_RETRY_LIMIT + #define QAT_RETRY_LIMIT (100) +#endif +#ifndef QAT_POLL_RESP_QUOTA + #define QAT_POLL_RESP_QUOTA (0) /* all pending */ +#endif + +#if !defined(NO_AES) || !defined(NO_DES3) + #define QAT_ENABLE_CRYPTO +#endif + + +/* Pre-declarations */ +struct IntelQaDev; +struct wc_CryptoInfo; +struct WC_BIGINT; +struct WC_RNG; + + +#if defined(QAT_ENABLE_HASH) || defined(QAT_ENABLE_CRYPTO) +/* symmetric context */ +typedef struct IntelQaSymCtx { + CpaCySymOpData opData; + CpaCySymSessionCtx symCtxSrc; + CpaCySymSessionCtx symCtx; + word32 symCtxSize; + + /* flags */ + word32 isOpen:1; + word32 isCopy:1; +} IntelQaSymCtx; +#endif + +typedef void (*IntelQaFreeFunc)(struct IntelQaDev*); + + +/* QuickAssist device */ +typedef struct IntelQaDev { + CpaInstanceHandle handle; + int devId; + void* heap; + + /* callback return info */ + int ret; + byte* out; + union { + word32* outLenPtr; + word32 outLen; + }; + + /* operations */ + IntelQaFreeFunc freeFunc; + union { + #ifdef QAT_ENABLE_CRYPTO + struct { + IntelQaSymCtx ctx; + CpaBufferList bufferList; + CpaFlatBuffer flatBuffer; + byte* authTag; + word32 authTagSz; + } cipher; + #endif + } op; + +#ifdef QAT_USE_POLLING_THREAD + pthread_t pollingThread; + byte pollingCy; +#endif +} IntelQaDev; + + +/* Interface */ +WOLFSSL_LOCAL int IntelQaHardwareStart(const char*, int); +WOLFSSL_LOCAL void IntelQaHardwareStop(void); +WOLFSSL_LOCAL int IntelQaInit(void*); +WOLFSSL_LOCAL void IntelQaDeInit(int); +WOLFSSL_LOCAL int IntelQaNumInstances(void); +WOLFSSL_LOCAL int IntelQaOpen(IntelQaDev*, int); +WOLFSSL_LOCAL void IntelQaClose(IntelQaDev*); +WOLFSSL_LOCAL int IntelQaDevCopy(IntelQaDev*, IntelQaDev*); +WOLFSSL_LOCAL int IntelQaPoll(IntelQaDev*); +WOLFSSL_LOCAL int IntelQaGetCyInstanceCount(void); + +#ifndef NO_AES + #ifdef HAVE_AES_CBC + WOLFSSL_LOCAL int IntelQaSymAesCbcEncrypt(IntelQaDev*, byte*, + const byte*, word32, const byte*, word32, const byte*, word32); + #ifdef HAVE_AES_DECRYPT + WOLFSSL_LOCAL int IntelQaSymAesCbcDecrypt(IntelQaDev*, byte*, + const byte*, word32, const byte*, word32, const byte*, word32); + #endif /* HAVE_AES_DECRYPT */ + #endif /* HAVE_AES_CBC */ + + #ifdef HAVE_AESGCM + WOLFSSL_LOCAL int IntelQaSymAesGcmEncrypt(IntelQaDev*, byte*, + const byte*, word32, const byte*, word32, const byte*, word32, + byte*, word32, const byte*, word32); + #ifdef HAVE_AES_DECRYPT + WOLFSSL_LOCAL int IntelQaSymAesGcmDecrypt(IntelQaDev*, byte*, + const byte*, word32, const byte*, word32, const byte*, word32, + const byte*, word32, const byte*, word32); + #endif /* HAVE_AES_DECRYPT */ + #endif /* HAVE_AESGCM */ +#endif /* !NO_AES */ + +#ifndef NO_DES3 + WOLFSSL_LOCAL int IntelQaSymDes3CbcEncrypt(IntelQaDev*, byte*, + const byte*, word32, const byte*, word32, const byte* iv, word32); + WOLFSSL_LOCAL int IntelQaSymDes3CbcDecrypt(IntelQaDev* dev, byte*, + const byte*, word32, const byte*, word32, const byte* iv, word32); +#endif /*! NO_DES3 */ + +#ifdef WOLF_CRYPTO_CB + WOLFSSL_LOCAL int IntelQaSymSync_CryptoDevCb(int, struct wc_CryptoInfo*, + void*); +#endif /* WOLF_CRYPTO_CB */ + + +#ifdef WOLFSSL_TRACK_MEMORY + WOLFSSL_API int InitMemoryTracker(void); + WOLFSSL_API void ShowMemoryTracker(void); +#endif + + +WOLFSSL_API void* IntelQaMalloc(size_t size, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +); + +WOLFSSL_API void IntelQaFree(void *ptr, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +); + +WOLFSSL_API void* IntelQaRealloc(void *ptr, size_t size, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +); +#endif /* HAVE_INTEL_QA_SYNC */ + +#endif /* _INTEL_QUICKASSIST_SYNC_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/nrf51.h b/source/libwolfssl/wolfcrypt/port/nrf51.h new file mode 100644 index 00000000..705d9c34 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/nrf51.h @@ -0,0 +1,44 @@ +/* nrf51.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_NRF51_PORT_H +#define WOLFSSL_NRF51_PORT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Public Functions */ +int nrf51_random_generate(byte* output, word32 sz); + +int nrf51_aes_set_key(const byte* key); +int nrf51_aes_encrypt(const byte* in, const byte* key, word32 rounds, byte* out); + +double current_time(int reset); + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_NRF51_PORT_H */ diff --git a/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h b/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h new file mode 100644 index 00000000..1bf7e2bc --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -0,0 +1,87 @@ +/* ksdk_port.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _KSDK_PORT_H_ +#define _KSDK_PORT_H_ + +#include +#ifdef USE_FAST_MATH + #include +#else + #include +#endif +#include +#include +#include + + +/* API to init required hardware */ +int ksdk_port_init(void); + +/* software algorithm, by wolfcrypt */ +#if defined(FREESCALE_LTC_TFM) + int wolfcrypt_mp_mul(mp_int *A, mp_int *B, mp_int *C); + int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c); + int wolfcrypt_mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d); + int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c); + int wolfcrypt_mp_invmod(mp_int *a, mp_int *b, mp_int *c); + int wolfcrypt_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y); +#endif /* FREESCALE_LTC_TFM */ + +#if defined(FREESCALE_LTC_ECC) + #include "fsl_ltc.h" + + typedef enum _fsl_ltc_ecc_coordinate_system + { + kLTC_Weierstrass = 0U, /*< Point coordinates on an elliptic curve in Weierstrass form */ + kLTC_Curve25519 = 1U, /*< Point coordinates on an Curve25519 elliptic curve in Montgomery form */ + kLTC_Ed25519 = 2U, /*< Point coordinates on an Ed25519 elliptic curve in twisted Edwards form */ + } fsl_ltc_ecc_coordinate_system_t; + + int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m); + + #ifdef HAVE_CURVE25519 + int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); + const ECPoint *wc_curve25519_GetBasePoint(void); + status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint); + #endif + + #ifdef HAVE_ED25519 + status_t LTC_PKHA_Ed25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_WeierstrassToEd25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_Ed25519_PointMul(const ltc_pkha_ecc_point_t *ltcPointIn, + const uint8_t *N, + size_t sizeN, + ltc_pkha_ecc_point_t *ltcPointOut, + fsl_ltc_ecc_coordinate_system_t typeOut); + const ltc_pkha_ecc_point_t *LTC_PKHA_Ed25519_BasePoint(void); + status_t LTC_PKHA_Ed25519_PointDecompress(const uint8_t *pubkey, size_t pubKeySize, ltc_pkha_ecc_point_t *ltcPointOut); + status_t LTC_PKHA_sc_reduce(uint8_t *a); + status_t LTC_PKHA_sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c); + status_t LTC_PKHA_SignatureForVerify(uint8_t *rcheck, const unsigned char *a, const unsigned char *b, ed25519_key *key); + status_t LTC_PKHA_Ed25519_Compress(const ltc_pkha_ecc_point_t *ltcPointIn, uint8_t *p); + #endif + +#endif /* FREESCALE_LTC_ECC */ + +#endif /* _KSDK_PORT_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/source/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h new file mode 100644 index 00000000..c1ba8423 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -0,0 +1,224 @@ +/* pic32mz-crypt.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef PIC32MZ_CRYPT_H +#define PIC32MZ_CRYPT_H + +#ifdef __cplusplus + extern "C" { +#endif + +#include + +#ifdef WOLFSSL_MICROCHIP_PIC32MZ + +#ifndef MICROCHIP_PIC32 + #define MICROCHIP_PIC32 +#endif + +/* If algos aren't enabled then turn off */ +#ifdef WOLFSSL_PIC32MZ_HASH + #if defined(NO_MD5) && defined(NO_SHA) && defined(NO_SHA256) + #undef WOLFSSL_PIC32MZ_HASH + #endif +#endif + +#ifdef WOLFSSL_PIC32MZ_CRYPT + #if defined(NO_AES) && defined(NO_DES3) + #undef WOLFSSL_PIC32MZ_CRYPT + #endif +#endif + +/* Enables support for large hashing */ +/* requires exclusive access to crypto hardware done at application layer */ +#define WOLFSSL_PIC32MZ_LARGE_HASH + +#include +#include +#include + + +/* PIC32 Crypto Structures */ +typedef struct saCtrl { + unsigned int CRYPTOALGO : 4; + unsigned int MULTITASK : 3; + unsigned int KEYSIZE : 2; + unsigned int ENCTYPE : 1; + unsigned int ALGO : 7; + unsigned int : 3; + unsigned int FLAGS : 1; + unsigned int FB : 1; + unsigned int LOADIV : 1; + unsigned int LNC : 1; + unsigned int IRFLAG : 1; + unsigned int ICVONLY : 1; + unsigned int OR_EN : 1; + unsigned int NO_RX : 1; + unsigned int : 1; + unsigned int VERIFY : 1; + unsigned int : 2; +} saCtrl; + +typedef struct securityAssociation { + saCtrl SA_CTRL; + unsigned int SA_AUTHKEY[8]; + unsigned int SA_ENCKEY[8]; + unsigned int SA_AUTHIV[8]; + unsigned int SA_ENCIV[4]; +} securityAssociation; + +typedef struct bdCtrl { + unsigned int BUFLEN : 16; + unsigned int CBD_INT_EN : 1; + unsigned int PKT_INT_EN : 1; + unsigned int LIFM : 1; + unsigned int LAST_BD : 1; + unsigned int CRDMA_EN : 1; + unsigned int UPD_RES : 1; + unsigned int SA_FETCH_EN : 1; + unsigned int SEC_CODE : 8; + volatile unsigned int DESC_EN : 1; +} bdCtrl; + +typedef struct bufferDescriptor { + bdCtrl BD_CTRL; + unsigned int SA_ADDR; + unsigned int SRCADDR; + unsigned int DSTADDR; + unsigned int NXTPTR; + unsigned int UPDPTR; + unsigned int MSGLEN; + unsigned int ENCOFF; +} bufferDescriptor; + + +/* Cache Updates Struct */ +typedef struct hashUpdCache { + unsigned char* buf; + unsigned int bufLen; + unsigned int updLen; + int isCopy; +#ifdef WOLFSSL_PIC32MZ_LARGE_HASH + unsigned int finalLen; +#endif +} hashUpdCache; + + +/* Direction */ +#define PIC32_ENCRYPTION 0b1 +#define PIC32_DECRYPTION 0b0 + +/* Algorithm */ +#define PIC32_ALGO_HMAC1 0b01000000 +#define PIC32_ALGO_SHA256 0b00100000 +#define PIC32_ALGO_SHA1 0b00010000 +#define PIC32_ALGO_MD5 0b00001000 + +#define PIC32_ALGO_AES 0b00000100 +#define PIC32_ALGO_TDES 0b00000010 +#define PIC32_ALGO_DES 0b00000001 + +/* Crypto Algo */ +/* AES */ +#define PIC32_CRYPTOALGO_AES_GCM 0b1110 +#define PIC32_CRYPTOALGO_RCTR 0b1101 +#define PIC32_CRYPTOALGO_RCBC_MAC 0b1100 +#define PIC32_CRYPTOALGO_ROFB 0b1011 +#define PIC32_CRYPTOALGO_RCFB 0b1010 +#define PIC32_CRYPTOALGO_RCBC 0b1001 +#define PIC32_CRYPTOALGO_RECB 0b1000 +/* Triple-DES */ +#define PIC32_CRYPTOALGO_TOFB 0b0111 +#define PIC32_CRYPTOALGO_TCFB 0b0110 +#define PIC32_CRYPTOALGO_TCBC 0b0101 +#define PIC32_CRYPTOALGO_TECB 0b0100 +/* DES */ +#define PIC32_CRYPTOALGO_OFB 0b0011 +#define PIC32_CRYPTOALGO_CFB 0b0010 +#define PIC32_CRYPTOALGO_CBC 0b0001 +#define PIC32_CRYPTOALGO_ECB 0b0000 + +/* Key Size */ +#define PIC32_KEYSIZE_256 0b10 +#define PIC32_KEYSIZE_192 0b01 +#define PIC32_KEYSIZE_128 0b00 + +/* PIC32 Minimum Buffer/Block Sizes */ +#define PIC32_BLOCKSIZE_HASH 64 +#define PIC32_BLOCKSIZE_HMAC PIC32_BLOCKSIZE_HASH +#define PIC32_BLOCKSIZE_MD5 PIC32_BLOCKSIZE_HASH +#define PIC32_BLOCKSIZE_SHA1 PIC32_BLOCKSIZE_HASH +#define PIC32_BLOCKSIZE_SHA256 PIC32_BLOCKSIZE_HASH +#define PIC32_BLOCKSIZE_AES 16 +#define PIC32_BLOCKSIZE_TDES 24 +#define PIC32_BLOCKSIZE_DES 8 + +#define PIC32_DIGEST_SIZE 32 + + +/* Helper Macros */ +#define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x1D000000) + +/* If EF part then Crypto engine supports swapping output bytes */ +#define PIC32_NO_OUT_SWAP ((__PIC32_FEATURE_SET0 == 'E') && \ + (__PIC32_FEATURE_SET1 == 'C')) + + +#ifndef NO_AES +int wc_Pic32AesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen, + byte* out, const byte* in, word32 sz, + int dir, int algo, int cryptoalgo); +#endif +#ifndef NO_DES3 +int wc_Pic32DesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen, + byte* out, const byte* in, word32 sz, + int dir, int algo, int cryptoalgo); +#endif + +#ifdef WOLFSSL_PIC32MZ_HASH +#define WOLFSSL_NO_HASH_RAW + +int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo); +int wc_Pic32HashCopy(hashUpdCache* src, hashUpdCache* dst); + +#ifndef NO_MD5 +struct wc_Md5; +void wc_Md5Pic32Free(struct wc_Md5* md5); +#endif +#ifndef NO_SHA +struct wc_Sha; +void wc_ShaPic32Free(struct wc_Sha* sha); +#endif + +#ifndef NO_SHA256 +struct wc_Sha256; +void wc_Sha256Pic32Free(struct wc_Sha256* sha256); +#endif +#endif /* WOLFSSL_PIC32MZ_HASH */ + +#endif /* WOLFSSL_MICROCHIP_PIC32MZ */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* PIC32MZ_CRYPT_H */ diff --git a/source/libwolfssl/wolfcrypt/port/st/stm32.h b/source/libwolfssl/wolfcrypt/port/st/stm32.h new file mode 100644 index 00000000..56ec0267 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/st/stm32.h @@ -0,0 +1,131 @@ +/* stm32.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLFPORT_STM32_H_ +#define _WOLFPORT_STM32_H_ + +/* Generic STM32 Hashing and Crypto Functions */ +/* Supports CubeMX HAL or Standard Peripheral Library */ + +#include + + +#ifdef STM32_HASH + +#define WOLFSSL_NO_HASH_RAW + +#ifdef HASH_DIGEST + /* The HASH_DIGEST register indicates SHA224/SHA256 support */ + #define STM32_HASH_SHA2 + #define HASH_CR_SIZE 54 + #define HASH_MAX_DIGEST 32 +#else + #define HASH_CR_SIZE 50 + #define HASH_MAX_DIGEST 20 +#endif + +/* Handle hash differences between CubeMX and StdPeriLib */ +#if !defined(HASH_ALGOMODE_HASH) && defined(HASH_AlgoMode_HASH) + #define HASH_ALGOMODE_HASH HASH_AlgoMode_HASH +#endif +#if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b) + #define HASH_DATATYPE_8B HASH_DataType_8b +#endif + +#ifndef STM32_HASH_TIMEOUT + #define STM32_HASH_TIMEOUT 0xFFFF +#endif + + +/* STM32 register size in bytes */ +#define STM32_HASH_REG_SIZE 4 + +/* STM32 Hash Context */ +typedef struct { + /* Context switching registers */ + uint32_t HASH_IMR; + uint32_t HASH_STR; + uint32_t HASH_CR; + uint32_t HASH_CSR[HASH_CR_SIZE]; + + /* Hash state / buffers */ + word32 buffer[STM32_HASH_REG_SIZE / sizeof(word32)]; /* partial word buffer */ + word32 buffLen; /* partial word remain */ + word32 loLen; /* total update bytes + (only lsb 6-bits is used for nbr valid bytes in last word) */ +} STM32_HASH_Context; + + +/* API's */ +void wc_Stm32_Hash_Init(STM32_HASH_Context* stmCtx); +int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo, + const byte* data, int len); +int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, + byte* hash, int digestSize); + +#endif /* STM32_HASH */ + + +#ifdef STM32_CRYPTO + +#ifndef NO_AES + #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4)) + /* Hardware supports AES GCM acceleration */ + #define STM32_CRYPTO_AES_GCM + #endif + + #ifdef WOLFSSL_STM32L4 + #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #define CRYP AES + #endif + + /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ + #if !defined(STM32_HAL_V2) && \ + defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM) + #define STM32_HAL_V2 + #endif + + /* Thee datatype for STM32 CubeMX HAL Crypt calls */ + #ifdef STM32_HAL_V2 + #define STM_CRYPT_TYPE uint32_t + #else + #define STM_CRYPT_TYPE uint8_t + #endif + + /* CRYPT_AES_GCM starts the IV with 2 */ + #define STM32_GCM_IV_START 2 + + #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + struct Aes; + #ifdef WOLFSSL_STM32_CUBEMX + int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp); + #else /* STD_PERI_LIB */ + int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit, + CRYP_KeyInitTypeDef* keyInit); + #endif /* WOLFSSL_STM32_CUBEMX */ + #endif /* WOLFSSL_AES_DIRECT || HAVE_AESGCM || HAVE_AESCCM */ +#endif /* !NO_AES */ + +#endif /* STM32_CRYPTO */ + + +#endif /* _WOLFPORT_STM32_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/st/stsafe.h b/source/libwolfssl/wolfcrypt/port/st/stsafe.h new file mode 100644 index 00000000..32c4effa --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/st/stsafe.h @@ -0,0 +1,94 @@ +/* stsafe.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLFPORT_STSAFE_H_ +#define _WOLFPORT_STSAFE_H_ + +#include +#include +#include +#include + +#ifdef WOLFSSL_STSAFEA100 + +/* The wolf STSAFE interface layer */ +/* Please contact wolfSSL for the STSAFE port files */ +#include "stsafe_interface.h" + +#ifndef STSAFE_MAX_KEY_LEN + #define STSAFE_MAX_KEY_LEN ((uint32_t)48) /* for up to 384-bit keys */ +#endif +#ifndef STSAFE_MAX_PUBKEY_RAW_LEN + #define STSAFE_MAX_PUBKEY_RAW_LEN ((uint32_t)STSAFE_MAX_KEY_LEN * 2) /* x/y */ +#endif +#ifndef STSAFE_MAX_SIG_LEN + #define STSAFE_MAX_SIG_LEN ((uint32_t)STSAFE_MAX_KEY_LEN * 2) /* r/s */ +#endif + +WOLFSSL_API int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate, + word32* pRawCertificateLen); + +#ifdef HAVE_PK_CALLBACKS +WOLFSSL_API int SSL_STSAFE_CreateKeyCb(WOLFSSL* ssl, ecc_key* key, word32 keySz, + int ecc_curve, void* ctx); +WOLFSSL_API int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl, + const unsigned char* sig, unsigned int sigSz, + const unsigned char* hash, unsigned int hashSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx); +WOLFSSL_API int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, + const byte* in, word32 inSz, + byte* out, word32* outSz, + const byte* key, word32 keySz, void* ctx); +WOLFSSL_API int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, + ecc_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx); + +/* Helper API's for setting up callbacks */ +WOLFSSL_API int SSL_STSAFE_SetupPkCallbacks(WOLFSSL_CTX* ctx); +WOLFSSL_API int SSL_STSAFE_SetupPkCallbackCtx(WOLFSSL* ssl, void* user_ctx); +#endif /* HAVE_PK_CALLBACKS */ + + +#ifdef WOLF_CRYPTO_CB + +#include + +/* Device ID that's unique and valid (not INVALID_DEVID -2) */ +#define WOLF_STSAFE_DEVID 0x53545341; /* STSA */ + +typedef struct wolfSTSAFE_CryptoCb_Ctx { +#ifdef HAVE_ECC + ecc_key wolfEccKey; +#endif + int devId; +} wolfSTSAFE_CryptoCb_Ctx; + +WOLFSSL_API int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, + void* ctx); + +#endif /* WOLF_CRYPTO_CB */ + +#endif /* WOLFSSL_STSAFEA100 */ + +#endif /* _WOLFPORT_STSAFE_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h b/source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h new file mode 100644 index 00000000..83802e6d --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/ti/ti-ccm.h @@ -0,0 +1,47 @@ +/* port/ti/ti_ccm.c + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_TI_CCM_H +#define WOLF_CRYPT_TI_CCM_H + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH) + +int wolfSSL_TI_CCMInit(void) ; + +#ifndef SINGLE_THREADED +void wolfSSL_TI_lockCCM(void) ; +void wolfSSL_TI_unlockCCM(void) ; +#else +#define wolfSSL_TI_lockCCM() +#define wolfSSL_TI_unlockCCM() +#endif + +#endif + +#endif + diff --git a/source/libwolfssl/wolfcrypt/port/ti/ti-hash.h b/source/libwolfssl/wolfcrypt/port/ti/ti-hash.h new file mode 100644 index 00000000..4730f719 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/ti/ti-hash.h @@ -0,0 +1,63 @@ +/* port/ti/ti-hash.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_TI_HASH_H +#define WOLF_CRYPT_TI_HASH_H + +#include + +#ifndef WOLFSSL_TI_INITBUFF + #define WOLFSSL_TI_INITBUFF 64 +#endif + +#ifndef WOLFSSL_MAX_HASH_SIZE + #define WOLFSSL_MAX_HASH_SIZE 64 +#endif + +#define WOLFSSL_NO_HASH_RAW + +typedef struct { + byte *msg; + word32 used; + word32 len; + byte hash[WOLFSSL_MAX_HASH_SIZE]; +} wolfssl_TI_Hash; + + +#ifndef TI_HASH_TEST + +#if !defined(NO_MD5) + typedef wolfssl_TI_Hash wc_Md5; +#endif +#if !defined(NO_SHA) + typedef wolfssl_TI_Hash wc_Sha; +#endif +#if !defined(NO_SHA256) + typedef wolfssl_TI_Hash wc_Sha256; +#endif +#if defined(WOLFSSL_SHA224) + typedef wolfssl_TI_Hash wc_Sha224; +#endif + +#endif /* !TI_HASH_TEST */ + +#endif /* WOLF_CRYPT_TI_HASH_H */ diff --git a/source/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h b/source/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h new file mode 100644 index 00000000..0de69bb3 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/xilinx/xil-sha3.h @@ -0,0 +1,45 @@ +/* xil-sha3.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_XIL_CRYPT_SHA3_H +#define WOLF_XIL_CRYPT_SHA3_H + +#ifdef WOLFSSL_SHA3 +#include "xsecure_sha.h" + +#ifdef __cplusplus + extern "C" { +#endif + +/* Sha3 digest */ +typedef struct Sha3 { + XSecure_Sha3 hw; + XCsuDma dma; +} wc_Sha3; + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_SHA3 */ +#endif /* WOLF_XIL_CRYPT_SHA3_H */ + diff --git a/source/libwolfssl/wolfcrypt/pwdbased.h b/source/libwolfssl/wolfcrypt/pwdbased.h new file mode 100644 index 00000000..e1d18b31 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/pwdbased.h @@ -0,0 +1,71 @@ +/* pwdbased.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/pwdbased.h +*/ + +#ifndef WOLF_CRYPT_PWDBASED_H +#define WOLF_CRYPT_PWDBASED_H + +#include + +#ifndef NO_PWDBASED + + +#ifdef __cplusplus + extern "C" { +#endif + +/* + * hashType renamed to typeH to avoid shadowing global declaration here: + * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types + */ +WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, + const byte* passwd, int passwdLen, + const byte* salt, int saltLen, int iterations, + int hashType, void* heap); +WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen, + const byte* salt, int sLen, int iterations, int kLen, + int typeH); +WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen, + const byte* salt, int sLen, int iterations, int kLen, + int typeH); +WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen, + const byte* salt, int sLen, int iterations, + int kLen, int typeH, int purpose); +WOLFSSL_API int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen, + const byte* salt, int saltLen, int iterations, int kLen, + int hashType, int id, void* heap); + +#ifdef HAVE_SCRYPT +WOLFSSL_API int wc_scrypt(byte* output, const byte* passwd, int passLen, + const byte* salt, int saltLen, int cost, + int blockSize, int parallel, int dkLen); +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_PWDBASED */ +#endif /* WOLF_CRYPT_PWDBASED_H */ diff --git a/source/libwolfssl/wolfcrypt/rabbit.h b/source/libwolfssl/wolfcrypt/rabbit.h new file mode 100644 index 00000000..15badf90 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/rabbit.h @@ -0,0 +1,73 @@ +/* rabbit.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/rabbit.h +*/ + + +#ifndef WOLF_CRYPT_RABBIT_H +#define WOLF_CRYPT_RABBIT_H + +#include + +#ifndef NO_RABBIT + +#ifdef __cplusplus + extern "C" { +#endif + + +enum { + RABBIT_ENC_TYPE = 5 /* cipher unique type */ +}; + + +/* Rabbit Context */ +typedef struct RabbitCtx { + word32 x[8]; + word32 c[8]; + word32 carry; +} RabbitCtx; + + +/* Rabbit stream cipher */ +typedef struct Rabbit { + RabbitCtx masterCtx; + RabbitCtx workCtx; +#ifdef XSTREAM_ALIGN + void* heap; /* heap hint, currently XMALLOC only used with aligning */ +#endif +} Rabbit; + + +WOLFSSL_API int wc_RabbitProcess(Rabbit*, byte*, const byte*, word32); +WOLFSSL_API int wc_RabbitSetKey(Rabbit*, const byte* key, const byte* iv); + +WOLFSSL_LOCAL int wc_Rabbit_SetHeap(Rabbit* ctx, void* heap); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_RABBIT */ +#endif /* WOLF_CRYPT_RABBIT_H */ + diff --git a/source/libwolfssl/wolfcrypt/random.h b/source/libwolfssl/wolfcrypt/random.h new file mode 100644 index 00000000..a100f7a0 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/random.h @@ -0,0 +1,245 @@ +/* random.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/random.h +*/ + + + +#ifndef WOLF_CRYPT_RANDOM_H +#define WOLF_CRYPT_RANDOM_H + +#include + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +/* included for fips @wc_fips */ +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) +#include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + /* Maximum generate block length */ +#ifndef RNG_MAX_BLOCK_LEN + #ifdef HAVE_INTEL_QA + #define RNG_MAX_BLOCK_LEN (0xFFFFl) + #else + #define RNG_MAX_BLOCK_LEN (0x10000l) + #endif +#endif + +/* Size of the BRBG seed */ +#ifndef DRBG_SEED_LEN + #define DRBG_SEED_LEN (440/8) +#endif + + +#if !defined(CUSTOM_RAND_TYPE) + /* To maintain compatibility the default is byte */ + #define CUSTOM_RAND_TYPE byte +#endif + +/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined + or CUSTOM_RAND_GENERATE_BLOCK is defined */ +#if !defined(WC_NO_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) + #undef HAVE_HASHDRBG + #define HAVE_HASHDRBG + #ifndef WC_RESEED_INTERVAL + #define WC_RESEED_INTERVAL (1000000) + #endif +#endif + + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +/* RNG supports the following sources (in order): + * 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and + * bypasses the options below. + * 2. HAVE_INTEL_RDRAND: Uses the Intel RDRAND if supported by CPU. + * 3. HAVE_HASHDRBG (requires SHA256 enabled): Uses SHA256 based P-RNG + * seeded via wc_GenerateSeed. This is the default source. + */ + + /* Seed source can be overridden by defining one of these: + CUSTOM_RAND_GENERATE_SEED + CUSTOM_RAND_GENERATE_SEED_OS + CUSTOM_RAND_GENERATE */ + + +#if defined(CUSTOM_RAND_GENERATE_BLOCK) + /* To use define the following: + * #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc + * extern int myRngFunc(byte* output, word32 sz); + */ +#elif defined(HAVE_HASHDRBG) + #ifdef NO_SHA256 + #error "Hash DRBG requires SHA-256." + #endif /* NO_SHA256 */ + #include +#elif defined(HAVE_WNR) + /* allow whitewood as direct RNG source using wc_GenerateSeed directly */ +#elif defined(HAVE_INTEL_RDRAND) + /* Intel RDRAND or RDSEED */ +#elif !defined(WC_NO_RNG) + #error No RNG source defined! +#endif + +#ifdef HAVE_WNR + #include +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + + +#if defined(USE_WINDOWS_API) + #if defined(_WIN64) + typedef unsigned __int64 ProviderHandle; + /* type HCRYPTPROV, avoid #include */ + #else + typedef unsigned long ProviderHandle; + #endif +#endif + + +/* OS specific seeder */ +typedef struct OS_Seed { + #if defined(USE_WINDOWS_API) + ProviderHandle handle; + #else + int fd; + #endif + #if defined(WOLF_CRYPTO_CB) + int devId; + #endif +} OS_Seed; + + +#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ + typedef struct WC_RNG WC_RNG; + #define WC_RNG_TYPE_DEFINED +#endif + +/* RNG context */ +struct WC_RNG { + OS_Seed seed; + void* heap; +#ifdef HAVE_HASHDRBG + /* Hash-based Deterministic Random Bit Generator */ + struct DRBG* drbg; +#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) + #define DRBG_STRUCT_SZ ((sizeof(word32)*3) + (DRBG_SEED_LEN*2)) + #ifdef WOLFSSL_SMALL_STACK_CACHE + #define DRBG_STRUCT_SZ_SHA256 (sizeof(wc_Sha256)) + #else + #define DRBG_STRUCT_SZ_SHA256 0 + #endif + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + #define DRBG_STRUCT_SZ_ASYNC (sizeof(void*) + sizeof(int)) + #else + #define DRBG_STRUCT_SZ_ASYNC 0 + #endif + byte drbg_data[DRBG_STRUCT_SZ + DRBG_STRUCT_SZ_SHA256 + DRBG_STRUCT_SZ_ASYNC]; +#endif + byte status; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + int devId; +#endif +}; + +#endif /* NO FIPS or have FIPS v2*/ + +/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts, + * can't be used with CTaoCrypt FIPS */ +#if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS) + #define RNG WC_RNG +#endif + + +WOLFSSL_LOCAL +int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); + + +#ifdef HAVE_WNR + /* Whitewood netRandom client library */ + WOLFSSL_API int wc_InitNetRandom(const char*, wnr_hmac_key, int); + WOLFSSL_API int wc_FreeNetRandom(void); +#endif /* HAVE_WNR */ + +#ifndef WC_NO_RNG +WOLFSSL_API int wc_InitRng(WC_RNG*); +WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId); +WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz); +WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz, + void* heap, int devId); +WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); +WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); +WOLFSSL_API int wc_FreeRng(WC_RNG*); +#else +#include +#define wc_InitRng(rng) NOT_COMPILED_IN +#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN +#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN +#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN +#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN +#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN +#define wc_FreeRng(rng) (void)NOT_COMPILED_IN +#endif + + + +#ifdef HAVE_HASHDRBG + WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy, + word32 entropySz); + WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz); + WOLFSSL_API int wc_RNG_HealthTest(int reseed, + const byte* entropyA, word32 entropyASz, + const byte* entropyB, word32 entropyBSz, + byte* output, word32 outputSz); + WOLFSSL_API int wc_RNG_HealthTest_ex(int reseed, + const byte* nonce, word32 nonceSz, + const byte* entropyA, word32 entropyASz, + const byte* entropyB, word32 entropyBSz, + byte* output, word32 outputSz, + void* heap, int devId); +#endif /* HAVE_HASHDRBG */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_RANDOM_H */ + diff --git a/source/libwolfssl/wolfcrypt/ripemd.h b/source/libwolfssl/wolfcrypt/ripemd.h new file mode 100644 index 00000000..08cb5134 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/ripemd.h @@ -0,0 +1,67 @@ +/* ripemd.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/ripemd.h +*/ + +#ifndef WOLF_CRYPT_RIPEMD_H +#define WOLF_CRYPT_RIPEMD_H + +#include + +#ifdef WOLFSSL_RIPEMD + +#ifdef __cplusplus + extern "C" { +#endif + + +/* in bytes */ +enum { + RIPEMD = 3, /* hash type unique */ + RIPEMD_BLOCK_SIZE = 64, + RIPEMD_DIGEST_SIZE = 20, + RIPEMD_PAD_SIZE = 56 +}; + + +/* RipeMd 160 digest */ +typedef struct RipeMd { + word32 buffLen; /* in bytes */ + word32 loLen; /* length in bytes */ + word32 hiLen; /* length in bytes */ + word32 digest[RIPEMD_DIGEST_SIZE / sizeof(word32)]; + word32 buffer[RIPEMD_BLOCK_SIZE / sizeof(word32)]; +} RipeMd; + + +WOLFSSL_API int wc_InitRipeMd(RipeMd*); +WOLFSSL_API int wc_RipeMdUpdate(RipeMd*, const byte*, word32); +WOLFSSL_API int wc_RipeMdFinal(RipeMd*, byte*); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_RIPEMD */ +#endif /* WOLF_CRYPT_RIPEMD_H */ diff --git a/source/libwolfssl/wolfcrypt/rsa.h b/source/libwolfssl/wolfcrypt/rsa.h new file mode 100644 index 00000000..0b367ab2 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/rsa.h @@ -0,0 +1,356 @@ +/* rsa.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/rsa.h +*/ + + +#ifndef WOLF_CRYPT_RSA_H +#define WOLF_CRYPT_RSA_H + +#include + +#ifndef NO_RSA + + +/* RSA default exponent */ +#ifndef WC_RSA_EXPONENT + #define WC_RSA_EXPONENT 65537L +#endif + +#if defined(WC_RSA_NONBLOCK) + /* enable support for fast math based non-blocking exptmod */ + /* this splits the RSA function into many smaller operations */ + #ifndef USE_FAST_MATH + #error RSA non-blocking mode only supported using fast math + #endif + #ifndef TFM_TIMING_RESISTANT + #error RSA non-blocking mode only supported with timing resistance enabled + #endif + + /* RSA bounds check is not supported with RSA non-blocking mode */ + #undef NO_RSA_BOUNDS_CHECK + #define NO_RSA_BOUNDS_CHECK +#endif + +/* allow for user to plug in own crypto */ +#if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA)) + #include "user_rsa.h" +#else + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) +/* for fips @wc_fips */ +#include +#if defined(CYASSL_KEY_GEN) && !defined(WOLFSSL_KEY_GEN) + #define WOLFSSL_KEY_GEN +#endif +#else + #include + #include +#endif /* HAVE_FIPS && HAVE_FIPS_VERION 1 */ +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) +#include +#endif + +/* header file needed for OAEP padding */ +#include + +#ifdef WOLFSSL_XILINX_CRYPT +#include "xsecure_rsa.h" +#endif + +#if defined(WOLFSSL_CRYPTOCELL) + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +enum { + RSA_MIN_SIZE = 512, + RSA_MAX_SIZE = 4096, +}; + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifdef WOLFSSL_ASYNC_CRYPT + #include + #ifdef WOLFSSL_CERT_GEN + #include + #endif +#endif + +enum { + RSA_PUBLIC = 0, + RSA_PRIVATE = 1, + + RSA_TYPE_UNKNOWN = -1, + RSA_PUBLIC_ENCRYPT = 0, + RSA_PUBLIC_DECRYPT = 1, + RSA_PRIVATE_ENCRYPT = 2, + RSA_PRIVATE_DECRYPT = 3, + + RSA_BLOCK_TYPE_1 = 1, + RSA_BLOCK_TYPE_2 = 2, + + RSA_MIN_PAD_SZ = 11, /* separator + 0 + pad value + 8 pads */ + + RSA_PSS_PAD_SZ = 8, + RSA_PSS_SALT_MAX_SZ = 62, + +#ifdef OPENSSL_EXTRA + RSA_PKCS1_PADDING_SIZE = 11, + RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */ +#endif +#ifdef WC_RSA_PSS + RSA_PSS_PAD_TERM = 0xBC, +#endif + +#ifdef HAVE_PKCS11 + RSA_MAX_ID_LEN = 32, +#endif +}; + +#ifdef WC_RSA_NONBLOCK +typedef struct RsaNb { + exptModNb_t exptmod; /* non-block expt_mod */ + mp_int tmp; +} RsaNb; +#endif + +/* RSA */ +struct RsaKey { + mp_int n, e; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + mp_int d, p, q; +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + mp_int dP, dQ, u; +#endif +#endif + void* heap; /* for user memory overrides */ + byte* data; /* temp buffer for async RSA */ + int type; /* public or private */ + int state; + word32 dataLen; +#ifdef WC_RSA_BLINDING + WC_RNG* rng; /* for PrivateDecrypt blinding */ +#endif +#ifdef WOLF_CRYPTO_CB + int devId; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; + #ifdef WOLFSSL_CERT_GEN + CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ + #endif +#endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLFSSL_XILINX_CRYPT + word32 pubExp; /* to keep values in scope they are here in struct */ + byte* mod; + XSecure_Rsa xRsa; +#endif +#ifdef HAVE_PKCS11 + byte id[RSA_MAX_ID_LEN]; + int idLen; +#endif +#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) + byte dataIsAlloc; +#endif +#ifdef WC_RSA_NONBLOCK + RsaNb* nb; +#endif +#ifdef WOLFSSL_AFALG_XILINX_RSA + int alFd; + int rdFd; +#endif +#if defined(WOLFSSL_CRYPTOCELL) + rsa_context_t ctx; +#endif +}; + +#ifndef WC_RSAKEY_TYPE_DEFINED + typedef struct RsaKey RsaKey; + #define WC_RSAKEY_TYPE_DEFINED +#endif + +#endif /*HAVE_FIPS */ + +WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); +WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); +WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); +#ifdef HAVE_PKCS11 +WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, + void* heap, int devId); +#endif +WOLFSSL_API int wc_CheckRsaKey(RsaKey* key); +#ifdef WOLFSSL_XILINX_CRYPT +WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key); +#endif /* WOLFSSL_XILINX_CRYPT */ + +WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng); + +WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, WC_RNG* rng); +WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, + RsaKey* key); +WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); +WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, WC_RNG* rng); +WOLFSSL_API int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, enum wc_HashType hash, int mgf, + RsaKey* key, WC_RNG* rng); +WOLFSSL_API int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, + word32 outLen, enum wc_HashType hash, + int mgf, int saltLen, RsaKey* key, + WC_RNG* rng); +WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, + RsaKey* key); +WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); +WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, + enum wc_HashType hash, int mgf, + RsaKey* key); +WOLFSSL_API int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out, + enum wc_HashType hash, int mgf, + int saltLen, RsaKey* key); +WOLFSSL_API int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out, + word32 outLen, enum wc_HashType hash, int mgf, + RsaKey* key); +WOLFSSL_API int wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out, + word32 outLen, enum wc_HashType hash, + int mgf, int saltLen, RsaKey* key); +WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, + word32 sigSz, + enum wc_HashType hashType); +WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, + byte* sig, word32 sigSz, + enum wc_HashType hashType, + int saltLen, int bits); +WOLFSSL_API int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out, + const byte* digest, word32 digentLen, + enum wc_HashType hash, int mgf, + RsaKey* key); +WOLFSSL_API int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, + byte* out, word32 outLen, + const byte* digest, word32 digestLen, + enum wc_HashType hash, int mgf, + RsaKey* key); + +WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key); + +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) +/* to avoid asn duplicate symbols @wc_fips */ +WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, + RsaKey*, word32); +WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, + RsaKey*, word32); +WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, + const byte* e, word32 eSz, RsaKey* key); +#ifdef WOLFSSL_KEY_GEN + WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); +#endif + +#ifdef WC_RSA_BLINDING + WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); +#endif +#ifdef WC_RSA_NONBLOCK + WOLFSSL_API int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb); + #ifdef WC_RSA_NONBLOCK_TIME + WOLFSSL_API int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs, + word32 cpuMHz); + #endif +#endif + +/* + choice of padding added after fips, so not available when using fips RSA + */ + +/* Mask Generation Function Identifiers */ +#define WC_MGF1NONE 0 +#define WC_MGF1SHA1 26 +#define WC_MGF1SHA224 4 +#define WC_MGF1SHA256 1 +#define WC_MGF1SHA384 2 +#define WC_MGF1SHA512 3 + +/* Padding types */ +#define WC_RSA_PKCSV15_PAD 0 +#define WC_RSA_OAEP_PAD 1 +#define WC_RSA_PSS_PAD 2 +#define WC_RSA_NO_PAD 3 + +WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, WC_RNG* rng, int type, + enum wc_HashType hash, int mgf, byte* label, word32 lableSz); +WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, + byte* out, word32 outLen, RsaKey* key, int type, + enum wc_HashType hash, int mgf, byte* label, word32 lableSz); +WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, + byte** out, RsaKey* key, int type, enum wc_HashType hash, + int mgf, byte* label, word32 lableSz); +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) +WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, + RsaKey* key, int type, WC_RNG* rng); +#endif + +#endif /* HAVE_FIPS */ + +WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, + word32*); +WOLFSSL_API int wc_RsaExportKey(RsaKey* key, + byte* e, word32* eSz, + byte* n, word32* nSz, + byte* d, word32* dSz, + byte* p, word32* pSz, + byte* q, word32* qSz); + +WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); + +#ifdef WOLFSSL_KEY_GEN + WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); + WOLFSSL_API int wc_CheckProbablePrime_ex(const byte* p, word32 pSz, + const byte* q, word32 qSz, + const byte* e, word32 eSz, + int nlen, int* isPrime, WC_RNG* rng); + WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz, + const byte* q, word32 qSz, + const byte* e, word32 eSz, + int nlen, int* isPrime); +#endif + +#endif /* HAVE_USER_RSA */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_RSA */ +#endif /* WOLF_CRYPT_RSA_H */ + diff --git a/source/libwolfssl/wolfcrypt/selftest.h b/source/libwolfssl/wolfcrypt/selftest.h new file mode 100644 index 00000000..c9dd11d4 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/selftest.h @@ -0,0 +1,48 @@ +/* selftest.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +#ifndef WOLFCRYPT_SELF_TEST_H +#define WOLFCRYPT_SELF_TEST_H + +#include + + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef HAVE_SELFTEST + /* Get wolfCrypt CAVP version */ + WOLFSSL_API const char* wolfCrypt_GetVersion_CAVP_selftest(void); + + /* wolfCrypt self test, runs CAVP KATs */ + WOLFSSL_API int wolfCrypt_SelfTest(void); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFCRYPT_SELF_TEST_H */ + + diff --git a/source/libwolfssl/wolfcrypt/settings.h b/source/libwolfssl/wolfcrypt/settings.h new file mode 100644 index 00000000..b12cd55e --- /dev/null +++ b/source/libwolfssl/wolfcrypt/settings.h @@ -0,0 +1,2084 @@ +/* settings.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* Place OS specific preprocessor flags, defines, includes here, will be + included into every file because types.h includes it */ + + +#ifndef WOLF_CRYPT_SETTINGS_H +#define WOLF_CRYPT_SETTINGS_H + +#ifdef __cplusplus + extern "C" { +#endif + +/* Uncomment next line if using IPHONE */ +/* #define IPHONE */ + +/* Uncomment next line if using ThreadX */ +/* #define THREADX */ + +/* Uncomment next line if using Micrium uC/OS-III */ +/* #define MICRIUM */ + +/* Uncomment next line if using Deos RTOS*/ +/* #define WOLFSSL_DEOS*/ + +/* Uncomment next line if using Mbed */ +/* #define MBED */ + +/* Uncomment next line if using Microchip PIC32 ethernet starter kit */ +/* #define MICROCHIP_PIC32 */ + +/* Uncomment next line if using Microchip TCP/IP stack, version 5 */ +/* #define MICROCHIP_TCPIP_V5 */ + +/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */ +/* #define MICROCHIP_TCPIP */ + +/* Uncomment next line if using PIC32MZ Crypto Engine */ +/* #define WOLFSSL_MICROCHIP_PIC32MZ */ + +/* Uncomment next line if using FreeRTOS */ +/* #define FREERTOS */ + +/* Uncomment next line if using FreeRTOS+ TCP */ +/* #define FREERTOS_TCP */ + +/* Uncomment next line if using FreeRTOS Windows Simulator */ +/* #define FREERTOS_WINSIM */ + +/* Uncomment next line if using RTIP */ +/* #define EBSNET */ + +/* Uncomment next line if using lwip */ +/* #define WOLFSSL_LWIP */ + +/* Uncomment next line if building wolfSSL for a game console */ +/* #define WOLFSSL_GAME_BUILD */ + +/* Uncomment next line if building wolfSSL for LSR */ +/* #define WOLFSSL_LSR */ + +/* Uncomment next line if building for Freescale Classic MQX version 4.0 */ +/* #define FREESCALE_MQX_4_0 */ + +/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */ +/* #define FREESCALE_MQX */ + +/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */ +/* #define FREESCALE_KSDK_MQX */ + +/* Uncomment next line if building for Freescale KSDK Bare Metal */ +/* #define FREESCALE_KSDK_BM */ + +/* Uncomment next line if building for Freescale KSDK FreeRTOS, */ +/* (old name FREESCALE_FREE_RTOS) */ +/* #define FREESCALE_KSDK_FREERTOS */ + +/* Uncomment next line if using STM32F2 */ +/* #define WOLFSSL_STM32F2 */ + +/* Uncomment next line if using STM32F4 */ +/* #define WOLFSSL_STM32F4 */ + +/* Uncomment next line if using STM32FL */ +/* #define WOLFSSL_STM32FL */ + +/* Uncomment next line if using STM32F7 */ +/* #define WOLFSSL_STM32F7 */ + +/* Uncomment next line if using QL SEP settings */ +/* #define WOLFSSL_QL */ + +/* Uncomment next line if building for EROAD */ +/* #define WOLFSSL_EROAD */ + +/* Uncomment next line if building for IAR EWARM */ +/* #define WOLFSSL_IAR_ARM */ + +/* Uncomment next line if building for Rowley CrossWorks ARM */ +/* #define WOLFSSL_ROWLEY_ARM */ + +/* Uncomment next line if using TI-RTOS settings */ +/* #define WOLFSSL_TIRTOS */ + +/* Uncomment next line if building with PicoTCP */ +/* #define WOLFSSL_PICOTCP */ + +/* Uncomment next line if building for PicoTCP demo bundle */ +/* #define WOLFSSL_PICOTCP_DEMO */ + +/* Uncomment next line if building for uITRON4 */ +/* #define WOLFSSL_uITRON4 */ + +/* Uncomment next line if building for uT-Kernel */ +/* #define WOLFSSL_uTKERNEL2 */ + +/* Uncomment next line if using Max Strength build */ +/* #define WOLFSSL_MAX_STRENGTH */ + +/* Uncomment next line if building for VxWorks */ +/* #define WOLFSSL_VXWORKS */ + +/* Uncomment next line if building for Nordic nRF5x platofrm */ +/* #define WOLFSSL_NRF5x */ + +/* Uncomment next line to enable deprecated less secure static DH suites */ +/* #define WOLFSSL_STATIC_DH */ + +/* Uncomment next line to enable deprecated less secure static RSA suites */ +/* #define WOLFSSL_STATIC_RSA */ + +/* Uncomment next line if building for ARDUINO */ +/* Uncomment both lines if building for ARDUINO on INTEL_GALILEO */ +/* #define WOLFSSL_ARDUINO */ +/* #define INTEL_GALILEO */ + +/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */ +/* #define WOLFSSL_ASYNC_CRYPT */ + +/* Uncomment next line if building for uTasker */ +/* #define WOLFSSL_UTASKER */ + +/* Uncomment next line if building for embOS */ +/* #define WOLFSSL_EMBOS */ + +/* Uncomment next line if building for RIOT-OS */ +/* #define WOLFSSL_RIOT_OS */ + +/* Uncomment next line if building for using XILINX hardened crypto */ +/* #define WOLFSSL_XILINX_CRYPT */ + +/* Uncomment next line if building for using XILINX */ +/* #define WOLFSSL_XILINX */ + +/* Uncomment next line if building for WICED Studio. */ +/* #define WOLFSSL_WICED */ + +/* Uncomment next line if building for Nucleus 1.2 */ +/* #define WOLFSSL_NUCLEUS_1_2 */ + +/* Uncomment next line if building for using Apache mynewt */ +/* #define WOLFSSL_APACHE_MYNEWT */ + +/* Uncomment next line if building for using ESP-IDF */ +/* #define WOLFSSL_ESPIDF */ + +/* Uncomment next line if using Espressif ESP32-WROOM-32 */ +/* #define WOLFSSL_ESPWROOM32 */ + +/* Uncomment next line if using Espressif ESP32-WROOM-32SE */ +/* #define WOLFSSL_ESPWROOM32SE */ + +/* Uncomment next line if using ARM CRYPTOCELL*/ +/* #define WOLFSSL_CRYPTOCELL */ + +/* Uncomment next line if using RENESAS TSIP */ +/* #define WOLFSSL_RENESAS_TSIP */ + +/* Uncomment next line if using RENESAS RX64N */ +/* #define WOLFSSL_RENESAS_RX65N */ + +#include + +#ifdef WOLFSSL_USER_SETTINGS + #include "user_settings.h" +#endif + + +/* make sure old RNG name is used with CTaoCrypt FIPS */ +#ifdef HAVE_FIPS + #if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2) + #define WC_RNG RNG + #else + #ifndef WOLFSSL_STM32L4 + #define RNG WC_RNG + #endif + #endif + /* blinding adds API not available yet in FIPS mode */ + #undef WC_RSA_BLINDING +#endif + + +#if defined(_WIN32) && !defined(_M_X64) && \ + defined(HAVE_AESGCM) && defined(WOLFSSL_AESNI) + +/* The _M_X64 macro is what's used in the headers for MSC to tell if it + * has the 64-bit versions of the 128-bit integers available. If one is + * building on 32-bit Windows with AES-NI, turn off the AES-GCMloop + * unrolling. */ + + #define AES_GCM_AESNI_NO_UNROLL +#endif + +#ifdef IPHONE + #define SIZEOF_LONG_LONG 8 +#endif + +#ifdef THREADX + #define SIZEOF_LONG_LONG 8 +#endif + +#ifdef HAVE_NETX + #ifdef NEED_THREADX_TYPES + #include + #endif + #include +#endif + +#if defined(WOLFSSL_ESPIDF) + #define FREERTOS + #define WOLFSSL_LWIP + #define NO_WRITEV + #define SIZEOF_LONG_LONG 8 + #define NO_WOLFSSL_DIR + #define WOLFSSL_NO_CURRDIR + + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #define WC_RSA_BLINDING + +#if defined(WOLFSSL_ESPWROOM32) || defined(WOLFSSL_ESPWROOM32SE) + #ifndef NO_ESP32WROOM32_CRYPT + #define WOLFSSL_ESP32WROOM32_CRYPT + #if defined(ESP32_USE_RSA_PRIMITIVE) && \ + !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) + #define WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI + #define USE_FAST_MATH + #define WOLFSSL_SMALL_STACK + #endif + #endif +#endif +#endif /* WOLFSSL_ESPIDF */ + +#if defined(WOLFSSL_RENESAS_TSIP) + #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64 + #define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */ + #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */ + #if !defined(NO_RENESAS_TSIP_CRYPT) && defined(WOLFSSL_RENESAS_RX65N) + #define WOLFSSL_RENESAS_TSIP_CRYPT + #define WOLFSSL_RENESAS_TSIP_TLS + #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT + #endif +#endif + +#if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */ + #define WOLFSSL_LWIP + #define NO_WRITEV + #define SINGLE_THREADED + #define WOLFSSL_USER_IO + #define NO_FILESYSTEM +#endif + +#if defined(WOLFSSL_CONTIKI) + #include + #define WOLFSSL_UIP + #define NO_WOLFSSL_MEMORY + #define NO_WRITEV + #define SINGLE_THREADED + #define WOLFSSL_USER_IO + #define NO_FILESYSTEM + #define CUSTOM_RAND_TYPE uint16_t + #define CUSTOM_RAND_GENERATE random_rand + static inline word32 LowResTimer(void) + { + return clock_seconds(); + } +#endif + +#if defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_ROWLEY_ARM) + #define NO_MAIN_DRIVER + #define SINGLE_THREADED + #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096) + #define USE_CERT_BUFFERS_1024 + #endif + #define BENCH_EMBEDDED + #define NO_FILESYSTEM + #define NO_WRITEV + #define WOLFSSL_USER_IO + #define BENCH_EMBEDDED +#endif + +#ifdef MICROCHIP_PIC32 + /* #define WOLFSSL_MICROCHIP_PIC32MZ */ + #define SIZEOF_LONG_LONG 8 + #define SINGLE_THREADED + #define WOLFSSL_USER_IO + #define NO_WRITEV + #define NO_DEV_RANDOM + #define NO_FILESYSTEM + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MAX + #define NO_BIG_INT +#endif + +#ifdef WOLFSSL_MICROCHIP_PIC32MZ + #ifndef NO_PIC32MZ_CRYPT + #define WOLFSSL_PIC32MZ_CRYPT + #endif + #ifndef NO_PIC32MZ_RNG + #define WOLFSSL_PIC32MZ_RNG + #endif + #ifndef NO_PIC32MZ_HASH + #define WOLFSSL_PIC32MZ_HASH + #endif +#endif + +#ifdef MICROCHIP_TCPIP_V5 + /* include timer functions */ + #include "TCPIP Stack/TCPIP.h" +#endif + +#ifdef MICROCHIP_TCPIP + /* include timer, NTP functions */ + #ifdef MICROCHIP_MPLAB_HARMONY + #include "tcpip/tcpip.h" + #else + #include "system/system_services.h" + #include "tcpip/sntp.h" + #endif +#endif + +#ifdef MBED + #define WOLFSSL_USER_IO + #define NO_FILESYSTEM + #define NO_CERTS + #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096) + #define USE_CERT_BUFFERS_1024 + #endif + #define NO_WRITEV + #define NO_DEV_RANDOM + #define NO_SHA512 + #define NO_DH + /* Allows use of DH with fixed points if uncommented and NO_DH is removed */ + /* WOLFSSL_DH_CONST */ + #define NO_DSA + #define NO_HC128 + #define HAVE_ECC + #define NO_SESSION_CACHE + #define WOLFSSL_CMSIS_RTOS +#endif + + +#ifdef WOLFSSL_EROAD + #define FREESCALE_MQX + #define FREESCALE_MMCAU + #define SINGLE_THREADED + #define NO_STDIO_FILESYSTEM + #define WOLFSSL_LEANPSK + #define HAVE_NULL_CIPHER + #define NO_OLD_TLS + #define NO_ASN + #define NO_BIG_INT + #define NO_RSA + #define NO_DSA + #define NO_DH + /* Allows use of DH with fixed points if uncommented and NO_DH is removed */ + /* WOLFSSL_DH_CONST */ + #define NO_CERTS + #define NO_PWDBASED + #define NO_DES3 + #define NO_MD4 + #define NO_RC4 + #define NO_MD5 + #define NO_SESSION_CACHE + #define NO_MAIN_DRIVER +#endif + +#ifdef WOLFSSL_PICOTCP + #ifndef errno + #define errno pico_err + #endif + #include "pico_defines.h" + #include "pico_stack.h" + #include "pico_constants.h" + #include "pico_protocol.h" + #define CUSTOM_RAND_GENERATE pico_rand +#endif + +#ifdef WOLFSSL_PICOTCP_DEMO + #define WOLFSSL_STM32 + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define XMALLOC(s, h, type) PICO_ZALLOC((s)) + #define XFREE(p, h, type) PICO_FREE((p)) + #define SINGLE_THREADED + #define NO_WRITEV + #define WOLFSSL_USER_IO + #define NO_DEV_RANDOM + #define NO_FILESYSTEM +#endif + +#ifdef FREERTOS_WINSIM + #define FREERTOS + #define USE_WINDOWS_API +#endif + + +#ifdef WOLFSSL_VXWORKS + /* VxWorks simulator incorrectly detects building for i386 */ + #ifdef VXWORKS_SIM + #define TFM_NO_ASM + #endif + /* For VxWorks pthreads wrappers for mutexes uncomment the next line. */ + /* #define WOLFSSL_PTHREADS */ + #define WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MAX + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define NO_MAIN_DRIVER + #define NO_DEV_RANDOM + #define NO_WRITEV +#endif + + +#ifdef WOLFSSL_ARDUINO + #define NO_WRITEV + #define NO_WOLFSSL_DIR + #define SINGLE_THREADED + #define NO_DEV_RANDOM + #ifndef INTEL_GALILEO /* Galileo has time.h compatibility */ + #define TIME_OVERRIDES + #ifndef XTIME + #error "Must define XTIME externally see porting guide" + #error "https://www.wolfssl.com/docs/porting-guide/" + #endif + #ifndef XGMTIME + #error "Must define XGMTIME externally see porting guide" + #error "https://www.wolfssl.com/docs/porting-guide/" + #endif + #endif + #define WOLFSSL_USER_IO + #define HAVE_ECC + #define NO_DH + #define NO_SESSION_CACHE +#endif + + +#ifdef WOLFSSL_UTASKER + /* uTasker configuration - used for fnRandom() */ + #include "config.h" + + #define SINGLE_THREADED + #define NO_WOLFSSL_DIR + #define WOLFSSL_HAVE_MIN + #define NO_WRITEV + + #define HAVE_ECC + #define ALT_ECC_SIZE + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + /* used in wolfCrypt test */ + #define NO_MAIN_DRIVER + #define USE_CERT_BUFFERS_2048 + + /* uTasker port uses RAW sockets, use I/O callbacks + * See wolfSSL uTasker example for sample callbacks */ + #define WOLFSSL_USER_IO + + /* uTasker filesystem not ported */ + #define NO_FILESYSTEM + + /* uTasker RNG is abstracted, calls HW RNG when available */ + #define CUSTOM_RAND_GENERATE fnRandom + #define CUSTOM_RAND_TYPE unsigned short + + /* user needs to define XTIME to function that provides + * seconds since Unix epoch */ + #ifndef XTIME + #error XTIME must be defined in wolfSSL settings.h + /* #define XTIME fnSecondsSinceEpoch */ + #endif + + /* use uTasker std library replacements where available */ + #define STRING_USER + #define XMEMCPY(d,s,l) uMemcpy((d),(s),(l)) + #define XMEMSET(b,c,l) uMemset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) uMemcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + + #define XSTRLEN(s1) uStrlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) + #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN) + #define XSTRTOK strtok_r + #endif +#endif + +#ifdef WOLFSSL_EMBOS + #define NO_FILESYSTEM /* Not ported at this time */ + #define USE_CERT_BUFFERS_2048 /* use when NO_FILESYSTEM */ + #define NO_MAIN_DRIVER + #define NO_RC4 + #define SINGLE_THREADED /* Not ported at this time */ +#endif + +#ifdef WOLFSSL_RIOT_OS + #define NO_WRITEV + #define TFM_NO_ASM + #define NO_FILESYSTEM + #define USE_CERT_BUFFERS_2048 + #if defined(WOLFSSL_GNRC) && !defined(WOLFSSL_DTLS) + #define WOLFSSL_DTLS + #endif +#endif + +#ifdef WOLFSSL_CHIBIOS + /* ChibiOS definitions. This file is distributed with chibiOS. */ + #include "wolfssl_chibios.h" +#endif + +#ifdef WOLFSSL_PB + /* PB is using older 1.2 version of Nucleus */ + #undef WOLFSSL_NUCLEUS + #define WOLFSSL_NUCLEUS_1_2 +#endif + +#ifdef WOLFSSL_NUCLEUS_1_2 + #define NO_WRITEV + #define NO_WOLFSSL_DIR + + #if !defined(NO_ASN_TIME) && !defined(USER_TIME) + #error User must define XTIME, see manual + #endif + + #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER) + extern void* nucleus_malloc(unsigned long size, void* heap, int type); + extern void* nucleus_realloc(void* ptr, unsigned long size, void* heap, + int type); + extern void nucleus_free(void* ptr, void* heap, int type); + + #define XMALLOC(s, h, type) nucleus_malloc((s), (h), (type)) + #define XREALLOC(p, n, h, t) nucleus_realloc((p), (n), (h), (t)) + #define XFREE(p, h, type) nucleus_free((p), (h), (type)) + #endif +#endif + +#ifdef WOLFSSL_NRF5x + #define SIZEOF_LONG 4 + #define SIZEOF_LONG_LONG 8 + #define NO_ASN_TIME + #define NO_DEV_RANDOM + #define NO_FILESYSTEM + #define NO_MAIN_DRIVER + #define NO_WRITEV + #define SINGLE_THREADED + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define USE_WOLFSSL_MEMORY + #define WOLFSSL_NRF51 + #define WOLFSSL_USER_IO + #define NO_SESSION_CACHE +#endif + +/* Micrium will use Visual Studio for compilation but not the Win32 API */ +#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ + !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \ + !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) + #define USE_WINDOWS_API +#endif + +#if defined(WOLFSSL_uITRON4) + +#define XMALLOC_USER +#include +#define ITRON_POOL_SIZE 1024*20 +extern int uITRON4_minit(size_t poolsz) ; +extern void *uITRON4_malloc(size_t sz) ; +extern void *uITRON4_realloc(void *p, size_t sz) ; +extern void uITRON4_free(void *p) ; + +#define XMALLOC(sz, heap, type) uITRON4_malloc(sz) +#define XREALLOC(p, sz, heap, type) uITRON4_realloc(p, sz) +#define XFREE(p, heap, type) uITRON4_free(p) +#endif + +#if defined(WOLFSSL_uTKERNEL2) + #ifndef NO_TKERNEL_MEM_POOL + #define XMALLOC_OVERRIDE + int uTKernel_init_mpool(unsigned int sz); /* initializing malloc pool */ + void* uTKernel_malloc(unsigned int sz); + void* uTKernel_realloc(void *p, unsigned int sz); + void uTKernel_free(void *p); + #define XMALLOC(s, h, type) uTKernel_malloc((s)) + #define XREALLOC(p, n, h, t) uTKernel_realloc((p), (n)) + #define XFREE(p, h, type) uTKernel_free((p)) + #endif + + #ifndef NO_STDIO_FGETS_REMAP + #include + #include "tm/tmonitor.h" + + /* static char* gets(char *buff); */ + static char* fgets(char *buff, int sz, XFILE fp) { + char * p = buff; + *p = '\0'; + while (1) { + *p = tm_getchar(-1); + tm_putchar(*p); + if (*p == '\r') { + tm_putchar('\n'); + *p = '\0'; + break; + } + p++; + } + return buff; + } + #endif /* !NO_STDIO_FGETS_REMAP */ +#endif + + +#if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) && \ + !defined(NO_WOLFSSL_MEMORY) + #include + #define XMALLOC(s, h, type) malloc((s)) + #define XFREE(p, h, type) free((p)) + #define XREALLOC(p, n, h, t) realloc((p), (n)) +#endif + +#if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL) + #undef XMALLOC + #define XMALLOC yaXMALLOC + #undef XFREE + #define XFREE yaXFREE + #undef XREALLOC + #define XREALLOC yaXREALLOC +#endif + + +#ifdef FREERTOS + #include "FreeRTOS.h" + + /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */ + #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ + !defined(WOLFSSL_STATIC_MEMORY) + #define XMALLOC(s, h, type) pvPortMalloc((s)) + #define XFREE(p, h, type) vPortFree((p)) + #endif + #if defined(HAVE_ED25519) || defined(WOLFSSL_ESPIDF) + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + #endif + #ifndef NO_WRITEV + #define NO_WRITEV + #endif + #ifndef HAVE_SHA512 + #ifndef NO_SHA512 + #define NO_SHA512 + #endif + #endif + #ifndef HAVE_DH + #ifndef NO_DH + #define NO_DH + #endif + #endif + #ifndef NO_DSA + #define NO_DSA + #endif + #ifndef NO_HC128 + #define NO_HC128 + #endif + + #ifndef SINGLE_THREADED + #include "semphr.h" + #endif +#endif + +#ifdef FREERTOS_TCP + #if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER) && \ + !defined(WOLFSSL_STATIC_MEMORY) + #define XMALLOC(s, h, type) pvPortMalloc((s)) + #define XFREE(p, h, type) vPortFree((p)) + #endif + + #define WOLFSSL_GENSEED_FORTEST + + #define NO_WOLFSSL_DIR + #define NO_WRITEV + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define NO_MAIN_DRIVER +#endif + +#ifdef WOLFSSL_TIRTOS + #define SIZEOF_LONG_LONG 8 + #define NO_WRITEV + #define NO_WOLFSSL_DIR + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #define WC_RSA_BLINDING + #define NO_DEV_RANDOM + #define NO_FILESYSTEM + #define USE_CERT_BUFFERS_2048 + #define NO_ERROR_STRINGS + /* Uncomment this setting if your toolchain does not offer time.h header */ + /* #define USER_TIME */ + #define HAVE_ECC + #define HAVE_ALPN + #define USE_WOLF_STRTOK /* use with HAVE_ALPN */ + #define HAVE_TLS_EXTENSIONS + #define HAVE_AESGCM + #ifdef WOLFSSL_TI_CRYPT + #define NO_GCM_ENCRYPT_EXTRA + #define NO_PUBLIC_GCM_SET_IV + #define NO_PUBLIC_CCM_SET_NONCE + #endif + #define HAVE_SUPPORTED_CURVES + #define ALT_ECC_SIZE + + #ifdef __IAR_SYSTEMS_ICC__ + #pragma diag_suppress=Pa089 + #elif !defined(__GNUC__) + /* Suppress the sslpro warning */ + #pragma diag_suppress=11 + #endif + + #include +#endif + +#ifdef EBSNET + #include "rtip.h" + + /* #define DEBUG_WOLFSSL */ + #define NO_WOLFSSL_DIR /* tbd */ + + #if (POLLOS) + #define SINGLE_THREADED + #endif + + #if (RTPLATFORM) + #if (!RTP_LITTLE_ENDIAN) + #define BIG_ENDIAN_ORDER + #endif + #else + #if (!KS_LITTLE_ENDIAN) + #define BIG_ENDIAN_ORDER + #endif + #endif + + #if (WINMSP3) + #undef SIZEOF_LONG + #define SIZEOF_LONG_LONG 8 + #else + #error settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG + #endif + + #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC)) + #define XFREE(p, h, type) (rtp_free(p)) + #define XREALLOC(p, n, h, t) realloc((p), (n)) + +#endif /* EBSNET */ + +#ifdef WOLFSSL_GAME_BUILD + #define SIZEOF_LONG_LONG 8 + #if defined(__PPU) || defined(__XENON) + #define BIG_ENDIAN_ORDER + #endif +#endif + +#ifdef WOLFSSL_LSR + #define HAVE_WEBSERVER + #define SIZEOF_LONG_LONG 8 + #define WOLFSSL_LOW_MEMORY + #define NO_WRITEV + #define NO_SHA512 + #define NO_DH + /* Allows use of DH with fixed points if uncommented and NO_DH is removed */ + /* WOLFSSL_DH_CONST */ + #define NO_DSA + #define NO_HC128 + #define NO_DEV_RANDOM + #define NO_WOLFSSL_DIR + #define NO_RABBIT + #ifndef NO_FILESYSTEM + #define LSR_FS + #include "inc/hw_types.h" + #include "fs.h" + #endif + #define WOLFSSL_LWIP + #include /* for tcp errno */ + #define WOLFSSL_SAFERTOS + #if defined(__IAR_SYSTEMS_ICC__) + /* enum uses enum */ + #pragma diag_suppress=Pa089 + #endif +#endif + +#ifdef WOLFSSL_SAFERTOS + #ifndef SINGLE_THREADED + #include "SafeRTOS/semphr.h" + #endif + #ifndef WOLFSSL_NO_MALLOC + #include "SafeRTOS/heap.h" + #endif + #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ + !defined(WOLFSSL_STATIC_MEMORY) + #define XMALLOC(s, h, type) pvPortMalloc((s)) + #define XFREE(p, h, type) vPortFree((p)) + #endif + #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) + #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n)) + #endif +#endif + +#ifdef WOLFSSL_LOW_MEMORY + #undef RSA_LOW_MEM + #define RSA_LOW_MEM + #undef WOLFSSL_SMALL_STACK + #define WOLFSSL_SMALL_STACK + #undef TFM_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT +#endif + +#ifdef FREESCALE_MQX_4_0 + /* use normal Freescale MQX port, but with minor changes for 4.0 */ + #define FREESCALE_MQX +#endif + +#ifdef FREESCALE_MQX + #define FREESCALE_COMMON + #include "mqx.h" + #ifndef NO_FILESYSTEM + #include "mfs.h" + #if MQX_USE_IO_OLD + #include "fio.h" + #define NO_STDIO_FILESYSTEM + #else + #include "nio.h" + #endif + #endif + #ifndef SINGLE_THREADED + #include "mutex.h" + #endif + + #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER) + #define XMALLOC_OVERRIDE + #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s)) + #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));} + /* Note: MQX has no realloc, using fastmath above */ + #endif +#endif + +#ifdef FREESCALE_KSDK_MQX + #define FREESCALE_COMMON + #include + #ifndef NO_FILESYSTEM + #if MQX_USE_IO_OLD + #include + #else + #include + #include + #endif + #endif + #ifndef SINGLE_THREADED + #include + #endif + + #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s)) + #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));} + #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */ + + #define MQX_FILE_PTR FILE * + #define IO_SEEK_SET SEEK_SET + #define IO_SEEK_END SEEK_END +#endif /* FREESCALE_KSDK_MQX */ + +#if defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS) + #define NO_FILESYSTEM + #define WOLFSSL_CRYPT_HW_MUTEX 1 + + #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) + #define XMALLOC(s, h, type) pvPortMalloc((s)) + #define XFREE(p, h, type) vPortFree((p)) + #endif + + //#define USER_TICKS + /* Allows use of DH with fixed points if uncommented and NO_DH is removed */ + /* WOLFSSL_DH_CONST */ + #define WOLFSSL_LWIP + #define FREERTOS_TCP + + #define FREESCALE_FREE_RTOS + #define FREERTOS_SOCKET_ERROR ( -1 ) + #define FREERTOS_EWOULDBLOCK ( -2 ) + #define FREERTOS_EINVAL ( -4 ) + #define FREERTOS_EADDRNOTAVAIL ( -5 ) + #define FREERTOS_EADDRINUSE ( -6 ) + #define FREERTOS_ENOBUFS ( -7 ) + #define FREERTOS_ENOPROTOOPT ( -8 ) +#endif /* FREESCALE_FREE_RTOS || FREESCALE_KSDK_FREERTOS */ + +#ifdef FREESCALE_KSDK_BM + #define FREESCALE_COMMON + #define WOLFSSL_USER_IO + #define SINGLE_THREADED + #define NO_FILESYSTEM + #ifndef TIME_OVERRIDES + #define USER_TICKS + #endif +#endif /* FREESCALE_KSDK_BM */ + +#ifdef FREESCALE_COMMON + #define SIZEOF_LONG_LONG 8 + + /* disable features */ + #undef NO_WRITEV + #define NO_WRITEV + #undef NO_DEV_RANDOM + #define NO_DEV_RANDOM + #undef NO_RABBIT + #define NO_RABBIT + #undef NO_WOLFSSL_DIR + #define NO_WOLFSSL_DIR + #undef NO_RC4 + #define NO_RC4 + + /* enable features */ + #undef USE_FAST_MATH + #define USE_FAST_MATH + + #define USE_CERT_BUFFERS_2048 + #define BENCH_EMBEDDED + + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + #undef HAVE_ECC + #define HAVE_ECC + #ifndef NO_AES + #undef HAVE_AESCCM + #define HAVE_AESCCM + #undef HAVE_AESGCM + #define HAVE_AESGCM + #undef WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_COUNTER + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT + #endif + + #ifdef FREESCALE_KSDK_1_3 + #include "fsl_device_registers.h" + #elif !defined(FREESCALE_MQX) + /* Classic MQX does not have fsl_common.h */ + #include "fsl_common.h" + #endif + + /* random seed */ + #define NO_OLD_RNGNAME + #if defined(FSL_FEATURE_SOC_TRNG_COUNT) && (FSL_FEATURE_SOC_TRNG_COUNT > 0) + #define FREESCALE_KSDK_2_0_TRNG + #elif defined(FSL_FEATURE_SOC_RNG_COUNT) && (FSL_FEATURE_SOC_RNG_COUNT > 0) + #ifdef FREESCALE_KSDK_1_3 + #include "fsl_rnga_driver.h" + #define FREESCALE_RNGA + #define RNGA_INSTANCE (0) + #else + #define FREESCALE_KSDK_2_0_RNGA + #endif + #elif !defined(FREESCALE_KSDK_BM) && !defined(FREESCALE_FREE_RTOS) && !defined(FREESCALE_KSDK_FREERTOS) + #define FREESCALE_RNGA + #define RNGA_INSTANCE (0) + /* defaulting to K70 RNGA, user should change if different */ + /* #define FREESCALE_K53_RNGB */ + #define FREESCALE_K70_RNGA + #endif + + /* HW crypto */ + /* automatic enable based on Kinetis feature */ + /* if case manual selection is required, for example for benchmarking purposes, + * just define FREESCALE_USE_MMCAU or FREESCALE_USE_LTC or none of these two macros (for software only) + * both can be enabled simultaneously as LTC has priority over MMCAU in source code. + */ + /* #define FSL_HW_CRYPTO_MANUAL_SELECTION */ + #ifndef FSL_HW_CRYPTO_MANUAL_SELECTION + #if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && FSL_FEATURE_SOC_MMCAU_COUNT + #define FREESCALE_USE_MMCAU + #endif + + #if defined(FSL_FEATURE_SOC_LTC_COUNT) && FSL_FEATURE_SOC_LTC_COUNT + #define FREESCALE_USE_LTC + #endif + #else + /* #define FREESCALE_USE_MMCAU */ + /* #define FREESCALE_USE_LTC */ + #endif +#endif /* FREESCALE_COMMON */ + +/* Classic pre-KSDK mmCAU library */ +#ifdef FREESCALE_USE_MMCAU_CLASSIC + #define FREESCALE_USE_MMCAU + #define FREESCALE_MMCAU_CLASSIC + #define FREESCALE_MMCAU_CLASSIC_SHA +#endif + +/* KSDK mmCAU library */ +#ifdef FREESCALE_USE_MMCAU + /* AES and DES */ + #define FREESCALE_MMCAU + /* MD5, SHA-1 and SHA-256 */ + #define FREESCALE_MMCAU_SHA +#endif /* FREESCALE_USE_MMCAU */ + +#ifdef FREESCALE_USE_LTC + #if defined(FSL_FEATURE_SOC_LTC_COUNT) && FSL_FEATURE_SOC_LTC_COUNT + #define FREESCALE_LTC + #define LTC_BASE LTC0 + + #if defined(FSL_FEATURE_LTC_HAS_DES) && FSL_FEATURE_LTC_HAS_DES + #define FREESCALE_LTC_DES + #endif + + #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM + #define FREESCALE_LTC_AES_GCM + #endif + + #if defined(FSL_FEATURE_LTC_HAS_SHA) && FSL_FEATURE_LTC_HAS_SHA + #define FREESCALE_LTC_SHA + #endif + + #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA + #define FREESCALE_LTC_ECC + #define FREESCALE_LTC_TFM + + /* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic. + the LTC_MAX_INT_BYTES defines the size of local variables that hold big integers. */ + #ifndef LTC_MAX_INT_BYTES + #define LTC_MAX_INT_BYTES (256) + #endif + + /* This FREESCALE_LTC_TFM_RSA_4096_ENABLE macro can be defined. + * In such a case both software and hardware algorithm + * for TFM is linked in. The decision for which algorithm is used is determined at runtime + * from size of inputs. If inputs and result can fit into LTC (see LTC_MAX_INT_BYTES) + * then we call hardware algorithm, otherwise we call software algorithm. + * + * Chinese reminder theorem is used to break RSA 4096 exponentiations (both public and private key) + * into several computations with 2048-bit modulus and exponents. + */ + /* #define FREESCALE_LTC_TFM_RSA_4096_ENABLE */ + + /* ECC-384, ECC-256, ECC-224 and ECC-192 have been enabled with LTC PKHA acceleration */ + #ifdef HAVE_ECC + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + /* the LTC PKHA hardware limit is 512 bits (64 bytes) for ECC. + the LTC_MAX_ECC_BITS defines the size of local variables that hold ECC parameters + and point coordinates */ + #ifndef LTC_MAX_ECC_BITS + #define LTC_MAX_ECC_BITS (384) + #endif + + /* Enable curves up to 384 bits */ + #if !defined(ECC_USER_CURVES) && !defined(HAVE_ALL_CURVES) + #define ECC_USER_CURVES + #define HAVE_ECC192 + #define HAVE_ECC224 + #undef NO_ECC256 + #define HAVE_ECC384 + #endif + #endif + #endif + #endif +#endif /* FREESCALE_USE_LTC */ + +#ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE + #undef USE_CERT_BUFFERS_4096 + #define USE_CERT_BUFFERS_4096 + #undef FP_MAX_BITS + #define FP_MAX_BITS (8192) + + #undef NO_DH + #define NO_DH + #undef NO_DSA + #define NO_DSA +#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */ + +/* if LTC has AES engine but doesn't have GCM, use software with LTC AES ECB mode */ +#if defined(FREESCALE_USE_LTC) && !defined(FREESCALE_LTC_AES_GCM) + #define GCM_TABLE +#endif + +#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ + defined(WOLFSSL_STM32L4) + + #define SIZEOF_LONG_LONG 8 + #ifndef CHAR_BIT + #define CHAR_BIT 8 + #endif + #define NO_DEV_RANDOM + #define NO_WOLFSSL_DIR + #undef NO_RABBIT + #define NO_RABBIT + #ifndef NO_STM32_RNG + #undef STM32_RNG + #define STM32_RNG + #ifdef WOLFSSL_STM32F427_RNG + #include "stm32f427xx.h" + #endif + #endif + #ifndef NO_STM32_CRYPTO + #undef STM32_CRYPTO + #define STM32_CRYPTO + + #ifdef WOLFSSL_STM32L4 + #define NO_AES_192 /* hardware does not support 192-bit */ + #endif + #endif + #ifndef NO_STM32_HASH + #undef STM32_HASH + #define STM32_HASH + #endif + #if !defined(__GNUC__) && !defined(__ICCARM__) + #define KEIL_INTRINSICS + #endif + #define NO_OLD_RNGNAME + #ifdef WOLFSSL_STM32_CUBEMX + #if defined(WOLFSSL_STM32F2) + #include "stm32f2xx_hal.h" + #elif defined(WOLFSSL_STM32L4) + #include "stm32l4xx_hal.h" + #elif defined(WOLFSSL_STM32F4) + #include "stm32f4xx_hal.h" + #elif defined(WOLFSSL_STM32F7) + #include "stm32f7xx_hal.h" + #elif defined(WOLFSSL_STM32F1) + #include "stm32f1xx_hal.h" + #endif + #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) + #include "stm32l4xx_ll_rng.h" + #endif + + #ifndef STM32_HAL_TIMEOUT + #define STM32_HAL_TIMEOUT 0xFF + #endif + #else + #if defined(WOLFSSL_STM32F2) + #include "stm32f2xx.h" + #ifdef STM32_CRYPTO + #include "stm32f2xx_cryp.h" + #endif + #ifdef STM32_HASH + #include "stm32f2xx_hash.h" + #endif + #elif defined(WOLFSSL_STM32F4) + #include "stm32f4xx.h" + #ifdef STM32_CRYPTO + #include "stm32f4xx_cryp.h" + #endif + #ifdef STM32_HASH + #include "stm32f4xx_hash.h" + #endif + #elif defined(WOLFSSL_STM32L4) + #include "stm32l4xx.h" + #ifdef STM32_CRYPTO + #include "stm32l4xx_cryp.h" + #endif + #ifdef STM32_HASH + #include "stm32l4xx_hash.h" + #endif + #elif defined(WOLFSSL_STM32F7) + #include "stm32f7xx.h" + #elif defined(WOLFSSL_STM32F1) + #include "stm32f1xx.h" + #endif + #endif /* WOLFSSL_STM32_CUBEMX */ +#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */ +#ifdef WOLFSSL_DEOS + #include + #include + #include + #include + #include + #include + #include /* for rand_r: pseudo-random number generator */ + #include /* for snprintf */ + + /* use external memory XMALLOC, XFREE and XREALLOC functions */ + #define XMALLOC_USER + + /* disable fall-back case, malloc, realloc and free are unavailable */ + #define WOLFSSL_NO_MALLOC + + /* file sytem has not been ported since it is a seperate product. */ + + #define NO_FILESYSTEM + + #ifdef NO_FILESYSTEM + #define NO_WOLFSSL_DIR + #define NO_WRITEV + #endif + + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #define WC_RSA_BLINDING + + #define HAVE_ECC + #define ALT_ECC_SIZE + #define TFM_ECC192 + #define TFM_ECC224 + #define TFM_ECC256 + #define TFM_ECC384 + #define TFM_ECC521 + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define HAVE_EXTENDED_MASTER + + #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) + #define BIG_ENDIAN_ORDER + #else + #undef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER + #endif +#endif /* WOLFSSL_DEOS*/ + +#ifdef MICRIUM + #include + #include + #include + #include + #include + #include + #include + + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #define WC_RSA_BLINDING + #define HAVE_HASHDRBG + + #define HAVE_ECC + #define ALT_ECC_SIZE + #define TFM_ECC192 + #define TFM_ECC224 + #define TFM_ECC256 + #define TFM_ECC384 + #define TFM_ECC521 + + #define NO_RC4 + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define HAVE_EXTENDED_MASTER + + #define NO_WOLFSSL_DIR + #define NO_WRITEV + + #ifndef CUSTOM_RAND_GENERATE + #define CUSTOM_RAND_TYPE RAND_NBR + #define CUSTOM_RAND_GENERATE Math_Rand + #endif + #define STRING_USER + #define XSTRLEN(pstr) ((CPU_SIZE_T)Str_Len((CPU_CHAR *)(pstr))) + #define XSTRNCPY(pstr_dest, pstr_src, len_max) \ + ((CPU_CHAR *)Str_Copy_N((CPU_CHAR *)(pstr_dest), \ + (CPU_CHAR *)(pstr_src), (CPU_SIZE_T)(len_max))) + #define XSTRNCMP(pstr_1, pstr_2, len_max) \ + ((CPU_INT16S)Str_Cmp_N((CPU_CHAR *)(pstr_1), \ + (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max))) + #define XSTRNCASECMP(pstr_1, pstr_2, len_max) \ + ((CPU_INT16S)Str_CmpIgnoreCase_N((CPU_CHAR *)(pstr_1), \ + (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max))) + #define XSTRSTR(pstr, pstr_srch) \ + ((CPU_CHAR *)Str_Str((CPU_CHAR *)(pstr), \ + (CPU_CHAR *)(pstr_srch))) + #define XSTRNSTR(pstr, pstr_srch, len_max) \ + ((CPU_CHAR *)Str_Str_N((CPU_CHAR *)(pstr), \ + (CPU_CHAR *)(pstr_srch),(CPU_SIZE_T)(len_max))) + #define XSTRNCAT(pstr_dest, pstr_cat, len_max) \ + ((CPU_CHAR *)Str_Cat_N((CPU_CHAR *)(pstr_dest), \ + (const CPU_CHAR *)(pstr_cat),(CPU_SIZE_T)(len_max))) + #define XMEMSET(pmem, data_val, size) \ + ((void)Mem_Set((void *)(pmem), \ + (CPU_INT08U) (data_val), \ + (CPU_SIZE_T)(size))) + #define XMEMCPY(pdest, psrc, size) ((void)Mem_Copy((void *)(pdest), \ + (void *)(psrc), (CPU_SIZE_T)(size))) + #define XMEMCMP(pmem_1, pmem_2, size) \ + (((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \ + (void *)(pmem_2), \ + (CPU_SIZE_T)(size))) ? DEF_NO : DEF_YES) + #define XMEMMOVE XMEMCPY + + #if (OS_CFG_MUTEX_EN == DEF_DISABLED) + #define SINGLE_THREADED + #endif + + #if (CPU_CFG_ENDIAN_TYPE == CPU_ENDIAN_TYPE_BIG) + #define BIG_ENDIAN_ORDER + #else + #undef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER + #endif +#endif /* MICRIUM */ + +#ifdef WOLFSSL_MCF5441X + #define BIG_ENDIAN_ORDER + #ifndef SIZEOF_LONG + #define SIZEOF_LONG 4 + #endif + #ifndef SIZEOF_LONG_LONG + #define SIZEOF_LONG_LONG 8 + #endif +#endif + +#ifdef WOLFSSL_QL + #ifndef WOLFSSL_SEP + #define WOLFSSL_SEP + #endif + #ifndef OPENSSL_EXTRA + #define OPENSSL_EXTRA + #endif + #ifndef SESSION_CERTS + #define SESSION_CERTS + #endif + #ifndef HAVE_AESCCM + #define HAVE_AESCCM + #endif + #ifndef ATOMIC_USER + #define ATOMIC_USER + #endif + #ifndef WOLFSSL_DER_LOAD + #define WOLFSSL_DER_LOAD + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + #ifndef HAVE_ECC + #define HAVE_ECC + #endif + #ifndef SESSION_INDEX + #define SESSION_INDEX + #endif +#endif /* WOLFSSL_QL */ + + +#if defined(WOLFSSL_XILINX) + #define NO_WOLFSSL_DIR + #define NO_DEV_RANDOM + #define HAVE_AESGCM +#endif + +#if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX) + #if defined(WOLFSSL_ARMASM) + #error can not use both ARMv8 instructions and XILINX hardened crypto + #endif + #if defined(WOLFSSL_SHA3) + /* only SHA3-384 is supported */ + #undef WOLFSSL_NOSHA3_224 + #undef WOLFSSL_NOSHA3_256 + #undef WOLFSSL_NOSHA3_512 + #define WOLFSSL_NOSHA3_224 + #define WOLFSSL_NOSHA3_256 + #define WOLFSSL_NOSHA3_512 + #endif + #ifdef WOLFSSL_AFALG_XILINX_AES + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT + #endif +#endif /*(WOLFSSL_XILINX_CRYPT)*/ + +#if defined(WOLFSSL_APACHE_MYNEWT) + #include "os/os_malloc.h" + #if !defined(WOLFSSL_LWIP) + #include + #endif + + #if !defined(SIZEOF_LONG) + #define SIZEOF_LONG 4 + #endif + #if !defined(SIZEOF_LONG_LONG) + #define SIZEOF_LONG_LONG 8 + #endif + #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) + #define BIG_ENDIAN_ORDER + #else + #undef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER + #endif + #define NO_WRITEV + #define WOLFSSL_USER_IO + #define SINGLE_THREADED + #define NO_DEV_RANDOM + #define NO_DH + #define NO_WOLFSSL_DIR + #define NO_ERROR_STRINGS + #define HAVE_ECC + #define NO_SESSION_CACHE + #define NO_ERROR_STRINGS + #define XMALLOC_USER + #define XMALLOC(sz, heap, type) os_malloc(sz) + #define XREALLOC(p, sz, heap, type) os_realloc(p, sz) + #define XFREE(p, heap, type) os_free(p) + +#endif /*(WOLFSSL_APACHE_MYNEWT)*/ + +#ifdef WOLFSSL_ZEPHYR + #include + #include + #include + #include + + #define WOLFSSL_DH_CONST + #define WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MAX + #define NO_WRITEV + + #define USE_FLAT_BENCHMARK_H + #define USE_FLAT_TEST_H + #define EXIT_FAILURE 1 + #define MAIN_NO_ARGS + + void *z_realloc(void *ptr, size_t size); + #define realloc z_realloc + + #define CONFIG_NET_SOCKETS_POSIX_NAMES +#endif + +#ifdef WOLFSSL_IMX6 + #ifndef SIZEOF_LONG_LONG + #define SIZEOF_LONG_LONG 8 + #endif +#endif + +/* if defined turn on all CAAM support */ +#ifdef WOLFSSL_IMX6_CAAM + #undef WOLFSSL_IMX6_CAAM_RNG + #define WOLFSSL_IMX6_CAAM_RNG + + #undef WOLFSSL_IMX6_CAAM_BLOB + #define WOLFSSL_IMX6_CAAM_BLOB + +#if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_XTS) + /* large performance gain with HAVE_AES_ECB defined */ + #undef HAVE_AES_ECB + #define HAVE_AES_ECB +#endif +#endif + +#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \ + !defined(WOLFSSL_LEANPSK) && !defined(NO_WOLFSSL_MEMORY) && \ + !defined(XMALLOC_OVERRIDE) + #define USE_WOLFSSL_MEMORY +#endif + + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) + #undef KEEP_PEER_CERT + #define KEEP_PEER_CERT +#endif + + +/* stream ciphers except arc4 need 32bit alignment, intel ok without */ +#ifndef XSTREAM_ALIGN + #if defined(__x86_64__) || defined(__ia64__) || defined(__i386__) + #define NO_XSTREAM_ALIGN + #else + #define XSTREAM_ALIGN + #endif +#endif + +/* write dup cannot be used with secure renegotiation because write dup + * make write side write only and read side read only */ +#if defined(HAVE_WRITE_DUP) && defined(HAVE_SECURE_RENEGOTIATION) + #error "WRITE DUP and SECURE RENEGOTIATION cannot both be on" +#endif + +#ifdef WOLFSSL_SGX + #ifdef _MSC_VER + #define NO_RC4 + #ifndef HAVE_FIPS + #define WOLFCRYPT_ONLY + #define NO_DES3 + #define NO_SHA + #define NO_MD5 + #else + #define TFM_TIMING_RESISTANT + #define NO_WOLFSSL_DIR + #define NO_WRITEV + #define NO_MAIN_DRIVER + #define WOLFSSL_LOG_PRINTF + #define WOLFSSL_DH_CONST + #endif + #else + #define HAVE_ECC + #define NO_WRITEV + #define NO_MAIN_DRIVER + #define USER_TICKS + #define WOLFSSL_LOG_PRINTF + #define WOLFSSL_DH_CONST + #endif /* _MSC_VER */ + #if !defined(HAVE_FIPS) && !defined(NO_RSA) + #define WC_RSA_BLINDING + #endif + + #define NO_FILESYSTEM + #define ECC_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + #define SINGLE_THREADED + #define NO_ASN_TIME /* can not use headers such as windows.h */ + #define HAVE_AESGCM + #define USE_CERT_BUFFERS_2048 + #define USE_FAST_MATH +#endif /* WOLFSSL_SGX */ + +/* FreeScale MMCAU hardware crypto has 4 byte alignment. + However, KSDK fsl_mmcau.h gives API with no alignment + requirements (4 byte alignment is managed internally by fsl_mmcau.c) */ +#ifdef FREESCALE_MMCAU + #ifdef FREESCALE_MMCAU_CLASSIC + #define WOLFSSL_MMCAU_ALIGNMENT 4 + #else + #define WOLFSSL_MMCAU_ALIGNMENT 0 + #endif +#endif + +/* if using hardware crypto and have alignment requirements, specify the + requirement here. The record header of SSL/TLS will prevent easy alignment. + This hint tries to help as much as possible. */ +#ifndef WOLFSSL_GENERAL_ALIGNMENT + #ifdef WOLFSSL_AESNI + #define WOLFSSL_GENERAL_ALIGNMENT 16 + #elif defined(XSTREAM_ALIGN) + #define WOLFSSL_GENERAL_ALIGNMENT 4 + #elif defined(FREESCALE_MMCAU) || defined(FREESCALE_MMCAU_CLASSIC) + #define WOLFSSL_GENERAL_ALIGNMENT WOLFSSL_MMCAU_ALIGNMENT + #else + #define WOLFSSL_GENERAL_ALIGNMENT 0 + #endif +#endif + +#if defined(WOLFSSL_GENERAL_ALIGNMENT) && (WOLFSSL_GENERAL_ALIGNMENT > 0) + #if defined(_MSC_VER) + #define XGEN_ALIGN __declspec(align(WOLFSSL_GENERAL_ALIGNMENT)) + #elif defined(__GNUC__) + #define XGEN_ALIGN __attribute__((aligned(WOLFSSL_GENERAL_ALIGNMENT))) + #else + #define XGEN_ALIGN + #endif +#else + #define XGEN_ALIGN +#endif + +#ifdef HAVE_CRL + /* not widely supported yet */ + #undef NO_SKID + #define NO_SKID +#endif + + +#ifdef __INTEL_COMPILER + #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */ +#endif + +/* user can specify what curves they want with ECC_USER_CURVES otherwise + * all curves are on by default for now */ +#ifndef ECC_USER_CURVES + #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_ALL_CURVES) + #define HAVE_ALL_CURVES + #endif +#endif + +/* ECC Configs */ +#ifdef HAVE_ECC + /* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */ + #ifndef NO_ECC_SIGN + #undef HAVE_ECC_SIGN + #define HAVE_ECC_SIGN + #endif + #ifndef NO_ECC_VERIFY + #undef HAVE_ECC_VERIFY + #define HAVE_ECC_VERIFY + #endif + #ifndef NO_ECC_CHECK_KEY + #undef HAVE_ECC_CHECK_KEY + #define HAVE_ECC_CHECK_KEY + #endif + #ifndef NO_ECC_DHE + #undef HAVE_ECC_DHE + #define HAVE_ECC_DHE + #endif + #ifndef NO_ECC_KEY_IMPORT + #undef HAVE_ECC_KEY_IMPORT + #define HAVE_ECC_KEY_IMPORT + #endif + #ifndef NO_ECC_KEY_EXPORT + #undef HAVE_ECC_KEY_EXPORT + #define HAVE_ECC_KEY_EXPORT + #endif +#endif /* HAVE_ECC */ + +/* Curve255519 Configs */ +#ifdef HAVE_CURVE25519 + /* By default enable shared secret, key export and import */ + #ifndef NO_CURVE25519_SHARED_SECRET + #undef HAVE_CURVE25519_SHARED_SECRET + #define HAVE_CURVE25519_SHARED_SECRET + #endif + #ifndef NO_CURVE25519_KEY_EXPORT + #undef HAVE_CURVE25519_KEY_EXPORT + #define HAVE_CURVE25519_KEY_EXPORT + #endif + #ifndef NO_CURVE25519_KEY_IMPORT + #undef HAVE_CURVE25519_KEY_IMPORT + #define HAVE_CURVE25519_KEY_IMPORT + #endif +#endif /* HAVE_CURVE25519 */ + +/* Ed255519 Configs */ +#ifdef HAVE_ED25519 + /* By default enable sign, verify, key export and import */ + #ifndef NO_ED25519_SIGN + #undef HAVE_ED25519_SIGN + #define HAVE_ED25519_SIGN + #endif + #ifndef NO_ED25519_VERIFY + #undef HAVE_ED25519_VERIFY + #define HAVE_ED25519_VERIFY + #endif + #ifndef NO_ED25519_KEY_EXPORT + #undef HAVE_ED25519_KEY_EXPORT + #define HAVE_ED25519_KEY_EXPORT + #endif + #ifndef NO_ED25519_KEY_IMPORT + #undef HAVE_ED25519_KEY_IMPORT + #define HAVE_ED25519_KEY_IMPORT + #endif +#endif /* HAVE_ED25519 */ + +/* AES Config */ +#ifndef NO_AES + /* By default enable all AES key sizes, decryption and CBC */ + #ifndef AES_MAX_KEY_SIZE + #undef AES_MAX_KEY_SIZE + #define AES_MAX_KEY_SIZE 256 + #endif + + #ifndef NO_AES_128 + #undef WOLFSSL_AES_128 + #define WOLFSSL_AES_128 + #endif + #if !defined(NO_AES_192) && AES_MAX_KEY_SIZE >= 192 + #undef WOLFSSL_AES_192 + #define WOLFSSL_AES_192 + #endif + #if !defined(NO_AES_256) && AES_MAX_KEY_SIZE >= 256 + #undef WOLFSSL_AES_256 + #define WOLFSSL_AES_256 + #endif + #if !defined(WOLFSSL_AES_128) && defined(HAVE_ECC_ENCRYPT) + #warning HAVE_ECC_ENCRYPT uses AES 128 bit keys + #endif + + #ifndef NO_AES_DECRYPT + #undef HAVE_AES_DECRYPT + #define HAVE_AES_DECRYPT + #endif + #ifndef NO_AES_CBC + #undef HAVE_AES_CBC + #define HAVE_AES_CBC + #endif + #ifdef WOLFSSL_AES_XTS + /* AES-XTS makes calls to AES direct functions */ + #ifndef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT + #endif + #endif + #ifdef WOLFSSL_AES_CFB + /* AES-CFB makes calls to AES direct functions */ + #ifndef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT + #endif + #endif +#endif + +#if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \ + (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \ + !defined(HAVE_CAMELLIA) && !defined(HAVE_IDEA) && \ + !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128)) + #define WOLFSSL_AEAD_ONLY +#endif + +#if !defined(NO_DH) && !defined(HAVE_FFDHE) + #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #define HAVE_FFDHE + #endif +#endif +#if defined(HAVE_FFDHE_8192) + #define MIN_FFDHE_FP_MAX_BITS 16384 +#elif defined(HAVE_FFDHE_6144) + #define MIN_FFDHE_FP_MAX_BITS 12288 +#elif defined(HAVE_FFDHE_4096) + #define MIN_FFDHE_FP_MAX_BITS 8192 +#elif defined(HAVE_FFDHE_3072) + #define MIN_FFDHE_FP_MAX_BITS 6144 +#elif defined(HAVE_FFDHE_2048) + #define MIN_FFDHE_FP_MAX_BITS 4096 +#else + #define MIN_FFDHE_FP_MAX_BITS 0 +#endif +#if defined(HAVE_FFDHE) && defined(FP_MAX_BITS) + #if MIN_FFDHE_FP_MAX_BITS > FP_MAX_BITS + #error "FFDHE parameters are too large for FP_MAX_BIT as set" + #endif +#endif + +/* if desktop type system and fastmath increase default max bits */ +#ifdef WOLFSSL_X86_64_BUILD + #if defined(USE_FAST_MATH) && !defined(FP_MAX_BITS) + #if MIN_FFDHE_FP_MAX_BITS <= 8192 + #define FP_MAX_BITS 8192 + #else + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif + #endif +#endif + +/* If using the max strength build, ensure OLD TLS is disabled. */ +#ifdef WOLFSSL_MAX_STRENGTH + #undef NO_OLD_TLS + #define NO_OLD_TLS +#endif + + +/* Default AES minimum auth tag sz, allow user to override */ +#ifndef WOLFSSL_MIN_AUTH_TAG_SZ + #define WOLFSSL_MIN_AUTH_TAG_SZ 12 +#endif + + +/* sniffer requires: + * static RSA cipher suites + * session stats and peak stats + */ +#ifdef WOLFSSL_SNIFFER + #ifndef WOLFSSL_STATIC_RSA + #define WOLFSSL_STATIC_RSA + #endif + #ifndef WOLFSSL_STATIC_DH + #define WOLFSSL_STATIC_DH + #endif + /* Allow option to be disabled. */ + #ifndef WOLFSSL_NO_SESSION_STATS + #ifndef WOLFSSL_SESSION_STATS + #define WOLFSSL_SESSION_STATS + #endif + #ifndef WOLFSSL_PEAK_SESSIONS + #define WOLFSSL_PEAK_SESSIONS + #endif + #endif +#endif + +/* Decode Public Key extras on by default, user can turn off with + * WOLFSSL_NO_DECODE_EXTRA */ +#ifndef WOLFSSL_NO_DECODE_EXTRA + #ifndef RSA_DECODE_EXTRA + #define RSA_DECODE_EXTRA + #endif + #ifndef ECC_DECODE_EXTRA + #define ECC_DECODE_EXTRA + #endif +#endif + +/* C Sharp wrapper defines */ +#ifdef HAVE_CSHARP + #ifndef WOLFSSL_DTLS + #define WOLFSSL_DTLS + #endif + #undef NO_PSK + #undef NO_SHA256 + #undef NO_DH +#endif + +/* Asynchronous Crypto */ +#ifdef WOLFSSL_ASYNC_CRYPT + /* Make sure wolf events are enabled */ + #undef HAVE_WOLF_EVENT + #define HAVE_WOLF_EVENT + + #ifdef WOLFSSL_ASYNC_CRYPT_TEST + #define WC_ASYNC_DEV_SIZE 168 + #else + #define WC_ASYNC_DEV_SIZE 336 + #endif + + #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \ + !defined(WOLFSSL_ASYNC_CRYPT_TEST) + #error No async hardware defined with WOLFSSL_ASYNC_CRYPT! + #endif + + /* Enable ECC_CACHE_CURVE for ASYNC */ + #if !defined(ECC_CACHE_CURVE) + #define ECC_CACHE_CURVE + #endif +#endif /* WOLFSSL_ASYNC_CRYPT */ +#ifndef WC_ASYNC_DEV_SIZE + #define WC_ASYNC_DEV_SIZE 0 +#endif + +/* leantls checks */ +#ifdef WOLFSSL_LEANTLS + #ifndef HAVE_ECC + #error leantls build needs ECC + #endif +#endif /* WOLFSSL_LEANTLS*/ + +/* restriction with static memory */ +#ifdef WOLFSSL_STATIC_MEMORY + #if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY) + #error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY + #endif + #if !defined(USE_FAST_MATH) && !defined(NO_BIG_INT) + #error static memory requires fast math please define USE_FAST_MATH + #endif + #ifdef WOLFSSL_SMALL_STACK + #error static memory does not support small stack please undefine + #endif +#endif /* WOLFSSL_STATIC_MEMORY */ + +#ifdef HAVE_AES_KEYWRAP + #ifndef WOLFSSL_AES_DIRECT + #error AES key wrap requires AES direct please define WOLFSSL_AES_DIRECT + #endif +#endif + +#ifdef HAVE_PKCS7 + #if defined(NO_AES) && defined(NO_DES3) + #error PKCS7 needs either AES or 3DES enabled, please enable one + #endif + #ifndef HAVE_AES_KEYWRAP + #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP + #endif + #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF) + #error PKCS7 requires X963 KDF please define HAVE_X963_KDF + #endif +#endif + +#ifndef NO_PKCS12 + #undef HAVE_PKCS12 + #define HAVE_PKCS12 +#endif + +#ifndef NO_PKCS8 + #undef HAVE_PKCS8 + #define HAVE_PKCS8 +#endif + +#if !defined(NO_PBKDF1) || defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8) || defined(HAVE_PKCS12) + #undef HAVE_PBKDF1 + #define HAVE_PBKDF1 +#endif + +#if !defined(NO_PBKDF2) || defined(HAVE_PKCS7) || defined(HAVE_SCRYPT) + #undef HAVE_PBKDF2 + #define HAVE_PBKDF2 +#endif + + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_OLD_TLS) && \ + (defined(NO_SHA) || defined(NO_MD5)) + #error old TLS requires MD5 and SHA +#endif + +/* for backwards compatibility */ +#if defined(TEST_IPV6) && !defined(WOLFSSL_IPV6) + #define WOLFSSL_IPV6 +#endif + + +/* Place any other flags or defines here */ + +#if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \ + && defined(HAVE_GMTIME_R) + #undef HAVE_GMTIME_R /* don't trust macro with windows */ +#endif /* WOLFSSL_MYSQL_COMPATIBLE */ + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION + #define OPENSSL_NO_ENGINE + #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + #ifndef OPENSSL_EXTRA + #define OPENSSL_EXTRA + #endif + #ifndef HAVE_SESSION_TICKET + #define HAVE_SESSION_TICKET + #endif + #ifndef HAVE_OCSP + #define HAVE_OCSP + #endif + #ifndef KEEP_OUR_CERT + #define KEEP_OUR_CERT + #endif + #ifndef HAVE_SNI + #define HAVE_SNI + #endif +#endif + +#if defined(WOLFSSL_NGINX) + #define SSL_CTRL_SET_TLSEXT_HOSTNAME +#endif + + +/* both CURVE and ED small math should be enabled */ +#ifdef CURVED25519_SMALL + #define CURVE25519_SMALL + #define ED25519_SMALL +#endif + + +#ifndef WOLFSSL_ALERT_COUNT_MAX + #define WOLFSSL_ALERT_COUNT_MAX 5 +#endif + +/* warning for not using harden build options (default with ./configure) */ +#ifndef WC_NO_HARDEN + #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ + (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ + (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \ + !defined(WC_NO_RNG)) + + /*#ifndef _MSC_VER + #warning "For timing resistance / side-channel attack prevention consider using harden options" + #else + #pragma message("Warning: For timing resistance / side-channel attack prevention consider using harden options") + #endif*/ + #endif +#endif + +#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) + /* added to have compatibility with SHA256() */ + #if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + #define NO_OLD_SHA_NAMES + #endif +#endif + +/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509 + * When opensslextra is enabled all subparts should be turned on. */ +#ifdef OPENSSL_EXTRA + #undef OPENSSL_EXTRA_X509_SMALL + #define OPENSSL_EXTRA_X509_SMALL +#endif /* OPENSSL_EXTRA */ + +/* support for converting DER to PEM */ +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || \ + defined(OPENSSL_EXTRA) + #undef WOLFSSL_DER_TO_PEM + #define WOLFSSL_DER_TO_PEM +#endif + +/* keep backwards compatibility enabling encrypted private key */ +#ifndef WOLFSSL_ENCRYPTED_KEYS + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) + #define WOLFSSL_ENCRYPTED_KEYS + #endif +#endif + +/* support for disabling PEM to DER */ +#if !defined(WOLFSSL_NO_PEM) + #undef WOLFSSL_PEM_TO_DER + #define WOLFSSL_PEM_TO_DER +#endif + +/* Parts of the openssl compatibility layer require peer certs */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #undef KEEP_PEER_CERT + #define KEEP_PEER_CERT +#endif + +/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/ +#ifdef WOLFSSL_ARMASM + #undef WOLFSSL_NO_HASH_RAW + #define WOLFSSL_NO_HASH_RAW +#endif + +#if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \ + !defined(WOLFSSL_SHA3) + #undef WOLFSSL_NO_WORD64_OPS + #define WOLFSSL_NO_WORD64_OPS +#endif + +#if !defined(WOLFCRYPT_ONLY) && !defined(WOLFSSL_NO_TLS12) + #undef WOLFSSL_HAVE_PRF + #define WOLFSSL_HAVE_PRF +#endif + +#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_CAMELLIA) && \ + !defined(WOLFSSL_HAVE_PRF) && defined(NO_PWDBASED) && !defined(HAVE_IDEA) + #undef WOLFSSL_NO_XOR_OPS + #define WOLFSSL_NO_XOR_OPS +#endif + +#if defined(NO_ASN) && defined(WOLFCRYPT_ONLY) + #undef WOLFSSL_NO_INT_ENCODE + #define WOLFSSL_NO_INT_ENCODE + #undef WOLFSSL_NO_INT_DECODE + #define WOLFSSL_NO_INT_DECODE +#endif + +#if defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + defined(WC_NO_RSA_OAEP) + #undef WOLFSSL_NO_CT_OPS + #define WOLFSSL_NO_CT_OPS +#endif + +#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(HAVE_CURVE25519) && \ + defined(WC_NO_RNG) && defined(WC_NO_RSA_OAEP) + #undef WOLFSSL_NO_CONST_CMP + #define WOLFSSL_NO_CONST_CMP +#endif + +#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \ + !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \ + defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_RSA_PUBLIC_ONLY) + #undef WOLFSSL_NO_FORCE_ZERO + #define WOLFSSL_NO_FORCE_ZERO +#endif + +/* Detect old cryptodev name */ +#if defined(WOLF_CRYPTO_DEV) && !defined(WOLF_CRYPTO_CB) + #define WOLF_CRYPTO_CB +#endif + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_SIGALG) + #error TLS 1.3 requires the Signature Algorithms extension to be enabled +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif diff --git a/source/libwolfssl/wolfcrypt/sha.h b/source/libwolfssl/wolfcrypt/sha.h new file mode 100644 index 00000000..24999a54 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/sha.h @@ -0,0 +1,178 @@ +/* sha.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/sha.h +*/ + + +#ifndef WOLF_CRYPT_SHA_H +#define WOLF_CRYPT_SHA_H + +#include + +#ifndef NO_SHA + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) +#define wc_Sha Sha +#define WC_SHA SHA +#define WC_SHA_BLOCK_SIZE SHA_BLOCK_SIZE +#define WC_SHA_DIGEST_SIZE SHA_DIGEST_SIZE +#define WC_SHA_PAD_SIZE SHA_PAD_SIZE + +/* for fips @wc_fips */ +#include +#endif + +#ifdef FREESCALE_LTC_SHA + #include "fsl_ltc.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifdef WOLFSSL_MICROCHIP_PIC32MZ + #include +#endif +#ifdef STM32_HASH + #include +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif +#ifdef WOLFSSL_ESP32WROOM32_CRYPT + #include +#endif + +#if !defined(NO_OLD_SHA_NAMES) + #define SHA WC_SHA +#endif + +#ifndef NO_OLD_WC_NAMES + #define Sha wc_Sha + #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE + #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE + #define SHA_PAD_SIZE WC_SHA_PAD_SIZE +#endif + +/* in bytes */ +enum { + WC_SHA = WC_HASH_TYPE_SHA, + WC_SHA_BLOCK_SIZE = 64, + WC_SHA_DIGEST_SIZE = 20, + WC_SHA_PAD_SIZE = 56 +}; + + +#if defined(WOLFSSL_TI_HASH) + #include "wolfssl/wolfcrypt/port/ti/ti-hash.h" + +#elif defined(WOLFSSL_IMX6_CAAM) + #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" +#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) + #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" +#else + +/* Sha digest */ +struct wc_Sha { +#ifdef FREESCALE_LTC_SHA + ltc_hash_ctx_t ctx; +#elif defined(STM32_HASH) + STM32_HASH_Context stmCtx; +#else + word32 buffLen; /* in bytes */ + word32 loLen; /* length in bytes */ + word32 hiLen; /* length in bytes */ + word32 buffer[WC_SHA_BLOCK_SIZE / sizeof(word32)]; + #ifdef WOLFSSL_PIC32MZ_HASH + word32 digest[PIC32_DIGEST_SIZE / sizeof(word32)]; + #else + word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; + #endif + void* heap; + #ifdef WOLFSSL_PIC32MZ_HASH + hashUpdCache cache; /* cache for updates */ + #endif + #ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; + #endif /* WOLFSSL_ASYNC_CRYPT */ + #ifdef WOLF_CRYPTO_CB + int devId; + void* devCtx; /* generic crypto callback context */ + #endif +#endif +#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ + !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) + WC_ESP32SHA ctx; +#endif +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + word32 flags; /* enum wc_HashFlags in hash.h */ +#endif +}; + +#ifndef WC_SHA_TYPE_DEFINED + typedef struct wc_Sha wc_Sha; + #define WC_SHA_TYPE_DEFINED +#endif + +#endif /* WOLFSSL_TI_HASH */ + + +#endif /* HAVE_FIPS */ + +WOLFSSL_API int wc_InitSha(wc_Sha*); +WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); +WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32); +WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*); +WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*); +WOLFSSL_API void wc_ShaFree(wc_Sha*); + +WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*); +WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*); + +#ifdef WOLFSSL_PIC32MZ_HASH +WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len); +#endif + +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wc_ShaSetFlags(wc_Sha* sha, word32 flags); + WOLFSSL_API int wc_ShaGetFlags(wc_Sha* sha, word32* flags); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_SHA */ +#endif /* WOLF_CRYPT_SHA_H */ + diff --git a/source/libwolfssl/wolfcrypt/sha256.h b/source/libwolfssl/wolfcrypt/sha256.h new file mode 100644 index 00000000..4784c788 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/sha256.h @@ -0,0 +1,255 @@ +/* sha256.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/sha256.h +*/ + + + +#ifndef WOLF_CRYPT_SHA256_H +#define WOLF_CRYPT_SHA256_H + +#include + +#ifndef NO_SHA256 + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + #define wc_Sha256 Sha256 + #define WC_SHA256 SHA256 + #define WC_SHA256_BLOCK_SIZE SHA256_BLOCK_SIZE + #define WC_SHA256_DIGEST_SIZE SHA256_DIGEST_SIZE + #define WC_SHA256_PAD_SIZE SHA256_PAD_SIZE + + #ifdef WOLFSSL_SHA224 + #define wc_Sha224 Sha224 + #define WC_SHA224 SHA224 + #define WC_SHA224_BLOCK_SIZE SHA224_BLOCK_SIZE + #define WC_SHA224_DIGEST_SIZE SHA224_DIGEST_SIZE + #define WC_SHA224_PAD_SIZE SHA224_PAD_SIZE + #endif + + /* for fips @wc_fips */ + #include +#endif + +#ifdef FREESCALE_LTC_SHA + #include "fsl_ltc.h" +#endif + + +#ifdef __cplusplus + extern "C" { +#endif + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifdef WOLFSSL_MICROCHIP_PIC32MZ + #include +#endif +#ifdef STM32_HASH + #include +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif +#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_DEVCRYPTO_HASH) + #include +#endif +#if defined(WOLFSSL_ESP32WROOM32_CRYPT) + #include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h" +#endif +#if defined(WOLFSSL_CRYPTOCELL) + #include +#endif + +#if defined(_MSC_VER) + #define SHA256_NOINLINE __declspec(noinline) +#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define SHA256_NOINLINE __attribute__((noinline)) +#else + #define SHA256_NOINLINE +#endif + +#if !defined(NO_OLD_SHA_NAMES) + #define SHA256 WC_SHA256 +#endif + +#ifndef NO_OLD_WC_NAMES + #define Sha256 wc_Sha256 + #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE + #define SHA256_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define SHA256_PAD_SIZE WC_SHA256_PAD_SIZE +#endif + +/* in bytes */ +enum { + WC_SHA256 = WC_HASH_TYPE_SHA256, + WC_SHA256_BLOCK_SIZE = 64, + WC_SHA256_DIGEST_SIZE = 32, + WC_SHA256_PAD_SIZE = 56 +}; + + +#ifdef WOLFSSL_TI_HASH + #include "wolfssl/wolfcrypt/port/ti/ti-hash.h" +#elif defined(WOLFSSL_IMX6_CAAM) + #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" +#elif defined(WOLFSSL_AFALG_HASH) + #include "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h" +#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) + #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" +#else + +/* wc_Sha256 digest */ +struct wc_Sha256 { +#ifdef FREESCALE_LTC_SHA + ltc_hash_ctx_t ctx; +#elif defined(STM32_HASH) + STM32_HASH_Context stmCtx; +#else + /* alignment on digest and buffer speeds up ARMv8 crypto operations */ + ALIGN16 word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + ALIGN16 word32 buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32)]; + word32 buffLen; /* in bytes */ + word32 loLen; /* length in bytes */ + word32 hiLen; /* length in bytes */ + void* heap; +#ifdef WOLFSSL_PIC32MZ_HASH + hashUpdCache cache; /* cache for updates */ +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLFSSL_SMALL_STACK_CACHE + word32* W; +#endif +#ifdef WOLFSSL_DEVCRYPTO_HASH + WC_CRYPTODEV ctx; + byte* msg; + word32 used; + word32 len; +#endif +#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ + !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) + WC_ESP32SHA ctx; +#endif +#ifdef WOLFSSL_CRYPTOCELL + CRYS_HASHUserContext_t ctx; +#endif +#ifdef WOLF_CRYPTO_CB + int devId; + void* devCtx; /* generic crypto callback context */ +#endif +#endif +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + word32 flags; /* enum wc_HashFlags in hash.h */ +#endif +}; + +#ifndef WC_SHA256_TYPE_DEFINED + typedef struct wc_Sha256 wc_Sha256; + #define WC_SHA256_TYPE_DEFINED +#endif + +#endif + +#endif /* HAVE_FIPS */ + +WOLFSSL_API int wc_InitSha256(wc_Sha256*); +WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int); +WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32); +WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*); +WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*); +WOLFSSL_API void wc_Sha256Free(wc_Sha256*); + +WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*); +WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst); + +#ifdef WOLFSSL_PIC32MZ_HASH +WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32); +#endif + +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags); + WOLFSSL_API int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags); +#endif + +#ifdef WOLFSSL_SHA224 +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifndef NO_OLD_WC_NAMES + #define Sha224 wc_Sha224 + #define SHA224 WC_SHA224 + #define SHA224_BLOCK_SIZE WC_SHA224_BLOCK_SIZE + #define SHA224_DIGEST_SIZE WC_SHA224_DIGEST_SIZE + #define SHA224_PAD_SIZE WC_SHA224_PAD_SIZE +#endif + +/* in bytes */ +enum { + WC_SHA224 = WC_HASH_TYPE_SHA224, + WC_SHA224_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE, + WC_SHA224_DIGEST_SIZE = 28, + WC_SHA224_PAD_SIZE = WC_SHA256_PAD_SIZE +}; + + +#ifndef WC_SHA224_TYPE_DEFINED + typedef struct wc_Sha256 wc_Sha224; + #define WC_SHA224_TYPE_DEFINED +#endif +#endif /* HAVE_FIPS */ + +WOLFSSL_API int wc_InitSha224(wc_Sha224*); +WOLFSSL_API int wc_InitSha224_ex(wc_Sha224*, void*, int); +WOLFSSL_API int wc_Sha224Update(wc_Sha224*, const byte*, word32); +WOLFSSL_API int wc_Sha224Final(wc_Sha224*, byte*); +WOLFSSL_API void wc_Sha224Free(wc_Sha224*); + +WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*); +WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst); + +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags); + WOLFSSL_API int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags); +#endif + +#endif /* WOLFSSL_SHA224 */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* NO_SHA256 */ +#endif /* WOLF_CRYPT_SHA256_H */ + diff --git a/source/libwolfssl/wolfcrypt/sha3.h b/source/libwolfssl/wolfcrypt/sha3.h new file mode 100644 index 00000000..864071dd --- /dev/null +++ b/source/libwolfssl/wolfcrypt/sha3.h @@ -0,0 +1,157 @@ +/* sha3.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_SHA3_H +#define WOLF_CRYPT_SHA3_H + +#include + +#ifdef WOLFSSL_SHA3 + +#ifdef HAVE_FIPS + /* for fips @wc_fips */ + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +/* in bytes */ +enum { + WC_SHA3_224 = WC_HASH_TYPE_SHA3_224, + WC_SHA3_224_DIGEST_SIZE = 28, + WC_SHA3_224_COUNT = 18, + + WC_SHA3_256 = WC_HASH_TYPE_SHA3_256, + WC_SHA3_256_DIGEST_SIZE = 32, + WC_SHA3_256_COUNT = 17, + + WC_SHA3_384 = WC_HASH_TYPE_SHA3_384, + WC_SHA3_384_DIGEST_SIZE = 48, + WC_SHA3_384_COUNT = 13, + + WC_SHA3_512 = WC_HASH_TYPE_SHA3_512, + WC_SHA3_512_DIGEST_SIZE = 64, + WC_SHA3_512_COUNT = 9, + +#ifndef HAVE_SELFTEST + /* These values are used for HMAC, not SHA-3 directly. + * They come from from FIPS PUB 202. */ + WC_SHA3_224_BLOCK_SIZE = 144, + WC_SHA3_256_BLOCK_SIZE = 136, + WC_SHA3_384_BLOCK_SIZE = 104, + WC_SHA3_512_BLOCK_SIZE = 72, +#endif +}; + +#ifndef NO_OLD_WC_NAMES + #define SHA3_224 WC_SHA3_224 + #define SHA3_224_DIGEST_SIZE WC_SHA3_224_DIGEST_SIZE + #define SHA3_256 WC_SHA3_256 + #define SHA3_256_DIGEST_SIZE WC_SHA3_256_DIGEST_SIZE + #define SHA3_384 WC_SHA3_384 + #define SHA3_384_DIGEST_SIZE WC_SHA3_384_DIGEST_SIZE + #define SHA3_512 WC_SHA3_512 + #define SHA3_512_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE + #define Sha3 wc_Sha3 +#endif + + + +#ifdef WOLFSSL_XILINX_CRYPT + #include "wolfssl/wolfcrypt/port/xilinx/xil-sha3.h" +#elif defined(WOLFSSL_AFALG_XILINX_SHA3) + #include +#else + +/* Sha3 digest */ +struct Sha3 { + /* State data that is processed for each block. */ + word64 s[25]; + /* Unprocessed message data. */ + byte t[200]; + /* Index into unprocessed data to place next message byte. */ + byte i; + + void* heap; + +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif /* WOLFSSL_ASYNC_CRYPT */ +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + word32 flags; /* enum wc_HashFlags in hash.h */ +#endif +}; + +#ifndef WC_SHA3_TYPE_DEFINED + typedef struct Sha3 wc_Sha3; + #define WC_SHA3_TYPE_DEFINED +#endif + +#endif + + +WOLFSSL_API int wc_InitSha3_224(wc_Sha3*, void*, int); +WOLFSSL_API int wc_Sha3_224_Update(wc_Sha3*, const byte*, word32); +WOLFSSL_API int wc_Sha3_224_Final(wc_Sha3*, byte*); +WOLFSSL_API void wc_Sha3_224_Free(wc_Sha3*); +WOLFSSL_API int wc_Sha3_224_GetHash(wc_Sha3*, byte*); +WOLFSSL_API int wc_Sha3_224_Copy(wc_Sha3* src, wc_Sha3* dst); + +WOLFSSL_API int wc_InitSha3_256(wc_Sha3*, void*, int); +WOLFSSL_API int wc_Sha3_256_Update(wc_Sha3*, const byte*, word32); +WOLFSSL_API int wc_Sha3_256_Final(wc_Sha3*, byte*); +WOLFSSL_API void wc_Sha3_256_Free(wc_Sha3*); +WOLFSSL_API int wc_Sha3_256_GetHash(wc_Sha3*, byte*); +WOLFSSL_API int wc_Sha3_256_Copy(wc_Sha3* src, wc_Sha3* dst); + +WOLFSSL_API int wc_InitSha3_384(wc_Sha3*, void*, int); +WOLFSSL_API int wc_Sha3_384_Update(wc_Sha3*, const byte*, word32); +WOLFSSL_API int wc_Sha3_384_Final(wc_Sha3*, byte*); +WOLFSSL_API void wc_Sha3_384_Free(wc_Sha3*); +WOLFSSL_API int wc_Sha3_384_GetHash(wc_Sha3*, byte*); +WOLFSSL_API int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst); + +WOLFSSL_API int wc_InitSha3_512(wc_Sha3*, void*, int); +WOLFSSL_API int wc_Sha3_512_Update(wc_Sha3*, const byte*, word32); +WOLFSSL_API int wc_Sha3_512_Final(wc_Sha3*, byte*); +WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3*); +WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3*, byte*); +WOLFSSL_API int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst); + +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags); + WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_SHA3 */ +#endif /* WOLF_CRYPT_SHA3_H */ + diff --git a/source/libwolfssl/wolfcrypt/sha512.h b/source/libwolfssl/wolfcrypt/sha512.h new file mode 100644 index 00000000..0fba6816 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/sha512.h @@ -0,0 +1,228 @@ +/* sha512.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/sha512.h +*/ + + +#ifndef WOLF_CRYPT_SHA512_H +#define WOLF_CRYPT_SHA512_H + +#include + +#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + #ifdef WOLFSSL_SHA512 + #define wc_Sha512 Sha512 + #define WC_SHA512 SHA512 + #define WC_SHA512_BLOCK_SIZE SHA512_BLOCK_SIZE + #define WC_SHA512_DIGEST_SIZE SHA512_DIGEST_SIZE + #define WC_SHA512_PAD_SIZE SHA512_PAD_SIZE + #endif /* WOLFSSL_SHA512 */ + #ifdef WOLFSSL_SHA384 + #define wc_Sha384 Sha384 + #define WC_SHA384 SHA384 + #define WC_SHA384_BLOCK_SIZE SHA384_BLOCK_SIZE + #define WC_SHA384_DIGEST_SIZE SHA384_DIGEST_SIZE + #define WC_SHA384_PAD_SIZE SHA384_PAD_SIZE + #endif /* WOLFSSL_SHA384 */ + + #define CYASSL_SHA512 + #if defined(WOLFSSL_SHA384) + #define CYASSL_SHA384 + #endif + /* for fips @wc_fips */ + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif +#ifdef WOLFSSL_ESP32WROOM32_CRYPT + #include +#endif +#if defined(_MSC_VER) + #define SHA512_NOINLINE __declspec(noinline) +#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define SHA512_NOINLINE __attribute__((noinline)) +#else + #define SHA512_NOINLINE +#endif + +#ifdef WOLFSSL_SHA512 + +#if !defined(NO_OLD_SHA_NAMES) + #define SHA512 WC_SHA512 +#endif + +#if !defined(NO_OLD_WC_NAMES) + #define Sha512 wc_Sha512 + #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE + #define SHA512_DIGEST_SIZE WC_SHA512_DIGEST_SIZE + #define SHA512_PAD_SIZE WC_SHA512_PAD_SIZE +#endif + +#endif /* WOLFSSL_SHA512 */ + +/* in bytes */ +enum { +#ifdef WOLFSSL_SHA512 + WC_SHA512 = WC_HASH_TYPE_SHA512, +#endif + WC_SHA512_BLOCK_SIZE = 128, + WC_SHA512_DIGEST_SIZE = 64, + WC_SHA512_PAD_SIZE = 112 +}; + + +#ifdef WOLFSSL_IMX6_CAAM + #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" +#else +/* wc_Sha512 digest */ +struct wc_Sha512 { + word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; + word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; + word32 buffLen; /* in bytes */ + word64 loLen; /* length in bytes */ + word64 hiLen; /* length in bytes */ + void* heap; +#ifdef USE_INTEL_SPEEDUP + const byte* data; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV asyncDev; +#endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLFSSL_SMALL_STACK_CACHE + word64* W; +#endif +#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ + !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) + WC_ESP32SHA ctx; +#endif +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + word32 flags; /* enum wc_HashFlags in hash.h */ +#endif +}; + +#ifndef WC_SHA512_TYPE_DEFINED + typedef struct wc_Sha512 wc_Sha512; + #define WC_SHA512_TYPE_DEFINED +#endif +#endif + +#endif /* HAVE_FIPS */ + +#ifdef WOLFSSL_ARMASM +WOLFSSL_LOCAL void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, + word32 len); +#endif + +#ifdef WOLFSSL_SHA512 + +WOLFSSL_API int wc_InitSha512(wc_Sha512*); +WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int); +WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32); +WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512*, byte*); +WOLFSSL_API int wc_Sha512Final(wc_Sha512*, byte*); +WOLFSSL_API void wc_Sha512Free(wc_Sha512*); + +WOLFSSL_API int wc_Sha512GetHash(wc_Sha512*, byte*); +WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); + +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags); + WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags); +#endif + +#endif /* WOLFSSL_SHA512 */ + +#if defined(WOLFSSL_SHA384) + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + +#if !defined(NO_OLD_SHA_NAMES) + #define SHA384 WC_SHA384 +#endif + +#if !defined(NO_OLD_WC_NAMES) + #define Sha384 wc_Sha384 + #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE + #define SHA384_DIGEST_SIZE WC_SHA384_DIGEST_SIZE + #define SHA384_PAD_SIZE WC_SHA384_PAD_SIZE +#endif + +/* in bytes */ +enum { + WC_SHA384 = WC_HASH_TYPE_SHA384, + WC_SHA384_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, + WC_SHA384_DIGEST_SIZE = 48, + WC_SHA384_PAD_SIZE = WC_SHA512_PAD_SIZE +}; + + +#ifndef WC_SHA384_TYPE_DEFINED + typedef struct wc_Sha512 wc_Sha384; + #define WC_SHA384_TYPE_DEFINED +#endif +#endif /* HAVE_FIPS */ + +WOLFSSL_API int wc_InitSha384(wc_Sha384*); +WOLFSSL_API int wc_InitSha384_ex(wc_Sha384*, void*, int); +WOLFSSL_API int wc_Sha384Update(wc_Sha384*, const byte*, word32); +WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384*, byte*); +WOLFSSL_API int wc_Sha384Final(wc_Sha384*, byte*); +WOLFSSL_API void wc_Sha384Free(wc_Sha384*); + +WOLFSSL_API int wc_Sha384GetHash(wc_Sha384*, byte*); +WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst); + +#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags); + WOLFSSL_API int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags); +#endif + +#endif /* WOLFSSL_SHA384 */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */ +#endif /* WOLF_CRYPT_SHA512_H */ + diff --git a/source/libwolfssl/wolfcrypt/signature.h b/source/libwolfssl/wolfcrypt/signature.h new file mode 100644 index 00000000..0f5fed45 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/signature.h @@ -0,0 +1,76 @@ +/* signature.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/signature.h +*/ + + +#ifndef WOLF_CRYPT_SIGNATURE_H +#define WOLF_CRYPT_SIGNATURE_H + +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +enum wc_SignatureType { + WC_SIGNATURE_TYPE_NONE = 0, + WC_SIGNATURE_TYPE_ECC = 1, + WC_SIGNATURE_TYPE_RSA = 2, + WC_SIGNATURE_TYPE_RSA_W_ENC = 3, /* Adds DER header via wc_EncodeSignature */ +}; + +WOLFSSL_API int wc_SignatureGetSize(enum wc_SignatureType sig_type, + const void* key, word32 key_len); + +WOLFSSL_API int wc_SignatureVerifyHash( + enum wc_HashType hash_type, enum wc_SignatureType sig_type, + const byte* hash_data, word32 hash_len, + const byte* sig, word32 sig_len, + const void* key, word32 key_len); + +WOLFSSL_API int wc_SignatureVerify( + enum wc_HashType hash_type, enum wc_SignatureType sig_type, + const byte* data, word32 data_len, + const byte* sig, word32 sig_len, + const void* key, word32 key_len); + +WOLFSSL_API int wc_SignatureGenerateHash( + enum wc_HashType hash_type, enum wc_SignatureType sig_type, + const byte* hash_data, word32 hash_len, + byte* sig, word32 *sig_len, + const void* key, word32 key_len, WC_RNG* rng); +WOLFSSL_API int wc_SignatureGenerate( + enum wc_HashType hash_type, enum wc_SignatureType sig_type, + const byte* data, word32 data_len, + byte* sig, word32 *sig_len, + const void* key, word32 key_len, + WC_RNG* rng); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_SIGNATURE_H */ diff --git a/source/libwolfssl/wolfcrypt/sp.h b/source/libwolfssl/wolfcrypt/sp.h new file mode 100644 index 00000000..cd8b68cb --- /dev/null +++ b/source/libwolfssl/wolfcrypt/sp.h @@ -0,0 +1,122 @@ +/* sp.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_SP_H +#define WOLF_CRYPT_SP_H + +#include + +#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ + defined(WOLFSSL_HAVE_SP_ECC) + +#include + +#include +#include + +#include + +#if defined(_MSC_VER) + #define SP_NOINLINE __declspec(noinline) +#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || defined(__KEIL__) + #define SP_NOINLINE __attribute__((noinline)) +#else + #define SP_NOINLINE +#endif + + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_HAVE_SP_RSA + +WOLFSSL_LOCAL int sp_RsaPublic_2048(const byte* in, word32 inLen, + mp_int* em, mp_int* mm, byte* out, word32* outLen); +WOLFSSL_LOCAL int sp_RsaPrivate_2048(const byte* in, word32 inLen, + mp_int* dm, mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim, + mp_int* mm, byte* out, word32* outLen); + +WOLFSSL_LOCAL int sp_RsaPublic_3072(const byte* in, word32 inLen, + mp_int* em, mp_int* mm, byte* out, word32* outLen); +WOLFSSL_LOCAL int sp_RsaPrivate_3072(const byte* in, word32 inLen, + mp_int* dm, mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim, + mp_int* mm, byte* out, word32* outLen); + +#endif /* WOLFSSL_HAVE_SP_RSA */ + +#if defined(WOLFSSL_HAVE_SP_DH) || defined(WOLFSSL_HAVE_SP_RSA) + +WOLFSSL_LOCAL int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, + mp_int* res); +WOLFSSL_LOCAL int sp_ModExp_1536(mp_int* base, mp_int* exp, mp_int* mod, + mp_int* res); +WOLFSSL_LOCAL int sp_ModExp_2048(mp_int* base, mp_int* exp, mp_int* mod, + mp_int* res); +WOLFSSL_LOCAL int sp_ModExp_3072(mp_int* base, mp_int* exp, mp_int* mod, + mp_int* res); + +#endif + +#ifdef WOLFSSL_HAVE_SP_DH + +WOLFSSL_LOCAL int sp_DhExp_2048(mp_int* base, const byte* exp, word32 expLen, + mp_int* mod, byte* out, word32* outLen); +WOLFSSL_LOCAL int sp_DhExp_3072(mp_int* base, const byte* exp, word32 expLen, + mp_int* mod, byte* out, word32* outLen); + +#endif /* WOLFSSL_HAVE_SP_DH */ + +#ifdef WOLFSSL_HAVE_SP_ECC + +int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* rm, int map, + void* heap); +int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* rm, int map, void* heap); + +int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap); +int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out, + word32* outlen, void* heap); +int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv, + mp_int* rm, mp_int* sm, void* heap); +int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY, + mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); +int sp_ecc_is_point_256(mp_int* pX, mp_int* pY); +int sp_ecc_check_key_256(mp_int* pX, mp_int* pY, mp_int* privm, void* heap); +int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, + mp_int* qX, mp_int* qY, mp_int* qZ, + mp_int* rX, mp_int* rY, mp_int* rZ); +int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, + mp_int* rX, mp_int* rY, mp_int* rZ); +int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ); +int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym); + +#endif /*ifdef WOLFSSL_HAVE_SP_ECC */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH || WOLFSSL_HAVE_SP_ECC */ + +#endif /* WOLF_CRYPT_SP_H */ + diff --git a/source/libwolfssl/wolfcrypt/sp_int.h b/source/libwolfssl/wolfcrypt/sp_int.h new file mode 100644 index 00000000..a5666f9b --- /dev/null +++ b/source/libwolfssl/wolfcrypt/sp_int.h @@ -0,0 +1,256 @@ +/* sp_int.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLF_CRYPT_SP_INT_H +#define WOLF_CRYPT_SP_INT_H + +#include +#include + +/* Make sure WOLFSSL_SP_ASM build option defined when requested */ +#if !defined(WOLFSSL_SP_ASM) && ( \ + defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_ARM32_ASM) || \ + defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) || \ + defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)) + #define WOLFSSL_SP_ASM +#endif + + +#ifdef WOLFSSL_SP_X86_64_ASM + #define SP_WORD_SIZE 64 + + #define HAVE_INTEL_AVX1 + #define HAVE_INTEL_AVX2 +#elif defined(WOLFSSL_SP_ARM64_ASM) + #define SP_WORD_SIZE 64 +#elif defined(WOLFSSL_SP_ARM32_ASM) + #define SP_WORD_SIZE 32 +#elif defined(WOLFSSL_SP_ARM_THUMB_ASM) + #define SP_WORD_SIZE 32 +#endif + +#ifndef SP_WORD_SIZE + #if defined(NO_64BIT) || !defined(HAVE___UINT128_T) + #define SP_WORD_SIZE 32 + #else + #define SP_WORD_SIZE 64 + #endif +#endif + +#ifndef WOLFSSL_SP_ASM + #if SP_WORD_SIZE == 32 + typedef int32_t sp_digit; + typedef uint32_t sp_int_digit; + typedef uint64_t sp_int_word; + #elif SP_WORD_SIZE == 64 + typedef int64_t sp_digit; + typedef uint64_t sp_int_digit; + #ifdef __SIZEOF_INT128__ + typedef __uint128_t uint128_t; + typedef __int128_t int128_t; + #else + typedef unsigned long uint128_t __attribute__ ((mode(TI))); + typedef long int128_t __attribute__ ((mode(TI))); + #endif + typedef uint128_t sp_int_word; + #else + #error Word size not defined + #endif +#else + #if SP_WORD_SIZE == 32 + typedef uint32_t sp_digit; + typedef uint32_t sp_int_digit; + typedef uint64_t sp_int_word; + #elif SP_WORD_SIZE == 64 + typedef uint64_t sp_digit; + typedef uint64_t sp_int_digit; + #ifdef __SIZEOF_INT128__ + typedef __uint128_t uint128_t; + typedef __int128_t int128_t; + #else + typedef unsigned long uint128_t __attribute__ ((mode(TI))); + typedef long int128_t __attribute__ ((mode(TI))); + #endif + typedef uint128_t sp_int_word; + #else + #error Word size not defined + #endif +#endif + +#ifdef WOLFSSL_SP_MATH +#include + +#if !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) + #if !defined(NO_PWDBASED) && defined(WOLFSSL_SHA512) + #define SP_INT_DIGITS ((512 + SP_WORD_SIZE) / SP_WORD_SIZE) + #else + #define SP_INT_DIGITS ((256 + SP_WORD_SIZE) / SP_WORD_SIZE) + #endif +#elif defined(WOLFSSL_SP_NO_3072) + #if defined(WOLFSSL_HAVE_SP_DH) && defined(WOLFSSL_KEY_GEN) + #define SP_INT_DIGITS ((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) + #else + #define SP_INT_DIGITS ((2048 + SP_WORD_SIZE) / SP_WORD_SIZE) + #endif +#else + #if defined(WOLFSSL_HAVE_SP_DH) && defined(WOLFSSL_KEY_GEN) + #define SP_INT_DIGITS ((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) + #else + #define SP_INT_DIGITS ((3072 + SP_WORD_SIZE) / SP_WORD_SIZE) + #endif +#endif + +#define sp_isodd(a) ((a)->used != 0 && ((a)->dp[0] & 1)) +#define sp_iseven(a) ((a)->used != 0 && ((a)->dp[0] & 1) == 0) +#define sp_iszero(a) ((a)->used == 0) +#define sp_isone(a) ((a)->used == 1 && (a)->dp[0] == 1) +#define sp_abs(a, b) sp_copy(a, b) + +#ifdef HAVE_WOLF_BIGINT + /* raw big integer */ + typedef struct WC_BIGINT { + byte* buf; + word32 len; + void* heap; + } WC_BIGINT; + #define WOLF_BIGINT_DEFINED +#endif + +typedef struct sp_int { + int used; + int size; + sp_int_digit dp[SP_INT_DIGITS]; +#ifdef HAVE_WOLF_BIGINT + struct WC_BIGINT raw; /* unsigned binary (big endian) */ +#endif +} sp_int; + +typedef sp_int mp_int; +typedef sp_digit mp_digit; + +#include + + +MP_API int sp_init(sp_int* a); +MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d, + sp_int* e, sp_int* f); +MP_API void sp_clear(sp_int* a); +MP_API int sp_unsigned_bin_size(sp_int* a); +MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz); +MP_API int sp_read_radix(sp_int* a, const char* in, int radix); +MP_API int sp_cmp(sp_int* a, sp_int* b); +MP_API int sp_count_bits(sp_int* a); +MP_API int sp_leading_bit(sp_int* a); +MP_API int sp_to_unsigned_bin(sp_int* a, byte* out); +MP_API int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz); +MP_API void sp_forcezero(sp_int* a); +MP_API int sp_copy(sp_int* a, sp_int* r); +MP_API int sp_set(sp_int* a, sp_int_digit d); +MP_API void sp_clamp(sp_int* a); +MP_API int sp_grow(sp_int* a, int l); +MP_API int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r); +MP_API int sp_cmp_d(sp_int* a, sp_int_digit d); +MP_API int sp_sub(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_mod(sp_int* a, sp_int* m, sp_int* r); +MP_API void sp_zero(sp_int* a); +MP_API int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r); +MP_API int sp_lshd(sp_int* a, int s); +MP_API int sp_add(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_set_int(sp_int* a, unsigned long b); +MP_API int sp_tohex(sp_int* a, char* str); +MP_API int sp_2expt(sp_int* a, int e); +MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap); +MP_API int sp_mul(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_gcd(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_invmod(sp_int* a, sp_int* m, sp_int* r); +MP_API int sp_lcm(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_exptmod(sp_int* b, sp_int* e, sp_int* m, sp_int* r); +MP_API int sp_prime_is_prime(mp_int* a, int t, int* result); +MP_API int sp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); +MP_API int sp_exch(sp_int* a, sp_int* b); + +#define MP_OKAY 0 +#define MP_NO 0 +#define MP_YES 1 + +#define MP_RADIX_HEX 16 + +#define MP_GT 1 +#define MP_EQ 0 +#define MP_LT -1 + +#define MP_MEM -2 +#define MP_VAL -3 + +#define DIGIT_BIT SP_WORD_SIZE + +#define CheckFastMathSettings() 1 + +#define mp_free(a) + +#define mp_isodd sp_isodd +#define mp_iseven sp_iseven +#define mp_iszero sp_iszero +#define mp_isone sp_isone +#define mp_abs sp_abs + +#define mp_init sp_init +#define mp_init_multi sp_init_multi +#define mp_clear sp_clear +#define mp_read_unsigned_bin sp_read_unsigned_bin +#define mp_unsigned_bin_size sp_unsigned_bin_size +#define mp_read_radix sp_read_radix +#define mp_cmp sp_cmp +#define mp_count_bits sp_count_bits +#define mp_leading_bit sp_leading_bit +#define mp_to_unsigned_bin sp_to_unsigned_bin +#define mp_to_unsigned_bin_len sp_to_unsigned_bin_len +#define mp_forcezero sp_forcezero +#define mp_copy sp_copy +#define mp_set sp_set +#define mp_clamp sp_clamp +#define mp_grow sp_grow +#define mp_sub_d sp_sub_d +#define mp_cmp_d sp_cmp_d +#define mp_sub sp_sub +#define mp_mod sp_mod +#define mp_zero sp_zero +#define mp_add_d sp_add_d +#define mp_lshd sp_lshd +#define mp_add sp_add +#define mp_set_int sp_set_int +#define mp_tohex sp_tohex +#define mp_2expt sp_2expt +#define mp_rand_prime sp_rand_prime +#define mp_mul sp_mul +#define mp_gcd sp_gcd +#define mp_invmod sp_invmod +#define mp_lcm sp_lcm +#define mp_exptmod sp_exptmod +#define mp_prime_is_prime sp_prime_is_prime +#define mp_prime_is_prime_ex sp_prime_is_prime_ex +#define mp_exch sp_exch + +#endif + +#endif /* WOLF_CRYPT_SP_H */ + diff --git a/source/libwolfssl/wolfcrypt/srp.h b/source/libwolfssl/wolfcrypt/srp.h new file mode 100644 index 00000000..531ff111 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/srp.h @@ -0,0 +1,311 @@ +/* srp.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/srp.h +*/ + +#ifdef WOLFCRYPT_HAVE_SRP + +#ifndef WOLFCRYPT_SRP_H +#define WOLFCRYPT_SRP_H + +#include +#include +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* Select the largest available hash for the buffer size. */ +#if defined(WOLFSSL_SHA512) + #define SRP_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE +#elif defined(WOLFSSL_SHA384) + #define SRP_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE +#elif !defined(NO_SHA256) + #define SRP_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#elif !defined(NO_SHA) + #define SRP_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE +#else + #error "You have to have some kind of SHA hash if you want to use SRP." +#endif + +/* Set the minimum number of bits acceptable in an SRP modulus */ +#define SRP_MODULUS_MIN_BITS 512 + +/* Set the minimum number of bits acceptable for private keys (RFC 5054) */ +#define SRP_PRIVATE_KEY_MIN_BITS 256 + +/* salt size for SRP password */ +#define SRP_SALT_SIZE 16 + +/** + * SRP side, client or server. + */ +typedef enum { + SRP_CLIENT_SIDE = 0, + SRP_SERVER_SIDE = 1, +} SrpSide; + +/** + * SRP hash type, SHA[1|256|384|512]. + */ +typedef enum { + SRP_TYPE_SHA = 1, + SRP_TYPE_SHA256 = 2, + SRP_TYPE_SHA384 = 3, + SRP_TYPE_SHA512 = 4, +} SrpType; + + +/** + * SRP hash struct. + */ +typedef struct { + byte type; + union { + #ifndef NO_SHA + wc_Sha sha; + #endif + #ifndef NO_SHA256 + wc_Sha256 sha256; + #endif + #ifdef WOLFSSL_SHA384 + wc_Sha384 sha384; + #endif + #ifdef WOLFSSL_SHA512 + wc_Sha512 sha512; + #endif + } data; +} SrpHash; + +typedef struct Srp { + SrpSide side; /**< Client or Server, @see SrpSide. */ + SrpType type; /**< Hash type, @see SrpType. */ + byte* user; /**< Username, login. */ + word32 userSz; /**< Username length. */ + byte* salt; /**< Small salt. */ + word32 saltSz; /**< Salt length. */ + mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes.*/ + mp_int g; /**< Generator. A generator modulo N. */ + byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameter. k = H(N, g) */ + mp_int auth; /**< Client: x = H(salt + H(user:pswd)) */ + /**< Server: v = g ^ x % N */ + mp_int priv; /**< Private ephemeral value. */ + SrpHash client_proof; /**< Client proof. Sent to the Server. */ + SrpHash server_proof; /**< Server proof. Sent to the Client. */ + byte* key; /**< Session key. */ + word32 keySz; /**< Session key length. */ + int (*keyGenFunc_cb) (struct Srp* srp, byte* secret, word32 size); + /**< Function responsible for generating the session key. */ + /**< It MUST use XMALLOC with type DYNAMIC_TYPE_SRP to allocate the */ + /**< key buffer for this structure and set keySz to the buffer size. */ + /**< The default function used by this implementation is a modified */ + /**< version of t_mgf1 that uses the proper hash function according */ + /**< to srp->type. */ + void* heap; /**< heap hint pointer */ +} Srp; + +/** + * Initializes the Srp struct for usage. + * + * @param[out] srp the Srp structure to be initialized. + * @param[in] type the hash type to be used. + * @param[in] side the side of the communication. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side); + +/** + * Releases the Srp struct resources after usage. + * + * @param[in,out] srp the Srp structure to be terminated. + */ +WOLFSSL_API void wc_SrpTerm(Srp* srp); + +/** + * Sets the username. + * + * This function MUST be called after wc_SrpInit. + * + * @param[in,out] srp the Srp structure. + * @param[in] username the buffer containing the username. + * @param[in] size the username size in bytes + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size); + + +/** + * Sets the srp parameters based on the username. + * + * This function MUST be called after wc_SrpSetUsername. + * + * @param[in,out] srp the Srp structure. + * @param[in] N the Modulus. N = 2q+1, [q, N] are primes. + * @param[in] nSz the N size in bytes. + * @param[in] g the Generator modulo N. + * @param[in] gSz the g size in bytes + * @param[in] salt a small random salt. Specific for each username. + * @param[in] saltSz the salt size in bytes + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, + const byte* g, word32 gSz, + const byte* salt, word32 saltSz); + +/** + * Sets the password. + * + * Setting the password does not persists the clear password data in the + * srp structure. The client calculates x = H(salt + H(user:pswd)) and stores + * it in the auth field. + * + * This function MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[in] password the buffer containing the password. + * @param[in] size the password size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size); + +/** + * Sets the verifier. + * + * This function MUST be called after wc_SrpSetParams and is SERVER SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[in] verifier the buffer containing the verifier. + * @param[in] size the verifier size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size); + +/** + * Gets the verifier. + * + * The client calculates the verifier with v = g ^ x % N. + * This function MAY be called after wc_SrpSetPassword and is CLIENT SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[out] verifier the buffer to write the verifier. + * @param[in,out] size the buffer size in bytes. Will be updated with the + * verifier size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size); + +/** + * Sets the private ephemeral value. + * + * The private ephemeral value is known as: + * a at the client side. a = random() + * b at the server side. b = random() + * This function is handy for unit test cases or if the developer wants to use + * an external random source to set the ephemeral value. + * This function MAY be called before wc_SrpGetPublic. + * + * @param[in,out] srp the Srp structure. + * @param[in] priv the ephemeral value. + * @param[in] size the private size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size); + +/** + * Gets the public ephemeral value. + * + * The public ephemeral value is known as: + * A at the client side. A = g ^ a % N + * B at the server side. B = (k * v + (g ˆ b % N)) % N + * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier. + * + * @param[in,out] srp the Srp structure. + * @param[out] pub the buffer to write the public ephemeral value. + * @param[in,out] size the the buffer size in bytes. Will be updated with + * the ephemeral value size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size); + + +/** + * Computes the session key. + * + * The key can be accessed at srp->key after success. + * + * @param[in,out] srp the Srp structure. + * @param[in] clientPubKey the client's public ephemeral value. + * @param[in] clientPubKeySz the client's public ephemeral value size. + * @param[in] serverPubKey the server's public ephemeral value. + * @param[in] serverPubKeySz the server's public ephemeral value size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpComputeKey(Srp* srp, + byte* clientPubKey, word32 clientPubKeySz, + byte* serverPubKey, word32 serverPubKeySz); + +/** + * Gets the proof. + * + * This function MUST be called after wc_SrpComputeKey. + * + * @param[in,out] srp the Srp structure. + * @param[out] proof the buffer to write the proof. + * @param[in,out] size the buffer size in bytes. Will be updated with the + * proof size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size); + +/** + * Verifies the peers proof. + * + * This function MUST be called before wc_SrpGetSessionKey. + * + * @param[in,out] srp the Srp structure. + * @param[in] proof the peers proof. + * @param[in] size the proof size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFCRYPT_SRP_H */ +#endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/source/libwolfssl/wolfcrypt/tfm.h b/source/libwolfssl/wolfcrypt/tfm.h new file mode 100644 index 00000000..1ce1b091 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/tfm.h @@ -0,0 +1,826 @@ +/* tfm.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* + * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca, + * http://math.libtomcrypt.com + */ + + +/** + * Edited by Moises Guimaraes (moises.guimaraes@phoebus.com.br) + * to fit CyaSSL's needs. + */ + +/*! + \file wolfssl/wolfcrypt/tfm.h +*/ + +#ifndef WOLF_CRYPT_TFM_H +#define WOLF_CRYPT_TFM_H + +#include +#ifndef CHAR_BIT + #include +#endif + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_NO_ASM + #undef TFM_NO_ASM + #define TFM_NO_ASM +#endif + +#ifdef NO_64BIT + #undef NO_TFM_64BIT + #define NO_TFM_64BIT +#endif + +#ifndef NO_TFM_64BIT +/* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */ +#if defined(__x86_64__) + #if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM) + #error x86-64 detected, x86-32/SSE2/ARM optimizations are not valid! + #endif + #if !defined(TFM_X86_64) && !defined(TFM_NO_ASM) + #define TFM_X86_64 + #endif +#endif +#if defined(TFM_X86_64) + #if !defined(FP_64BIT) + #define FP_64BIT + #endif +#endif +/* use 64-bit digit even if not using asm on x86_64 */ +#if defined(__x86_64__) && !defined(FP_64BIT) + #define FP_64BIT +#endif +/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ +#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) + #undef FP_64BIT + #undef TFM_X86_64 +#endif +#endif /* NO_TFM_64BIT */ + +/* try to detect x86-32 */ +#if defined(__i386__) && !defined(TFM_SSE2) + #if defined(TFM_X86_64) || defined(TFM_ARM) + #error x86-32 detected, x86-64/ARM optimizations are not valid! + #endif + #if !defined(TFM_X86) && !defined(TFM_NO_ASM) + #define TFM_X86 + #endif +#endif + +/* make sure we're 32-bit for x86-32/sse/arm/ppc32 */ +#if (defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM) || defined(TFM_PPC32)) && defined(FP_64BIT) + #warning x86-32, SSE2 and ARM, PPC32 optimizations require 32-bit digits (undefining) + #undef FP_64BIT +#endif + +/* multi asms? */ +#ifdef TFM_X86 + #define TFM_ASM +#endif +#ifdef TFM_X86_64 + #ifdef TFM_ASM + #error TFM_ASM already defined! + #endif + #define TFM_ASM +#endif +#ifdef TFM_SSE2 + #ifdef TFM_ASM + #error TFM_ASM already defined! + #endif + #define TFM_ASM +#endif +#ifdef TFM_ARM + #ifdef TFM_ASM + #error TFM_ASM already defined! + #endif + #define TFM_ASM +#endif +#ifdef TFM_PPC32 + #ifdef TFM_ASM + #error TFM_ASM already defined! + #endif + #define TFM_ASM +#endif +#ifdef TFM_PPC64 + #ifdef TFM_ASM + #error TFM_ASM already defined! + #endif + #define TFM_ASM +#endif +#ifdef TFM_AVR32 + #ifdef TFM_ASM + #error TFM_ASM already defined! + #endif + #define TFM_ASM +#endif + +/* we want no asm? */ +#ifdef TFM_NO_ASM + #undef TFM_X86 + #undef TFM_X86_64 + #undef TFM_SSE2 + #undef TFM_ARM + #undef TFM_PPC32 + #undef TFM_PPC64 + #undef TFM_AVR32 + #undef TFM_ASM +#endif + +/* ECC helpers */ +#ifdef TFM_ECC192 + #ifdef FP_64BIT + #define TFM_MUL3 + #define TFM_SQR3 + #else + #define TFM_MUL6 + #define TFM_SQR6 + #endif +#endif + +#ifdef TFM_ECC224 + #ifdef FP_64BIT + #define TFM_MUL4 + #define TFM_SQR4 + #else + #define TFM_MUL7 + #define TFM_SQR7 + #endif +#endif + +#ifdef TFM_ECC256 + #ifdef FP_64BIT + #define TFM_MUL4 + #define TFM_SQR4 + #else + #define TFM_MUL8 + #define TFM_SQR8 + #endif +#endif + +#ifdef TFM_ECC384 + #ifdef FP_64BIT + #define TFM_MUL6 + #define TFM_SQR6 + #else + #define TFM_MUL12 + #define TFM_SQR12 + #endif +#endif + +#ifdef TFM_ECC521 + #ifdef FP_64BIT + #define TFM_MUL9 + #define TFM_SQR9 + #else + #define TFM_MUL17 + #define TFM_SQR17 + #endif +#endif + + +/* allow user to define on fp_digit, fp_word types */ +#ifndef WOLFSSL_BIGINT_TYPES + +/* some default configurations. + */ +#if defined(WC_16BIT_CPU) + typedef unsigned int fp_digit; + #define SIZEOF_FP_DIGIT 2 + typedef unsigned long fp_word; +#elif defined(FP_64BIT) + /* for GCC only on supported platforms */ + typedef unsigned long long fp_digit; /* 64bit, 128 uses mode(TI) below */ + #define SIZEOF_FP_DIGIT 8 + typedef unsigned long fp_word __attribute__ ((mode(TI))); +#else + + #ifndef NO_TFM_64BIT + #if defined(_MSC_VER) || defined(__BORLANDC__) + typedef unsigned __int64 ulong64; + #else + typedef unsigned long long ulong64; + #endif + typedef unsigned int fp_digit; + #define SIZEOF_FP_DIGIT 4 + typedef ulong64 fp_word; + #define FP_32BIT + #else + /* some procs like coldfire prefer not to place multiply into 64bit type + even though it exists */ + typedef unsigned short fp_digit; + #define SIZEOF_FP_DIGIT 2 + typedef unsigned int fp_word; + #endif +#endif + +#endif /* WOLFSSL_BIGINT_TYPES */ + + +/* # of digits this is */ +#define DIGIT_BIT ((CHAR_BIT) * SIZEOF_FP_DIGIT) + +/* Max size of any number in bits. Basically the largest size you will be + * multiplying should be half [or smaller] of FP_MAX_SIZE-four_digit + * + * It defaults to 4096-bits [allowing multiplications up to 2048x2048 bits ] + */ + + +#ifndef FP_MAX_BITS + #define FP_MAX_BITS 4096 +#endif +#define FP_MAX_SIZE (FP_MAX_BITS+(8*DIGIT_BIT)) + +/* will this lib work? */ +#if (CHAR_BIT & 7) + #error CHAR_BIT must be a multiple of eight. +#endif +#if FP_MAX_BITS % CHAR_BIT + #error FP_MAX_BITS must be a multiple of CHAR_BIT +#endif + +#define FP_MASK (fp_digit)(-1) +#define FP_DIGIT_MAX FP_MASK +#define FP_SIZE (FP_MAX_SIZE/DIGIT_BIT) + +#define FP_MAX_PRIME_SIZE (FP_MAX_BITS/(2*CHAR_BIT)) +/* In terms of FP_MAX_BITS, it is double the size possible for a number + * to allow for multiplication, divide that 2 out. Also divide by CHAR_BIT + * to convert from bits to bytes. (Note, FP_PRIME_SIZE is the number of + * values in the canned prime number list.) */ + +/* signs */ +#define FP_ZPOS 0 +#define FP_NEG 1 + +/* return codes */ +#define FP_OKAY 0 +#define FP_VAL -1 +#define FP_MEM -2 +#define FP_NOT_INF -3 +#define FP_WOULDBLOCK -4 + +/* equalities */ +#define FP_LT -1 /* less than */ +#define FP_EQ 0 /* equal to */ +#define FP_GT 1 /* greater than */ + +/* replies */ +#define FP_YES 1 /* yes response */ +#define FP_NO 0 /* no response */ + +#ifdef HAVE_WOLF_BIGINT + /* raw big integer */ + typedef struct WC_BIGINT { + byte* buf; + word32 len; + void* heap; + } WC_BIGINT; + #define WOLF_BIGINT_DEFINED +#endif + +/* a FP type */ +typedef struct fp_int { + int used; + int sign; +#if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) + int size; +#endif + fp_digit dp[FP_SIZE]; + +#ifdef HAVE_WOLF_BIGINT + struct WC_BIGINT raw; /* unsigned binary (big endian) */ +#endif +} fp_int; + +/* Types */ +typedef fp_digit mp_digit; +typedef fp_word mp_word; +typedef fp_int mp_int; + + +/* wolf big int and common functions */ +#include + + +/* externally define this symbol to ignore the default settings, useful for changing the build from the make process */ +#ifndef TFM_ALREADY_SET + +/* do we want the large set of small multiplications ? + Enable these if you are going to be doing a lot of small (<= 16 digit) multiplications say in ECC + Or if you're on a 64-bit machine doing RSA as a 1024-bit integer == 16 digits ;-) + */ +/* need to refactor the function */ +/*#define TFM_SMALL_SET */ + +/* do we want huge code + Enable these if you are doing 20, 24, 28, 32, 48, 64 digit multiplications (useful for RSA) + Less important on 64-bit machines as 32 digits == 2048 bits + */ +#if 0 +#define TFM_MUL3 +#define TFM_MUL4 +#define TFM_MUL6 +#define TFM_MUL7 +#define TFM_MUL8 +#define TFM_MUL9 +#define TFM_MUL12 +#define TFM_MUL17 +#endif +#ifdef TFM_HUGE_SET +#define TFM_MUL20 +#define TFM_MUL24 +#define TFM_MUL28 +#define TFM_MUL32 +#if (FP_MAX_BITS >= 6144) && defined(FP_64BIT) + #define TFM_MUL48 +#endif +#if (FP_MAX_BITS >= 8192) && defined(FP_64BIT) + #define TFM_MUL64 +#endif +#endif + +#if 0 +#define TFM_SQR3 +#define TFM_SQR4 +#define TFM_SQR6 +#define TFM_SQR7 +#define TFM_SQR8 +#define TFM_SQR9 +#define TFM_SQR12 +#define TFM_SQR17 +#endif +#ifdef TFM_HUGE_SET +#define TFM_SQR20 +#define TFM_SQR24 +#define TFM_SQR28 +#define TFM_SQR32 +#define TFM_SQR48 +#define TFM_SQR64 +#endif + +/* Optional math checks (enable WOLFSSL_DEBUG_MATH to print info) */ +/* #define TFM_CHECK */ + +/* Is the target a P4 Prescott + */ +/* #define TFM_PRESCOTT */ + +/* Do we want timing resistant fp_exptmod() ? + * This makes it slower but also timing invariant with respect to the exponent + */ +/* #define TFM_TIMING_RESISTANT */ + +#endif /* TFM_ALREADY_SET */ + +/* functions */ + +/* returns a TFM ident string useful for debugging... */ +/*const char *fp_ident(void);*/ + +/* initialize [or zero] an fp int */ +void fp_init(fp_int *a); +MP_API void fp_zero(fp_int *a); +MP_API void fp_clear(fp_int *a); /* uses ForceZero to clear sensitive memory */ +MP_API void fp_forcezero (fp_int * a); +MP_API void fp_free(fp_int* a); + +/* zero/even/odd ? */ +#define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO) +#define fp_isone(a) \ + ((((a)->used == 1) && ((a)->dp[0] == 1)) ? FP_YES : FP_NO) +#define fp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO) +#define fp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO) +#define fp_isneg(a) (((a)->sign != 0) ? FP_YES : FP_NO) + +/* set to a small digit */ +void fp_set(fp_int *a, fp_digit b); +void fp_set_int(fp_int *a, unsigned long b); + +/* check if a bit is set */ +int fp_is_bit_set(fp_int *a, fp_digit b); +/* set the b bit to 1 */ +int fp_set_bit (fp_int * a, fp_digit b); + +/* copy from a to b */ +void fp_copy(fp_int *a, fp_int *b); +void fp_init_copy(fp_int *a, fp_int *b); + +/* clamp digits */ +#define fp_clamp(a) { while ((a)->used && (a)->dp[(a)->used-1] == 0) --((a)->used); (a)->sign = (a)->used ? (a)->sign : FP_ZPOS; } +#define mp_clamp(a) fp_clamp(a) +#define mp_grow(a,s) MP_OKAY + +/* negate and absolute */ +#define fp_neg(a, b) { fp_copy(a, b); (b)->sign ^= 1; fp_clamp(b); } +#define fp_abs(a, b) { fp_copy(a, b); (b)->sign = 0; } + +/* right shift x digits */ +void fp_rshd(fp_int *a, int x); + +/* right shift x bits */ +void fp_rshb(fp_int *a, int x); + +/* left shift x digits */ +void fp_lshd(fp_int *a, int x); + +/* signed comparison */ +int fp_cmp(fp_int *a, fp_int *b); + +/* unsigned comparison */ +int fp_cmp_mag(fp_int *a, fp_int *b); + +/* power of 2 operations */ +void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d); +void fp_mod_2d(fp_int *a, int b, fp_int *c); +void fp_mul_2d(fp_int *a, int b, fp_int *c); +void fp_2expt (fp_int *a, int b); +void fp_mul_2(fp_int *a, fp_int *c); +void fp_div_2(fp_int *a, fp_int *c); + +/* Counts the number of lsbs which are zero before the first zero bit */ +int fp_cnt_lsb(fp_int *a); + +/* c = a + b */ +void fp_add(fp_int *a, fp_int *b, fp_int *c); + +/* c = a - b */ +void fp_sub(fp_int *a, fp_int *b, fp_int *c); + +/* c = a * b */ +int fp_mul(fp_int *a, fp_int *b, fp_int *c); + +/* b = a*a */ +int fp_sqr(fp_int *a, fp_int *b); + +/* a/b => cb + d == a */ +int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d); + +/* c = a mod b, 0 <= c < b */ +int fp_mod(fp_int *a, fp_int *b, fp_int *c); + +/* compare against a single digit */ +int fp_cmp_d(fp_int *a, fp_digit b); + +/* c = a + b */ +void fp_add_d(fp_int *a, fp_digit b, fp_int *c); + +/* c = a - b */ +int fp_sub_d(fp_int *a, fp_digit b, fp_int *c); + +/* c = a * b */ +void fp_mul_d(fp_int *a, fp_digit b, fp_int *c); + +/* a/b => cb + d == a */ +/*int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d);*/ + +/* c = a mod b, 0 <= c < b */ +/*int fp_mod_d(fp_int *a, fp_digit b, fp_digit *c);*/ + +/* ---> number theory <--- */ +/* d = a + b (mod c) */ +/*int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);*/ + +/* d = a - b (mod c) */ +/*int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);*/ + +/* d = a * b (mod c) */ +int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); + +/* d = a - b (mod c) */ +int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); + +/* d = a + b (mod c) */ +int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); + +/* c = a * a (mod b) */ +int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c); + +/* c = 1/a (mod b) */ +int fp_invmod(fp_int *a, fp_int *b, fp_int *c); + +/* c = (a, b) */ +/*int fp_gcd(fp_int *a, fp_int *b, fp_int *c);*/ + +/* c = [a, b] */ +/*int fp_lcm(fp_int *a, fp_int *b, fp_int *c);*/ + +/* setups the montgomery reduction */ +int fp_montgomery_setup(fp_int *a, fp_digit *mp); + +/* computes a = B**n mod b without division or multiplication useful for + * normalizing numbers in a Montgomery system. + */ +void fp_montgomery_calc_normalization(fp_int *a, fp_int *b); + +/* computes x/R == x (mod N) via Montgomery Reduction */ +int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); + +/* d = a**b (mod c) */ +int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); +int fp_exptmod_ex(fp_int *a, fp_int *b, int minDigits, fp_int *c, fp_int *d); + +#ifdef WC_RSA_NONBLOCK + +enum tfmExptModNbState { + TFM_EXPTMOD_NB_INIT = 0, + TFM_EXPTMOD_NB_MONT, + TFM_EXPTMOD_NB_MONT_RED, + TFM_EXPTMOD_NB_MONT_MUL, + TFM_EXPTMOD_NB_MONT_MOD, + TFM_EXPTMOD_NB_MONT_MODCHK, + TFM_EXPTMOD_NB_NEXT, + TFM_EXPTMOD_NB_MUL, + TFM_EXPTMOD_NB_MUL_RED, + TFM_EXPTMOD_NB_SQR, + TFM_EXPTMOD_NB_SQR_RED, + TFM_EXPTMOD_NB_RED, + TFM_EXPTMOD_NB_COUNT /* last item for total state count only */ +}; + +typedef struct { +#ifndef WC_NO_CACHE_RESISTANT + fp_int R[3]; +#else + fp_int R[2]; +#endif + fp_digit buf; + fp_digit mp; + int bitcnt; + int digidx; + int y; + int state; /* tfmExptModNbState */ +#ifdef WC_RSA_NONBLOCK_TIME + word32 maxBlockInst; /* maximum instructions to block */ + word32 totalInst; /* tracks total instructions */ +#endif +} exptModNb_t; + +#ifdef WC_RSA_NONBLOCK_TIME +enum { + TFM_EXPTMOD_NB_STOP = 0, /* stop and return FP_WOULDBLOCK */ + TFM_EXPTMOD_NB_CONTINUE = 1, /* keep blocking */ +}; +#endif + +/* non-blocking version of timing resistant fp_exptmod function */ +/* supports cache resistance */ +int fp_exptmod_nb(exptModNb_t* nb, fp_int* G, fp_int* X, fp_int* P, fp_int* Y); + +#endif /* WC_RSA_NONBLOCK */ + +/* primality stuff */ + +/* perform a Miller-Rabin test of a to the base b and store result in "result" */ +/*void fp_prime_miller_rabin (fp_int * a, fp_int * b, int *result);*/ + +#define FP_PRIME_SIZE 256 +/* 256 trial divisions + 8 Miller-Rabins, returns FP_YES if probable prime */ +/*int fp_isprime(fp_int *a);*/ +/* extended version of fp_isprime, do 't' Miller-Rabins instead of only 8 */ +/*int fp_isprime_ex(fp_int *a, int t, int* result);*/ + +/* Primality generation flags */ +/*#define TFM_PRIME_BBS 0x0001 */ /* BBS style prime */ +/*#define TFM_PRIME_SAFE 0x0002 */ /* Safe prime (p-1)/2 == prime */ +/*#define TFM_PRIME_2MSB_OFF 0x0004 */ /* force 2nd MSB to 0 */ +/*#define TFM_PRIME_2MSB_ON 0x0008 */ /* force 2nd MSB to 1 */ + +/* callback for fp_prime_random, should fill dst with random bytes and return how many read [up to len] */ +/*typedef int tfm_prime_callback(unsigned char *dst, int len, void *dat);*/ + +/*#define fp_prime_random(a, t, size, bbs, cb, dat) fp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?TFM_PRIME_BBS:0, cb, dat)*/ + +/*int fp_prime_random_ex(fp_int *a, int t, int size, int flags, tfm_prime_callback cb, void *dat);*/ + +/* radix conversions */ +int fp_count_bits(fp_int *a); +int fp_leading_bit(fp_int *a); + +int fp_unsigned_bin_size(fp_int *a); +void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c); +int fp_to_unsigned_bin(fp_int *a, unsigned char *b); +int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c); +int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b); + +/*int fp_signed_bin_size(fp_int *a);*/ +/*void fp_read_signed_bin(fp_int *a, const unsigned char *b, int c);*/ +/*void fp_to_signed_bin(fp_int *a, unsigned char *b);*/ + +/*int fp_read_radix(fp_int *a, char *str, int radix);*/ +/*int fp_toradix(fp_int *a, char *str, int radix);*/ +/*int fp_toradix_n(fp_int * a, char *str, int radix, int maxlen);*/ + + +/* VARIOUS LOW LEVEL STUFFS */ +void s_fp_add(fp_int *a, fp_int *b, fp_int *c); +void s_fp_sub(fp_int *a, fp_int *b, fp_int *c); +void fp_reverse(unsigned char *s, int len); + +int fp_mul_comba(fp_int *a, fp_int *b, fp_int *c); + +int fp_mul_comba_small(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba3(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba4(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba6(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba7(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba8(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba9(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba12(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba17(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba20(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba24(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba28(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba32(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba48(fp_int *a, fp_int *b, fp_int *c); +int fp_mul_comba64(fp_int *a, fp_int *b, fp_int *c); +int fp_sqr_comba(fp_int *a, fp_int *b); +int fp_sqr_comba_small(fp_int *a, fp_int *b); +int fp_sqr_comba3(fp_int *a, fp_int *b); +int fp_sqr_comba4(fp_int *a, fp_int *b); +int fp_sqr_comba6(fp_int *a, fp_int *b); +int fp_sqr_comba7(fp_int *a, fp_int *b); +int fp_sqr_comba8(fp_int *a, fp_int *b); +int fp_sqr_comba9(fp_int *a, fp_int *b); +int fp_sqr_comba12(fp_int *a, fp_int *b); +int fp_sqr_comba17(fp_int *a, fp_int *b); +int fp_sqr_comba20(fp_int *a, fp_int *b); +int fp_sqr_comba24(fp_int *a, fp_int *b); +int fp_sqr_comba28(fp_int *a, fp_int *b); +int fp_sqr_comba32(fp_int *a, fp_int *b); +int fp_sqr_comba48(fp_int *a, fp_int *b); +int fp_sqr_comba64(fp_int *a, fp_int *b); + + +/** + * Used by wolfSSL + */ + +/* Constants */ +#define MP_LT FP_LT /* less than */ +#define MP_EQ FP_EQ /* equal to */ +#define MP_GT FP_GT /* greater than */ +#define MP_VAL FP_VAL /* invalid */ +#define MP_MEM FP_MEM /* memory error */ +#define MP_NOT_INF FP_NOT_INF /* point not at infinity */ +#define MP_OKAY FP_OKAY /* ok result */ +#define MP_NO FP_NO /* yes/no result */ +#define MP_YES FP_YES /* yes/no result */ +#define MP_ZPOS FP_ZPOS +#define MP_NEG FP_NEG +#define MP_MASK FP_MASK + +/* Prototypes */ +#define mp_zero(a) fp_zero(a) +#define mp_isone(a) fp_isone(a) +#define mp_iseven(a) fp_iseven(a) +#define mp_isneg(a) fp_isneg(a) + +#define MP_RADIX_BIN 2 +#define MP_RADIX_OCT 8 +#define MP_RADIX_DEC 10 +#define MP_RADIX_HEX 16 +#define MP_RADIX_MAX 64 + +#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN) +#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT) +#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC) +#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX) + +MP_API int mp_init (mp_int * a); +MP_API void mp_clear (mp_int * a); +MP_API void mp_free (mp_int * a); +MP_API void mp_forcezero (mp_int * a); +MP_API int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, + mp_int* f); + +MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_sub (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_add_d (mp_int * a, mp_digit b, mp_int * c); + +MP_API int mp_mul (mp_int * a, mp_int * b, mp_int * c); +MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c); +MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d); +MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); +MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); +MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c); +MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c); +MP_API int mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y); +MP_API int mp_exptmod_ex (mp_int * g, mp_int * x, int minDigits, mp_int * p, + mp_int * y); +MP_API int mp_mul_2d(mp_int *a, int b, mp_int *c); +MP_API int mp_2expt(mp_int* a, int b); + +MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d); + +MP_API int mp_cmp(mp_int *a, mp_int *b); +MP_API int mp_cmp_d(mp_int *a, mp_digit b); + +MP_API int mp_unsigned_bin_size(mp_int * a); +MP_API int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c); +MP_API int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b); +MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b); +MP_API int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c); + +MP_API int mp_sub_d(fp_int *a, fp_digit b, fp_int *c); +MP_API int mp_copy(fp_int* a, fp_int* b); +MP_API int mp_isodd(mp_int* a); +MP_API int mp_iszero(mp_int* a); +MP_API int mp_count_bits(mp_int *a); +MP_API int mp_leading_bit(mp_int *a); +MP_API int mp_set_int(mp_int *a, unsigned long b); +MP_API int mp_is_bit_set (mp_int * a, mp_digit b); +MP_API int mp_set_bit (mp_int * a, mp_digit b); +MP_API void mp_rshb(mp_int *a, int x); +MP_API void mp_rshd(mp_int *a, int x); +MP_API int mp_toradix (mp_int *a, char *str, int radix); +MP_API int mp_radix_size (mp_int * a, int radix, int *size); + +#ifdef WOLFSSL_DEBUG_MATH + MP_API void mp_dump(const char* desc, mp_int* a, byte verbose); +#else + #define mp_dump(desc, a, verbose) +#endif + +#if !defined(NO_DSA) || defined(HAVE_ECC) + MP_API int mp_read_radix(mp_int* a, const char* str, int radix); +#endif + +#ifdef HAVE_ECC + MP_API int mp_sqr(fp_int *a, fp_int *b); + MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); + MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho); + MP_API int mp_div_2(fp_int * a, fp_int * b); + MP_API int mp_init_copy(fp_int * a, fp_int * b); +#endif + +#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA) || \ + defined(WOLFSSL_KEY_GEN) + MP_API int mp_set(fp_int *a, fp_digit b); +#endif + +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || \ + !defined(NO_DSA) || !defined(NO_DH) + MP_API int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c); + MP_API int mp_montgomery_calc_normalization(mp_int *a, mp_int *b); +#endif + +#if !defined(NO_DH) || !defined(NO_DSA) || !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) +MP_API int mp_prime_is_prime(mp_int* a, int t, int* result); +MP_API int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); +#endif /* !NO_DH || !NO_DSA || !NO_RSA || WOLFSSL_KEY_GEN */ +#ifdef WOLFSSL_KEY_GEN +MP_API int mp_gcd(fp_int *a, fp_int *b, fp_int *c); +MP_API int mp_lcm(fp_int *a, fp_int *b, fp_int *c); +MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); +MP_API int mp_exch(mp_int *a, mp_int *b); +#endif /* WOLFSSL_KEY_GEN */ + +MP_API int mp_cnt_lsb(fp_int *a); +MP_API int mp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d); +MP_API int mp_mod_d(fp_int* a, fp_digit b, fp_digit* c); +MP_API int mp_lshd (mp_int * a, int b); +MP_API int mp_abs(mp_int* a, mp_int* b); + +WOLFSSL_API word32 CheckRunTimeFastMath(void); + +/* If user uses RSA, DH, DSA, or ECC math lib directly then fast math FP_SIZE + must match, return 1 if a match otherwise 0 */ +#define CheckFastMathSettings() (FP_SIZE == CheckRunTimeFastMath()) + + +#ifdef __cplusplus + } +#endif + +#endif /* WOLF_CRYPT_TFM_H */ + diff --git a/source/libwolfssl/wolfcrypt/types.h b/source/libwolfssl/wolfcrypt/types.h new file mode 100644 index 00000000..9b349b57 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/types.h @@ -0,0 +1,898 @@ +/* types.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/types.h +*/ + +#ifndef WOLF_CRYPT_TYPES_H +#define WOLF_CRYPT_TYPES_H + + #include + #include + + #ifdef __cplusplus + extern "C" { + #endif + + + #if defined(WORDS_BIGENDIAN) + #define BIG_ENDIAN_ORDER + #endif + + #ifndef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER + #endif + + #ifndef WOLFSSL_TYPES + #ifndef byte + typedef unsigned char byte; + #endif + #ifdef WC_16BIT_CPU + typedef unsigned int word16; + typedef unsigned long word32; + #else + typedef unsigned short word16; + typedef unsigned int word32; + #endif + typedef byte word24[3]; + #endif + + + /* try to set SIZEOF_LONG or LONG_LONG if user didn't */ + #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) + #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) + #if (defined(__alpha__) || defined(__ia64__) || \ + defined(_ARCH_PPC64) || defined(__mips64) || \ + defined(__x86_64__) || \ + ((defined(sun) || defined(__sun)) && \ + (defined(LP64) || defined(_LP64)))) + /* long should be 64bit */ + #define SIZEOF_LONG 8 + #elif defined(__i386__) || defined(__CORTEX_M3__) + /* long long should be 64bit */ + #define SIZEOF_LONG_LONG 8 + #endif + #endif + #endif + + #if defined(_MSC_VER) || defined(__BCPLUSPLUS__) + #define WORD64_AVAILABLE + #define W64LIT(x) x##ui64 + typedef unsigned __int64 word64; + #elif defined(__EMSCRIPTEN__) + #define WORD64_AVAILABLE + #define W64LIT(x) x##ull + typedef unsigned long long word64; + #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long word64; + #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long long word64; + #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long long word64; + #endif + +#if !defined(NO_64BIT) && defined(WORD64_AVAILABLE) && !defined(WC_16BIT_CPU) + /* These platforms have 64-bit CPU registers. */ + #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ + defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \ + defined(__aarch64__) || defined(__sparc64__) || \ + (defined(__riscv_xlen) && (__riscv_xlen == 64)) + typedef word64 wolfssl_word; + #define WC_64BIT_CPU + #elif (defined(sun) || defined(__sun)) && \ + (defined(LP64) || defined(_LP64)) + /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits + * and int uses 32 bits. When using Solaris Studio sparc and __sparc are + * available for 32 bit detection but __sparc64__ could be missed. This + * uses LP64 for checking 64 bit CPU arch. */ + typedef word64 wolfssl_word; + #define WC_64BIT_CPU + #else + typedef word32 wolfssl_word; + #ifdef WORD64_AVAILABLE + #define WOLFCRYPT_SLOW_WORD64 + #endif + #endif + +#elif defined(WC_16BIT_CPU) + #undef WORD64_AVAILABLE + typedef word16 wolfssl_word; + #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as + mp_digit, no 64 bit type so make mp_digit 16 bit */ + +#else + #undef WORD64_AVAILABLE + typedef word32 wolfssl_word; + #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as + mp_digit, no 64 bit type so make mp_digit 16 bit */ +#endif + + enum { + WOLFSSL_WORD_SIZE = sizeof(wolfssl_word), + WOLFSSL_BIT_SIZE = 8, + WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE + }; + + #define WOLFSSL_MAX_16BIT 0xffffU + + /* use inlining if compiler allows */ + #ifndef WC_INLINE + #ifndef NO_INLINE + #ifdef _MSC_VER + #define WC_INLINE __inline + #elif defined(__GNUC__) + #ifdef WOLFSSL_VXWORKS + #define WC_INLINE __inline__ + #else + #define WC_INLINE inline + #endif + #elif defined(__IAR_SYSTEMS_ICC__) + #define WC_INLINE inline + #elif defined(THREADX) + #define WC_INLINE _Inline + #elif defined(__ghc__) + #ifndef __cplusplus + #define WC_INLINE __inline + #else + #define WC_INLINE inline + #endif + #else + #define WC_INLINE + #endif + #else + #define WC_INLINE + #endif + #endif + + #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) + #define INLINE WC_INLINE + #endif + + + /* set up rotate style */ + #if (defined(_MSC_VER) || defined(__BCPLUSPLUS__)) && \ + !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS) + #define INTEL_INTRINSICS + #define FAST_ROTATE + #elif defined(__MWERKS__) && TARGET_CPU_PPC + #define PPC_INTRINSICS + #define FAST_ROTATE + #elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) + /* GCC does peephole optimizations which should result in using rotate + instructions */ + #define FAST_ROTATE + #endif + + + /* set up thread local storage if available */ + #ifdef HAVE_THREAD_LS + #if defined(_MSC_VER) + #define THREAD_LS_T __declspec(thread) + /* Thread local storage only in FreeRTOS v8.2.1 and higher */ + #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \ + defined(WOLFSSL_ZEPHYR) + #define THREAD_LS_T + #else + #define THREAD_LS_T __thread + #endif + #else + #define THREAD_LS_T + #endif + + /* GCC 7 has new switch() fall-through detection */ + /* default to FALL_THROUGH stub */ + #ifndef FALL_THROUGH + #define FALL_THROUGH + + #if defined(__GNUC__) + #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1))) + #undef FALL_THROUGH + #define FALL_THROUGH __attribute__ ((fallthrough)); + #endif + #endif + #endif /* FALL_THROUGH */ + + /* Micrium will use Visual Studio for compilation but not the Win32 API */ + #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ + !defined(FREERTOS_TCP) && !defined(EBSNET) && \ + !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) + #define USE_WINDOWS_API + #endif + + + /* idea to add global alloc override by Moises Guimaraes */ + /* default to libc stuff */ + /* XREALLOC is used once in normal math lib, not in fast math lib */ + /* XFREE on some embedded systems doesn't like free(0) so test */ + #if defined(HAVE_IO_POOL) + WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); + WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); + WOLFSSL_API void XFREE(void *p, void* heap, int type); + #elif (defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA)) || \ + defined(HAVE_INTEL_QA_SYNC) + #ifndef HAVE_INTEL_QA_SYNC + #include + #else + #include + #endif + #undef USE_WOLFSSL_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t), __func__, __LINE__) + #define XFREE(p, h, t) IntelQaFree((p), (h), (t), __func__, __LINE__) + #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__) + #else + #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t)) + #define XFREE(p, h, t) IntelQaFree((p), (h), (t)) + #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t)) + #endif /* WOLFSSL_DEBUG_MEMORY */ + #elif defined(XMALLOC_USER) + /* prototypes for user heap override functions */ + #include /* for size_t */ + extern void *XMALLOC(size_t n, void* heap, int type); + extern void *XREALLOC(void *p, size_t n, void* heap, int type); + extern void XFREE(void *p, void* heap, int type); + #elif defined(WOLFSSL_MEMORY_LOG) + #define XMALLOC(n, h, t) xmalloc(n, h, t, __func__, __FILE__, __LINE__) + #define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __func__, __FILE__, __LINE__) + #define XFREE(p, h, t) xfree(p, h, t, __func__, __FILE__, __LINE__) + + /* prototypes for user heap override functions */ + #include /* for size_t */ + #include + WOLFSSL_API void *xmalloc(size_t n, void* heap, int type, + const char* func, const char* file, unsigned int line); + WOLFSSL_API void *xrealloc(void *p, size_t n, void* heap, int type, + const char* func, const char* file, unsigned int line); + WOLFSSL_API void xfree(void *p, void* heap, int type, const char* func, + const char* file, unsigned int line); + #elif defined(XMALLOC_OVERRIDE) + /* override the XMALLOC, XFREE and XREALLOC macros */ + #elif defined(WOLFSSL_TELIT_M2MB) + /* Telit M2MB SDK requires use m2mb_os API's, not std malloc/free */ + /* Use of malloc/free will cause CPU reboot */ + #define XMALLOC(s, h, t) ((void)h, (void)t, m2mb_os_malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) m2mb_os_free((xp));} + #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) + + #elif defined(NO_WOLFSSL_MEMORY) + #ifdef WOLFSSL_NO_MALLOC + /* this platform does not support heap use */ + #ifdef WOLFSSL_MALLOC_CHECK + #include + static inline void* malloc_check(size_t sz) { + printf("wolfSSL_malloc failed"); + return NULL; + }; + #define XMALLOC(s, h, t) malloc_check((s)) + #define XFREE(p, h, t) + #define XREALLOC(p, n, h, t) (NULL) + #else + #define XMALLOC(s, h, t) (NULL) + #define XFREE(p, h, t) + #define XREALLOC(p, n, h, t) (NULL) + #endif + #else + /* just use plain C stdlib stuff if desired */ + #include + #define XMALLOC(s, h, t) malloc((s)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #define XREALLOC(p, n, h, t) realloc((p), (n)) + #endif + #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ + && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ + && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ + && !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4) + /* default C runtime, can install different routines at runtime via cbs */ + #include + #ifdef WOLFSSL_STATIC_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) + #else + #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) + #endif /* WOLFSSL_DEBUG_MEMORY */ + #elif !defined(FREERTOS) && !defined(FREERTOS_TCP) + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) + #else + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + #endif /* WOLFSSL_DEBUG_MEMORY */ + #endif /* WOLFSSL_STATIC_MEMORY */ + #endif + + /* declare/free variable handling for async */ + #ifdef WOLFSSL_ASYNC_CRYPT + #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ + VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); + #define DECLARE_VAR_INIT(VAR_NAME, VAR_TYPE, VAR_SIZE, INIT_VALUE, HEAP) \ + VAR_TYPE* VAR_NAME = ({ \ + VAR_TYPE* ptr = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \ + if (ptr && INIT_VALUE) { \ + XMEMCPY(ptr, INIT_VALUE, sizeof(VAR_TYPE) * VAR_SIZE); \ + } \ + ptr; \ + }) + #define DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + VAR_TYPE* VAR_NAME[VAR_ITEMS]; \ + int idx##VAR_NAME; \ + for (idx##VAR_NAME=0; idx##VAR_NAME + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + + #define XSTRLEN(s1) strlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + /* strstr, strncmp, and strncat only used by wolfSSL proper, + * not required for wolfCrypt only */ + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + + #ifdef USE_WOLF_STRSEP + #define XSTRSEP(s1,d) wc_strsep((s1),(d)) + #else + #define XSTRSEP(s1,d) strsep((s1),(d)) + #endif + + #ifndef XSTRNCASECMP + #if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \ + defined(WOLFSSL_ZEPHYR) + /* XC32 does not support strncasecmp, so use case sensitive one */ + #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) + #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) + #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) + #else + #if defined(HAVE_STRINGS_H) && defined(WOLF_C99) && \ + !defined(WOLFSSL_SGX) + #include + #endif + #if defined(WOLFSSL_DEOS) + #define XSTRNCASECMP(s1,s2,n) strnicmp((s1),(s2),(n)) + #else + #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) + #endif + #endif + #endif /* !XSTRNCASECMP */ + + /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when + debugging is turned on */ + #ifndef USE_WINDOWS_API + #ifndef XSNPRINTF + #if defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_PKCS7)) && !defined(NO_STDIO_FILESYSTEM) + /* case where stdio is not included else where but is needed + for snprintf */ + #include + #endif + #define XSNPRINTF snprintf + #endif + #else + #if defined(_MSC_VER) || defined(__CYGWIN__) || defined(__MINGW32__) + #if defined(_MSC_VER) && (_MSC_VER >= 1900) + /* Beginning with the UCRT in Visual Studio 2015 and + Windows 10, snprintf is no longer identical to + _snprintf. The snprintf function behavior is now + C99 standard compliant. */ + #define XSNPRINTF snprintf + #else + /* 4996 warning to use MS extensions e.g., _sprintf_s + instead of _snprintf */ + #pragma warning(disable: 4996) + static WC_INLINE + int xsnprintf(char *buffer, size_t bufsize, + const char *format, ...) { + va_list ap; + int ret; + + if ((int)bufsize <= 0) return -1; + va_start(ap, format); + ret = vsnprintf(buffer, bufsize, format, ap); + if (ret >= (int)bufsize) + ret = -1; + va_end(ap); + return ret; + } + #define XSNPRINTF xsnprintf + #endif /* (_MSC_VER >= 1900) */ + #endif /* _MSC_VER || __CYGWIN__ || __MINGW32__ */ + #endif /* USE_WINDOWS_API */ + + #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN) + /* use only Thread Safe version of strtok */ + #if defined(USE_WOLF_STRTOK) + #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) + #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS) + #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr)) + #else + #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr)) + #endif + #endif + + #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_OCSP) || \ + defined(HAVE_CRL_IO) || defined(HAVE_HTTP_CLIENT) || \ + !defined(NO_CRYPT_BENCHMARK) + + #ifndef XATOI /* if custom XATOI is not already defined */ + #include + #define XATOI(s) atoi((s)) + #endif + #endif + #endif + + #ifdef USE_WOLF_STRTOK + WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp); + #endif + #ifdef USE_WOLF_STRSEP + WOLFSSL_API char* wc_strsep(char **stringp, const char *delim); + #endif + + #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + !defined(NO_STDIO_FILESYSTEM) + #ifndef XGETENV + #include + #define XGETENV getenv + #endif + #endif /* OPENSSL_EXTRA */ + + #ifndef CTYPE_USER + #include + #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ + defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) + #define XTOUPPER(c) toupper((c)) + #define XISALPHA(c) isalpha((c)) + #endif + /* needed by wolfSSL_check_domain_name() */ + #define XTOLOWER(c) tolower((c)) + #endif + + + /* memory allocation types for user hints */ + enum { + DYNAMIC_TYPE_CA = 1, + DYNAMIC_TYPE_CERT = 2, + DYNAMIC_TYPE_KEY = 3, + DYNAMIC_TYPE_FILE = 4, + DYNAMIC_TYPE_SUBJECT_CN = 5, + DYNAMIC_TYPE_PUBLIC_KEY = 6, + DYNAMIC_TYPE_SIGNER = 7, + DYNAMIC_TYPE_NONE = 8, + DYNAMIC_TYPE_BIGINT = 9, + DYNAMIC_TYPE_RSA = 10, + DYNAMIC_TYPE_METHOD = 11, + DYNAMIC_TYPE_OUT_BUFFER = 12, + DYNAMIC_TYPE_IN_BUFFER = 13, + DYNAMIC_TYPE_INFO = 14, + DYNAMIC_TYPE_DH = 15, + DYNAMIC_TYPE_DOMAIN = 16, + DYNAMIC_TYPE_SSL = 17, + DYNAMIC_TYPE_CTX = 18, + DYNAMIC_TYPE_WRITEV = 19, + DYNAMIC_TYPE_OPENSSL = 20, + DYNAMIC_TYPE_DSA = 21, + DYNAMIC_TYPE_CRL = 22, + DYNAMIC_TYPE_REVOKED = 23, + DYNAMIC_TYPE_CRL_ENTRY = 24, + DYNAMIC_TYPE_CERT_MANAGER = 25, + DYNAMIC_TYPE_CRL_MONITOR = 26, + DYNAMIC_TYPE_OCSP_STATUS = 27, + DYNAMIC_TYPE_OCSP_ENTRY = 28, + DYNAMIC_TYPE_ALTNAME = 29, + DYNAMIC_TYPE_SUITES = 30, + DYNAMIC_TYPE_CIPHER = 31, + DYNAMIC_TYPE_RNG = 32, + DYNAMIC_TYPE_ARRAYS = 33, + DYNAMIC_TYPE_DTLS_POOL = 34, + DYNAMIC_TYPE_SOCKADDR = 35, + DYNAMIC_TYPE_LIBZ = 36, + DYNAMIC_TYPE_ECC = 37, + DYNAMIC_TYPE_TMP_BUFFER = 38, + DYNAMIC_TYPE_DTLS_MSG = 39, + DYNAMIC_TYPE_X509 = 40, + DYNAMIC_TYPE_TLSX = 41, + DYNAMIC_TYPE_OCSP = 42, + DYNAMIC_TYPE_SIGNATURE = 43, + DYNAMIC_TYPE_HASHES = 44, + DYNAMIC_TYPE_SRP = 45, + DYNAMIC_TYPE_COOKIE_PWD = 46, + DYNAMIC_TYPE_USER_CRYPTO = 47, + DYNAMIC_TYPE_OCSP_REQUEST = 48, + DYNAMIC_TYPE_X509_EXT = 49, + DYNAMIC_TYPE_X509_STORE = 50, + DYNAMIC_TYPE_X509_CTX = 51, + DYNAMIC_TYPE_URL = 52, + DYNAMIC_TYPE_DTLS_FRAG = 53, + DYNAMIC_TYPE_DTLS_BUFFER = 54, + DYNAMIC_TYPE_SESSION_TICK = 55, + DYNAMIC_TYPE_PKCS = 56, + DYNAMIC_TYPE_MUTEX = 57, + DYNAMIC_TYPE_PKCS7 = 58, + DYNAMIC_TYPE_AES_BUFFER = 59, + DYNAMIC_TYPE_WOLF_BIGINT = 60, + DYNAMIC_TYPE_ASN1 = 61, + DYNAMIC_TYPE_LOG = 62, + DYNAMIC_TYPE_WRITEDUP = 63, + DYNAMIC_TYPE_PRIVATE_KEY = 64, + DYNAMIC_TYPE_HMAC = 65, + DYNAMIC_TYPE_ASYNC = 66, + DYNAMIC_TYPE_ASYNC_NUMA = 67, + DYNAMIC_TYPE_ASYNC_NUMA64 = 68, + DYNAMIC_TYPE_CURVE25519 = 69, + DYNAMIC_TYPE_ED25519 = 70, + DYNAMIC_TYPE_SECRET = 71, + DYNAMIC_TYPE_DIGEST = 72, + DYNAMIC_TYPE_RSA_BUFFER = 73, + DYNAMIC_TYPE_DCERT = 74, + DYNAMIC_TYPE_STRING = 75, + DYNAMIC_TYPE_PEM = 76, + DYNAMIC_TYPE_DER = 77, + DYNAMIC_TYPE_CERT_EXT = 78, + DYNAMIC_TYPE_ALPN = 79, + DYNAMIC_TYPE_ENCRYPTEDINFO= 80, + DYNAMIC_TYPE_DIRCTX = 81, + DYNAMIC_TYPE_HASHCTX = 82, + DYNAMIC_TYPE_SEED = 83, + DYNAMIC_TYPE_SYMMETRIC_KEY= 84, + DYNAMIC_TYPE_ECC_BUFFER = 85, + DYNAMIC_TYPE_QSH = 86, + DYNAMIC_TYPE_SALT = 87, + DYNAMIC_TYPE_HASH_TMP = 88, + DYNAMIC_TYPE_BLOB = 89, + DYNAMIC_TYPE_NAME_ENTRY = 90, + DYNAMIC_TYPE_SNIFFER_SERVER = 1000, + DYNAMIC_TYPE_SNIFFER_SESSION = 1001, + DYNAMIC_TYPE_SNIFFER_PB = 1002, + DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, + DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, + DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, + }; + + /* max error buffer string size */ + #ifndef WOLFSSL_MAX_ERROR_SZ + #define WOLFSSL_MAX_ERROR_SZ 80 + #endif + + /* stack protection */ + enum { + MIN_STACK_BUFFER = 8 + }; + + + /* Algorithm Types */ + enum wc_AlgoType { + WC_ALGO_TYPE_NONE = 0, + WC_ALGO_TYPE_HASH = 1, + WC_ALGO_TYPE_CIPHER = 2, + WC_ALGO_TYPE_PK = 3, + WC_ALGO_TYPE_RNG = 4, + WC_ALGO_TYPE_SEED = 5, + WC_ALGO_TYPE_HMAC = 6, + + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_HMAC + }; + + /* hash types */ + enum wc_HashType { + #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) + /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types. + * Values here are based on old selftest hmac.h enum, with additions. + * These values are fixed for backwards FIPS compatibility */ + WC_HASH_TYPE_NONE = 15, + WC_HASH_TYPE_MD2 = 16, + WC_HASH_TYPE_MD4 = 17, + WC_HASH_TYPE_MD5 = 0, + WC_HASH_TYPE_SHA = 1, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 8, + WC_HASH_TYPE_SHA256 = 2, + WC_HASH_TYPE_SHA384 = 5, + WC_HASH_TYPE_SHA512 = 4, + WC_HASH_TYPE_MD5_SHA = 18, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + WC_HASH_TYPE_BLAKE2S = 19, + + WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S + #else + WC_HASH_TYPE_NONE = 0, + WC_HASH_TYPE_MD2 = 1, + WC_HASH_TYPE_MD4 = 2, + WC_HASH_TYPE_MD5 = 3, + WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 5, + WC_HASH_TYPE_SHA256 = 6, + WC_HASH_TYPE_SHA384 = 7, + WC_HASH_TYPE_SHA512 = 8, + WC_HASH_TYPE_MD5_SHA = 9, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + WC_HASH_TYPE_BLAKE2S = 15, + + WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S + #endif /* HAVE_SELFTEST */ + }; + + /* cipher types */ + enum wc_CipherType { + WC_CIPHER_NONE = 0, + WC_CIPHER_AES = 1, + WC_CIPHER_AES_CBC = 2, + WC_CIPHER_AES_GCM = 3, + WC_CIPHER_AES_CTR = 4, + WC_CIPHER_AES_XTS = 5, + WC_CIPHER_AES_CFB = 6, + WC_CIPHER_DES3 = 7, + WC_CIPHER_DES = 8, + WC_CIPHER_CHACHA = 9, + WC_CIPHER_HC128 = 10, + WC_CIPHER_IDEA = 11, + + WC_CIPHER_MAX = WC_CIPHER_HC128 + }; + + /* PK=public key (asymmetric) based algorithms */ + enum wc_PkType { + WC_PK_TYPE_NONE = 0, + WC_PK_TYPE_RSA = 1, + WC_PK_TYPE_DH = 2, + WC_PK_TYPE_ECDH = 3, + WC_PK_TYPE_ECDSA_SIGN = 4, + WC_PK_TYPE_ECDSA_VERIFY = 5, + WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_CURVE25519 = 7, + WC_PK_TYPE_RSA_KEYGEN = 8, + WC_PK_TYPE_EC_KEYGEN = 9, + + WC_PK_TYPE_MAX = WC_PK_TYPE_EC_KEYGEN + }; + + + /* settings detection for compile vs runtime math incompatibilities */ + enum { + #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + CTC_SETTINGS = 0x0 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) + CTC_SETTINGS = 0x1 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) + CTC_SETTINGS = 0x2 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) + CTC_SETTINGS = 0x4 + #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + CTC_SETTINGS = 0x8 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) + CTC_SETTINGS = 0x10 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) + CTC_SETTINGS = 0x20 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) + CTC_SETTINGS = 0x40 + #else + #error "bad math long / long long settings" + #endif + }; + + + WOLFSSL_API word32 CheckRunTimeSettings(void); + + /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long + types need to match at compile time and run time, CheckCtcSettings will + return 1 if a match otherwise 0 */ + #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings()) + + /* invalid device id */ + #define INVALID_DEVID -2 + + + /* AESNI requires alignment and ARMASM gains some performance from it + * Xilinx RSA operations require alignment */ + #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ + defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) + #if !defined(ALIGN16) + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define ALIGN16 __attribute__ ( (aligned (16))) + #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) + #define ALIGN16 __declspec (align (16)) + #else + #define ALIGN16 + #endif + #endif /* !ALIGN16 */ + + #if !defined (ALIGN32) + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define ALIGN32 __attribute__ ( (aligned (32))) + #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) + #define ALIGN32 __declspec (align (32)) + #else + #define ALIGN32 + #endif + #endif /* !ALIGN32 */ + + #if !defined(ALIGN64) + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define ALIGN64 __attribute__ ( (aligned (64))) + #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) + #define ALIGN64 __declspec (align (64)) + #else + #define ALIGN64 + #endif + #endif /* !ALIGN64 */ + + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define ALIGN128 __attribute__ ( (aligned (128))) + #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) + #define ALIGN128 __declspec (align (128)) + #else + #define ALIGN128 + #endif + + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define ALIGN256 __attribute__ ( (aligned (256))) + #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) + #define ALIGN256 __declspec (align (256)) + #else + #define ALIGN256 + #endif + + #else + #ifndef ALIGN16 + #define ALIGN16 + #endif + /*#ifndef ALIGN32 + #define ALIGN32 + #endif*/ + #ifndef ALIGN64 + #define ALIGN64 + #endif + #ifndef ALIGN128 + #define ALIGN128 + #endif + #ifndef ALIGN256 + #define ALIGN256 + #endif + #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM */ + + + #ifndef TRUE + #define TRUE 1 + #endif + #ifndef FALSE + #define FALSE 0 + #endif + + + #if defined(HAVE_STACK_SIZE) + #define EXIT_TEST(ret) return (void*)((size_t)(ret)) + #else + #define EXIT_TEST(ret) return ret + #endif + + + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define WOLFSSL_PACK __attribute__ ((packed)) + #else + #define WOLFSSL_PACK + #endif + + #ifndef __GNUC_PREREQ + #if defined(__GNUC__) && defined(__GNUC_MINOR__) + #define __GNUC_PREREQ(maj, min) \ + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) + #else + #define __GNUC_PREREQ(maj, min) (0) /* not GNUC */ + #endif + #endif + + #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define WC_NORETURN __attribute__((noreturn)) + #else + #define WC_NORETURN + #endif + + #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) || \ + defined(WOLFSSL_PUBLIC_MP) || defined(OPENSSL_EXTRA) || \ + (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) + #undef WC_MP_TO_RADIX + #define WC_MP_TO_RADIX + #endif + + #ifdef __cplusplus + } /* extern "C" */ + #endif + +#endif /* WOLF_CRYPT_TYPES_H */ diff --git a/source/libwolfssl/wolfcrypt/visibility.h b/source/libwolfssl/wolfcrypt/visibility.h new file mode 100644 index 00000000..07ba2f1b --- /dev/null +++ b/source/libwolfssl/wolfcrypt/visibility.h @@ -0,0 +1,79 @@ +/* visibility.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* Visibility control macros */ + +#ifndef WOLF_CRYPT_VISIBILITY_H +#define WOLF_CRYPT_VISIBILITY_H + + +/* for compatibility and so that fips is using same name of macro @wc_fips */ +/* The following visibility wrappers are for old FIPS. New FIPS should use + * the same as a non-FIPS build. */ +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + #include + #define WOLFSSL_API CYASSL_API + #define WOLFSSL_LOCAL CYASSL_LOCAL +#else + +/* WOLFSSL_API is used for the public API symbols. + It either imports or exports (or does nothing for static builds) + + WOLFSSL_LOCAL is used for non-API symbols (private). +*/ + +#if defined(BUILDING_WOLFSSL) + #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) + #if defined(WOLFSSL_DLL) + #define WOLFSSL_API __declspec(dllexport) + #else + #define WOLFSSL_API + #endif + #define WOLFSSL_LOCAL + #elif defined(HAVE_VISIBILITY) && HAVE_VISIBILITY + #define WOLFSSL_API __attribute__ ((visibility("default"))) + #define WOLFSSL_LOCAL __attribute__ ((visibility("hidden"))) + #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550) + #define WOLFSSL_API __global + #define WOLFSSL_LOCAL __hidden + #else + #define WOLFSSL_API + #define WOLFSSL_LOCAL + #endif /* HAVE_VISIBILITY */ +#else /* BUILDING_WOLFSSL */ + #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) + #if defined(WOLFSSL_DLL) + #define WOLFSSL_API __declspec(dllimport) + #else + #define WOLFSSL_API + #endif + #define WOLFSSL_LOCAL + #else + #define WOLFSSL_API + #define WOLFSSL_LOCAL + #endif +#endif /* BUILDING_WOLFSSL */ + +#endif /* HAVE_FIPS */ +#endif /* WOLF_CRYPT_VISIBILITY_H */ + diff --git a/source/libwolfssl/wolfcrypt/wc_encrypt.h b/source/libwolfssl/wolfcrypt/wc_encrypt.h new file mode 100644 index 00000000..8da7add0 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/wc_encrypt.h @@ -0,0 +1,101 @@ +/* wc_encrypt.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/wc_encrypt.h +*/ + + +#ifndef WOLF_CRYPT_ENCRYPT_H +#define WOLF_CRYPT_ENCRYPT_H + +#include +#include +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* determine max cipher key size */ +#ifndef NO_AES + #define WC_MAX_SYM_KEY_SIZE (AES_MAX_KEY_SIZE/8) +#elif defined(HAVE_CHACHA) + #define WC_MAX_SYM_KEY_SIZE CHACHA_MAX_KEY_SZ +#elif !defined(NO_DES3) + #define WC_MAX_SYM_KEY_SIZE DES3_KEY_SIZE +#elif !defined(NO_RC4) + #define WC_MAX_SYM_KEY_SIZE RC4_KEY_SIZE +#else + #define WC_MAX_SYM_KEY_SIZE 32 +#endif + + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) +WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, + const byte* iv); +WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, + const byte* iv); +#endif /* !NO_AES */ + + +#ifndef NO_DES3 +WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +#endif /* !NO_DES3 */ + + + + +#ifdef WOLFSSL_ENCRYPTED_KEYS + struct EncryptedInfo; + WOLFSSL_API int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der, word32 derSz, + const byte* password, int passwordSz, int hashType); + WOLFSSL_API int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der, word32 derSz, + const byte* password, int passwordSz, int hashType); +#endif /* WOLFSSL_ENCRYPTED_KEYS */ + +#ifndef NO_PWDBASED + WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz, + byte* salt, int saltSz, int iterations, int id, byte* input, int length, + int version, byte* cbcIv, int enc); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_ENCRYPT_H */ + diff --git a/source/libwolfssl/wolfcrypt/wc_pkcs11.h b/source/libwolfssl/wolfcrypt/wc_pkcs11.h new file mode 100644 index 00000000..cdb48178 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/wc_pkcs11.h @@ -0,0 +1,94 @@ +/* wc_pkcs11.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLFPKCS11_H_ +#define _WOLFPKCS11_H_ + +#include + +#ifdef HAVE_PKCS11 + +#ifndef WOLF_CRYPTO_CB + #error PKCS11 support requires ./configure --enable-cryptocb or WOLF_CRYPTO_CB to be defined +#endif + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct Pkcs11Dev { + void* dlHandle; /* Handle to library */ + CK_FUNCTION_LIST* func; /* Array of functions */ + void* heap; +} Pkcs11Dev; + +typedef struct Pkcs11Token { + CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */ + CK_SLOT_ID slotId; /* Id of slot to use */ + CK_SESSION_HANDLE handle; /* Handle to active session */ + CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */ + CK_ULONG userPinSz; /* Size of user's PIN in bytes */ +} Pkcs11Token; + +typedef struct Pkcs11Session { + CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */ + CK_SLOT_ID slotId; /* Id of slot to use */ + CK_SESSION_HANDLE handle; /* Handle to active session */ +} Pkcs11Session; + +/* Types of keys that can be stored. */ +enum Pkcs11KeyType { + PKCS11_KEY_TYPE_AES_GCM, + PKCS11_KEY_TYPE_AES_CBC, + PKCS11_KEY_TYPE_HMAC, + PKCS11_KEY_TYPE_RSA, + PKCS11_KEY_TYPE_EC, +}; + + +WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, + void* heap); +WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev); + +WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, + int slotId, const char* tokenName, const unsigned char *userPin, + int userPinSz); +WOLFSSL_API void wc_Pkcs11Token_Final(Pkcs11Token* token); +WOLFSSL_API int wc_Pkcs11Token_Open(Pkcs11Token* token, int readWrite); +WOLFSSL_API void wc_Pkcs11Token_Close(Pkcs11Token* token); + +WOLFSSL_API int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, + void* key); + +WOLFSSL_API int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, + void* ctx); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_PKCS11 */ + +#endif /* _WOLFPKCS11_H_ */ diff --git a/source/libwolfssl/wolfcrypt/wc_port.h b/source/libwolfssl/wolfcrypt/wc_port.h new file mode 100644 index 00000000..39cbfbc9 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/wc_port.h @@ -0,0 +1,739 @@ +/* wc_port.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/wc_port.h +*/ + +#ifndef WOLF_CRYPT_PORT_H +#define WOLF_CRYPT_PORT_H + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* Detect if compiler supports C99. "NO_WOLF_C99" can be defined in + * user_settings.h to disable checking for C99 support. */ +#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && \ + !defined(WOLFSSL_ARDUINO) && !defined(NO_WOLF_C99) + #if __STDC_VERSION__ >= 199901L + #define WOLF_C99 + #endif +#endif + +#ifdef USE_WINDOWS_API + #ifdef WOLFSSL_GAME_BUILD + #include "system/xtl.h" + #else + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #ifndef WOLFSSL_SGX + #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) + /* On WinCE winsock2.h must be included before windows.h */ + #include + #endif + #include + #endif /* WOLFSSL_SGX */ + #endif +#elif defined(THREADX) + #ifndef SINGLE_THREADED + #ifdef NEED_THREADX_TYPES + #include + #endif + #include + #endif +#elif defined(WOLFSSL_DEOS) + #include "mutexapi.h" +#elif defined(MICRIUM) + /* do nothing, just don't pick Unix */ +#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) + /* do nothing */ +#elif defined(EBSNET) + /* do nothing */ +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + /* do nothing */ +#elif defined(FREESCALE_FREE_RTOS) + #include "fsl_os_abstraction.h" +#elif defined(WOLFSSL_VXWORKS) + #include +#elif defined(WOLFSSL_uITRON4) + #include "stddef.h" + #include "kernel.h" +#elif defined(WOLFSSL_uTKERNEL2) + #include "tk/tkernel.h" +#elif defined(WOLFSSL_CMSIS_RTOS) + #include "cmsis_os.h" +#elif defined(WOLFSSL_CMSIS_RTOSv2) + #include "cmsis_os2.h" +#elif defined(WOLFSSL_MDK_ARM) + #if defined(WOLFSSL_MDK5) + #include "cmsis_os.h" + #else + #include + #endif +#elif defined(WOLFSSL_CMSIS_RTOS) + #include "cmsis_os.h" +#elif defined(WOLFSSL_TIRTOS) + #include + #include +#elif defined(WOLFSSL_FROSTED) + #include +#elif defined(INTIME_RTOS) + #include + #include +#elif defined(WOLFSSL_NUCLEUS_1_2) + /* NU_DEBUG needed struct access in nucleus_realloc */ + #define NU_DEBUG + #include "plus/nucleus.h" + #include "nucleus.h" +#elif defined(WOLFSSL_APACHE_MYNEWT) + /* do nothing */ +#elif defined(WOLFSSL_ZEPHYR) + #ifndef SINGLE_THREADED + #include + #endif +#elif defined(WOLFSSL_TELIT_M2MB) + + /* Telit SDK uses C++ compile option (--cpp), which causes link issue + to API's if wrapped in extern "C" */ + #ifdef __cplusplus + } /* extern "C" */ + #endif + + #include "m2mb_types.h" + #include "m2mb_os_types.h" + #include "m2mb_os_api.h" + #include "m2mb_os.h" + #include "m2mb_os_mtx.h" + #ifndef NO_ASN_TIME + #include "m2mb_rtc.h" + #endif + #ifndef NO_FILESYSTEM + #include "m2mb_fs_posix.h" + #endif + + #undef kB /* eliminate conflict in asn.h */ + + #ifdef __cplusplus + extern "C" { + #endif + +#else + #ifndef SINGLE_THREADED + #define WOLFSSL_PTHREADS + #include + #endif + #if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \ + !defined(NO_FILESYSTEM) + #include /* for close of BIO */ + #endif +#endif + +/* For FIPS keep the function names the same */ +#ifdef HAVE_FIPS +#define wc_InitMutex InitMutex +#define wc_FreeMutex FreeMutex +#define wc_LockMutex LockMutex +#define wc_UnLockMutex UnLockMutex +#endif /* HAVE_FIPS */ + +#ifdef SINGLE_THREADED + typedef int wolfSSL_Mutex; +#else /* MULTI_THREADED */ + /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */ + #if defined(FREERTOS) + typedef xSemaphoreHandle wolfSSL_Mutex; + #elif defined(FREERTOS_TCP) + #include "FreeRTOS.h" + #include "semphr.h" + typedef SemaphoreHandle_t wolfSSL_Mutex; + #elif defined(WOLFSSL_SAFERTOS) + typedef struct wolfSSL_Mutex { + signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES]; + xSemaphoreHandle mutex; + } wolfSSL_Mutex; + #elif defined(USE_WINDOWS_API) + typedef CRITICAL_SECTION wolfSSL_Mutex; + #elif defined(WOLFSSL_PTHREADS) + typedef u32 wolfSSL_Mutex; /* pthread_mutex_t = mutex_t = u32 */ + #elif defined(THREADX) + typedef TX_MUTEX wolfSSL_Mutex; + #elif defined(WOLFSSL_DEOS) + typedef mutex_handle_t wolfSSL_Mutex; + #elif defined(MICRIUM) + typedef OS_MUTEX wolfSSL_Mutex; + #elif defined(EBSNET) + typedef RTP_MUTEX wolfSSL_Mutex; + #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + typedef MUTEX_STRUCT wolfSSL_Mutex; + #elif defined(FREESCALE_FREE_RTOS) + typedef mutex_t wolfSSL_Mutex; + #elif defined(WOLFSSL_VXWORKS) + typedef SEM_ID wolfSSL_Mutex; + #elif defined(WOLFSSL_uITRON4) + typedef struct wolfSSL_Mutex { + T_CSEM sem ; + ID id ; + } wolfSSL_Mutex; + #elif defined(WOLFSSL_uTKERNEL2) + typedef struct wolfSSL_Mutex { + T_CSEM sem ; + ID id ; + } wolfSSL_Mutex; + #elif defined(WOLFSSL_MDK_ARM) + #if defined(WOLFSSL_CMSIS_RTOS) + typedef osMutexId wolfSSL_Mutex; + #else + typedef OS_MUT wolfSSL_Mutex; + #endif + #elif defined(WOLFSSL_CMSIS_RTOS) + typedef osMutexId wolfSSL_Mutex; + #elif defined(WOLFSSL_CMSIS_RTOSv2) + typedef osMutexId_t wolfSSL_Mutex; + #elif defined(WOLFSSL_TIRTOS) + typedef ti_sysbios_knl_Semaphore_Handle wolfSSL_Mutex; + #elif defined(WOLFSSL_FROSTED) + typedef mutex_t * wolfSSL_Mutex; + #elif defined(INTIME_RTOS) + typedef RTHANDLE wolfSSL_Mutex; + #elif defined(WOLFSSL_NUCLEUS_1_2) + typedef NU_SEMAPHORE wolfSSL_Mutex; + #elif defined(WOLFSSL_ZEPHYR) + typedef struct k_mutex wolfSSL_Mutex; + #elif defined(WOLFSSL_TELIT_M2MB) + typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex; + #else + #error Need a mutex type in multithreaded mode + #endif /* USE_WINDOWS_API */ +#endif /* SINGLE_THREADED */ + +/* Enable crypt HW mutex for Freescale MMCAU or PIC32MZ */ +#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) + #ifndef WOLFSSL_CRYPT_HW_MUTEX + #define WOLFSSL_CRYPT_HW_MUTEX 1 + #endif +#endif /* FREESCALE_MMCAU */ + +#ifndef WOLFSSL_CRYPT_HW_MUTEX + #define WOLFSSL_CRYPT_HW_MUTEX 0 +#endif + +#if WOLFSSL_CRYPT_HW_MUTEX + /* wolfSSL_CryptHwMutexInit is called on first wolfSSL_CryptHwMutexLock, + however it's recommended to call this directly on Hw init to avoid possible + race condition where two calls to wolfSSL_CryptHwMutexLock are made at + the same time. */ + int wolfSSL_CryptHwMutexInit(void); + int wolfSSL_CryptHwMutexLock(void); + int wolfSSL_CryptHwMutexUnLock(void); +#else + /* Define stubs, since HW mutex is disabled */ + #define wolfSSL_CryptHwMutexInit() 0 /* Success */ + #define wolfSSL_CryptHwMutexLock() 0 /* Success */ + #define wolfSSL_CryptHwMutexUnLock() (void)0 /* Success */ +#endif /* WOLFSSL_CRYPT_HW_MUTEX */ + +/* Mutex functions */ +WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex*); +WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void); +WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex*); +WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex*); +WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex*); +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) +/* dynamically set which mutex to use. unlock / lock is controlled by flag */ +typedef void (mutex_cb)(int flag, int type, const char* file, int line); + +WOLFSSL_API int wc_LockMutex_ex(int flag, int type, const char* file, int line); +WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb); +#endif + +/* main crypto initialization function */ +WOLFSSL_API int wolfCrypt_Init(void); +WOLFSSL_API int wolfCrypt_Cleanup(void); + +/* filesystem abstraction layer, used by ssl.c */ +#ifndef NO_FILESYSTEM + +#if defined(EBSNET) + #include "vfapi.h" + #include "vfile.h" + + #define XFILE int + #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0); + #define XFSEEK vf_lseek + #define XFTELL vf_tell + #define XREWIND vf_rewind + #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT) + #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT) + #define XFCLOSE vf_close + #define XSEEK_END VSEEK_END + #define XBADFILE -1 + #define XFGETS(b,s,f) -2 /* Not ported yet */ +#elif defined(LSR_FS) + #include + #define XFILE struct fs_file* + #define XFOPEN(NAME, MODE) fs_open((char*)NAME); + #define XFSEEK(F, O, W) (void)F + #define XFTELL(F) (F)->len + #define XREWIND(F) (void)F + #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT) + #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT) + #define XFCLOSE fs_close + #define XSEEK_END 0 + #define XBADFILE NULL + #define XFGETS(b,s,f) -2 /* Not ported yet */ +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #define XFILE MQX_FILE_PTR + #define XFOPEN fopen + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND(F) fseek(F, 0, IO_SEEK_SET) + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END IO_SEEK_END + #define XBADFILE NULL + #define XFGETS fgets +#elif defined(WOLFSSL_DEOS) + #define NO_FILESYSTEM + #warning "TODO - DDC-I Certifiable Fast File System for Deos is not integrated" + //#define XFILE bfd * + +#elif defined(MICRIUM) + #include + #define XFILE FS_FILE* + #define XFOPEN fs_fopen + #define XFSEEK fs_fseek + #define XFTELL fs_ftell + #define XREWIND fs_rewind + #define XFREAD fs_fread + #define XFWRITE fs_fwrite + #define XFCLOSE fs_fclose + #define XSEEK_END FS_SEEK_END + #define XBADFILE NULL + #define XFGETS(b,s,f) -2 /* Not ported yet */ +#elif defined(WOLFSSL_NUCLEUS_1_2) + #include "fal/inc/fal.h" + #define XFILE FILE* + #define XFOPEN fopen + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND rewind + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END PSEEK_END + #define XBADFILE NULL +#elif defined(WOLFSSL_APACHE_MYNEWT) + #include + #define XFILE struct fs_file* + + #define XFOPEN mynewt_fopen + #define XFSEEK mynewt_fseek + #define XFTELL mynewt_ftell + #define XREWIND mynewt_rewind + #define XFREAD mynewt_fread + #define XFWRITE mynewt_fwrite + #define XFCLOSE mynewt_fclose + #define XSEEK_END 2 + #define XBADFILE NULL + #define XFGETS(b,s,f) -2 /* Not ported yet */ +#elif defined(WOLFSSL_ZEPHYR) + #include + + #define XFILE struct fs_file_t* + #define STAT struct fs_dirent + + XFILE z_fs_open(const char* filename, const char* perm); + int z_fs_close(XFILE file); + + #define XFOPEN z_fs_open + #define XFCLOSE z_fs_close + #define XFSEEK fs_seek + #define XFTELL fs_tell + #define XFREWIND fs_rewind + #define XREWIND(F) fs_seek(F, 0, FS_SEEK_SET) + #define XFREAD(P,S,N,F) fs_read(F, P, S*N) + #define XFWRITE(P,S,N,F) fs_write(F, P, S*N) + #define XSEEK_END FS_SEEK_END + #define XBADFILE NULL + #define XFGETS(b,s,f) -2 /* Not ported yet */ + +#elif defined(WOLFSSL_TELIT_M2MB) + #define XFILE INT32 + #define XFOPEN(NAME, MODE) m2mb_fs_open((NAME), 0, (MODE)) + #define XFSEEK(F, O, W) m2mb_fs_lseek((F), (O), (W)) + #define XFTELL(F) m2mb_fs_lseek((F), 0, M2MB_SEEK_END) + #define XREWIND(F) (void)F + #define XFREAD(BUF, SZ, AMT, F) m2mb_fs_read((F), (BUF), (SZ)*(AMT)) + #define XFWRITE(BUF, SZ, AMT, F) m2mb_fs_write((F), (BUF), (SZ)*(AMT)) + #define XFCLOSE m2mb_fs_close + #define XSEEK_END M2MB_SEEK_END + #define XBADFILE -1 + #define XFGETS(b,s,f) -2 /* Not ported yet */ + +#elif defined(WOLFSSL_USER_FILESYSTEM) + /* To be defined in user_settings.h */ +#else + /* stdio, default case */ + #include + #define XFILE FILE* + #if defined(WOLFSSL_MDK_ARM) + extern FILE * wolfSSL_fopen(const char *name, const char *mode) ; + #define XFOPEN wolfSSL_fopen + #else + #define XFOPEN fopen + #endif + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND rewind + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END SEEK_END + #define XBADFILE NULL + #define XFGETS fgets + + #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) + #include + #include + #include + #endif +#endif + + #ifndef MAX_FILENAME_SZ + #define MAX_FILENAME_SZ 256 /* max file name length */ + #endif + #ifndef MAX_PATH + #define MAX_PATH 256 + #endif + +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \ + !defined(WOLFSSL_NUCLEUS_1_2) + typedef struct ReadDirCtx { + #ifdef USE_WINDOWS_API + WIN32_FIND_DATAA FindFileData; + HANDLE hFind; + #elif defined(WOLFSSL_ZEPHYR) + struct fs_dirent entry; + struct fs_dir_t dir; + struct fs_dirent s; + struct fs_dir_t* dirp; + + #elif defined(WOLFSSL_TELIT_M2MB) + M2MB_DIR_T* dir; + struct M2MB_DIRENT* entry; + struct M2MB_STAT s; + #else + struct dirent* entry; + DIR* dir; + struct stat s; + #endif + char name[MAX_FILENAME_SZ]; + } ReadDirCtx; + + #define WC_READDIR_NOFILE -1 + + WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name); + WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name); + WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx); +#endif /* !NO_WOLFSSL_DIR */ + +#endif /* !NO_FILESYSTEM */ + +/* Windows API defines its own min() macro. */ +#if defined(USE_WINDOWS_API) + #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE) + #define WOLFSSL_HAVE_MIN + #endif /* min */ + #if defined(max) || defined(WOLFSSL_MYSQL_COMPATIBLE) + #define WOLFSSL_HAVE_MAX + #endif /* max */ +#endif /* USE_WINDOWS_API */ + +/* Time functions */ +#ifndef NO_ASN_TIME +#if defined(USER_TIME) + /* Use our gmtime and time_t/struct tm types. + Only needs seconds since EPOCH using XTIME function. + time_t XTIME(time_t * timer) {} + */ + #define WOLFSSL_GMTIME + #ifndef HAVE_TM_TYPE + #define USE_WOLF_TM + #endif + #ifndef HAVE_TIME_T_TYPE + #define USE_WOLF_TIME_T + #endif + +#elif defined(TIME_OVERRIDES) + /* Override XTIME() and XGMTIME() functionality. + Requires user to provide these functions: + time_t XTIME(time_t * timer) {} + struct tm* XGMTIME(const time_t* timer, struct tm* tmp) {} + */ + #ifndef HAVE_TIME_T_TYPE + #define USE_WOLF_TIME_T + #endif + #ifndef HAVE_TM_TYPE + #define USE_WOLF_TM + #endif + #define NEED_TMP_TIME + +#elif defined(WOLFSSL_XILINX) && defined(FREERTOS) + #define USER_TIME + #include + +#elif defined(HAVE_RTP_SYS) + #include "os.h" /* dc_rtc_api needs */ + #include "dc_rtc_api.h" /* to get current time */ + + /* uses parital structures */ + #define XTIME(tl) (0) + #define XGMTIME(c, t) rtpsys_gmtime((c)) + +#elif defined(WOLFSSL_DEOS) + #define XTIME(t1) deos_time((t1)) + #define WOLFSSL_GMTIME + #define USE_WOLF_TM + #define USE_WOLF_TIME_T + +#elif defined(MICRIUM) + #include + #include + #define XTIME(t1) micrium_time((t1)) + #define WOLFSSL_GMTIME + +#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) + #include + #define XTIME(t1) pic32_time((t1)) + #define XGMTIME(c, t) gmtime((c)) + +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #ifdef FREESCALE_MQX_4_0 + #include + extern time_t mqx_time(time_t* timer); + #else + #define HAVE_GMTIME_R + #endif + #define XTIME(t1) mqx_time((t1)) + +#elif defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS) + #include + #ifndef XTIME + /*extern time_t ksdk_time(time_t* timer);*/ + #define XTIME(t1) ksdk_time((t1)) + #endif + #define XGMTIME(c, t) gmtime((c)) + +#elif defined(WOLFSSL_ATMEL) && defined(WOLFSSL_ATMEL_TIME) + #define XTIME(t1) atmel_get_curr_time_and_date((t1)) + #define WOLFSSL_GMTIME + #define USE_WOLF_TM + #define USE_WOLF_TIME_T + +#elif defined(WOLFSSL_WICED) + #include + time_t wiced_pseudo_unix_epoch_time(time_t * timer); + #define XTIME(t1) wiced_pseudo_unix_epoch_time((t1)) + #define HAVE_GMTIME_R + +#elif defined(IDIRECT_DEV_TIME) + /*Gets the timestamp from cloak software owned by VT iDirect + in place of time() from */ + #include + #define XTIME(t1) idirect_time((t1)) + #define XGMTIME(c, t) gmtime((c)) + +#elif defined(_WIN32_WCE) + #include + #define XTIME(t1) windows_time((t1)) + #define WOLFSSL_GMTIME + +#elif defined(WOLFSSL_APACHE_MYNEWT) + #include "os/os_time.h" + #define XTIME(t1) mynewt_time((t1)) + #define WOLFSSL_GMTIME + #define USE_WOLF_TM + #define USE_WOLF_TIME_T + +#elif defined(WOLFSSL_ZEPHYR) + #ifndef _POSIX_C_SOURCE + #include + #else + #include + #endif + + typedef signed int time_t; + + time_t z_time(time_t *timer); + + #define XTIME(tl) z_time((tl)) + #define XGMTIME(c, t) gmtime((c)) + #define WOLFSSL_GMTIME + + #define USE_WOLF_TM + +#elif defined(WOLFSSL_TELIT_M2MB) + typedef long time_t; + extern time_t m2mb_xtime(time_t * timer); + #define XTIME(tl) m2mb_xtime((tl)) + #ifdef WOLFSSL_TLS13 + extern time_t m2mb_xtime_ms(time_t * timer); + #define XTIME_MS(tl) m2mb_xtime_ms((tl)) + #endif + #ifndef NO_CRYPT_BENCHMARK + extern double m2mb_xtime_bench(int reset); + #define WOLFSSL_CURRTIME_REMAP m2mb_xtime_bench + #endif + #define XGMTIME(c, t) gmtime((c)) + #define WOLFSSL_GMTIME + #define USE_WOLF_TM + +#else + /* default */ + /* uses complete facility */ + #include + #if defined(HAVE_SYS_TIME_H) + #include + #endif + + /* PowerPC time_t is int */ + #ifdef __PPC__ + #define TIME_T_NOT_64BIT + #endif +#endif + +#ifdef SIZEOF_TIME_T + /* check if size of time_t from autoconf is less than 8 bytes (64bits) */ + #if SIZEOF_TIME_T < 8 + #undef TIME_T_NOT_64BIT + #define TIME_T_NOT_64BIT + #endif +#endif +#ifdef TIME_T_NOT_LONG + /* one old reference to TIME_T_NOT_LONG in GCC-ARM example README + * this keeps support for the old macro name */ + #undef TIME_T_NOT_64BIT + #define TIME_T_NOT_64BIT +#endif + +/* Map default time functions */ +#if !defined(XTIME) && !defined(TIME_OVERRIDES) && !defined(USER_TIME) + #ifdef TEST_BEFORE_DATE + #define XTIME(tl) (946681200UL) /* Jan 1, 2000 */ + #else + #define XTIME(tl) time((tl)) + #endif +#endif +#if !defined(XGMTIME) && !defined(TIME_OVERRIDES) + #if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) || defined(WOLF_C99) + #define XGMTIME(c, t) gmtime((c)) + #else + #define XGMTIME(c, t) gmtime_r((c), (t)) + #define NEED_TMP_TIME + #endif +#endif +#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE) + #define USE_WOLF_VALIDDATE + #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) +#endif + +/* wolf struct tm and time_t */ +#if defined(USE_WOLF_TM) + struct tm { + int tm_sec; /* seconds after the minute [0-60] */ + int tm_min; /* minutes after the hour [0-59] */ + int tm_hour; /* hours since midnight [0-23] */ + int tm_mday; /* day of the month [1-31] */ + int tm_mon; /* months since January [0-11] */ + int tm_year; /* years since 1900 */ + int tm_wday; /* days since Sunday [0-6] */ + int tm_yday; /* days since January 1 [0-365] */ + int tm_isdst; /* Daylight Savings Time flag */ + long tm_gmtoff; /* offset from CUT in seconds */ + char *tm_zone; /* timezone abbreviation */ + }; +#endif /* USE_WOLF_TM */ +#if defined(USE_WOLF_TIME_T) + typedef long time_t; +#endif +#if defined(USE_WOLF_SUSECONDS_T) + typedef long suseconds_t; +#endif +#if defined(USE_WOLF_TIMEVAL_T) + struct timeval + { + time_t tv_sec; + suseconds_t tv_usec; + }; +#endif + + /* forward declarations */ +#if defined(USER_TIME) + struct tm* gmtime(const time_t* timer); + extern time_t XTIME(time_t * timer); + + #ifdef STACK_TRAP + /* for stack trap tracking, don't call os gmtime on OS X/linux, + uses a lot of stack spce */ + extern time_t time(time_t * timer); + #define XTIME(tl) time((tl)) + #endif /* STACK_TRAP */ + +#elif defined(TIME_OVERRIDES) + extern time_t XTIME(time_t * timer); + extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp); +#elif defined(WOLFSSL_GMTIME) + struct tm* gmtime(const time_t* timer); +#endif +#endif /* NO_ASN_TIME */ + +#ifndef WOLFSSL_LEANPSK + char* mystrnstr(const char* s1, const char* s2, unsigned int n); +#endif + +#ifndef FILE_BUFFER_SIZE + #define FILE_BUFFER_SIZE 1024 /* default static file buffer size for input, + will use dynamic buffer if not big enough */ +#endif + +#ifdef HAVE_CAVIUM_OCTEON + /* By default, the OCTEON's global variables are all thread local. This + * tag allows them to be shared between threads. */ + #include "cvmx-platform.h" + #define WOLFSSL_GLOBAL CVMX_SHARED +#else + #define WOLFSSL_GLOBAL +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_PORT_H */ + diff --git a/source/libwolfssl/wolfcrypt/wolfevent.h b/source/libwolfssl/wolfcrypt/wolfevent.h new file mode 100644 index 00000000..ed03a820 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/wolfevent.h @@ -0,0 +1,120 @@ +/* wolfevent.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLF_EVENT_H_ +#define _WOLF_EVENT_H_ + +#ifdef __cplusplus + extern "C" { +#endif + +#ifndef SINGLE_THREADED + #include +#endif + +typedef struct WOLF_EVENT WOLF_EVENT; +typedef unsigned short WOLF_EVENT_FLAG; + +typedef enum WOLF_EVENT_TYPE { + WOLF_EVENT_TYPE_NONE, +#ifdef WOLFSSL_ASYNC_CRYPT + WOLF_EVENT_TYPE_ASYNC_WOLFSSL, /* context is WOLFSSL* */ + WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, /* context is WC_ASYNC_DEV */ + WOLF_EVENT_TYPE_ASYNC_FIRST = WOLF_EVENT_TYPE_ASYNC_WOLFSSL, + WOLF_EVENT_TYPE_ASYNC_LAST = WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, +#endif /* WOLFSSL_ASYNC_CRYPT */ +} WOLF_EVENT_TYPE; + +typedef enum WOLF_EVENT_STATE { + WOLF_EVENT_STATE_READY, + WOLF_EVENT_STATE_PENDING, + WOLF_EVENT_STATE_DONE, +} WOLF_EVENT_STATE; + +struct WOLF_EVENT { + /* double linked list */ + WOLF_EVENT* next; + WOLF_EVENT* prev; + + void* context; + union { + void* ptr; +#ifdef WOLFSSL_ASYNC_CRYPT + struct WC_ASYNC_DEV* async; +#endif + } dev; +#ifdef HAVE_CAVIUM + word64 reqId; + #ifdef WOLFSSL_NITROX_DEBUG + word32 pendCount; + #endif +#endif +#ifndef WC_NO_ASYNC_THREADING + pthread_t threadId; +#endif + int ret; /* Async return code */ + unsigned int flags; + WOLF_EVENT_TYPE type; + WOLF_EVENT_STATE state; +}; + +enum WOLF_POLL_FLAGS { + WOLF_POLL_FLAG_CHECK_HW = 0x01, +}; + +typedef struct { + WOLF_EVENT* head; /* head of queue */ + WOLF_EVENT* tail; /* tail of queue */ +#ifndef SINGLE_THREADED + wolfSSL_Mutex lock; /* queue lock */ +#endif + int count; +} WOLF_EVENT_QUEUE; + + +#ifdef HAVE_WOLF_EVENT + +/* Event */ +WOLFSSL_API int wolfEvent_Init(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context); +WOLFSSL_API int wolfEvent_Poll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags); + +/* Event Queue */ +WOLFSSL_API int wolfEventQueue_Init(WOLF_EVENT_QUEUE* queue); +WOLFSSL_API int wolfEventQueue_Push(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event); +WOLFSSL_API int wolfEventQueue_Pop(WOLF_EVENT_QUEUE* queue, WOLF_EVENT** event); +WOLFSSL_API int wolfEventQueue_Poll(WOLF_EVENT_QUEUE* queue, void* context_filter, + WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG flags, int* eventCount); +WOLFSSL_API int wolfEventQueue_Count(WOLF_EVENT_QUEUE* queue); +WOLFSSL_API void wolfEventQueue_Free(WOLF_EVENT_QUEUE* queue); + +/* the queue mutex must be locked prior to calling these */ +WOLFSSL_API int wolfEventQueue_Add(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event); +WOLFSSL_API int wolfEventQueue_Remove(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event); + + +#endif /* HAVE_WOLF_EVENT */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* _WOLF_EVENT_H_ */ diff --git a/source/libwolfssl/wolfcrypt/wolfmath.h b/source/libwolfssl/wolfcrypt/wolfmath.h new file mode 100644 index 00000000..1db3223c --- /dev/null +++ b/source/libwolfssl/wolfcrypt/wolfmath.h @@ -0,0 +1,96 @@ +/* wolfmath.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef __WOLFMATH_H__ +#define __WOLFMATH_H__ + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_PUBLIC_MP + #define MP_API WOLFSSL_API +#else + #define MP_API WOLFSSL_LOCAL +#endif + +#ifndef MIN + #define MIN(x,y) ((x)<(y)?(x):(y)) +#endif + +#ifndef MAX + #define MAX(x,y) ((x)>(y)?(x):(y)) +#endif + +/* timing resistance array */ +#if !defined(WC_NO_CACHE_RESISTANT) && \ + ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ + (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT))) + + extern const wolfssl_word wc_off_on_addr[2]; +#endif + + +/* common math functions */ +MP_API int get_digit_count(mp_int* a); +MP_API mp_digit get_digit(mp_int* a, int n); +MP_API int get_rand_digit(WC_RNG* rng, mp_digit* d); + +WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng); + +enum { + /* format type */ + WC_TYPE_HEX_STR = 1, + WC_TYPE_UNSIGNED_BIN = 2, +}; + +WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len, + word32 keySz, int encType); + +#ifdef HAVE_WOLF_BIGINT + #if !defined(WOLF_BIGINT_DEFINED) + /* raw big integer */ + typedef struct WC_BIGINT { + byte* buf; + word32 len; + void* heap; + } WC_BIGINT; + #define WOLF_BIGINT_DEFINED + #endif + + WOLFSSL_LOCAL void wc_bigint_init(WC_BIGINT* a); + WOLFSSL_LOCAL int wc_bigint_alloc(WC_BIGINT* a, word32 sz); + WOLFSSL_LOCAL int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen); + WOLFSSL_LOCAL int wc_bigint_to_unsigned_bin(WC_BIGINT* a, byte* out, word32* outlen); + WOLFSSL_LOCAL void wc_bigint_zero(WC_BIGINT* a); + WOLFSSL_LOCAL void wc_bigint_free(WC_BIGINT* a); + + WOLFSSL_LOCAL int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst); + WOLFSSL_LOCAL int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz); + WOLFSSL_LOCAL int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst); +#endif /* HAVE_WOLF_BIGINT */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* __WOLFMATH_H__ */ diff --git a/source/libwolfssl/wolfio.h b/source/libwolfssl/wolfio.h new file mode 100644 index 00000000..12bf8323 --- /dev/null +++ b/source/libwolfssl/wolfio.h @@ -0,0 +1,583 @@ +/* io.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfio.h +*/ + +#ifndef WOLFSSL_IO_H +#define WOLFSSL_IO_H + +#ifdef __cplusplus + extern "C" { +#endif + +/* Micrium uses NetSock I/O callbacks in wolfio.c */ +#if !defined(WOLFSSL_USER_IO) + /* OCSP and CRL_IO require HTTP client */ + #if defined(HAVE_OCSP) || defined(HAVE_CRL_IO) + #ifndef HAVE_HTTP_CLIENT + #define HAVE_HTTP_CLIENT + #endif + #endif +#endif + +#if !defined(WOLFSSL_USER_IO) + /* Micrium uses NetSock I/O callbacks in wolfio.c */ + #if !defined(USE_WOLFSSL_IO) && !defined(MICRIUM) && \ + !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_NO_SOCK) + #define USE_WOLFSSL_IO + #endif +#endif + + +#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) + +#ifdef HAVE_LIBZ + #include "zlib.h" +#endif + +#ifndef USE_WINDOWS_API + #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) + /* lwIP needs to be configured to use sockets API in this mode */ + /* LWIP_SOCKET 1 in lwip/opt.h or in build */ + #include "lwip/sockets.h" + #ifndef LWIP_PROVIDE_ERRNO + #include + #define LWIP_PROVIDE_ERRNO 1 + #endif + #elif defined(FREESCALE_MQX) + #include + #include + #elif defined(FREESCALE_KSDK_MQX) + #include + #elif (defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)) + #include "rl_net.h" + #include "errno.h" + #elif defined(WOLFSSL_CMSIS_RTOS) + #include "cmsis_os.h" + #elif defined(WOLFSSL_CMSIS_RTOSv2) + #include "cmsis_os2.h" + #elif defined(WOLFSSL_TIRTOS) + #include + #elif defined(FREERTOS_TCP) + #include "FreeRTOS_Sockets.h" + #elif defined(WOLFSSL_IAR_ARM) + /* nothing */ + #elif defined(WOLFSSL_VXWORKS) + #include + #include + #elif defined(WOLFSSL_NUCLEUS_1_2) + #include + #include + #elif defined(WOLFSSL_ATMEL) + #include "socket/include/socket.h" + #elif defined(INTIME_RTOS) + #undef MIN + #undef MAX + #include + #include + #include + #include + #include + #include + /* defines these, to avoid conflict, do undef */ + #undef SOCKADDR + #undef SOCKADDR_IN + #elif defined(WOLFSSL_PRCONNECT_PRO) + #include + #include + #include + #include + #include + #include + #include + #elif defined(WOLFSSL_SGX) + #include + #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) + #include + #elif defined(WOLFSSL_DEOS) + #include + #include + #include + #elif defined(WOLFSSL_ZEPHYR) + #include + #elif !defined(WOLFSSL_NO_SOCK) + #include + #include + #ifndef EBSNET + #include + #endif + #include + #define XFCNTL(fd, flag, block) fcntl((fd), (flag), (block)) + + #if defined(HAVE_RTP_SYS) + #include + #elif defined(EBSNET) + #include "rtipapi.h" /* errno */ + #include "socket.h" + #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \ + && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \ + && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS) + #include + //#include + //#include + //#include + //#include + #ifdef __PPU + #include + //#else + //#include + #endif + #endif + #endif +#endif /* USE_WINDOWS_API */ + +#ifdef __sun + #include +#endif + +#ifdef USE_WINDOWS_API + /* no epipe yet */ + #ifndef WSAEPIPE + #define WSAEPIPE -12345 + #endif + #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK + #define SOCKET_EAGAIN WSAETIMEDOUT + #define SOCKET_ECONNRESET WSAECONNRESET + #define SOCKET_EINTR WSAEINTR + #define SOCKET_EPIPE WSAEPIPE + #define SOCKET_ECONNREFUSED WSAENOTCONN + #define SOCKET_ECONNABORTED WSAECONNABORTED +#elif defined(__PPU) + #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK + #define SOCKET_EAGAIN SYS_NET_EAGAIN + #define SOCKET_ECONNRESET SYS_NET_ECONNRESET + #define SOCKET_EINTR SYS_NET_EINTR + #define SOCKET_EPIPE SYS_NET_EPIPE + #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED + #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #if MQX_USE_IO_OLD + /* RTCS old I/O doesn't have an EWOULDBLOCK */ + #define SOCKET_EWOULDBLOCK EAGAIN + #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET + #define SOCKET_EINTR EINTR + #define SOCKET_EPIPE EPIPE + #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED + #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED + #else + #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK + #define SOCKET_EAGAIN NIO_EAGAIN + #define SOCKET_ECONNRESET NIO_ECONNRESET + #define SOCKET_EINTR NIO_EINTR + #define SOCKET_EPIPE NIO_EPIPE + #define SOCKET_ECONNREFUSED NIO_ECONNREFUSED + #define SOCKET_ECONNABORTED NIO_ECONNABORTED + #endif +#elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) + #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK + #define SOCKET_EAGAIN BSD_ERROR_LOCKED + #define SOCKET_ECONNRESET BSD_ERROR_CLOSED + #define SOCKET_EINTR BSD_ERROR + #define SOCKET_EPIPE BSD_ERROR + #define SOCKET_ECONNREFUSED BSD_ERROR + #define SOCKET_ECONNABORTED BSD_ERROR +#elif defined(WOLFSSL_PICOTCP) + #define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN + #define SOCKET_EAGAIN PICO_ERR_EAGAIN + #define SOCKET_ECONNRESET PICO_ERR_ECONNRESET + #define SOCKET_EINTR PICO_ERR_EINTR + #define SOCKET_EPIPE PICO_ERR_EIO + #define SOCKET_ECONNREFUSED PICO_ERR_ECONNREFUSED + #define SOCKET_ECONNABORTED PICO_ERR_ESHUTDOWN +#elif defined(FREERTOS_TCP) + #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK + #define SOCKET_EAGAIN FREERTOS_EWOULDBLOCK + #define SOCKET_ECONNRESET FREERTOS_SOCKET_ERROR + #define SOCKET_EINTR FREERTOS_SOCKET_ERROR + #define SOCKET_EPIPE FREERTOS_SOCKET_ERROR + #define SOCKET_ECONNREFUSED FREERTOS_SOCKET_ERROR + #define SOCKET_ECONNABORTED FREERTOS_SOCKET_ERROR +#elif defined(WOLFSSL_NUCLEUS_1_2) + #define SOCKET_EWOULDBLOCK NU_WOULD_BLOCK + #define SOCKET_EAGAIN NU_WOULD_BLOCK + #define SOCKET_ECONNRESET NU_NOT_CONNECTED + #define SOCKET_EINTR NU_NOT_CONNECTED + #define SOCKET_EPIPE NU_NOT_CONNECTED + #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED + #define SOCKET_ECONNABORTED NU_NOT_CONNECTED +#elif defined(WOLFSSL_DEOS) + #define SOCKET_EWOULDBLOCK EAGAIN + #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ECONNRESET EINTR + #define SOCKET_EINTR EINTR + #define SOCKET_EPIPE EPIPE + #define SOCKET_ECONNREFUSED SOCKET_ERROR + #define SOCKET_ECONNABORTED SOCKET_ERROR +#else + #define SOCKET_EWOULDBLOCK EWOULDBLOCK + #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ECONNRESET ECONNRESET + #define SOCKET_EINTR EINTR + #define SOCKET_EPIPE EPIPE + #define SOCKET_ECONNREFUSED ECONNREFUSED + #define SOCKET_ECONNABORTED ECONNABORTED +#endif /* USE_WINDOWS_API */ + +#ifdef DEVKITPRO + /* from network.h */ + int net_send(int, const void*, int, unsigned int); + int net_recv(int, void*, int, unsigned int); + #define SEND_FUNCTION net_send + #define RECV_FUNCTION net_recv +#elif defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) + #define SEND_FUNCTION lwip_send + #define RECV_FUNCTION lwip_recv +#elif defined(WOLFSSL_PICOTCP) + #define SEND_FUNCTION pico_send + #define RECV_FUNCTION pico_recv +#elif defined(FREERTOS_TCP) + #define RECV_FUNCTION(a,b,c,d) FreeRTOS_recv((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d)) + #define SEND_FUNCTION(a,b,c,d) FreeRTOS_send((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d)) +#elif defined(WOLFSSL_VXWORKS) + #define SEND_FUNCTION send + #define RECV_FUNCTION recv +#elif defined(WOLFSSL_NUCLEUS_1_2) + #define SEND_FUNCTION NU_Send + #define RECV_FUNCTION NU_Recv +#elif defined(WOLFSSL_ZEPHYR) + #ifndef WOLFSSL_MAX_SEND_SZ + #define WOLFSSL_MAX_SEND_SZ 256 + #endif + + #define SEND_FUNCTION send + #define RECV_FUNCTION recv +#else + #define SEND_FUNCTION send + #define RECV_FUNCTION recv + #if !defined(HAVE_SOCKADDR) && !defined(WOLFSSL_NO_SOCK) + #define HAVE_SOCKADDR + #endif +#endif + +#ifdef USE_WINDOWS_API + typedef unsigned int SOCKET_T; +#else + typedef int SOCKET_T; +#endif + +#ifndef WOLFSSL_NO_SOCK + #ifndef XSOCKLENT + #ifdef USE_WINDOWS_API + #define XSOCKLENT int + #else + #define XSOCKLENT socklen_t + #endif + #endif + + /* Socket Addr Support */ + #ifdef HAVE_SOCKADDR + typedef struct sockaddr SOCKADDR; + typedef struct sockaddr_storage SOCKADDR_S; + typedef struct sockaddr_in SOCKADDR_IN; + #ifdef WOLFSSL_IPV6 + typedef struct sockaddr_in6 SOCKADDR_IN6; + #endif + typedef struct hostent HOSTENT; + #endif /* HAVE_SOCKADDR */ + + /* use gethostbyname for c99 */ + #ifdef WOLF_C99 + #undef HAVE_GETADDRINFO + #endif + + #ifdef HAVE_GETADDRINFO + typedef struct addrinfo ADDRINFO; + #endif +#endif /* WOLFSSL_NO_SOCK */ + + +/* IO API's */ +#ifdef HAVE_IO_TIMEOUT + WOLFSSL_API int wolfIO_SetBlockingMode(SOCKET_T sockfd, int non_blocking); + WOLFSSL_API void wolfIO_SetTimeout(int to_sec); + WOLFSSL_API int wolfIO_Select(SOCKET_T sockfd, int to_sec); +#endif +WOLFSSL_API int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, + unsigned short port, int to_sec); +WOLFSSL_API int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags); +WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); + +#endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */ + +#ifndef WOLFSSL_NO_SOCK +#ifdef USE_WINDOWS_API + #ifndef CloseSocket + #define CloseSocket(s) closesocket(s) + #endif + #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); } +#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) + #ifndef CloseSocket + extern int closesocket(int); + #define CloseSocket(s) closesocket(s) + #endif + #define StartTCP() +#else + #ifndef CloseSocket + #define CloseSocket(s) close(s) + #endif + #define StartTCP() + #ifdef FREERTOS_TCP_WINSIM + extern int close(int); + #endif +#endif +#endif /* WOLFSSL_NO_SOCK */ + + +WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); +WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); +#if defined(USE_WOLFSSL_IO) + /* default IO callbacks */ + WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); + WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); + + #ifdef WOLFSSL_DTLS + WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); + WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); + WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, + int sz, void*); + #ifdef WOLFSSL_MULTICAST + WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL* ssl, + char* buf, int sz, void*); + #endif /* WOLFSSL_MULTICAST */ + #ifdef WOLFSSL_SESSION_EXPORT + WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz, + unsigned short* port, int* fam); + WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz, + unsigned short port, int fam); + #endif /* WOLFSSL_SESSION_EXPORT */ + #endif /* WOLFSSL_DTLS */ +#endif /* USE_WOLFSSL_IO */ + +#ifdef HAVE_OCSP + WOLFSSL_API int wolfIO_HttpBuildRequestOcsp(const char* domainName, + const char* path, int ocspReqSz, unsigned char* buf, int bufSize); + WOLFSSL_API int wolfIO_HttpProcessResponseOcsp(int sfd, + unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, + void* heap); + + WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*, + int, unsigned char**); + WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*); +#endif + +#ifdef HAVE_CRL_IO + WOLFSSL_API int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz, + const char* domainName, unsigned char* buf, int bufSize); + WOLFSSL_API int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd, + unsigned char* httpBuf, int httpBufSz); + + WOLFSSL_API int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, + int urlSz); +#endif + + +#if defined(HAVE_HTTP_CLIENT) + WOLFSSL_API int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, + char* outPath, unsigned short* outPort); + + WOLFSSL_API int wolfIO_HttpBuildRequest(const char* reqType, + const char* domainName, const char* path, int pathLen, int reqSz, + const char* contentType, unsigned char* buf, int bufSize); + WOLFSSL_LOCAL int wolfIO_HttpBuildRequest_ex(const char* reqType, + const char* domainName, const char* path, int pathLen, int reqSz, + const char* contentType, const char *exHdrs, unsigned char* buf, int bufSize); + WOLFSSL_API int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, + unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, + int dynType, void* heap); +#endif /* HAVE_HTTP_CLIENT */ + + +/* I/O callbacks */ +typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx); +typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx); +WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv); +WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX*, CallbackIOSend); +WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL*, CallbackIORecv); +WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL*, CallbackIOSend); +/* deprecated old name */ +#define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv +#define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend + +WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx); +WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx); + +WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl); +WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl); + +WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags); +WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); + + +#ifdef HAVE_NETX + WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx); + WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx); + + WOLFSSL_API void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket, + ULONG waitoption); +#endif /* HAVE_NETX */ + +#ifdef MICRIUM + WOLFSSL_LOCAL int MicriumSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); + WOLFSSL_LOCAL int MicriumReceive(WOLFSSL* ssl, char* buf, int sz, + void* ctx); + WOLFSSL_LOCAL int MicriumReceiveFrom(WOLFSSL* ssl, char* buf, int sz, + void* ctx); + WOLFSSL_LOCAL int MicriumSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); +#endif /* MICRIUM */ + +#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) + WOLFSSL_LOCAL int Mynewt_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx); + WOLFSSL_LOCAL int Mynewt_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx); + WOLFSSL_API void wolfSSL_SetIO_Mynewt(WOLFSSL* ssl, struct mn_socket* mnSocket, + struct mn_sockaddr_in* mnSockAddrIn); +#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */ + +#ifdef WOLFSSL_UIP + + struct uip_wolfssl_ctx { + union socket_connector { + struct tcp_socket tcp; + struct udp_socket udp; + } conn; + WOLFSSL_CTX *ctx; + WOLFSSL *ssl; + uint8_t *input_databuf; + uint8_t *output_databuf; + uint8_t *ssl_rx_databuf; + int ssl_rb_len; + int ssl_rb_off; + struct process *process; + tcp_socket_data_callback_t input_callback; + tcp_socket_event_callback_t event_callback; + int closing; + uip_ipaddr_t peer_addr; + uint16_t peer_port; + }; + + typedef struct uip_wolfssl_ctx uip_wolfssl_ctx; + + WOLFSSL_LOCAL int uIPSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); + WOLFSSL_LOCAL int uIPReceive(WOLFSSL* ssl, char* buf, int sz, + void* ctx); + WOLFSSL_LOCAL int uIPReceiveFrom(WOLFSSL* ssl, char* buf, int sz, + void* ctx); + WOLFSSL_LOCAL int uIPSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); + +#endif + +#ifdef WOLFSSL_GNRC + #include + #include + #include + #include + #include + #include + + struct gnrc_wolfssl_ctx { + union socket_connector { + #ifdef MODULE_SOCK_TCP + sock_tcp_t tcp; + #endif + sock_udp_t udp; + } conn; + WOLFSSL_CTX *ctx; + WOLFSSL *ssl; + + int closing; + struct _sock_tl_ep peer_addr; + }; + + typedef struct gnrc_wolfssl_ctx sock_tls_t; + + WOLFSSL_LOCAL int GNRC_ReceiveFrom(WOLFSSL* ssl, char* buf, int sz, + void* ctx); + WOLFSSL_LOCAL int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); + +#endif + + +#ifdef WOLFSSL_DTLS + typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz, + void* ctx); + WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie); + WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx); + WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl); + + #ifdef WOLFSSL_SESSION_EXPORT + typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz, + unsigned short* port, int* fam); + typedef int (*CallbackSetPeer)(WOLFSSL* ssl, char* ip, int ipSz, + unsigned short port, int fam); + + WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*, CallbackGetPeer); + WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*, CallbackSetPeer); + #endif /* WOLFSSL_SESSION_EXPORT */ +#endif + + + +#ifndef XINET_NTOP + #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d)) + #ifdef USE_WINDOWS_API /* Windows-friendly definition */ + #undef XINET_NTOP + #define XINET_NTOP(a,b,c,d) InetNtop((a),(b),(c),(d)) + #endif +#endif +#ifndef XINET_PTON + #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) + #ifdef USE_WINDOWS_API /* Windows-friendly definition */ + #undef XINET_PTON + #define XINET_PTON(a,b,c) InetPton((a),(b),(c)) + #endif +#endif +#ifndef XHTONS + #define XHTONS(a) htons((a)) +#endif +#ifndef XNTOHS + #define XNTOHS(a) ntohs((a)) +#endif + +#ifndef WOLFSSL_IP4 + #define WOLFSSL_IP4 AF_INET +#endif +#ifndef WOLFSSL_IP6 + #define WOLFSSL_IP6 AF_INET6 +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_IO_H */ diff --git a/source/menu/menu_cheat.cpp b/source/menu/menu_cheat.cpp index 31d0ecf7..085bb2f4 100644 --- a/source/menu/menu_cheat.cpp +++ b/source/menu/menu_cheat.cpp @@ -2,10 +2,10 @@ #include "menu.hpp" #include "gui/text.hpp" #include "lockMutex.hpp" -#include "network/http.h" +#include "network/https.h" //#define GECKOURL "http://geckocodes.org/codes/%c/%s.txt" -#define GECKOURL "http://geckocodes.org/txt.php?txt=%s" +#define GECKOURL "https://www.geckocodes.org/txt.php?txt=%s" #define CHEATSPERPAGE 4 u8 m_cheatSettingsPage = 0; @@ -24,18 +24,17 @@ int CMenu::_downloadCheatFileAsync() const char *id = CoverFlow.getId(); //char type = id[0] == 'S' ? 'R' : id[0]; - block cheatfile = downloadfile(fmt(GECKOURL, id)); - - if(cheatfile.data != NULL && cheatfile.size > 65 && cheatfile.data[0] != '<') + struct download file = {}; + downloadfile(fmt(GECKOURL, id), &file); + if(file.size > 0 && file.data[0] != '<') { - update_pThread(1);//its downloaded - fsop_WriteFile(fmt("%s/%s.txt", m_txtCheatDir.c_str(), id), cheatfile.data, cheatfile.size); - if(cheatfile.data != NULL) - free(cheatfile.data); + update_pThread(1);// its downloaded + fsop_WriteFile(fmt("%s/%s.txt", m_txtCheatDir.c_str(), id), file.data, file.size); + free(file.data); return 0; } - if(cheatfile.data != NULL) - free(cheatfile.data); + if(file.size > 0) + free(file.data);// received a 301/302 redirect instead of a 404? return -3;// download failed } diff --git a/source/menu/menu_download.cpp b/source/menu/menu_download.cpp index df70565e..3b9332cd 100644 --- a/source/menu/menu_download.cpp +++ b/source/menu/menu_download.cpp @@ -13,23 +13,22 @@ #include "loader/fs.h" #include "loader/wbfs.h" #include "loader/wdvd.h" -#include "network/http.h" +#include "network/https.h" #include "unzip/ZipFile.h" #define TAG_GAME_ID "{gameid}" #define TAG_LOC "{loc}" #define TAG_CONSOLE "{console}" -#define GAMETDB_URL "http://www.gametdb.com/wiitdb.zip?LANG=%s&FALLBACK=TRUE&WIIWARE=TRUE&GAMECUBE=TRUE" -#define CUSTOM_BANNER_URL "http://banner.rc24.xyz/{gameid}.bnr" +#define GAMETDB_URL "https://www.gametdb.com/wiitdb.zip?LANG=%s&FALLBACK=TRUE&WIIWARE=TRUE&GAMECUBE=TRUE" +#define CUSTOM_BANNER_URL "https://banner.rc24.xyz/{gameid}.bnr" -static const char FMT_BPIC_URL[] = "http://art.gametdb.com/{console}/coverfullHQ/{loc}/{gameid}.png"\ -"|http://art.gametdb.com/{console}/coverfull/{loc}/{gameid}.png"; -static const char FMT_PIC_URL[] = "http://art.gametdb.com/{console}/cover/{loc}/{gameid}.png"; -static const char FMT_CBPIC_URL[] = "http://art.gametdb.com/{console}/coverfullHQ2/{loc}/{gameid}.png"; -static const char FMT_CPIC_URL[] = "http://art.gametdb.com/{console}/cover2/{loc}/{gameid}.png"; +static const char FMT_BPIC_URL[] = "https://art.gametdb.com/{console}/coverfullHQ/{loc}/{gameid}.png"\ +"|https://art.gametdb.com/{console}/coverfull/{loc}/{gameid}.png"; +static const char FMT_PIC_URL[] = "https://art.gametdb.com/{console}/cover/{loc}/{gameid}.png"; +static const char FMT_CBPIC_URL[] = "https://art.gametdb.com/{console}/coverfullHQ2/{loc}/{gameid}.png"; +static const char FMT_CPIC_URL[] = "https://art.gametdb.com/{console}/cover2/{loc}/{gameid}.png"; -static block download = { 0, 0 }; static bool settingsmenu = false; static string dl_gameID; @@ -794,7 +793,10 @@ int CMenu::_initNetwork() char ip[16]; int val = if_config(ip, NULL, NULL, true, 0); - + + if (val == 0) + wolfSSL_Init(); + networkInit = !val; return val; } @@ -1086,12 +1088,13 @@ int CMenu::_coverDownloader() m_thrdMessage = wfmt(_fmt("dlmsg3", L"Downloading %i/%i from %s"), i + 1, n, url.c_str()); m_thrdMessageAdded = true; - download = downloadfile(url.c_str()); + struct download file = {}; + downloadfile(url.c_str(), &file); for(int o = 0; o < 12; ++o) { bool tdl = false;// tdl = try download - if(download.data != NULL && download.size > 0)// && checkPNGBuf(download.data)) + if(file.size > 0)// && checkPNGBuf(file.data)) break; switch( o ) { @@ -1179,11 +1182,11 @@ int CMenu::_coverDownloader() { m_thrdMessage = wfmt(_fmt("dlmsg3", L"Downloading %i/%i from %s"), i + 1, n, url.c_str()); m_thrdMessageAdded = true; - download = downloadfile(url.c_str()); + downloadfile(url.c_str(), &file); } } /* if none of the downloads succeeded */ - if(download.data == NULL || download.size == 0)// || !checkPNGBuf(download.data)) + if(file.size == 0)// || !checkPNGBuf(file.data)) continue; /* a download succeeded */ @@ -1193,15 +1196,15 @@ int CMenu::_coverDownloader() update_pThread(1); m_thrdMessage = wfmt(_fmt("dlmsg4", L"Saving %s"), path); m_thrdMessageAdded = true; - fsop_WriteFile(path, download.data, download.size); + fsop_WriteFile(path, file.data, file.size); /* make cover cache file (wfc) */ update_pThread(1); m_thrdMessage = wfmt(_fmt("dlmsg10", L"Making %s.wfc"), coverID.c_str()); m_thrdMessageAdded = true; - CoverFlow.cacheCoverBuffer(fmt("%s/%s.wfc", m_cacheDir.c_str(), coverID.c_str()), download.data, true);//it may fail - if(download.data != NULL) - free(download.data); + CoverFlow.cacheCoverBuffer(fmt("%s/%s.wfc", m_cacheDir.c_str(), coverID.c_str()), (u8*)file.data, true);//it may fail + if(file.size > 0) + free(file.data); ++count; update_pThread(1); @@ -1222,12 +1225,13 @@ int CMenu::_coverDownloader() m_thrdMessage = wfmt(_fmt("dlmsg3", L"Downloading %i/%i from %s"), i + 1, n, url.c_str()); m_thrdMessageAdded = true; - download = downloadfile(url.c_str()); + struct download file = {}; + downloadfile(url.c_str(), &file); for(int o = 0; o < 12; ++o) { bool tdl = false; - if(download.data != NULL && download.size > 0)// && checkPNGBuf(download.data)) + if(file.size > 0)// && checkPNGBuf(file.data)) break; switch( o ) { @@ -1316,12 +1320,12 @@ int CMenu::_coverDownloader() { m_thrdMessage = wfmt(_fmt("dlmsg3", L"Downloading %i/%i from %s"), i + 1, n, url.c_str()); m_thrdMessageAdded = true; - download = downloadfile(url.c_str()); + downloadfile(url.c_str(), &file); } } /* if none of the downloads succeeded */ - if(download.data == NULL || download.size == 0)// || !checkPNGBuf(download.data)) + if(file.size <= 0)// || !checkPNGBuf(file.data)) continue; /* a download succeeded */ @@ -1331,15 +1335,15 @@ int CMenu::_coverDownloader() update_pThread(1); m_thrdMessage = wfmt(_fmt("dlmsg4", L"Saving %s"), path); m_thrdMessageAdded = true; - fsop_WriteFile(path, download.data, download.size); + fsop_WriteFile(path, file.data, file.size); /* make cover cache file (wfc) */ update_pThread(1); m_thrdMessage = wfmt(_fmt("dlmsg10", L"Making %s.wfc"), coverID.c_str()); m_thrdMessageAdded = true; - CoverFlow.cacheCoverBuffer(fmt("%s/%s.wfc", m_cacheDir.c_str(), coverID.c_str()), download.data, true);//it may fail - if(download.data != NULL) - free(download.data); + CoverFlow.cacheCoverBuffer(fmt("%s/%s.wfc", m_cacheDir.c_str(), coverID.c_str()), (u8*)file.data, true);//it may fail + if(file.size > 0) + free(file.data); update_pThread(1); ++count; @@ -1358,12 +1362,13 @@ int CMenu::_coverDownloader() m_thrdMessage = wfmt(_fmt("dlmsg3", L"Downloading %i/%i from %s"), i + 1, n, url.c_str()); m_thrdMessageAdded = true; - download = downloadfile(url.c_str()); + struct download file = {}; + downloadfile(url.c_str(), &file); for(int o = 0; o < 12; ++o) { bool tdl = false; - if(download.data != NULL && download.size > 0)// && checkPNGBuf(download.data)) + if(file.size > 0)// && checkPNGBuf(file.data)) break; switch( o ) { @@ -1451,11 +1456,11 @@ int CMenu::_coverDownloader() { m_thrdMessage = wfmt(_fmt("dlmsg3", L"Downloading %i/%i from %s"), i + 1, n, url.c_str()); m_thrdMessageAdded = true; - download = downloadfile(url.c_str()); + downloadfile(url.c_str(), &file); } } - if(download.data == NULL || download.size == 0)// || !checkPNGBuf(download.data)) + if(file.size <= 0)// || !checkPNGBuf(file.data)) continue; /*download succeeded - save png */ @@ -1463,15 +1468,15 @@ int CMenu::_coverDownloader() update_pThread(1); m_thrdMessage = wfmt(_fmt("dlmsg4", L"Saving %s"), path); m_thrdMessageAdded = true; - fsop_WriteFile(path, download.data, download.size); + fsop_WriteFile(path, file.data, file.size); /* make cover cache file (wfc) */ update_pThread(1); m_thrdMessage = wfmt(_fmt("dlmsg10", L"Making %s"), sfmt("%s.wfc", coverID.c_str())); m_thrdMessageAdded = true; - CoverFlow.cacheCoverBuffer(fmt("%s/%s.wfc", m_cacheDir.c_str(), coverID.c_str()), download.data, false);//it may fail - if(download.data != NULL) - free(download.data); + CoverFlow.cacheCoverBuffer(fmt("%s/%s.wfc", m_cacheDir.c_str(), coverID.c_str()), (u8*)file.data, false);//it may fail + if(file.size > 0) + free(file.data); ++countFlat; update_pThread(1); @@ -1490,12 +1495,13 @@ int CMenu::_coverDownloader() m_thrdMessage = wfmt(_fmt("dlmsg3", L"Downloading %i/%i from %s"), i + 1, n, url.c_str()); m_thrdMessageAdded = true; - download = downloadfile(url.c_str()); + struct download file = {}; + downloadfile(url.c_str(), &file); for(int o = 0; o < 12; ++o) { bool tdl = false; - if(download.data != NULL && download.size > 0)// && checkPNGBuf(download.data)) + if(file.size > 0)// && checkPNGBuf(file.data)) break; switch( o ) @@ -1587,11 +1593,11 @@ int CMenu::_coverDownloader() m_thrdMessageAdded = true; LWP_MutexUnlock(m_mutex); - download = downloadfile(url.c_str()); + downloadfile(url.c_str(), &file); } } - if(download.data == NULL || download.size == 0)// || !checkPNGBuf(download.data)) + if(file.size <= 0)// || !checkPNGBuf(file.data)) continue; /* save png */ @@ -1599,15 +1605,15 @@ int CMenu::_coverDownloader() update_pThread(1); m_thrdMessage = wfmt(_fmt("dlmsg4", L"Saving %s"), path); m_thrdMessageAdded = true; - fsop_WriteFile(path, download.data, download.size); + fsop_WriteFile(path, file.data, file.size); /* make wfc */ update_pThread(1); m_thrdMessage = wfmt(_fmt("dlmsg10", L"Making %s"), sfmt("%s.wfc", coverID.c_str())); m_thrdMessageAdded = true; - CoverFlow.cacheCoverBuffer(fmt("%s/%s.wfc", m_cacheDir.c_str(), coverID.c_str()), download.data, false);//it may fail - if(download.data != NULL) - free(download.data); + CoverFlow.cacheCoverBuffer(fmt("%s/%s.wfc", m_cacheDir.c_str(), coverID.c_str()), (u8*)file.data, false);//it may fail + if(file.size > 0) + free(file.data); ++countFlat; update_pThread(1); @@ -1644,9 +1650,10 @@ int CMenu::_gametdbDownloaderAsync() else { m_thrdMessage = _t("dlmsg11", L"Downloading..."); - m_thrdMessageAdded = true; - download = downloadfile(fmt(GAMETDB_URL, langCode.c_str())); - if(download.data == 0) + m_thrdMessageAdded = true; + struct download file = {}; + downloadfile(fmt(GAMETDB_URL, langCode.c_str()), &file); + if(file.size <= 0) { return -3; } @@ -1663,9 +1670,9 @@ int CMenu::_gametdbDownloaderAsync() m_thrdMessage = wfmt(_fmt("dlmsg4", L"Saving %s"), "wiitdb.zip"); m_thrdMessageAdded = true; - res = fsop_WriteFile(zippath, download.data, download.size); - if(download.data != NULL) - free(download.data); + res = fsop_WriteFile(zippath, file.data, file.size); + if(file.size > 0) + free(file.data); } if(res == false) { @@ -1773,19 +1780,24 @@ int CMenu::_bannerDownloader() else m_thrdMessage = _t("cfgbnr7", L"Downloading banner..."); m_thrdMessageAdded = true; - - download = downloadfile(banner_url); - if(download.data == NULL || download.size < 0x5000) - download = downloadfile(banner_url_id3); + + struct download file = {}; + downloadfile(banner_url, &file); + if(file.size < 0x5000) + { + if(file.size > 0) + free(file.data); // More than 0 bytes and less than 50kb + downloadfile(banner_url_id3, &file); + } /* minimum 50kb */ - if(download.data != NULL && download.size > 51200 && download.data[0] != '<') + if(file.size > 51200 && file.data[0] != '<') { - fsop_WriteFile(fmt("%s/%s.bnr", m_customBnrDir.c_str(), BnrIDList[i].c_str()), download.data, download.size); + fsop_WriteFile(fmt("%s/%s.bnr", m_customBnrDir.c_str(), BnrIDList[i].c_str()), file.data, file.size); count++; } - if(download.data != NULL) - free(download.data); + if(file.size > 0) + free(file.data); update_pThread(1); } return 0; diff --git a/source/menu/menu_game_boot.cpp b/source/menu/menu_game_boot.cpp index 6dddbf92..bd053e8b 100644 --- a/source/menu/menu_game_boot.cpp +++ b/source/menu/menu_game_boot.cpp @@ -23,7 +23,6 @@ #include "loader/cios.h" #include "loader/nk.h" #include "memory/memory.h" -#include "network/http.h" #include "network/gcard.h" static void setLanguage(int l) diff --git a/source/network/gcard.c b/source/network/gcard.c index b6a51ef2..f60a72d5 100644 --- a/source/network/gcard.c +++ b/source/network/gcard.c @@ -1,7 +1,7 @@ #include #include "gcard.h" -#include "http.h" +#include "https.h" #include "loader/utils.h" #include "gecko/gecko.hpp" #include "memory/mem2.hpp" @@ -53,7 +53,9 @@ void add_game_to_card(const char *gameid) str_replace(url, "{KEY}", providers[i].key, MAX_URL_SIZE); str_replace(url, "{ID6}", gameid, MAX_URL_SIZE); gprintf("Gamertag URL:\n%s\n", url); - downloadfile(url); + struct download file = {}; + file.skip_response = 1; + downloadfile(url, &file); } MEM2_free(url); } diff --git a/source/network/http.c b/source/network/http.c deleted file mode 100644 index 8fbe4319..00000000 --- a/source/network/http.c +++ /dev/null @@ -1,304 +0,0 @@ - -#include "http.h" -#include "gecko/gecko.hpp" - -/** - * Emptyblock is a statically defined variable for functions to return if they are unable - * to complete a request - */ -const struct block emptyblock = {0, NULL}; - -//The maximum amount of bytes to send per net_write() call -//#define NET_BUFFER_SIZE 1024 -#define NET_BUFFER_SIZE 3600 - -static u8 retryloop = 0; - -// Write our message to the server -static s32 send_message(s32 server, char *msg) -{ - s32 bytes_transferred = 0; - s32 remaining = strlen(msg); - while (remaining) - { - if((bytes_transferred = net_write(server, msg, remaining > NET_BUFFER_SIZE ? NET_BUFFER_SIZE : remaining)) > 0) - { - remaining -= bytes_transferred; - msg += bytes_transferred; - usleep (20 * 1000); - } - else if(bytes_transferred < 0) - return bytes_transferred; - - else - return -ENODATA; - } - return 0; -} - -/** - * Connect to a remote server via TCP on a specified port - * - * @param u32 ip address of the server to connect to - * @param u32 the port to connect to on the server - * @return s32 The connection to the server (negative number if connection could not be established) - */ -static s32 server_connect(u32 ipaddress, u16 socket_port) -{ - //Initialize socket - s32 connection = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP); - if(connection < 0) return connection; - - //Set the connection parameters for the socket - struct sockaddr_in connect_addr; - memset(&connect_addr, 0, sizeof(connect_addr)); - connect_addr.sin_family = AF_INET; - connect_addr.sin_port = htons(socket_port); - connect_addr.sin_addr.s_addr= ipaddress; - - //Attemt to open a connection on the socket - if(net_connect(connection, (struct sockaddr*)&connect_addr, sizeof(connect_addr)) == -1) - { - net_close(connection); - return -1; - } - - return connection; -} - -//The amount of memory in bytes reserved initially to store the HTTP response in -//Be careful in increasing this number, reading from a socket on the Wii -//will fail if you request more than 20k or so -#define HTTP_BUFFER_SIZE 1024 * 5 - -//The amount of memory the buffer should expanded with if the buffer is full -#define HTTP_BUFFER_GROWTH 1024 * 5 - -/** - * This function reads all the data from a connection into a buffer which it returns. - * It will return an empty buffer if something doesn't go as planned - * - * @param s32 connection The connection identifier to suck the response out of - * @return block A 'block' struct (see http.h) in which the buffer is located - */ -struct block read_message(s32 connection) -{ - //Create a block of memory to put in the response - struct block buffer; - buffer.data = malloc(HTTP_BUFFER_SIZE); - buffer.size = HTTP_BUFFER_SIZE; - - if (buffer.data == NULL) - { - return emptyblock; - } - - //The offset variable always points to the first byte of memory that is free in the buffer - u32 offset = 0; - - while(true) - { - //Fill the buffer with a new batch of bytes from the connection, - //starting from where we left of in the buffer till the end of the buffer - s32 bytes_read = net_read(connection, buffer.data + offset, buffer.size - offset); - - //Anything below 0 is an error in the connection - if(bytes_read < 0) - { - //printf("Connection error from net_read() Errorcode: %i\n", bytes_read); - return emptyblock; - } - - //No more bytes were read into the buffer, - //we assume this means the HTTP response is done - if(bytes_read == 0) - { - break; - } - - offset += bytes_read; - - //Check if we have enough buffer left over, - //if not expand it with an additional HTTP_BUFFER_GROWTH worth of bytes - if (offset >= buffer.size) - { - buffer.size += HTTP_BUFFER_GROWTH; - u8 * tmp = realloc(buffer.data, buffer.size); - - if (tmp == NULL) - { - free(buffer.data); - return emptyblock; - } - else - buffer.data = tmp; - } - } - //At the end of above loop offset should be precisely the amount of bytes that were read from the connection - buffer.size = offset; - - //Shrink the size of the buffer so the data fits exactly in it - buffer.data = realloc(buffer.data, buffer.size); - - return buffer; -} - -/* Downloads the contents of a URL to memory - * This method is not threadsafe (because networking is not threadsafe on the Wii) - */ -struct block downloadfile(const char *url) -{ - //Check if the url starts with "http://", if not it is not considered a valid url - if(strncmp(url, "http://", strlen("http://")) != 0) - return emptyblock; - - //Locate the path part of the url by searching for '/' past "http://" - char *path = strchr(url + strlen("http://"), '/'); - if(path == NULL) - return emptyblock; - - //Extract the domain part out of the url - int domainlength = path - url - strlen("http://"); - if(domainlength == 0) - return emptyblock; - - char domain[domainlength + 1]; - strlcpy(domain, url + strlen("http://"), domainlength + 1); - - //Parsing of the URL is done, start making an actual connection - u32 ipaddress = getipbynamecached(domain); - if(ipaddress == 0) - return emptyblock; - - s32 connection = server_connect(ipaddress, 80); - if(connection < 0) - return emptyblock; - - //Form a nice request header to send to the webserver - char* headerformat = "GET %s HTTP/1.0\r\nHost: %s\r\nUser-Agent: WiiFlow 2.1\r\n\r\n"; - char header[strlen(headerformat) + strlen(domain) + strlen(path)]; - sprintf(header, headerformat, path, domain); - - //Do the request and get the response - send_message(connection, header); - struct block response = read_message(connection); - net_close(connection); - - //Search for the 4-character sequence \r\n\r\n in the response which signals the start of the http payload (file) - unsigned char *filestart = NULL; - u32 filesize = 0; - u32 i; - char newURL[512]; - bool redirect = false; - - for(i = 3; i < response.size; i++) - { - if(response.data[i] == '\n' && response.data[i-1] == '\r' && response.data[i-2] == '\n' && response.data[i-3] == '\r') - { - filestart = response.data + i + 1; - filesize = response.size - i - 1; - - // Check the HTTP response code - if (response.size > 10 && strncmp((char*)response.data, "HTTP/", 5)==0) - { - char htstat[i]; - strncpy(htstat, (char*)response.data, i); - htstat[i] = 0; - char *codep; - codep = strchr(htstat, ' '); - if (codep) - { - int code; - if (sscanf(codep+1, "%d", &code) == 1) - { - //gprintf("HTTP response code: %d\n", code); - if (code == 302) // 302 FOUND (redirected link) - { - char *ptr = strcasestr((char*)response.data, "Location: "); - if(ptr) - { - ptr += strlen("Location: "); - strncpy(newURL, ptr, sizeof(newURL)); - *(strchr(newURL, '\r'))=0; - - redirect = true; - //gprintf("New URL to download = %s \n", newURL); - } - else - { - //gprintf("HTTP ERROR: %s\n", htstat); - free(response.data); - return emptyblock; - } - } - if (code >= 400) // Not found - { - //gprintf("HTTP ERROR: %s\n", htstat); - free(response.data); - return emptyblock; - } - } - } - } - break; - } - } - - if(redirect) - { - // Prevent endless loop - retryloop++; - if(retryloop > 3) - { - retryloop = 0; - free(response.data); - return emptyblock; - } - - struct block redirected = downloadfile(newURL); - - // copy the newURL data into the original data - u8 * tmp = realloc(response.data, redirected.size); - if (tmp == NULL) - { - //gprintf("Could not allocate enough memory for new URL. Download canceled.\n"); - free(response.data); - free(redirected.data); - return emptyblock; - } - response.data = tmp; - memcpy(response.data, redirected.data, redirected.size); - - // Set filestart's new size based on redirected file - filestart = response.data; - filesize = redirected.size; - free(redirected.data); - - } - retryloop = 0; - - if(filestart == NULL) - { - free(response.data); - return emptyblock; - } - - //Copy the file part of the response into a new memoryblock to return - struct block file; - file.data = malloc(filesize); - file.size = filesize; - - if (file.data == NULL) - { - //printf("No more memory to copy file from HTTP response\n"); - free(response.data); - return emptyblock; - } - - memcpy(file.data, filestart, filesize); - - //Dispose of the original response - free(response.data); - - return file; -} diff --git a/source/network/http.h b/source/network/http.h deleted file mode 100644 index c86783c8..00000000 --- a/source/network/http.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef _HTTP_H_ -#define _HTTP_H_ - -#include -#include -#include -#include - -#include "dns.h" - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - - -/** - * A simple structure to keep track of the size of a malloc()ated block of memory - */ -struct block -{ - u32 size; - unsigned char *data; -}; - -extern const struct block emptyblock; - -struct block downloadfile(const char *url); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* _HTTP_H_ */ diff --git a/source/network/https.c b/source/network/https.c new file mode 100644 index 00000000..685bc327 --- /dev/null +++ b/source/network/https.c @@ -0,0 +1,448 @@ +/* + Code by blackb0x @ GBAtemp.net + This allows the Wii to download from servers that use SNI. +*/ +#include +#include +#include +#include +#include +#include +#include + +#include "https.h" +#include "gecko/gecko.hpp" +#include "picohttpparser.h" + +u8 loop; + +int https_write(HTTP_INFO *httpinfo, char *buffer, int len) +{ + int ret, slen = 0; + while (1) + { + if (httpinfo->use_https) + ret = wolfSSL_write(httpinfo->ssl, &buffer[slen], len - slen); + else + ret = net_write(httpinfo->sock, &buffer[slen], len - slen); + + if (ret == 0) + continue; + else if (ret <= 0) + return ret; // timeout would return -1 + + slen += ret; + if (slen >= len) + break; + } + return slen; +} + +int https_read(HTTP_INFO *httpinfo, char *buffer, int len) +{ + if (httpinfo->use_https) + return wolfSSL_read(httpinfo->ssl, buffer, len); + + return net_read(httpinfo->sock, buffer, len); +} + +void https_close(HTTP_INFO *httpinfo) +{ + if (httpinfo->use_https) + { + if (wolfSSL_shutdown(httpinfo->ssl) == SSL_SHUTDOWN_NOT_DONE) + wolfSSL_shutdown(httpinfo->ssl); + wolfSSL_free(httpinfo->ssl); + wolfSSL_CTX_free(httpinfo->ctx); + } + net_close(httpinfo->sock); +#ifdef DEBUG_NETWORK + gprintf("Closed socket and cleaned up\n"); +#endif +} + +char *get_header_value(struct phr_header *headers, size_t num_headers, char *header) +{ + for (size_t i = 0; i != num_headers; ++i) + { + char *header_name = strndup(headers[i].name, headers[i].name_len); + char *header_value = strndup(headers[i].value, headers[i].value_len); + if (strcasecmp(header_name, header) == 0) + return header_value; + } + return NULL; +} + +u8 is_chunked(struct phr_header *headers, size_t num_headers) +{ + char *header = get_header_value(headers, num_headers, "transfer-encoding"); + if (header == NULL) + return 0; + return (strcasecmp(header, "chunked") == 0) ? 1 : 0; +} + +int read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) +{ + struct phr_chunked_decoder decoder = {}; + size_t capacity = 4096, rsize; + ssize_t rret, pret; + decoder.consume_trailer = 1; +#ifdef DEBUG_NETWORK + gprintf("Data is chunked\n"); +#endif + do + { + if (start_pos == capacity) + { +#ifdef DEBUG_NETWORK + gprintf("Increased buffer size\n"); +#endif + capacity *= 2; + buffer->data = realloc(buffer->data, capacity); + assert(buffer->data != NULL); + } + while ((rret = https_read(httpinfo, buffer->data + start_pos, capacity - start_pos)) == -1 && errno == EINTR) + ; + if (rret <= 0) + { +#ifdef DEBUG_NETWORK + gprintf("IO error\n"); +#endif + return -1; + } + rsize = rret; + pret = phr_decode_chunked(&decoder, buffer->data + start_pos, &rsize); + if (pret == -1) + { +#ifdef DEBUG_NETWORK + gprintf("Parse error\n"); +#endif + return -2; + } + start_pos += rsize; + } while (pret == -2); + assert(pret >= 0); + buffer->size = start_pos; + buffer->data = realloc(buffer->data, buffer->size); + return start_pos; +} + +int read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) +{ + size_t capacity = 4096; + ssize_t ret; +#ifdef DEBUG_NETWORK + gprintf("Data is not chunked\n"); +#endif + while (1) + { + if (start_pos == capacity) + { +#ifdef DEBUG_NETWORK + gprintf("Increased buffer size\n"); +#endif + capacity *= 2; + buffer->data = realloc(buffer->data, capacity); + assert(buffer->data != NULL); + } + while ((ret = https_read(httpinfo, buffer->data + start_pos, capacity - start_pos)) == -1 && errno == EINTR) + ; + if (ret <= 0) + break; + + start_pos += ret; + }; + buffer->size = start_pos; + buffer->data = realloc(buffer->data, buffer->size); + return start_pos; +} + +int connect(char *host, u16 port) +{ + struct sockaddr_in sin; + s32 sock, ret; + u64 t; + + u32 ipaddress = getipbynamecached(host); + if (ipaddress == 0) + return -1; + + sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP); + if (sock < 0) + return sock; + + memset(&sin, 0, sizeof(struct sockaddr_in)); + sin.sin_family = AF_INET; + sin.sin_port = htons(port); + sin.sin_addr.s_addr = ipaddress; +#ifdef DEBUG_NETWORK + gprintf("Connecting to %s (%s)\n", host, inet_ntoa(sin.sin_addr)); +#endif + net_fcntl(sock, F_SETFL, 4); + t = gettime(); + while (1) + { + if (ticks_to_millisecs(diff_ticks(t, gettime())) > TCP_CONNECT_TIMEOUT) + { +#ifdef DEBUG_NETWORK + gprintf("The connection has timed out\n"); +#endif + net_close(sock); + return -ETIMEDOUT; + } + ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin)); + if (ret < 0) + { + if (ret == -EISCONN) + break; + if (ret == -EINPROGRESS || ret == -EALREADY) + { + usleep(20 * 1000); + continue; + } + net_close(sock); + return ret; + } + break; + } + net_fcntl(sock, F_SETFL, 0); + // Set a read and write timeout + struct timeval timeout; + timeout.tv_sec = READ_WRITE_TIMEOUT; + net_setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)); + net_setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)); + return sock; +} + +void downloadfile(const char *url, struct download *buffer) +{ + HTTP_INFO httpinfo; + memset(&httpinfo, 0, sizeof(HTTP_INFO)); + // Always reset the size due to the image downloader looping + buffer->size = 0; + + // Check if we're using HTTPS and set the path + char *path; + if (strncmp(url, "https://", 8) == 0) + { + httpinfo.use_https = 1; + path = strchr(url + 8, '/'); + } + else if (strncmp(url, "http://", 7) == 0) + { + httpinfo.use_https = 0; + path = strchr(url + 7, '/'); + } + else + return; // Prevents uninitialized warning + + if (path == NULL) + return; + + // Get the host + int domainlength = path - url - 7 - httpinfo.use_https; + char host[domainlength + 1]; + strlcpy(host, url + 7 + httpinfo.use_https, domainlength + 1); + + // Start connecting + if ((httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80)) < 0) + { +#ifdef DEBUG_NETWORK + gprintf("Failed to connect to %s\n", host); +#endif + return; + } +#ifdef DEBUG_NETWORK + else + gprintf("Connected\n"); +#endif + + if (httpinfo.use_https) + { + // Create a new SSL context and use the highest possible protocol version + if ((httpinfo.ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) + { +#ifdef DEBUG_NETWORK + gprintf("Failed to create WOLFSSL_CTX\n"); +#endif + https_close(&httpinfo); + return; + } + // Don't verify certificates + wolfSSL_CTX_set_verify(httpinfo.ctx, WOLFSSL_VERIFY_NONE, 0); + // Enable SNI + if (wolfSSL_CTX_UseSNI(httpinfo.ctx, 0, host, strlen(host)) != WOLFSSL_SUCCESS) + { +#ifdef DEBUG_NETWORK + gprintf("Failed to set SNI\n"); +#endif + https_close(&httpinfo); + return; + } + // Create a new wolfSSL session + if ((httpinfo.ssl = wolfSSL_new(httpinfo.ctx)) == NULL) + { +#ifdef DEBUG_NETWORK + gprintf("SSL session creation failed\n"); +#endif + https_close(&httpinfo); + return; + } + // Set the file descriptor + if (wolfSSL_set_fd(httpinfo.ssl, httpinfo.sock) != SSL_SUCCESS) + { +#ifdef DEBUG_NETWORK + gprintf("Failed to set SSL file descriptor\n"); +#endif + https_close(&httpinfo); + return; + } + // Initiate a handshake + if (wolfSSL_connect(httpinfo.ssl) != SSL_SUCCESS) + { +#ifdef DEBUG_NETWORK + gprintf("SSL handshake failed\n"); +#endif + https_close(&httpinfo); + return; + } + // Cipher info +#ifdef DEBUG_NETWORK + /*char ciphers[4096]; + wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers)); + gprintf("All supported ciphers: %s\n", ciphers);*/ + WOLFSSL_CIPHER *cipher = wolfSSL_get_current_cipher(httpinfo.ssl); + gprintf("Using: %s - %s\n", wolfSSL_get_version(httpinfo.ssl), wolfSSL_CIPHER_get_name(cipher)); +#endif + } + + // Send our request + char request[2048]; + char isgecko[36] = "Cookie: challenge=BitMitigate.com\r\n"; + int ret, len; + if (strcmp(host, "www.geckocodes.org") != 0) + memset(isgecko, 0, sizeof(isgecko)); // Not geckocodes, so don't set a cookie + + len = snprintf(request, 2048, + "GET %s HTTP/1.1\r\n" + "Host: %s\r\n" + "User-Agent: WiiFlow-Lite\r\n" + "Connection: close\r\n" + "%s" + "Pragma: no-cache\r\n" + "Cache-Control: no-cache\r\n\r\n", + path, host, isgecko); + if ((ret = https_write(&httpinfo, request, len)) != len) + { +#ifdef DEBUG_NETWORK + gprintf("https_write error: %i\n", ret); +#endif + https_close(&httpinfo); + return; + } + + // Check if we want a response + if (buffer->skip_response) + { +#ifdef DEBUG_NETWORK + gprintf("Sent request to %s and skipping response\n", host); +#endif + https_close(&httpinfo); + return; + } + + // Get the response + char response[4096]; + struct phr_header headers[100]; + int pret, minor_version, status; + size_t buflen = 0, prevbuflen = 0, num_headers, msg_len; + ssize_t rret; + const char *msg; + + while (1) + { + // Read the response + while ((rret = https_read(&httpinfo, response + buflen, 1)) == -1 && errno == EINTR) + ; + if (rret <= 0) + { +#ifdef DEBUG_NETWORK + gprintf("rret error %i", rret); +#endif + https_close(&httpinfo); + return; + } + prevbuflen = buflen; + buflen += rret; + // Parse the response + num_headers = sizeof(headers) / sizeof(headers[0]); + pret = phr_parse_response(response, buflen, &minor_version, &status, &msg, &msg_len, headers, &num_headers, prevbuflen); + if (pret > 0) + break; // Successfully parsed the response + else if (pret == -1) + { +#ifdef DEBUG_NETWORK + gprintf("pret error %i", pret); +#endif + https_close(&httpinfo); + return; + } + // Response is incomplete so continue the loop + assert(pret == -2); + if (buflen == sizeof(response)) + { +#ifdef DEBUG_NETWORK + gprintf("buflen error %i\n", buflen); +#endif + https_close(&httpinfo); + return; + } + } + + // The website wants to redirect us + if (status == 301 || status == 302) + { + https_close(&httpinfo); + if (loop == REDIRECT_LIMIT) + { +#ifdef DEBUG_NETWORK + gprintf("Reached redirect limit"); +#endif + return; + } + loop++; + char *header = get_header_value(headers, num_headers, "location"); + if (header == NULL) + return; +#ifdef DEBUG_NETWORK + gprintf("Redirect #%i - %s\n", loop, header); +#endif + downloadfile(header, buffer); + return; + } + // It's not 301 or 302, so reset the loop + loop = 0; + // We got what we wanted + if (status == 200) + { + buffer->data = malloc(4096); + buffer->size = 4096; + memcpy(buffer->data, response + pret, buflen - pret); + // Determine how to read the data + if (is_chunked(headers, num_headers)) + read_chunked(&httpinfo, buffer, buflen - pret); + else + read_all(&httpinfo, buffer, buflen - pret); + // Finished + https_close(&httpinfo); +#ifdef DEBUG_NETWORK + gprintf("Download size: %llu\n", buffer->size); + gprintf("Headers:\n"); + for (size_t i = 0; i != num_headers; ++i) + gprintf("%.*s: %.*s\n", (int)headers[i].name_len, headers[i].name, (int)headers[i].value_len, headers[i].value); +#endif + return; + } + // Close on all other status codes + https_close(&httpinfo); +} diff --git a/source/network/https.h b/source/network/https.h new file mode 100644 index 00000000..4a7349bb --- /dev/null +++ b/source/network/https.h @@ -0,0 +1,43 @@ +/* + Code by blackb0x @ GBAtemp.net + This allows the Wii to download from servers that use SNI. +*/ +#ifndef _HTTPS_H_ +#define _HTTPS_H_ + +#include +#include "dns.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +// #define DEBUG_NETWORK +#define REDIRECT_LIMIT 3 +#define TCP_CONNECT_TIMEOUT 5000 +#define READ_WRITE_TIMEOUT 10 + + struct download + { + u8 skip_response; // Used by WiinnerTag + u64 size; + char *data; + }; + + typedef struct + { + u8 use_https; + s32 sock; + WOLFSSL *ssl; + WOLFSSL_CTX *ctx; + } HTTP_INFO; + + void downloadfile(const char *url, struct download *buffer); + int wolfSSL_CTX_UseSNI(WOLFSSL_CTX *ctx, unsigned char type, const void *data, unsigned short size); + +#ifdef __cplusplus +} +#endif + +#endif /* _HTTPS_H_ */ diff --git a/source/network/picohttpparser.c b/source/network/picohttpparser.c new file mode 100644 index 00000000..74ccc3ef --- /dev/null +++ b/source/network/picohttpparser.c @@ -0,0 +1,645 @@ +/* + * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase, + * Shigeo Mitsunari + * + * The software is licensed under either the MIT License (below) or the Perl + * license. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#include +#include +#include +#ifdef __SSE4_2__ +#ifdef _MSC_VER +#include +#else +#include +#endif +#endif +#include "picohttpparser.h" + +#if __GNUC__ >= 3 +#define likely(x) __builtin_expect(!!(x), 1) +#define unlikely(x) __builtin_expect(!!(x), 0) +#else +#define likely(x) (x) +#define unlikely(x) (x) +#endif + +#ifdef _MSC_VER +#define ALIGNED(n) _declspec(align(n)) +#else +#define ALIGNED(n) __attribute__((aligned(n))) +#endif + +#define IS_PRINTABLE_ASCII(c) ((unsigned char)(c)-040u < 0137u) + +#define CHECK_EOF() \ + if (buf == buf_end) { \ + *ret = -2; \ + return NULL; \ + } + +#define EXPECT_CHAR_NO_CHECK(ch) \ + if (*buf++ != ch) { \ + *ret = -1; \ + return NULL; \ + } + +#define EXPECT_CHAR(ch) \ + CHECK_EOF(); \ + EXPECT_CHAR_NO_CHECK(ch); + +#define ADVANCE_TOKEN(tok, toklen) \ + do { \ + const char *tok_start = buf; \ + static const char ALIGNED(16) ranges2[16] = "\000\040\177\177"; \ + int found2; \ + buf = findchar_fast(buf, buf_end, ranges2, 4, &found2); \ + if (!found2) { \ + CHECK_EOF(); \ + } \ + while (1) { \ + if (*buf == ' ') { \ + break; \ + } else if (unlikely(!IS_PRINTABLE_ASCII(*buf))) { \ + if ((unsigned char)*buf < '\040' || *buf == '\177') { \ + *ret = -1; \ + return NULL; \ + } \ + } \ + ++buf; \ + CHECK_EOF(); \ + } \ + tok = tok_start; \ + toklen = buf - tok_start; \ + } while (0) + +static const char *token_char_map = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\1\0\1\1\1\1\1\0\0\1\1\0\1\1\0\1\1\1\1\1\1\1\1\1\1\0\0\0\0\0\0" + "\0\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\0\0\1\1" + "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\1\0\1\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + +static const char *findchar_fast(const char *buf, const char *buf_end, const char *ranges, size_t ranges_size, int *found) +{ + *found = 0; +#if __SSE4_2__ + if (likely(buf_end - buf >= 16)) { + __m128i ranges16 = _mm_loadu_si128((const __m128i *)ranges); + + size_t left = (buf_end - buf) & ~15; + do { + __m128i b16 = _mm_loadu_si128((const __m128i *)buf); + int r = _mm_cmpestri(ranges16, ranges_size, b16, 16, _SIDD_LEAST_SIGNIFICANT | _SIDD_CMP_RANGES | _SIDD_UBYTE_OPS); + if (unlikely(r != 16)) { + buf += r; + *found = 1; + break; + } + buf += 16; + left -= 16; + } while (likely(left != 0)); + } +#else + /* suppress unused parameter warning */ + (void)buf_end; + (void)ranges; + (void)ranges_size; +#endif + return buf; +} + +static const char *get_token_to_eol(const char *buf, const char *buf_end, const char **token, size_t *token_len, int *ret) +{ + const char *token_start = buf; + +#ifdef __SSE4_2__ + static const char ALIGNED(16) ranges1[16] = "\0\010" /* allow HT */ + "\012\037" /* allow SP and up to but not including DEL */ + "\177\177"; /* allow chars w. MSB set */ + int found; + buf = findchar_fast(buf, buf_end, ranges1, 6, &found); + if (found) + goto FOUND_CTL; +#else + /* find non-printable char within the next 8 bytes, this is the hottest code; manually inlined */ + while (likely(buf_end - buf >= 8)) { +#define DOIT() \ + do { \ + if (unlikely(!IS_PRINTABLE_ASCII(*buf))) \ + goto NonPrintable; \ + ++buf; \ + } while (0) + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); +#undef DOIT + continue; + NonPrintable: + if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) { + goto FOUND_CTL; + } + ++buf; + } +#endif + for (;; ++buf) { + CHECK_EOF(); + if (unlikely(!IS_PRINTABLE_ASCII(*buf))) { + if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) { + goto FOUND_CTL; + } + } + } +FOUND_CTL: + if (likely(*buf == '\015')) { + ++buf; + EXPECT_CHAR('\012'); + *token_len = buf - 2 - token_start; + } else if (*buf == '\012') { + *token_len = buf - token_start; + ++buf; + } else { + *ret = -1; + return NULL; + } + *token = token_start; + + return buf; +} + +static const char *is_complete(const char *buf, const char *buf_end, size_t last_len, int *ret) +{ + int ret_cnt = 0; + buf = last_len < 3 ? buf : buf + last_len - 3; + + while (1) { + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + CHECK_EOF(); + EXPECT_CHAR('\012'); + ++ret_cnt; + } else if (*buf == '\012') { + ++buf; + ++ret_cnt; + } else { + ++buf; + ret_cnt = 0; + } + if (ret_cnt == 2) { + return buf; + } + } + + *ret = -2; + return NULL; +} + +#define PARSE_INT(valp_, mul_) \ + if (*buf < '0' || '9' < *buf) { \ + buf++; \ + *ret = -1; \ + return NULL; \ + } \ + *(valp_) = (mul_) * (*buf++ - '0'); + +#define PARSE_INT_3(valp_) \ + do { \ + int res_ = 0; \ + PARSE_INT(&res_, 100) \ + *valp_ = res_; \ + PARSE_INT(&res_, 10) \ + *valp_ += res_; \ + PARSE_INT(&res_, 1) \ + *valp_ += res_; \ + } while (0) + +/* returned pointer is always within [buf, buf_end), or null */ +static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret) +{ + /* we want at least [HTTP/1.] to try to parse */ + if (buf_end - buf < 9) { + *ret = -2; + return NULL; + } + EXPECT_CHAR_NO_CHECK('H'); + EXPECT_CHAR_NO_CHECK('T'); + EXPECT_CHAR_NO_CHECK('T'); + EXPECT_CHAR_NO_CHECK('P'); + EXPECT_CHAR_NO_CHECK('/'); + EXPECT_CHAR_NO_CHECK('1'); + EXPECT_CHAR_NO_CHECK('.'); + PARSE_INT(minor_version, 1); + return buf; +} + +static const char *parse_headers(const char *buf, const char *buf_end, struct phr_header *headers, size_t *num_headers, + size_t max_headers, int *ret) +{ + for (;; ++*num_headers) { + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + break; + } else if (*buf == '\012') { + ++buf; + break; + } + if (*num_headers == max_headers) { + *ret = -1; + return NULL; + } + if (!(*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) { + /* parsing name, but do not discard SP before colon, see + * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */ + headers[*num_headers].name = buf; + static const char ALIGNED(16) ranges1[] = "\x00 " /* control chars and up to SP */ + "\"\"" /* 0x22 */ + "()" /* 0x28,0x29 */ + ",," /* 0x2c */ + "//" /* 0x2f */ + ":@" /* 0x3a-0x40 */ + "[]" /* 0x5b-0x5d */ + "{\377"; /* 0x7b-0xff */ + int found; + buf = findchar_fast(buf, buf_end, ranges1, sizeof(ranges1) - 1, &found); + if (!found) { + CHECK_EOF(); + } + while (1) { + if (*buf == ':') { + break; + } else if (!token_char_map[(unsigned char)*buf]) { + *ret = -1; + return NULL; + } + ++buf; + CHECK_EOF(); + } + if ((headers[*num_headers].name_len = buf - headers[*num_headers].name) == 0) { + *ret = -1; + return NULL; + } + ++buf; + for (;; ++buf) { + CHECK_EOF(); + if (!(*buf == ' ' || *buf == '\t')) { + break; + } + } + } else { + headers[*num_headers].name = NULL; + headers[*num_headers].name_len = 0; + } + const char *value; + size_t value_len; + if ((buf = get_token_to_eol(buf, buf_end, &value, &value_len, ret)) == NULL) { + return NULL; + } + /* remove trailing SPs and HTABs */ + const char *value_end = value + value_len; + for (; value_end != value; --value_end) { + const char c = *(value_end - 1); + if (!(c == ' ' || c == '\t')) { + break; + } + } + headers[*num_headers].value = value; + headers[*num_headers].value_len = value_end - value; + } + return buf; +} + +static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path, + size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, + size_t max_headers, int *ret) +{ + /* skip first empty line (some clients add CRLF after POST content) */ + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + } else if (*buf == '\012') { + ++buf; + } + + /* parse request line */ + ADVANCE_TOKEN(*method, *method_len); + do { + ++buf; + } while (*buf == ' '); + ADVANCE_TOKEN(*path, *path_len); + do { + ++buf; + } while (*buf == ' '); + if (*method_len == 0 || *path_len == 0) { + *ret = -1; + return NULL; + } + if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + return NULL; + } + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + } else if (*buf == '\012') { + ++buf; + } else { + *ret = -1; + return NULL; + } + + return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); +} + +int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path, + size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf_start + len; + size_t max_headers = *num_headers; + int r; + + *method = NULL; + *method_len = 0; + *path = NULL; + *path_len = 0; + *minor_version = -1; + *num_headers = 0; + + /* if last_len != 0, check if the request is complete (a fast countermeasure + againt slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers, + &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg, + size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) +{ + /* parse "HTTP/1.x" */ + if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + return NULL; + } + /* skip space */ + if (*buf != ' ') { + *ret = -1; + return NULL; + } + do { + ++buf; + } while (*buf == ' '); + /* parse status code, we want at least [:digit:][:digit:][:digit:] to try to parse */ + if (buf_end - buf < 4) { + *ret = -2; + return NULL; + } + PARSE_INT_3(status); + + /* get message includig preceding space */ + if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) { + return NULL; + } + if (*msg_len == 0) { + /* ok */ + } else if (**msg == ' ') { + /* remove preceding space */ + do { + ++*msg; + --*msg_len; + } while (**msg == ' '); + } else { + /* garbage found after status code */ + *ret = -1; + return NULL; + } + + return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); +} + +int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, + struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf + len; + size_t max_headers = *num_headers; + int r; + + *minor_version = -1; + *status = 0; + *msg = NULL; + *msg_len = 0; + *num_headers = 0; + + /* if last_len != 0, check if the response is complete (a fast countermeasure + against slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +int phr_parse_headers(const char *buf_start, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf + len; + size_t max_headers = *num_headers; + int r; + + *num_headers = 0; + + /* if last_len != 0, check if the response is complete (a fast countermeasure + against slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_headers(buf, buf_end, headers, num_headers, max_headers, &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +enum { + CHUNKED_IN_CHUNK_SIZE, + CHUNKED_IN_CHUNK_EXT, + CHUNKED_IN_CHUNK_DATA, + CHUNKED_IN_CHUNK_CRLF, + CHUNKED_IN_TRAILERS_LINE_HEAD, + CHUNKED_IN_TRAILERS_LINE_MIDDLE +}; + +static int decode_hex(int ch) +{ + if ('0' <= ch && ch <= '9') { + return ch - '0'; + } else if ('A' <= ch && ch <= 'F') { + return ch - 'A' + 0xa; + } else if ('a' <= ch && ch <= 'f') { + return ch - 'a' + 0xa; + } else { + return -1; + } +} + +ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *_bufsz) +{ + size_t dst = 0, src = 0, bufsz = *_bufsz; + ssize_t ret = -2; /* incomplete */ + + while (1) { + switch (decoder->_state) { + case CHUNKED_IN_CHUNK_SIZE: + for (;; ++src) { + int v; + if (src == bufsz) + goto Exit; + if ((v = decode_hex(buf[src])) == -1) { + if (decoder->_hex_count == 0) { + ret = -1; + goto Exit; + } + break; + } + if (decoder->_hex_count == sizeof(size_t) * 2) { + ret = -1; + goto Exit; + } + decoder->bytes_left_in_chunk = decoder->bytes_left_in_chunk * 16 + v; + ++decoder->_hex_count; + } + decoder->_hex_count = 0; + decoder->_state = CHUNKED_IN_CHUNK_EXT; + /* fallthru */ + case CHUNKED_IN_CHUNK_EXT: + /* RFC 7230 A.2 "Line folding in chunk extensions is disallowed" */ + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] == '\012') + break; + } + ++src; + if (decoder->bytes_left_in_chunk == 0) { + if (decoder->consume_trailer) { + decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD; + break; + } else { + goto Complete; + } + } + decoder->_state = CHUNKED_IN_CHUNK_DATA; + /* fallthru */ + case CHUNKED_IN_CHUNK_DATA: { + size_t avail = bufsz - src; + if (avail < decoder->bytes_left_in_chunk) { + if (dst != src) + memmove(buf + dst, buf + src, avail); + src += avail; + dst += avail; + decoder->bytes_left_in_chunk -= avail; + goto Exit; + } + if (dst != src) + memmove(buf + dst, buf + src, decoder->bytes_left_in_chunk); + src += decoder->bytes_left_in_chunk; + dst += decoder->bytes_left_in_chunk; + decoder->bytes_left_in_chunk = 0; + decoder->_state = CHUNKED_IN_CHUNK_CRLF; + } + /* fallthru */ + case CHUNKED_IN_CHUNK_CRLF: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] != '\015') + break; + } + if (buf[src] != '\012') { + ret = -1; + goto Exit; + } + ++src; + decoder->_state = CHUNKED_IN_CHUNK_SIZE; + break; + case CHUNKED_IN_TRAILERS_LINE_HEAD: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] != '\015') + break; + } + if (buf[src++] == '\012') + goto Complete; + decoder->_state = CHUNKED_IN_TRAILERS_LINE_MIDDLE; + /* fallthru */ + case CHUNKED_IN_TRAILERS_LINE_MIDDLE: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] == '\012') + break; + } + ++src; + decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD; + break; + default: + assert(!"decoder is corrupt"); + } + } + +Complete: + ret = bufsz - src; +Exit: + if (dst != src) + memmove(buf + dst, buf + src, bufsz - src); + *_bufsz = dst; + return ret; +} + +int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder) +{ + return decoder->_state == CHUNKED_IN_CHUNK_DATA; +} + +#undef CHECK_EOF +#undef EXPECT_CHAR +#undef ADVANCE_TOKEN diff --git a/source/network/picohttpparser.h b/source/network/picohttpparser.h new file mode 100644 index 00000000..0849f844 --- /dev/null +++ b/source/network/picohttpparser.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase, + * Shigeo Mitsunari + * + * The software is licensed under either the MIT License (below) or the Perl + * license. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#ifndef picohttpparser_h +#define picohttpparser_h + +#include + +#ifdef _MSC_VER +#define ssize_t intptr_t +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* contains name and value of a header (name == NULL if is a continuing line + * of a multiline header */ +struct phr_header { + const char *name; + size_t name_len; + const char *value; + size_t value_len; +}; + +/* returns number of bytes consumed if successful, -2 if request is partial, + * -1 if failed */ +int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len, + int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* ditto */ +int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, + struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* ditto */ +int phr_parse_headers(const char *buf, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* should be zero-filled before start */ +struct phr_chunked_decoder { + size_t bytes_left_in_chunk; /* number of bytes left in current chunk */ + char consume_trailer; /* if trailing headers should be consumed */ + char _hex_count; + char _state; +}; + +/* the function rewrites the buffer given as (buf, bufsz) removing the chunked- + * encoding headers. When the function returns without an error, bufsz is + * updated to the length of the decoded data available. Applications should + * repeatedly call the function while it returns -2 (incomplete) every time + * supplying newly arrived data. If the end of the chunked-encoded data is + * found, the function returns a non-negative number indicating the number of + * octets left undecoded at the tail of the supplied buffer. Returns -1 on + * error. + */ +ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *bufsz); + +/* returns if the chunked decoder is in middle of chunked data */ +int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/wiiflow.pnproj b/wiiflow.pnproj index b5455c2b..acd89308 100644 --- a/wiiflow.pnproj +++ b/wiiflow.pnproj @@ -1 +1 @@ - \ No newline at end of file + \ No newline at end of file