diff --git a/components/ssl/Kconfig b/components/ssl/Kconfig index 3bf39741..52fee4f0 100644 --- a/components/ssl/Kconfig +++ b/components/ssl/Kconfig @@ -2,7 +2,7 @@ menu "SSL" choice SSL_LIBRARY_CHOOSE prompt "Choose SSL/TLS library" - default SSL_USING_WOLFSSL + default SSL_USING_MBEDTLS help Choose the SSL/TLS library which you want to use. @@ -16,6 +16,17 @@ config SSL_USING_WOLFSSL bool "wolfSSL" endchoice +menu "wolfSSL" + depends on SSL_USING_WOLFSSL + +config WOLFSSL_DEBUG + bool "Enable wolfSSL debugging" + default n + help + Enable wolfSSL debugging functions at compile time. + +endmenu # wolfSSL + menu "mbedTLS" depends on SSL_USING_MBEDTLS diff --git a/components/ssl/component.mk b/components/ssl/component.mk index 9aea7b2e..2b895613 100644 --- a/components/ssl/component.mk +++ b/components/ssl/component.mk @@ -5,8 +5,13 @@ ifdef CONFIG_SSL_USING_WOLFSSL COMPONENT_ADD_INCLUDEDIRS := wolfssl/include wolfssl/wolfssl wolfssl/wolfssl/wolfssl +ifdef CONFIG_WOLFSSL_DEBUG +WOLFSSLLIB = wolfssl_debug +COMPONENT_ADD_LDFLAGS := -L $(COMPONENT_PATH)/wolfssl/lib -lwolfssl_debug +else WOLFSSLLIB = wolfssl COMPONENT_ADD_LDFLAGS := -L $(COMPONENT_PATH)/wolfssl/lib -lwolfssl +endif # re-link program if wolfssl library change COMPONENT_ADD_LINKER_DEPS := $(patsubst %,$(COMPONENT_PATH)/wolfssl/lib/lib%.a,$(WOLFSSLLIB)) diff --git a/components/ssl/wolfssl/include/user_settings.h b/components/ssl/wolfssl/include/user_settings.h index 07b9abae..a20a8221 100644 --- a/components/ssl/wolfssl/include/user_settings.h +++ b/components/ssl/wolfssl/include/user_settings.h @@ -31,6 +31,8 @@ #define NO_RC4 #define NO_RABBIT #define HAVE_ECC +#define HAVE_AES_ECB +#define WOLFSSL_AES_DIRECT #define WC_NO_HARDEN #define FREERTOS #define WOLFSSL_TYPES @@ -39,6 +41,7 @@ #define WOLFSSL_ALLOW_TLSV10 #define WOLFSSL_SMALL_STACK #define SMALL_SESSION_CACHE +#define OPENSSL_EXTRA #define SSL_CTX_use_certificate_ASN1(ctx,len,buf) wolfSSL_CTX_use_certificate_buffer(ctx,buf,len,WOLFSSL_FILETYPE_PEM) #define SSL_CTX_use_PrivateKey_ASN1(type,ctx,buf,len) wolfSSL_CTX_use_PrivateKey_buffer(ctx,buf,len, WOLFSSL_FILETYPE_PEM) @@ -54,6 +57,7 @@ #endif #ifndef CUSTOM_RAND_GENERATE_BLOCK +#include "esp_libc.h" /* To use define the following:*/ #define CUSTOM_RAND_GENERATE_BLOCK os_get_random #endif diff --git a/components/ssl/wolfssl/lib/libwolfssl.a b/components/ssl/wolfssl/lib/libwolfssl.a index 7bde8c83..f475465b 100644 Binary files a/components/ssl/wolfssl/lib/libwolfssl.a and b/components/ssl/wolfssl/lib/libwolfssl.a differ diff --git a/components/ssl/wolfssl/lib/libwolfssl_debug.a b/components/ssl/wolfssl/lib/libwolfssl_debug.a new file mode 100644 index 00000000..713d419c Binary files /dev/null and b/components/ssl/wolfssl/lib/libwolfssl_debug.a differ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/asn1.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/asn1.h new file mode 100644 index 00000000..f0a36538 --- /dev/null +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/asn1.h @@ -0,0 +1,50 @@ +/* asn1.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. + * + * This file is part of wolfSSL. + * + * Contact licensing@wolfssl.com with any questions or comments. + * + * https://www.wolfssl.com + */ + + +/* asn1.h for openssl */ + +#ifndef WOLFSSL_ASN1_H_ +#define WOLFSSL_ASN1_H_ + +#include + +#define ASN1_STRING_new wolfSSL_ASN1_STRING_type_new +#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new +#define ASN1_STRING_set wolfSSL_ASN1_STRING_set +#define ASN1_STRING_free wolfSSL_ASN1_STRING_free + +#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ +#define V_ASN1_NEG 0x100 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* Type for ASN1_print_ex */ +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 +# define ASN1_STRFLGS_ESC_QUOTE 8 +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 +# define ASN1_STRFLGS_SHOW_TYPE 0x40 +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 +# define ASN1_STRFLGS_DUMP_DER 0x200 +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +#define MBSTRING_UTF8 0x1000 + +#endif /* WOLFSSL_ASN1_H_ */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h index e360df77..7521c3e5 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h @@ -1,17 +1,22 @@ /* bn.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ /* bn.h for openssl */ +/*! + \file wolfssl/openssl/bn.h + \brief bn.h for openssl +*/ + #ifndef WOLFSSL_BN_H_ #define WOLFSSL_BN_H_ @@ -96,7 +101,7 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); + WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*); #endif WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/crypto.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/crypto.h new file mode 100644 index 00000000..4e987e5a --- /dev/null +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/crypto.h @@ -0,0 +1,71 @@ +/* crypto.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. + * + * This file is part of wolfSSL. + * + * Contact licensing@wolfssl.com with any questions or comments. + * + * https://www.wolfssl.com + */ + + +/* crypto.h for openSSL */ + +#ifndef WOLFSSL_CRYPTO_H_ +#define WOLFSSL_CRYPTO_H_ + +#include + +#include + +#ifdef WOLFSSL_PREFIX +#include "prefix_crypto.h" +#endif + + +WOLFSSL_API const char* wolfSSLeay_version(int type); +WOLFSSL_API unsigned long wolfSSLeay(void); + +#ifdef OPENSSL_EXTRA +WOLFSSL_API void wolfSSL_OPENSSL_free(void*); +WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); +#endif + +#define CRYPTO_THREADID void + +#define SSLeay_version wolfSSLeay_version +#define SSLeay wolfSSLeay + + +#define SSLEAY_VERSION 0x0090600fL +#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION +#define CRYPTO_lock wc_LockMutex_ex + +/* this function was used to set the default malloc, free, and realloc */ +#define CRYPTO_malloc_init() /* CRYPTO_malloc_init is not needed */ + +#define OPENSSL_free wolfSSL_OPENSSL_free +#define OPENSSL_malloc wolfSSL_OPENSSL_malloc + +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) +#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions +#define FIPS_mode wolfSSL_FIPS_mode +#define FIPS_mode_set wolfSSL_FIPS_mode_set +typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; +typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void* argp); +#define CRYPTO_THREADID_set_callback wolfSSL_THREADID_set_callback +#define CRYPTO_THREADID_set_numeric wolfSSL_THREADID_set_numeric + +#define CRYPTO_r_lock wc_LockMutex_ex +#define CRYPTO_unlock wc_LockMutex_ex + +#define CRYPTO_THREAD_lock wc_LockMutex +#define CRYPTO_THREAD_r_lock wc_LockMutex +#define CRYPTO_THREAD_unlock wc_UnLockMutex + +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#endif /* header */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h index bdcde8e0..978e8ecf 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h @@ -1,12 +1,12 @@ /* dsa.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h index 24e0e3ad..832ea3d6 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h @@ -1,12 +1,12 @@ /* ec.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -24,6 +24,7 @@ extern "C" { /* Map OpenSSL NID value */ enum { + POINT_CONVERSION_COMPRESSED = 2, POINT_CONVERSION_UNCOMPRESSED = 4, #ifdef HAVE_ECC @@ -92,6 +93,10 @@ struct WOLFSSL_EC_KEY { char exSet; /* external set from internal ? */ }; + +#define WOLFSSL_EC_KEY_LOAD_PRIVATE 1 +#define WOLFSSL_EC_KEY_LOAD_PUBLIC 2 + WOLFSSL_API int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, const WOLFSSL_EC_POINT *p, @@ -103,6 +108,9 @@ WOLFSSL_API int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* der, int derSz); WOLFSSL_API +int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, + const unsigned char* der, int derSz, int opt); +WOLFSSL_API void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key); WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key); @@ -167,36 +175,47 @@ WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a); -#define EC_KEY_free wolfSSL_EC_KEY_free -#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key -#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group -#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key -#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key -#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name -#define EC_KEY_set_group wolfSSL_EC_KEY_set_group -#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key -#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag -#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key -#define EC_KEY_new wolfSSL_EC_KEY_new +#ifndef HAVE_SELFTEST +WOLFSSL_API +char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, + const WOLFSSL_EC_POINT* point, int form, + WOLFSSL_BN_CTX* ctx); +#endif -#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag -#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name -#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp -#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name -#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree -#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order -#define EC_GROUP_free wolfSSL_EC_GROUP_free +#define EC_KEY_new wolfSSL_EC_KEY_new +#define EC_KEY_free wolfSSL_EC_KEY_free +#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key +#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group +#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key +#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key +#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name +#define EC_KEY_set_group wolfSSL_EC_KEY_set_group +#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key +#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag +#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key -#define EC_POINT_new wolfSSL_EC_POINT_new +#define EC_GROUP_free wolfSSL_EC_GROUP_free +#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag +#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name +#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp +#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name +#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree +#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order + +#define EC_POINT_new wolfSSL_EC_POINT_new +#define EC_POINT_free wolfSSL_EC_POINT_free #define EC_POINT_get_affine_coordinates_GFp \ - wolfSSL_EC_POINT_get_affine_coordinates_GFp -#define EC_POINT_mul wolfSSL_EC_POINT_mul -#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free -#define EC_POINT_cmp wolfSSL_EC_POINT_cmp -#define EC_POINT_free wolfSSL_EC_POINT_free -#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity + wolfSSL_EC_POINT_get_affine_coordinates_GFp +#define EC_POINT_mul wolfSSL_EC_POINT_mul +#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free +#define EC_POINT_cmp wolfSSL_EC_POINT_cmp +#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity -#define EC_POINT_dump wolfSSL_EC_POINT_dump +#ifndef HAVE_SELFTEST + #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex +#endif + +#define EC_POINT_dump wolfSSL_EC_POINT_dump #ifdef __cplusplus } /* extern "C" */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h index 0f9f4035..a4fa59e4 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h @@ -1,19 +1,20 @@ /* evp.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ -/* evp.h defines mini evp openssl compatibility layer - * +/*! + \file wolfssl/openssl/evp.h + \brief evp.h defines mini evp openssl compatibility layer */ @@ -51,6 +52,7 @@ extern "C" { #endif + typedef char WOLFSSL_EVP_CIPHER; #ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */ typedef char WOLFSSL_EVP_MD; @@ -58,6 +60,9 @@ typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; #define WOLFSSL_EVP_TYPE_DEFINED #endif +typedef WOLFSSL_EVP_PKEY EVP_PKEY; +typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO; + #ifndef NO_MD4 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void); #endif @@ -75,8 +80,10 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void); +#if !defined(NO_AES) && defined(HAVE_AES_CBC) WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void); +#endif WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void); @@ -112,6 +119,7 @@ typedef union { #endif } WOLFSSL_Hasher; +typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX; typedef struct WOLFSSL_EVP_MD_CTX { union { @@ -119,6 +127,7 @@ typedef struct WOLFSSL_EVP_MD_CTX { Hmac hmac; } hash; unsigned char macType; + WOLFSSL_EVP_PKEY_CTX *pctx; } WOLFSSL_EVP_MD_CTX; @@ -205,11 +214,11 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { int lastUsed; } WOLFSSL_EVP_CIPHER_CTX; -typedef struct WOLFSSL_EVP_PKEY_CTX { +struct WOLFSSL_EVP_PKEY_CTX { WOLFSSL_EVP_PKEY *pkey; int op; /* operation */ int padding; -} WOLFSSL_EVP_PKEY_CTX; +}; typedef int WOLFSSL_ENGINE ; typedef WOLFSSL_ENGINE ENGINE; @@ -255,12 +264,22 @@ WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); -#ifndef NO_MD5 +WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, + WOLFSSL_EVP_PKEY_CTX **pctx, + const WOLFSSL_EVP_MD *type, + WOLFSSL_ENGINE *e, + WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, + const void *d, size_t cnt); +WOLFSSL_API int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen); + + WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*, const WOLFSSL_EVP_MD*, const unsigned char*, const unsigned char*, int, int, unsigned char*, unsigned char*); -#endif WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx); @@ -327,6 +346,10 @@ WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_RSA* key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_EC_KEY* key); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); @@ -349,7 +372,11 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *in, size_t inlen); WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void); +WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); +WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type); @@ -378,11 +405,14 @@ WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *ciph WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); WOLFSSL_API int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher); - +WOLFSSL_API void wolfSSL_EVP_cleanup(void); +WOLFSSL_API int wolfSSL_add_all_algorithms(void); +WOLFSSL_API int wolfSSL_OpenSSL_add_all_algorithms_noconf(void); WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char * pass, int passlen, const unsigned char * salt, @@ -459,15 +489,18 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_MD_CTX_type wolfSSL_EVP_MD_CTX_type #define EVP_MD_type wolfSSL_EVP_MD_type -#define EVP_DigestInit wolfSSL_EVP_DigestInit -#define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex -#define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate -#define EVP_DigestFinal wolfSSL_EVP_DigestFinal -#define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex -#define EVP_DigestSignInit wolfSSL_EVP_DigestSignInit -#define EVP_DigestSignUpdate wolfSSL_EVP_DigestSignUpdate -#define EVP_DigestSignFinal wolfSSL_EVP_DigestSignFinal -#define EVP_BytesToKey wolfSSL_EVP_BytesToKey +#define EVP_DigestInit wolfSSL_EVP_DigestInit +#define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex +#define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate +#define EVP_DigestFinal wolfSSL_EVP_DigestFinal +#define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex +#define EVP_DigestSignInit wolfSSL_EVP_DigestSignInit +#define EVP_DigestSignUpdate wolfSSL_EVP_DigestSignUpdate +#define EVP_DigestSignFinal wolfSSL_EVP_DigestSignFinal +#define EVP_DigestVerifyInit wolfSSL_EVP_DigestVerifyInit +#define EVP_DigestVerifyUpdate wolfSSL_EVP_DigestVerifyUpdate +#define EVP_DigestVerifyFinal wolfSSL_EVP_DigestVerifyFinal +#define EVP_BytesToKey wolfSSL_EVP_BytesToKey #define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname #define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname @@ -508,40 +541,54 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname #define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname -#define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA -#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA -#define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA -#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY -#define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac -#define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key -#define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy -#define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex -#define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits -#define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free -#define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new -#define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding -#define EVP_PKEY_decrypt wolfSSL_EVP_PKEY_decrypt -#define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init -#define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt -#define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init -#define EVP_PKEY_new wolfSSL_PKEY_new -#define EVP_PKEY_free wolfSSL_EVP_PKEY_free -#define EVP_PKEY_size wolfSSL_EVP_PKEY_size -#define EVP_SignFinal wolfSSL_EVP_SignFinal -#define EVP_SignInit wolfSSL_EVP_SignInit -#define EVP_SignUpdate wolfSSL_EVP_SignUpdate -#define EVP_VerifyFinal wolfSSL_EVP_VerifyFinal -#define EVP_VerifyInit wolfSSL_EVP_VerifyInit -#define EVP_VerifyUpdate wolfSSL_EVP_VerifyUpdate +#define EVP_PKEY_asign_RSA wolfSSL_EVP_PKEY_assign_RSA +#define EVP_PKEY_asign_EC_KEY wolfSSL_EVP_PKEY_assign_EC_KEY +#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA +#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA +#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY +#define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac +#define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key +#define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy +#define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex +#define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits +#define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free +#define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new +#define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding +#define EVP_PKEY_decrypt wolfSSL_EVP_PKEY_decrypt +#define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init +#define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt +#define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init +#define EVP_PKEY_new wolfSSL_PKEY_new +#define EVP_PKEY_free wolfSSL_EVP_PKEY_free +#define EVP_PKEY_size wolfSSL_EVP_PKEY_size +#define EVP_PKEY_type wolfSSL_EVP_PKEY_type +#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id +#define EVP_PKEY_id wolfSSL_EVP_PKEY_id +#define EVP_SignFinal wolfSSL_EVP_SignFinal +#define EVP_SignInit wolfSSL_EVP_SignInit +#define EVP_SignUpdate wolfSSL_EVP_SignUpdate +#define EVP_VerifyFinal wolfSSL_EVP_VerifyFinal +#define EVP_VerifyInit wolfSSL_EVP_VerifyInit +#define EVP_VerifyUpdate wolfSSL_EVP_VerifyUpdate #define EVP_CIPHER_CTX_block_size wolfSSL_EVP_CIPHER_CTX_block_size #define EVP_CIPHER_block_size wolfSSL_EVP_CIPHER_block_size #define EVP_CIPHER_flags wolfSSL_EVP_CIPHER_flags #define EVP_CIPHER_CTX_set_flags wolfSSL_EVP_CIPHER_CTX_set_flags +#define EVP_CIPHER_CTX_clear_flags wolfSSL_EVP_CIPHER_CTX_clear_flags #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding #define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags #define EVP_add_digest wolfSSL_EVP_add_digest #define EVP_add_cipher wolfSSL_EVP_add_cipher +#define EVP_cleanup wolfSSL_EVP_cleanup + +#define OpenSSL_add_all_digests() wolfCrypt_Init() +#define OpenSSL_add_all_ciphers() wolfCrypt_Init() +#define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms +#define OpenSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf +#define wolfSSL_OPENSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf #define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1 diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/hmac.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/hmac.h new file mode 100644 index 00000000..da32fed4 --- /dev/null +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/hmac.h @@ -0,0 +1,84 @@ +/* hmac.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. + * + * This file is part of wolfSSL. + * + * Contact licensing@wolfssl.com with any questions or comments. + * + * https://www.wolfssl.com + */ + + + + +/* hmac.h defines mini hamc openssl compatibility layer + * + */ + + +#ifndef WOLFSSL_HMAC_H_ +#define WOLFSSL_HMAC_H_ + +#include + +#ifdef WOLFSSL_PREFIX +#include "prefix_hmac.h" +#endif + +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + + +WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, + const void* key, int key_len, + const unsigned char* d, int n, unsigned char* md, + unsigned int* md_len); + + +typedef struct WOLFSSL_HMAC_CTX { + Hmac hmac; + int type; + word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ + word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; +} WOLFSSL_HMAC_CTX; + + +WOLFSSL_API int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx); +WOLFSSL_API int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, + WOLFSSL_HMAC_CTX* src); +WOLFSSL_LOCAL int wolfSSL_HmacCopy(Hmac* des, Hmac* src); +WOLFSSL_API int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, + int keylen, const EVP_MD* type); +WOLFSSL_API int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, + int keylen, const EVP_MD* type, WOLFSSL_ENGINE* e); +WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, + const unsigned char* data, int len); +WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, + unsigned int* len); +WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx); + +typedef struct WOLFSSL_HMAC_CTX HMAC_CTX; + +#define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g)) + +#define HMAC_CTX_init wolfSSL_HMAC_CTX_Init +#define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy +#define HMAC_Init_ex wolfSSL_HMAC_Init_ex +#define HMAC_Init wolfSSL_HMAC_Init +#define HMAC_Update wolfSSL_HMAC_Update +#define HMAC_Final wolfSSL_HMAC_Final +#define HMAC_cleanup wolfSSL_HMAC_cleanup + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFSSL_HMAC_H_ */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h index 00217c4e..80e58df9 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h @@ -1,12 +1,12 @@ /* md5.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h index a48fede1..15cbe51f 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h @@ -1,12 +1,12 @@ /* opensslv.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -17,7 +17,8 @@ /* api version compatibility */ -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_SIGNAL) +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* version number can be increased for Lighty after compatibility for ECDH is added */ #define OPENSSL_VERSION_NUMBER 0x10001000L diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h index a8ba0845..3b5422e0 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h @@ -1,12 +1,12 @@ /* ripemd.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h index c3e22b00..a135fc06 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h @@ -1,12 +1,12 @@ /* rsa.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -23,21 +23,9 @@ extern "C" { #endif -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) -#if defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION < 2)) - /* - choice of padding added after fips, so not available when using fips RSA - */ - - /* Padding types */ - #define RSA_PKCS1_PADDING 0 - #define RSA_PKCS1_OAEP_PADDING 1 -#else - #define RSA_PKCS1_PADDING WC_RSA_PKCSV15_PAD - #define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD -#endif /* HAVE_FIPS */ -#endif +/* Padding types */ +#define RSA_PKCS1_PADDING 0 +#define RSA_PKCS1_OAEP_PADDING 1 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ typedef struct WOLFSSL_RSA WOLFSSL_RSA; @@ -98,6 +86,7 @@ WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int s #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 +#define WOLFSSL_RSA_F4 0x10001L #define RSA_new wolfSSL_RSA_new #define RSA_free wolfSSL_RSA_free @@ -114,6 +103,7 @@ WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int s #define RSA_verify wolfSSL_RSA_verify #define RSA_public_decrypt wolfSSL_RSA_public_decrypt +#define RSA_F4 WOLFSSL_RSA_F4 #ifdef __cplusplus } /* extern "C" */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h index 550a6df9..6712585e 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h @@ -1,12 +1,12 @@ /* sha.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -110,7 +110,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Init wolfSSL_SHA256_Init #define SHA256_Update wolfSSL_SHA256_Update #define SHA256_Final wolfSSL_SHA256_Final -#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS * build. */ #define SHA256 wolfSSL_SHA256 @@ -139,7 +139,11 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; #define SHA384_Init wolfSSL_SHA384_Init #define SHA384_Update wolfSSL_SHA384_Update #define SHA384_Final wolfSSL_SHA384_Final - +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + /* SHA384 is only available in non-fips mode because of SHA384 enum in FIPS + * build. */ + #define SHA384 wolfSSL_SHA384 +#endif #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 @@ -164,7 +168,11 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX; #define SHA512_Init wolfSSL_SHA512_Init #define SHA512_Update wolfSSL_SHA512_Update #define SHA512_Final wolfSSL_SHA512_Final - +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + /* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS + * build. */ + #define SHA512 wolfSSL_SHA512 +#endif #endif /* WOLFSSL_SHA512 */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h index 0a094a70..b3da6dac 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h @@ -1,12 +1,12 @@ /* ssl.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -27,6 +27,13 @@ #endif /* OPENSSL_EXTRA_SSL_GUARD */ #include +#ifdef OPENSSL_EXTRA +#include +#endif + +#if defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) +#include +#endif #ifdef __cplusplus extern "C" { @@ -53,13 +60,12 @@ typedef WOLFSSL_X509 X509_REQ; typedef WOLFSSL_X509_NAME X509_NAME; typedef WOLFSSL_X509_CHAIN X509_CHAIN; +typedef WOLFSSL_STACK EXTENDED_KEY_USAGE; + /* redeclare guard */ #define WOLFSSL_TYPES_DEFINED - -typedef WOLFSSL_EVP_PKEY EVP_PKEY; -typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO; typedef WOLFSSL_BIO BIO; typedef WOLFSSL_BIO_METHOD BIO_METHOD; typedef WOLFSSL_CIPHER SSL_CIPHER; @@ -88,14 +94,34 @@ typedef WOLFSSL_X509_OBJECT X509_OBJECT; typedef WOLFSSL_X509_STORE X509_STORE; typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; -#define CRYPTO_free XFREE -#define CRYPTO_malloc XMALLOC -#define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new -#define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup -#define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free +#define EVP_CIPHER_INFO EncryptedInfo #define STACK_OF(x) WOLFSSL_STACK +#define CRYPTO_free XFREE +#define CRYPTO_malloc XMALLOC +#define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new +#define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup +#define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free + +/* depreciated */ +#define CRYPTO_thread_id wolfSSL_thread_id +#define CRYPTO_set_id_callback wolfSSL_set_id_callback + +#define CRYPTO_LOCK 0x01 +#define CRYPTO_UNLOCK 0x02 +#define CRYPTO_READ 0x04 +#define CRYPTO_WRITE 0x08 + +#define CRYPTO_set_locking_callback wolfSSL_set_locking_callback +#define CRYPTO_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback +#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback +#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback +#define CRYPTO_num_locks wolfSSL_num_locks +#define CRYPTO_dynlock_value WOLFSSL_dynlock_value + +#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data + /* this function was used to set the default malloc, free, and realloc */ #define CRYPTO_malloc_init() /* CRYPTO_malloc_init is not needed */ @@ -106,335 +132,412 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_get_shared_ciphers(ctx,buf,len) \ wolfSSL_get_shared_ciphers((ctx),(buf),(len)) -#define ERR_print_errors_fp(file) wolfSSL_ERR_dump_errors_fp((file)) - /* at the moment only returns ok */ -#define SSL_get_verify_result wolfSSL_get_verify_result -#define SSL_get_verify_mode wolfSSL_SSL_get_mode -#define SSL_get_verify_depth wolfSSL_get_verify_depth -#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode -#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth -#define SSL_get_certificate wolfSSL_get_certificate -#define SSL_use_certificate wolfSSL_use_certificate -#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 -#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio -#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free +#define SSL_get_verify_result wolfSSL_get_verify_result +#define SSL_get_verify_mode wolfSSL_SSL_get_mode +#define SSL_get_verify_depth wolfSSL_get_verify_depth +#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode +#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth +#define SSL_get_certificate wolfSSL_get_certificate +#define SSL_use_certificate wolfSSL_use_certificate +#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 +#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio +#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio +#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp -#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio -#define d2i_PrivateKey wolfSSL_d2i_PrivateKey -#define SSL_use_PrivateKey wolfSSL_use_PrivateKey -#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 -#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 -#define SSL_get_privatekey wolfSSL_get_privatekey +#define d2i_PUBKEY wolfSSL_d2i_PUBKEY +#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio +#define d2i_PrivateKey wolfSSL_d2i_PrivateKey +#define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey +#define SSL_use_PrivateKey wolfSSL_use_PrivateKey +#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 +#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 +#define SSL_get_privatekey wolfSSL_get_privatekey -#define SSLv23_method wolfSSLv23_method -#define SSLv3_server_method wolfSSLv3_server_method -#define SSLv3_client_method wolfSSLv3_client_method -#define TLSv1_method wolfTLSv1_method -#define TLSv1_server_method wolfTLSv1_server_method -#define TLSv1_client_method wolfTLSv1_client_method -#define TLSv1_1_server_method wolfTLSv1_1_server_method -#define TLSv1_1_client_method wolfTLSv1_1_client_method -#define TLSv1_2_server_method wolfTLSv1_2_server_method -#define TLSv1_2_client_method wolfTLSv1_2_client_method +#define SSLv23_method wolfSSLv23_method +#define SSLv23_client_method wolfSSLv23_client_method +#define SSLv2_client_method wolfSSLv2_client_method +#define SSLv2_server_method wolfSSLv2_server_method +#define SSLv3_server_method wolfSSLv3_server_method +#define SSLv3_client_method wolfSSLv3_client_method +#define TLSv1_method wolfTLSv1_method +#define TLSv1_server_method wolfTLSv1_server_method +#define TLSv1_client_method wolfTLSv1_client_method +#define TLSv1_1_method wolfTLSv1_1_method +#define TLSv1_1_server_method wolfTLSv1_1_server_method +#define TLSv1_1_client_method wolfTLSv1_1_client_method +#define TLSv1_2_method wolfTLSv1_2_method +#define TLSv1_2_server_method wolfTLSv1_2_server_method +#define TLSv1_2_client_method wolfTLSv1_2_client_method +#define TLSv1_3_method wolfTLSv1_3_method +#define TLSv1_3_server_method wolfTLSv1_3_server_method +#define TLSv1_3_client_method wolfTLSv1_3_client_method #define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1 #ifdef WOLFSSL_DTLS - #define DTLSv1_client_method wolfDTLSv1_client_method - #define DTLSv1_server_method wolfDTLSv1_server_method - #define DTLSv1_2_client_method wolfDTLSv1_2_client_method - #define DTLSv1_2_server_method wolfDTLSv1_2_server_method + #define DTLSv1_client_method wolfDTLSv1_client_method + #define DTLSv1_server_method wolfDTLSv1_server_method + #define DTLSv1_2_client_method wolfDTLSv1_2_client_method + #define DTLSv1_2_server_method wolfDTLSv1_2_server_method #endif #ifndef NO_FILESYSTEM - #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file - #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file - #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations + #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file + #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file + #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file - #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file + #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file - #define SSL_use_certificate_file wolfSSL_use_certificate_file - #define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file - #define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file - #define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file + #define SSL_use_certificate_file wolfSSL_use_certificate_file + #define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file + #define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file + #define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file #endif -#define SSL_CTX_new wolfSSL_CTX_new -#define SSL_new wolfSSL_new -#define SSL_set_fd wolfSSL_set_fd -#define SSL_get_fd wolfSSL_get_fd -#define SSL_connect wolfSSL_connect -#define SSL_clear wolfSSL_clear -#define SSL_state wolfSSL_state +#define SSL_CTX_new wolfSSL_CTX_new +#define SSL_new wolfSSL_new +#define SSL_set_fd wolfSSL_set_fd +#define SSL_get_fd wolfSSL_get_fd +#define SSL_connect wolfSSL_connect +#define SSL_clear wolfSSL_clear +#define SSL_state wolfSSL_state -#define SSL_write wolfSSL_write -#define SSL_read wolfSSL_read -#define SSL_peek wolfSSL_peek -#define SSL_accept wolfSSL_accept -#define SSL_CTX_free wolfSSL_CTX_free -#define SSL_free wolfSSL_free -#define SSL_shutdown wolfSSL_shutdown +#define SSL_write wolfSSL_write +#define SSL_read wolfSSL_read +#define SSL_peek wolfSSL_peek +#define SSL_accept wolfSSL_accept +#define SSL_CTX_free wolfSSL_CTX_free +#define SSL_free wolfSSL_free +#define SSL_shutdown wolfSSL_shutdown -#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown -#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown -#define SSL_get_error wolfSSL_get_error -#define SSL_set_session wolfSSL_set_session -#define SSL_get_session wolfSSL_get_session -#define SSL_flush_sessions wolfSSL_flush_sessions +#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown +#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown +#define SSL_get_error wolfSSL_get_error +#define SSL_set_session wolfSSL_set_session +#define SSL_get_session wolfSSL_get_session +#define SSL_flush_sessions wolfSSL_flush_sessions /* assume unlimited temporarily */ #define SSL_CTX_get_session_cache_mode(ctx) 0 -#define SSL_CTX_set_verify wolfSSL_CTX_set_verify -#define SSL_set_verify wolfSSL_set_verify -#define SSL_pending wolfSSL_pending -#define SSL_load_error_strings wolfSSL_load_error_strings -#define SSL_library_init wolfSSL_library_init -#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode -#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list -#define SSL_set_cipher_list wolfSSL_set_cipher_list +#define SSL_CTX_set_verify wolfSSL_CTX_set_verify +#define SSL_set_verify wolfSSL_set_verify +#define SSL_pending wolfSSL_pending +#define SSL_load_error_strings wolfSSL_load_error_strings +#define SSL_library_init wolfSSL_library_init +#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode +#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list +#define SSL_set_cipher_list wolfSSL_set_cipher_list -#define ERR_error_string wolfSSL_ERR_error_string -#define ERR_error_string_n wolfSSL_ERR_error_string_n -#define ERR_reason_error_string wolfSSL_ERR_reason_error_string - -#define SSL_set_ex_data wolfSSL_set_ex_data -#define SSL_get_shutdown wolfSSL_get_shutdown -#define SSL_set_rfd wolfSSL_set_rfd -#define SSL_set_wfd wolfSSL_set_wfd -#define SSL_set_shutdown wolfSSL_set_shutdown -#define SSL_set_session_id_context wolfSSL_set_session_id_context -#define SSL_set_connect_state wolfSSL_set_connect_state -#define SSL_set_accept_state wolfSSL_set_accept_state -#define SSL_session_reused wolfSSL_session_reused -#define SSL_SESSION_free wolfSSL_SESSION_free -#define SSL_is_init_finished wolfSSL_is_init_finished - -#define SSL_get_version wolfSSL_get_version -#define SSL_get_current_cipher wolfSSL_get_current_cipher +#define SSL_set_ex_data wolfSSL_set_ex_data +#define SSL_get_shutdown wolfSSL_get_shutdown +#define SSL_set_rfd wolfSSL_set_rfd +#define SSL_set_wfd wolfSSL_set_wfd +#define SSL_set_shutdown wolfSSL_set_shutdown +#define SSL_set_session_id_context wolfSSL_set_session_id_context +#define SSL_set_connect_state wolfSSL_set_connect_state +#define SSL_set_accept_state wolfSSL_set_accept_state +#define SSL_session_reused wolfSSL_session_reused +#define SSL_SESSION_free wolfSSL_SESSION_free +#define SSL_is_init_finished wolfSSL_is_init_finished + +#define SSL_get_version wolfSSL_get_version +#define SSL_get_current_cipher wolfSSL_get_current_cipher /* use wolfSSL_get_cipher_name for its return format */ -#define SSL_get_cipher wolfSSL_get_cipher_name -#define SSL_CIPHER_description wolfSSL_CIPHER_description -#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name -#define SSL_get1_session wolfSSL_get1_session +#define SSL_get_cipher wolfSSL_get_cipher_name +#define SSL_CIPHER_description wolfSSL_CIPHER_description +#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name +#define SSL_get1_session wolfSSL_get1_session -#define SSL_get_keyblock_size wolfSSL_get_keyblock_size -#define SSL_get_keys wolfSSL_get_keys -#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key +#define SSL_get_keyblock_size wolfSSL_get_keyblock_size +#define SSL_get_keys wolfSSL_get_keys +#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length -#define DSA_dup_DH wolfSSL_DSA_dup_DH +#define DSA_dup_DH wolfSSL_DSA_dup_DH + +#define i2d_X509_bio wolfSSL_i2d_X509_bio +#define d2i_X509_bio wolfSSL_d2i_X509_bio +#define d2i_X509_fp wolfSSL_d2i_X509_fp +#define i2d_X509 wolfSSL_i2d_X509 +#define d2i_X509 wolfSSL_d2i_X509 +#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 +#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX +#define PEM_read_X509 wolfSSL_PEM_read_X509 +#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 +#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX -#define X509_load_certificate_file wolfSSL_X509_load_certificate_file -#define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID -#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i -#define X509_digest wolfSSL_X509_digest -#define X509_free wolfSSL_X509_free -#define X509_new wolfSSL_X509_new -#define OPENSSL_free wolfSSL_OPENSSL_free -#define OPENSSL_malloc wolfSSL_OPENSSL_malloc +#define i2d_X509_REQ wolfSSL_i2d_X509_REQ +#define X509_REQ_new wolfSSL_X509_REQ_new +#define X509_REQ_free wolfSSL_X509_REQ_free +#define X509_REQ_sign wolfSSL_X509_REQ_sign +#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name +#define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey +#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ -#define OCSP_parse_url wolfSSL_OCSP_parse_url -#define SSLv23_client_method wolfSSLv23_client_method -#define SSLv2_client_method wolfSSLv2_client_method -#define SSLv2_server_method wolfSSLv2_server_method +#define X509_new wolfSSL_X509_new +#define X509_free wolfSSL_X509_free +#define X509_load_certificate_file wolfSSL_X509_load_certificate_file +#define X509_digest wolfSSL_X509_digest +#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i +#define X509_get_issuer_name wolfSSL_X509_get_issuer_name +#define X509_get_subject_name wolfSSL_X509_get_subject_name +#define X509_get_pubkey wolfSSL_X509_get_pubkey +#define X509_get_notBefore(cert) (ASN1_TIME*)wolfSSL_X509_notBefore((cert)) +#define X509_get_notAfter(cert) (ASN1_TIME*)wolfSSL_X509_notAfter((cert)) +#define X509_get_serialNumber wolfSSL_X509_get_serialNumber +#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr +#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index +#define X509_get_ex_data wolfSSL_X509_get_ex_data +#define X509_set_ex_data wolfSSL_X509_set_ex_data +#define X509_get1_ocsp wolfSSL_X509_get1_ocsp +#ifndef WOLFSSL_HAPROXY +#define X509_get_version wolfSSL_X509_get_version +#endif +#define X509_get_signature_nid wolfSSL_X509_get_signature_nid +#define X509_set_subject_name wolfSSL_X509_set_subject_name +#define X509_set_pubkey wolfSSL_X509_set_pubkey +#define X509_print wolfSSL_X509_print +#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string +#define X509_verify_cert wolfSSL_X509_verify_cert +#define X509_check_private_key wolfSSL_X509_check_private_key +#define X509_check_ca wolfSSL_X509_check_ca +#define X509_check_host wolfSSL_X509_check_host +#define X509_email_free wolfSSL_X509_email_free +#define X509_check_issued wolfSSL_X509_check_issued +#define X509_dup wolfSSL_X509_dup + +#define sk_X509_new wolfSSL_sk_X509_new +#define sk_X509_num wolfSSL_sk_X509_num +#define sk_X509_value wolfSSL_sk_X509_value +#define sk_X509_push wolfSSL_sk_X509_push +#define sk_X509_pop wolfSSL_sk_X509_pop +#define sk_X509_pop_free wolfSSL_sk_X509_pop_free +#define sk_X509_free wolfSSL_sk_X509_free -#define MD4_Init wolfSSL_MD4_Init -#define MD4_Update wolfSSL_MD4_Update -#define MD4_Final wolfSSL_MD4_Final +#define i2d_X509_NAME wolfSSL_i2d_X509_NAME +#define X509_NAME_new wolfSSL_X509_NAME_new +#define X509_NAME_free wolfSSL_X509_NAME_free +#define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID +#define X509_NAME_cmp wolfSSL_X509_NAME_cmp +#define X509_NAME_ENTRY_free wolfSSL_X509_NAME_ENTRY_free +#define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID +#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry +#define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt +#define X509_NAME_oneline wolfSSL_X509_NAME_oneline +#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID +#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex +#define X509_NAME_digest wolfSSL_X509_NAME_digest +#define X509_cmp_current_time wolfSSL_X509_cmp_current_time -#define BIO_new wolfSSL_BIO_new -#define BIO_free wolfSSL_BIO_free -#define BIO_free_all wolfSSL_BIO_free_all -#define BIO_nread0 wolfSSL_BIO_nread0 -#define BIO_nread wolfSSL_BIO_nread -#define BIO_read wolfSSL_BIO_read -#define BIO_nwrite0 wolfSSL_BIO_nwrite0 -#define BIO_nwrite wolfSSL_BIO_nwrite -#define BIO_write wolfSSL_BIO_write -#define BIO_push wolfSSL_BIO_push -#define BIO_pop wolfSSL_BIO_pop -#define BIO_flush wolfSSL_BIO_flush -#define BIO_pending wolfSSL_BIO_pending +#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free +#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num +#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value -#define BIO_get_mem_data wolfSSL_BIO_get_mem_data -#define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf + typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; -#define BIO_f_buffer wolfSSL_BIO_f_buffer -#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size -#define BIO_f_ssl wolfSSL_BIO_f_ssl -#define BIO_new_socket wolfSSL_BIO_new_socket -#define SSL_set_bio wolfSSL_set_bio -#define BIO_eof wolfSSL_BIO_eof -#define BIO_set_ss wolfSSL_BIO_set_ss +#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count +#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object +#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry +#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data +#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object -#define BIO_s_mem wolfSSL_BIO_s_mem -#define BIO_f_base64 wolfSSL_BIO_f_base64 -#define BIO_set_flags wolfSSL_BIO_set_flags +#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK +#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL -#define OpenSSL_add_all_digests() wolfCrypt_Init() -#define OpenSSL_add_all_ciphers() wolfCrypt_Init() -#define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms -#define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms -#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms +#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME +#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME +#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS -#define RAND_screen wolfSSL_RAND_screen -#define RAND_file_name wolfSSL_RAND_file_name -#define RAND_write_file wolfSSL_RAND_write_file -#define RAND_load_file wolfSSL_RAND_load_file -#define RAND_egd wolfSSL_RAND_egd -#define RAND_seed wolfSSL_RAND_seed -#define RAND_cleanup wolfSSL_RAND_Cleanup -#define RAND_add wolfSSL_RAND_add +#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert +#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb +#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new +#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free +#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain +#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error +#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth +#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init +#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup +#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error +#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data + +#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_free wolfSSL_X509_STORE_free +#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup +#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert +#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl +#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags +#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs +#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject +#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer +#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time + +#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir +#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file +#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir +#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file + +#define d2i_X509_CRL wolfSSL_d2i_X509_CRL +#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp +#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL + +#define X509_CRL_free wolfSSL_X509_CRL_free +#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate +#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate +#define X509_CRL_verify wolfSSL_X509_CRL_verify +#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED + +#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num +#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value + +#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents + +#define OCSP_parse_url wolfSSL_OCSP_parse_url + +#define MD4_Init wolfSSL_MD4_Init +#define MD4_Update wolfSSL_MD4_Update +#define MD4_Final wolfSSL_MD4_Final + +#define BIO_new wolfSSL_BIO_new +#define BIO_free wolfSSL_BIO_free +#define BIO_free_all wolfSSL_BIO_free_all +#define BIO_nread0 wolfSSL_BIO_nread0 +#define BIO_nread wolfSSL_BIO_nread +#define BIO_read wolfSSL_BIO_read +#define BIO_nwrite0 wolfSSL_BIO_nwrite0 +#define BIO_nwrite wolfSSL_BIO_nwrite +#define BIO_write wolfSSL_BIO_write +#define BIO_push wolfSSL_BIO_push +#define BIO_pop wolfSSL_BIO_pop +#define BIO_flush wolfSSL_BIO_flush +#define BIO_pending wolfSSL_BIO_pending + +#define BIO_get_mem_data wolfSSL_BIO_get_mem_data +#define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf + +#define BIO_f_buffer wolfSSL_BIO_f_buffer +#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size +#define BIO_f_ssl wolfSSL_BIO_f_ssl +#define BIO_new_socket wolfSSL_BIO_new_socket +#define SSL_set_bio wolfSSL_set_bio +#define BIO_eof wolfSSL_BIO_eof +#define BIO_set_ss wolfSSL_BIO_set_ss + +#define BIO_s_mem wolfSSL_BIO_s_mem +#define BIO_f_base64 wolfSSL_BIO_f_base64 +#define BIO_set_flags wolfSSL_BIO_set_flags + +#define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms +#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms + +#define RAND_screen wolfSSL_RAND_screen +#define RAND_file_name wolfSSL_RAND_file_name +#define RAND_write_file wolfSSL_RAND_write_file +#define RAND_load_file wolfSSL_RAND_load_file +#define RAND_egd wolfSSL_RAND_egd +#define RAND_seed wolfSSL_RAND_seed +#define RAND_cleanup wolfSSL_RAND_Cleanup +#define RAND_add wolfSSL_RAND_add +#define RAND_poll wolfSSL_RAND_poll +#define RAND_status wolfSSL_RAND_status +#define RAND_bytes wolfSSL_RAND_bytes +#define RAND_pseudo_bytes wolfSSL_RAND_pseudo_bytes #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method -#define SSL_get_ex_new_index wolfSSL_get_ex_new_index - -/* depreciated */ -#define CRYPTO_thread_id wolfSSL_thread_id -#define CRYPTO_set_id_callback wolfSSL_set_id_callback - -#define CRYPTO_set_locking_callback wolfSSL_set_locking_callback -#define CRYPTO_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback -#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback -#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback -#define CRYPTO_num_locks wolfSSL_num_locks +#define SSL_get_ex_new_index wolfSSL_get_ex_new_index -#define CRYPTO_LOCK 1 -#define CRYPTO_UNLOCK 2 -#define CRYPTO_READ 4 -#define CRYPTO_WRITE 8 +typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; -#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert -#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert -#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags -#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb -#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free -#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new -#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain -#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error -#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth +#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj +#define ASN1_TIME_print wolfSSL_ASN1_TIME_print +#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime +#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print +#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free -#define X509_print wolfSSL_X509_print -#define X509_NAME_cmp wolfSSL_X509_NAME_cmp -#define i2d_X509_NAME wolfSSL_i2d_X509_NAME -#define X509_NAME_ENTRY_free wolfSSL_X509_NAME_ENTRY_free -#define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID -#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry -#define X509_NAME_oneline wolfSSL_X509_NAME_oneline -#define X509_get_issuer_name wolfSSL_X509_get_issuer_name -#define X509_get_subject_name wolfSSL_X509_get_subject_name -#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string -#define X509_verify_cert wolfSSL_X509_verify_cert +#define ASN1_tag2str wolfSSL_ASN1_tag2str -#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir -#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file -#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir -#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file +#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER +#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER +#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new +#define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free +#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp +#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get +#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN -#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup -#define X509_STORE_new wolfSSL_X509_STORE_new -#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject -#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init -#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup +#define ASN1_STRING_data wolfSSL_ASN1_STRING_data +#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data +#define ASN1_STRING_length wolfSSL_ASN1_STRING_length +#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 +#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex -#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate -#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate +#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr -#define X509_get_pubkey wolfSSL_X509_get_pubkey -#define X509_CRL_verify wolfSSL_X509_CRL_verify -#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error -#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents -#define EVP_PKEY_new wolfSSL_PKEY_new -#define EVP_PKEY_free wolfSSL_EVP_PKEY_free -#define EVP_PKEY_type wolfSSL_EVP_PKEY_type -#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id -#define d2i_PUBKEY wolfSSL_d2i_PUBKEY -#define X509_cmp_current_time wolfSSL_X509_cmp_current_time -#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num -#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED -#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value -#define X509_get_notBefore(cert) (ASN1_TIME*)wolfSSL_X509_notBefore((cert)) -#define X509_get_notAfter(cert) (ASN1_TIME*)wolfSSL_X509_notAfter((cert)) +#define ASN1_IA5STRING WOLFSSL_ASN1_STRING +#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING -#define X509_get_serialNumber wolfSSL_X509_get_serialNumber +#define SSL_load_client_CA_file wolfSSL_load_client_CA_file -#define ASN1_TIME_print wolfSSL_ASN1_TIME_print -#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print -#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj - -#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp -#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get -#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN -#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 - -#define SSL_load_client_CA_file wolfSSL_load_client_CA_file - -#define SSL_CTX_get_client_CA_list wolfSSL_SSL_CTX_get_client_CA_list -#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list -#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store -#define SSL_CTX_get_cert_store wolfSSL_CTX_get_cert_store -#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data +#define SSL_CTX_get_client_CA_list wolfSSL_SSL_CTX_get_client_CA_list +#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list +#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store +#define SSL_CTX_get_cert_store wolfSSL_CTX_get_cert_store #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx -#define SSL_get_ex_data wolfSSL_get_ex_data +#define SSL_get_ex_data wolfSSL_get_ex_data #define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata -#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb +#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb -#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) -#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback -#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos -#define ERR_peek_error wolfSSL_ERR_peek_error -#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line -#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp -#define ERR_GET_REASON wolfSSL_ERR_GET_REASON +#define SSL_CTX_set_timeout(ctx, to) \ + wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) +#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback +#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos -#define SSL_alert_type_string wolfSSL_alert_type_string -#define SSL_alert_desc_string wolfSSL_alert_desc_string -#define SSL_state_string wolfSSL_state_string +#define SSL_alert_type_string wolfSSL_alert_type_string +#define SSL_alert_desc_string wolfSSL_alert_desc_string +#define SSL_state_string wolfSSL_state_string -#define RSA_free wolfSSL_RSA_free -#define RSA_generate_key wolfSSL_RSA_generate_key -#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback +#define RSA_free wolfSSL_RSA_free +#define RSA_generate_key wolfSSL_RSA_generate_key +#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback + +#define PEM_def_callback wolfSSL_PEM_def_callback -#define PEM_def_callback wolfSSL_PEM_def_callback - -#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept -#define SSL_CTX_sess_connect wolfSSL_CTX_sess_connect -#define SSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good -#define SSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good +#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept +#define SSL_CTX_sess_connect wolfSSL_CTX_sess_connect +#define SSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good +#define SSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good #define SSL_CTX_sess_accept_renegotiate wolfSSL_CTX_sess_accept_renegotiate #define SSL_CTX_sess_connect_renegotiate wolfSSL_CTX_sess_connect_renegotiate -#define SSL_CTX_sess_hits wolfSSL_CTX_sess_hits -#define SSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits -#define SSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full -#define SSL_CTX_sess_misses wolfSSL_CTX_sess_misses -#define SSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts -#define SSL_CTX_sess_number wolfSSL_CTX_sess_number -#define SSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size +#define SSL_CTX_sess_hits wolfSSL_CTX_sess_hits +#define SSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits +#define SSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full +#define SSL_CTX_sess_misses wolfSSL_CTX_sess_misses +#define SSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts +#define SSL_CTX_sess_number wolfSSL_CTX_sess_number +#define SSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size #define SSL_DEFAULT_CIPHER_LIST WOLFSSL_DEFAULT_CIPHER_LIST -#define RSA_F4 WOLFSSL_RSA_F4 #define SSL_CTX_set_psk_client_callback wolfSSL_CTX_set_psk_client_callback -#define SSL_set_psk_client_callback wolfSSL_set_psk_client_callback +#define SSL_set_psk_client_callback wolfSSL_set_psk_client_callback -#define SSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint -#define SSL_get_psk_identity wolfSSL_get_psk_identity +#define SSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint +#define SSL_get_psk_identity wolfSSL_get_psk_identity -#define SSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint -#define SSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint +#define SSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint +#define SSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint #define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback -#define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback +#define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback /* system file ints for ERR_put_error */ #define SYS_F_ACCEPT WOLFSSL_SYS_ACCEPT @@ -454,127 +557,107 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SYS_F_IOCTLSOCKET WOLFSSL_SYS_IOCTLSOCKET #define SYS_F_LISTEN WOLFSSL_SYS_LISTEN -#define ERR_put_error wolfSSL_ERR_put_error -#define ERR_get_error_line wolfSSL_ERR_get_error_line -#define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data +#define ERR_GET_REASON wolfSSL_ERR_GET_REASON -#define ERR_get_error wolfSSL_ERR_get_error -#define ERR_clear_error wolfSSL_ERR_clear_error +#define ERR_put_error wolfSSL_ERR_put_error +#define ERR_peek_error wolfSSL_ERR_peek_error +#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp +#define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data +#define ERR_peek_last_error wolfSSL_ERR_peek_last_error +#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line +#define ERR_get_error_line wolfSSL_ERR_get_error_line +#define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data +#define ERR_get_error wolfSSL_ERR_get_error +#define ERR_print_errors_fp(file) wolfSSL_ERR_dump_errors_fp((file)) +#define ERR_clear_error wolfSSL_ERR_clear_error +#define ERR_free_strings wolfSSL_ERR_free_strings +#define ERR_remove_state wolfSSL_ERR_remove_state +#define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state +#define ERR_error_string wolfSSL_ERR_error_string +#define ERR_error_string_n wolfSSL_ERR_error_string_n +#define ERR_reason_error_string wolfSSL_ERR_reason_error_string +#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings -#define RAND_status wolfSSL_RAND_status -#define RAND_bytes wolfSSL_RAND_bytes -#define RAND_pseudo_bytes wolfSSL_RAND_pseudo_bytes -#define SSLv23_server_method wolfSSLv23_server_method -#define SSL_CTX_set_options wolfSSL_CTX_set_options -#define SSL_CTX_get_options wolfSSL_CTX_get_options -#define SSL_CTX_clear_options wolfSSL_CTX_clear_options +#define SSLv23_server_method wolfSSLv23_server_method +#define SSL_CTX_set_options wolfSSL_CTX_set_options +#define SSL_CTX_get_options wolfSSL_CTX_get_options +#define SSL_CTX_clear_options wolfSSL_CTX_clear_options -#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key -#define SSL_check_private_key wolfSSL_check_private_key +#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key +#define SSL_check_private_key wolfSSL_check_private_key -#define ERR_free_strings wolfSSL_ERR_free_strings -#define ERR_remove_state wolfSSL_ERR_remove_state -#define EVP_cleanup wolfSSL_EVP_cleanup +#define SSL_CTX_set_mode wolfSSL_CTX_set_mode +#define SSL_CTX_get_mode wolfSSL_CTX_get_mode +#define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead -#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data -#define SSL_CTX_set_mode wolfSSL_CTX_set_mode -#define SSL_CTX_get_mode wolfSSL_CTX_get_mode -#define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead - -#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size +#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths -#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context -#define SSL_get_peer_certificate wolfSSL_get_peer_certificate -#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain +#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context +#define SSL_get_peer_certificate wolfSSL_get_peer_certificate +#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain -#define SSL_want_read wolfSSL_want_read -#define SSL_want_write wolfSSL_want_write +#define SSL_want_read wolfSSL_want_read +#define SSL_want_write wolfSSL_want_write -#define BIO_prf wolfSSL_BIO_prf -#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr +#define BIO_prf wolfSSL_BIO_prf + +#define sk_num wolfSSL_sk_num +#define sk_value wolfSSL_sk_value -#define sk_num wolfSSL_sk_num -#define sk_value wolfSSL_sk_value -#define sk_X509_pop wolfSSL_sk_X509_pop -#define sk_X509_free wolfSSL_sk_X509_free -#define i2d_X509_bio wolfSSL_i2d_X509_bio -#define d2i_X509_bio wolfSSL_d2i_X509_bio -#define i2d_X509 wolfSSL_i2d_X509 -#define d2i_X509 wolfSSL_d2i_X509 +#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp -#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data -#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data -#define SSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb -#define SSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb -#define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb +#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define d2i_RSAPrivateKey wolfSSL_d2i_RSAPrivateKey +#define i2d_RSAPrivateKey wolfSSL_i2d_RSAPrivateKey +#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey -#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION -#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION -#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout -#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout -#define SSL_SESSION_get_time wolfSSL_SESSION_get_time -#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index -#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 -#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX +#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data +#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data +#define SSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb +#define SSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb +#define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb + +#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION +#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION +#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout +#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout +#define SSL_SESSION_get_time wolfSSL_SESSION_get_time +#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index +#define PEM_read wolfSSL_PEM_read +#define PEM_write wolfSSL_PEM_write +#define PEM_get_EVP_CIPHER_INFO wolfSSL_PEM_get_EVP_CIPHER_INFO +#define PEM_do_header wolfSSL_PEM_do_header /*#if OPENSSL_API_COMPAT < 0x10100000L*/ #define CONF_modules_free() #define ENGINE_cleanup() -#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup -#define SSL_CTX_need_tmp_RSA(ctx) 0 -#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 -#define SSL_need_tmp_RSA(ssl) 0 -#define SSL_set_tmp_rsa(ssl,rsa) 1 +#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup +#define SSL_CTX_need_tmp_RSA(ctx) 0 +#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +#define SSL_need_tmp_RSA(ssl) 0 +#define SSL_set_tmp_rsa(ssl,rsa) 1 /*#endif*/ #define CONF_modules_unload(a) -#define SSL_get_hit wolfSSL_session_reused +#define SSL_get_hit wolfSSL_session_reused /* yassl had set the default to be 500 */ -#define SSL_get_default_timeout(ctx) 500 +#define SSL_get_default_timeout(ctx) 500 -#define X509_NAME_free wolfSSL_X509_NAME_free -#define X509_NAME_new wolfSSL_X509_NAME_new +#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate +#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey +#define BIO_read_filename wolfSSL_BIO_read_filename +#define BIO_s_file wolfSSL_BIO_s_file +#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth +#define SSL_set_verify_depth wolfSSL_set_verify_depth +#define SSL_get_app_data wolfSSL_get_app_data +#define SSL_set_app_data wolfSSL_set_app_data +#define SHA1 wolfSSL_SHA1 -typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; - -#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate -#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey -#define BIO_read_filename wolfSSL_BIO_read_filename -#define BIO_s_file wolfSSL_BIO_s_file -#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth -#define SSL_set_verify_depth wolfSSL_set_verify_depth -#define SSL_get_app_data wolfSSL_get_app_data -#define SSL_set_app_data wolfSSL_set_app_data -#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count -#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object -#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry -#define ASN1_STRING_data wolfSSL_ASN1_STRING_data -#define ASN1_STRING_length wolfSSL_ASN1_STRING_length -#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID -#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data -#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free -#define SHA1 wolfSSL_SHA1 -#define X509_check_private_key wolfSSL_X509_check_private_key -#define SSL_dup_CA_list wolfSSL_dup_CA_list - - - - -/* NIDs */ -enum { - NID_des = 66, - NID_des3 = 67, - NID_sha256 = 672, - NID_sha384 = 673, - NID_sha512 = 674, - NID_hw_name_oid = 73, - NID_id_pkix_OCSP_basic = 74, - NID_any_policy = 75, - NID_anyExtendedKeyUsage = 76, -}; +#define SSL_dup_CA_list wolfSSL_dup_CA_list enum { GEN_DNS = 0x02, /* ASN_DNS_TYPE */ @@ -582,76 +665,104 @@ enum { GEN_URI = 0x06 /* ASN_URI_TYPE */ }; -#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ -#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX +#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams +#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams -#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams -#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams -#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 -#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ -#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x) +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define SSL_get_cipher_bits(s,np) \ + wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num +#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero +#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value +#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ -#ifdef WOLFSSL_HAPROXY -#define SSL_get_rbio wolfSSL_SSL_get_rbio -#define SSL_get_wbio wolfSSL_SSL_get_wbio -#define SSL_do_handshake wolfSSL_SSL_do_handshake -#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x) -#define SSL_SESSION_get_id wolfSSL_SESSION_get_id -#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data -#define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num -#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero -#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value -#endif /* WOLFSSL_HAPROXY */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +#include -#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh +typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; +#define SSL_CTRL_CHAIN 88 +#define BIO_CTRL_WPENDING 13 +#define GEN_IPADD 7 +#define ERR_LIB_SSL 20 +#define SSL_R_SHORT_READ 10 +#define ERR_R_PEM_LIB 9 +#define V_ASN1_IA5STRING 22 +#define SSL_CTRL_MODE 33 -#define BIO_new_file wolfSSL_BIO_new_file -#define BIO_ctrl wolfSSL_BIO_ctrl -#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending -#define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr -#define BIO_int_ctrl wolfSSL_BIO_int_ctrl -#define BIO_reset wolfSSL_BIO_reset -#define BIO_s_file wolfSSL_BIO_s_file -#define BIO_s_bio wolfSSL_BIO_s_bio -#define BIO_s_socket wolfSSL_BIO_s_socket -#define BIO_set_fd wolfSSL_BIO_set_fd -#define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request +#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) +#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio +#define SSL_CTX_use_RSAPrivateKey wolfSSL_CTX_use_RSAPrivateKey +#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio +#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair +#define SSL_get_verify_callback wolfSSL_get_verify_callback +#define GENERAL_NAMES_free(GENERAL_NAMES)NULL -#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size -#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair +#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) -#define BIO_set_fp wolfSSL_BIO_set_fp -#define BIO_get_fp wolfSSL_BIO_get_fp -#define BIO_seek wolfSSL_BIO_seek -#define BIO_write_filename wolfSSL_BIO_write_filename -#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return +#define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1 +#define SSL_CTX_set0_chain(ctx,sk) \ + wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +#define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0) +#define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg)) +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + +#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh + +#define BIO_new_file wolfSSL_BIO_new_file +#define BIO_ctrl wolfSSL_BIO_ctrl +#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending +#define BIO_wpending wolfSSL_BIO_wpending +#define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr +#define BIO_int_ctrl wolfSSL_BIO_int_ctrl +#define BIO_reset wolfSSL_BIO_reset +#define BIO_s_file wolfSSL_BIO_s_file +#define BIO_s_bio wolfSSL_BIO_s_bio +#define BIO_s_socket wolfSSL_BIO_s_socket +#define BIO_set_fd wolfSSL_BIO_set_fd +#define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request + +#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size +#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair + +#define BIO_set_fp wolfSSL_BIO_set_fp +#define BIO_get_fp wolfSSL_BIO_get_fp +#define BIO_seek wolfSSL_BIO_seek +#define BIO_write_filename wolfSSL_BIO_write_filename +#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return #define TLSEXT_STATUSTYPE_ocsp 1 -#define SSL_set_options wolfSSL_set_options -#define SSL_get_options wolfSSL_get_options -#define SSL_clear_options wolfSSL_clear_options -#define SSL_set_tmp_dh wolfSSL_set_tmp_dh +#define SSL_set_options wolfSSL_set_options +#define SSL_get_options wolfSSL_get_options +#define SSL_clear_options wolfSSL_clear_options +#define SSL_set_tmp_dh wolfSSL_set_tmp_dh #define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations -#define SSL_total_renegotiations wolfSSL_total_renegotiations +#define SSL_total_renegotiations wolfSSL_total_renegotiations #define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg #define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type #define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts #define SSL_get_tlsext_status_ids wolfSSL_get_tlsext_status_ids #define SSL_set_tlsext_status_ids wolfSSL_set_tlsext_status_ids -#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp -#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp - -#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert -#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead -#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead -#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg +#define SSL_get_tlsext_status_ocsp_res wolfSSL_get_tlsext_status_ocsp_resp +#define SSL_set_tlsext_status_ocsp_res wolfSSL_set_tlsext_status_ocsp_resp +#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp +#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp + +#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert +#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead +#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead +#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ - wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg -#define SSL_get_server_random wolfSSL_get_server_random + wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg +#define SSL_get_server_random wolfSSL_get_server_random -#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts +#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts #define BIO_C_SET_FILE_PTR 106 #define BIO_C_GET_FILE_PTR 107 @@ -691,17 +802,12 @@ enum { #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 -#define SSL_ctrl wolfSSL_ctrl -#define SSL_CTX_ctrl wolfSSL_CTX_ctrl +#define SSL_ctrl wolfSSL_ctrl +#define SSL_CTX_ctrl wolfSSL_CTX_ctrl -#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK -#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL - -#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME -#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME - -#define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) +#define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ + || defined(OPENSSL_ALL) #include #define SSL2_VERSION 0x0002 @@ -712,93 +818,50 @@ enum { #define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000) #define ASN1_STRFLGS_ESC_MSB 4 -#define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH +#define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH -#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long -#define SSL_alert_type_string_long wolfSSL_alert_type_string_long -#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits -#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num -#define sk_GENERAL_NAME_num wolfSSL_sk_GENERAL_NAME_num -#define sk_X509_num wolfSSL_sk_X509_num -#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex -#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr -#define SSL_CTX_get_options wolfSSL_CTX_get_options +#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long +#define SSL_alert_type_string_long wolfSSL_alert_type_string_long +#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits +#define sk_GENERAL_NAME_num wolfSSL_sk_GENERAL_NAME_num +#define SSL_CTX_get_options wolfSSL_CTX_get_options -#define SSL_CTX_flush_sessions wolfSSL_flush_sessions -#define SSL_CTX_add_session wolfSSL_CTX_add_session -#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX -#define SSL_version wolfSSL_version -#define SSL_get_state wolfSSL_get_state -#define SSL_state_string_long wolfSSL_state_string_long +#define SSL_CTX_flush_sessions wolfSSL_flush_sessions +#define SSL_CTX_add_session wolfSSL_CTX_add_session +#define SSL_version wolfSSL_version +#define SSL_get_state wolfSSL_get_state +#define SSL_state_string_long wolfSSL_state_string_long -#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value -#define sk_X509_value wolfSSL_sk_X509_value -#define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value -#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data -#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data -#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index -#define SSL_SESSION_get_id wolfSSL_SESSION_get_id -#define CRYPTO_dynlock_value WOLFSSL_dynlock_value -typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; -#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs -#define sk_X509_pop_free wolfSSL_sk_X509_pop_free -#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free -#define GENERAL_NAME_free NULL +#define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value +#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data +#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data +#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free +#define GENERAL_NAME_free NULL -#define SSL3_AL_FATAL 2 -#define SSL_TLSEXT_ERR_OK 0 -#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal -#define SSL_TLSEXT_ERR_NOACK alert_warning -#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME +#define SSL3_AL_FATAL 2 +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal +#define SSL_TLSEXT_ERR_NOACK alert_warning +#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME -#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name -#define SSL_get_servername wolfSSL_get_servername -#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX -#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback +#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name +#define SSL_get_servername wolfSSL_get_servername +#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX +#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback #define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_tlsext_servername_callback -#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg +#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg -#define PSK_MAX_PSK_LEN 256 -#define PSK_MAX_IDENTITY_LEN 128 -#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state -#define SSL_CTX_clear_options wolfSSL_CTX_clear_options +#define PSK_MAX_PSK_LEN 256 +#define PSK_MAX_IDENTITY_LEN 128 +#define SSL_CTX_clear_options wolfSSL_CTX_clear_options #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ -#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb +#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb #define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata -/* certificate extension NIDs */ -#define NID_basic_constraints 133 -#define NID_key_usage 129 /* 2.5.29.15 */ -#define NID_ext_key_usage 151 /* 2.5.29.37 */ -#define NID_subject_key_identifier 128 -#define NID_authority_key_identifier 149 -#define NID_private_key_usage_period 130 /* 2.5.29.16 */ -#define NID_subject_alt_name 131 -#define NID_issuer_alt_name 132 -#define NID_info_access 69 -#define NID_sinfo_access 79 /* id-pe 11 */ -#define NID_name_constraints 144 /* 2.5.29.30 */ -#define NID_certificate_policies 146 -#define NID_policy_mappings 147 -#define NID_policy_constraints 150 -#define NID_inhibit_any_policy 168 /* 2.5.29.54 */ -#define NID_tlsfeature 92 /* id-pe 24 */ -#define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */ -#define NID_domainComponent 0x19 - /* matchs ASN_DOMAIN_COMPONENT in asn.h */ - - /* matchs ASN_..._NAME in asn.h */ -#define NID_surname 0x04, /* SN */ -#define NID_serialNumber 0x05, /* serialNumber */ -#define NID_countryName 0x06, /* C */ -#define NID_localityName 0x07, /* L */ -#define NID_stateOrProvinceName 0x08, /* ST */ -#define NID_organizationName 0x0a, /* O */ -#define NID_organizationalUnitName 0x0b, /* OU */ - - #define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback #define SSL_set_msg_callback wolfSSL_set_msg_callback #define SSL_CTX_set_msg_callback_arg wolfSSL_CTX_set_msg_callback_arg @@ -815,7 +878,8 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define ERR_LIB_X509 10 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ + defined(HAVE_LIGHTY) #include @@ -844,60 +908,63 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_R_UNKNOWN_PROTOCOL VERSION_ERROR #define SSL_R_WRONG_VERSION_NUMBER VERSION_ERROR #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ENCRYPT_ERROR +#define SSL_R_HTTPS_PROXY_REQUEST PARSE_ERROR +#define SSL_R_HTTP_REQUEST PARSE_ERROR +#define SSL_R_UNSUPPORTED_PROTOCOL VERSION_ERROR + #ifdef HAVE_SESSION_TICKET #define SSL_OP_NO_TICKET SSL_OP_NO_TICKET #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 #endif -#define OPENSSL_config wolfSSL_OPENSSL_config -#define OPENSSL_memdup wolfSSL_OPENSSL_memdup -#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index -#define X509_get_ex_data wolfSSL_X509_get_ex_data -#define X509_set_ex_data wolfSSL_X509_set_ex_data -#define X509_NAME_digest wolfSSL_X509_NAME_digest -#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout -#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh -#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session -#define SSL_get_rbio wolfSSL_SSL_get_rbio -#define SSL_get_wbio wolfSSL_SSL_get_wbio -#define SSL_do_handshake wolfSSL_SSL_do_handshake -#define SSL_in_init wolfSSL_SSL_in_init -#define SSL_get0_session wolfSSL_SSL_get0_session -#define X509_check_host wolfSSL_X509_check_host -#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER -#define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data -#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings -#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb -#define X509_email_free wolfSSL_X509_email_free -#define X509_get1_ocsp wolfSSL_X509_get1_ocsp -#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb -#define X509_check_issued wolfSSL_X509_check_issued -#define X509_dup wolfSSL_X509_dup -#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new -#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free -#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs -#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer -#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value -#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected -#define SSL_select_next_proto wolfSSL_select_next_proto -#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb -#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb -#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb -#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated -#define SSL_is_server wolfSSL_is_server -#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list +#define OPENSSL_config wolfSSL_OPENSSL_config +#define OPENSSL_memdup wolfSSL_OPENSSL_memdup +#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout +#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh +#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_in_init wolfSSL_SSL_in_init +#define SSL_get0_session wolfSSL_SSL_get0_session +#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb +#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb +#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs +#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value +#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected +#define SSL_select_next_proto wolfSSL_select_next_proto +#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb +#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb +#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb +#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated +#define SSL_is_server wolfSSL_is_server +#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE || + OPENSSL_ALL || HAVE_LIGHTY */ -#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time -#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA -#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password -#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#ifdef OPENSSL_EXTRA +#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA +#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password +#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX + +#define ERR_NUM_ERRORS 16 +#define EVP_PKEY_RSA 6 +#define EVP_PKEY_RSA2 19 +#define SN_pkcs9_emailAddress "Email" +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress 1L,2L,840L,113539L,1L,9L,1L + +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#endif /* OPENSSL_EXTRA */ #ifdef __cplusplus } /* extern "C" */ #endif - #endif /* wolfSSL_openssl_h__ */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/ssl.h b/components/ssl/wolfssl/wolfssl/wolfssl/ssl.h index 8f0dfe41..8dc69351 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/ssl.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/ssl.h @@ -1,16 +1,18 @@ /* ssl.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ - - +/*! + \file ../wolfssl/ssl.h + \brief Header file containing key wolfSSL API +*/ /* wolfSSL API */ @@ -22,6 +24,7 @@ #include #include #include +#include #ifdef HAVE_WOLF_EVENT #include @@ -109,6 +112,7 @@ typedef struct WOLFSSL_X509 WOLFSSL_X509; typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; +typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; @@ -152,7 +156,7 @@ typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER; typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; -typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL; +typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL; typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; typedef struct WOLFSSL_BIO WOLFSSL_BIO; @@ -170,11 +174,17 @@ typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME #define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME +#define WOLFSSL_ASN1_INTEGER_MAX 20 struct WOLFSSL_ASN1_INTEGER { /* size can be increased set at 20 for tag, length then to hold at least 16 * byte type */ - unsigned char data[20]; + unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; /* ASN_INTEGER | LENGTH | hex of number */ + unsigned char negative; /* negative number flag */ + + unsigned char* data; + unsigned int dataMax; /* max size of data buffer */ + unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ }; struct WOLFSSL_ASN1_TIME { @@ -193,16 +203,21 @@ struct WOLFSSL_ASN1_STRING { #define WOLFSSL_MAX_SNAME 40 struct WOLFSSL_ASN1_OBJECT { void* heap; - unsigned char* obj; + const unsigned char* obj; /* sName is short name i.e sha256 rather than oid (null terminated) */ char sName[WOLFSSL_MAX_SNAME]; int type; /* oid */ int grp; /* type of OID, i.e. oidCertPolicyType */ + int nid; unsigned int objSz; unsigned char dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */ + #define WOLFSSL_ASN1_DYNAMIC 0x1 + #define WOLFSSL_ASN1_DYNAMIC_DATA 0x2 struct d { /* derefrenced */ WOLFSSL_ASN1_STRING ia5_internal; WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */ + WOLFSSL_ASN1_STRING* dNSName; + WOLFSSL_ASN1_STRING* iPAddress; } d; }; @@ -283,11 +298,15 @@ struct WOLFSSL_X509_STORE { #ifdef OPENSSL_EXTRA int isDynamic; #endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + WOLFSSL_X509_CRL *crl; +#endif }; #ifdef OPENSSL_EXTRA #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 +#define WOLFSSL_NO_WILDCARDS 0x4 struct WOLFSSL_X509_VERIFY_PARAM { time_t check_time; unsigned long flags; @@ -324,7 +343,10 @@ typedef struct WOLFSSL_BUFFER_INFO { typedef struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ - WOLFSSL_X509* current_cert; /* stunnel dereference */ + WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ +#ifdef WOLFSSL_ASIO + WOLFSSL_X509* current_issuer; /* asio dereference */ +#endif WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */ WOLFSSL_STACK* chain; #ifdef OPENSSL_EXTRA @@ -372,6 +394,7 @@ enum AlertDescription { unsupported_extension = 110, /**< RFC 5246, section 7.2.2 */ unrecognized_name = 112, /**< RFC 6066, section 3 */ bad_certificate_status_response = 113, /**< RFC 6066, section 8 */ + unknown_psk_identity = 115, /**< RFC 4279, section 2 */ no_application_protocol = 120 }; @@ -383,37 +406,56 @@ enum AlertLevel { /* Maximum master key length (SECRET_LEN) */ #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48 +/* Maximum number of groups that can be set */ +#define WOLFSSL_MAX_GROUP_COUNT 10 typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap); + +/* CTX Method EX Constructor Functions */ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap); #ifdef WOLFSSL_TLS13 + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap); #endif + +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); #ifdef WOLFSSL_DTLS + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap); #endif + +/* CTX Method Constructor Functions */ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); -WOLFSSL_API WOLFSSL_METHOD* wolfTLSv1_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); #ifdef WOLFSSL_TLS13 @@ -422,8 +464,13 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); #endif #ifdef WOLFSSL_DTLS + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); #endif @@ -471,6 +518,13 @@ WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); + +#define WOLFSSL_LOAD_FLAG_NONE 0x00000000 +#define WOLFSSL_LOAD_FLAG_IGNORE_ERR 0x00000001 +#define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002 +#define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY 0x00000004 +WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*, + const char*, unsigned int); WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, const char*); #ifdef WOLFSSL_TRUST_PEER_CERT @@ -478,6 +532,8 @@ WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); #endif WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, const char *file); +WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, + const char *file, int format); WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); @@ -486,6 +542,8 @@ WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int); WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file); +WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*, + const char *file, int format); WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); #ifdef WOLFSSL_DER_LOAD @@ -498,15 +556,11 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); /* load NTRU private key blob */ #endif -#ifndef WOLFSSL_PEMCERT_TODER_DEFINED - WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int); - #define WOLFSSL_PEMCERT_TODER_DEFINED -#endif - #endif /* !NO_FILESYSTEM && !NO_CERTS */ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); +WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_is_server(WOLFSSL*); WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*); WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); @@ -516,12 +570,12 @@ WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority); WOLFSSL_API int wolfSSL_get_ciphers(char*, int); WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); +WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, + const unsigned char); WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); -WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); /* please see note at top of README if you get an error from connect */ WOLFSSL_API int wolfSSL_connect(WOLFSSL*); WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); @@ -540,6 +594,11 @@ WOLFSSL_API int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_request_certificate(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_preferred_group(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, + int count); +WOLFSSL_API int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count); + WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*); WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*); @@ -563,12 +622,22 @@ WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); -WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session); -WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); -WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm); -WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char*, - int, int); +WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*); +WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); +WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); +WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t, + WOLFSSL_BIO**, size_t); + +WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**); +WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*, + int, const unsigned char*); +WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**); +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ #ifdef SESSION_INDEX WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); @@ -581,7 +650,6 @@ WOLFSSL_API #endif /* SESSION_INDEX && SESSION_CERTS */ typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); -typedef int (pem_password_cb)(char*, int, int, void*); #ifdef OPENSSL_EXTRA typedef void (CallbackInfoState)(const WOLFSSL*, int, int); @@ -637,6 +705,11 @@ WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); /* Nonblocking DTLS helper functions */ +WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); +#define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock +#define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock + /* The old names are deprecated. */ WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); @@ -730,11 +803,6 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); -#ifdef OPENSSL_EXTRA -WOLFSSL_API void wolfSSL_OPENSSL_free(void*); -WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); -#endif - WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, int* ssl); @@ -772,7 +840,6 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); -WOLFSSL_API int wolfSSL_add_all_algorithms(void); #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); @@ -805,6 +872,7 @@ WOLFSSL_API int wolfSSL_RAND_egd(const char*); WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); +WOLFSSL_API int wolfSSL_RAND_poll(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); @@ -845,12 +913,18 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID( WOLFSSL_X509*, unsigned char*, int*); WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( WOLFSSL_X509*, unsigned char*, int*); + +WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*, + WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); + WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID( WOLFSSL_X509_NAME*, int, char*, int); WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID( WOLFSSL_X509_NAME*, int, int); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*); + WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type); WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1); @@ -902,9 +976,10 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, unsigned char** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, + unsigned char** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); -WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); #ifdef OPENSSL_EXTRA @@ -916,6 +991,8 @@ WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( WOLFSSL_X509_REVOKED*,int); WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*); +WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*); +WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void); WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*); @@ -928,11 +1005,11 @@ WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*); #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn); -WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t, int, long); #endif +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list( const WOLFSSL_CTX *s); WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*, @@ -947,7 +1024,8 @@ WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, void* userdata); WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb*); - +WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); +WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(const WOLFSSL* ssl, int type, int val)); @@ -961,8 +1039,14 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); -WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*, - WOLFSSL_RSA*(*)(WOLFSSL*, int, int)); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, + const unsigned char **pp, long len); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**, + const unsigned char**, long); +WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp); +WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, + WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); @@ -1012,7 +1096,6 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ -#define WOLFSSL_RSA_F4 0x10001L enum { WOLFSSL_OCSP_URL_OVERRIDE = 1, @@ -1023,7 +1106,7 @@ enum { WOLFSSL_CRL_CHECK = 27, }; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) /* seperated out from other enums because of size */ enum { SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, @@ -1112,8 +1195,6 @@ enum { BIO_CLOSE = 1, BIO_NOCLOSE = 0, - NID_undef = 0, - X509_FILETYPE_PEM = 8, X509_LU_X509 = 9, X509_LU_CRL = 12, @@ -1184,9 +1265,9 @@ enum { /* wolfSSL extension, provide last error from SSL_get_error since not using thread storage error queue */ #include -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp); +WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); #endif #endif @@ -1314,6 +1395,14 @@ enum { /* ssl Constants */ wc_psk_client_callback); WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*, wc_psk_client_callback); +#ifdef WOLFSSL_TLS13 + typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*, + char*, unsigned int, unsigned char*, unsigned int, const char**); + WOLFSSL_API void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX*, + wc_psk_client_tls13_callback); + WOLFSSL_API void wolfSSL_set_psk_client_tls13_callback(WOLFSSL*, + wc_psk_client_tls13_callback); +#endif WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*); WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*); @@ -1327,6 +1416,14 @@ enum { /* ssl Constants */ wc_psk_server_callback); WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*, wc_psk_server_callback); +#ifdef WOLFSSL_TLS13 + typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*, + unsigned char*, unsigned int, const char**); + WOLFSSL_API void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX*, + wc_psk_server_tls13_callback); + WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*, + wc_psk_server_tls13_callback); +#endif #define PSK_TYPES_DEFINED #endif /* NO_PSK */ @@ -1349,7 +1446,6 @@ enum { WOLFSSL_BIO_UNSET = -2, WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */ }; - #endif WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err, @@ -1376,7 +1472,6 @@ WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); WOLFSSL_API void wolfSSL_ERR_free_strings(void); WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long); -WOLFSSL_API void wolfSSL_EVP_cleanup(void); WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl); @@ -1401,8 +1496,9 @@ WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_UTCTIME*); WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_GENERALIZEDTIME*); -WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_X509_REVOKED*); -WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED*, int); +WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); +WOLFSSL_API int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*); +WOLFSSL_API void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*, int); /* stunnel 4.28 needs */ WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); @@ -1487,10 +1583,17 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, + const unsigned char *in, int len); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); +#endif +WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); + #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); @@ -1516,6 +1619,10 @@ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, + WOLFSSL_X509_PKCS12** pkcs12); +#endif WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca); @@ -1533,6 +1640,7 @@ WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz, const unsigned char* g, int gSz); WOLFSSL_API int wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz, int format); +WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL*, int); #ifndef NO_FILESYSTEM WOLFSSL_API int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format); #endif @@ -1550,6 +1658,8 @@ WOLFSSL_API int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, unsigned short); WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short); +WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX*, unsigned short); +WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL*, unsigned short); WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*); #endif /* NO_DH */ @@ -1586,7 +1696,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \ !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \ - !defined(WOLFSSL_CHIBIOS) + !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) #include #endif /* allow writev style writing */ @@ -1606,6 +1716,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, #endif WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*, const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*, + const unsigned char*, long, int); WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*, @@ -1618,6 +1730,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, /* SSL versions */ WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*, long, int); + WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, + int derSz); WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*, @@ -1690,21 +1804,14 @@ WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int); WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); -WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int, - unsigned char*, int, const char*); -WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int, - unsigned char*, int, int); -#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) - #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED - #ifndef NO_FILESYSTEM - WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, - unsigned char* derBuf, int derSz); - #endif - WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, - unsigned char*, int); - #define WOLFSSL_PEMPUBKEY_TODER_DEFINED - #endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */ -#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER*/ + +/* moved to asn.c, old names kept for backwards compatability */ +#define wolfSSL_KeyPemToDer wc_KeyPemToDer +#define wolfSSL_CertPemToDer wc_CertPemToDer +#define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer +#define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer +#define wolfSSL_PemCertToDer wc_PemCertToDer + typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); typedef void (*CbMissingCRL)(const char* url); @@ -1793,6 +1900,17 @@ enum KDF_MacAlgorithm { /* Public Key Callback support */ +#ifdef HAVE_PK_CALLBACKS +#ifdef HAVE_ECC + +struct ecc_key; + +typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key, + unsigned int keySz, int ecc_curve, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX*, CallbackEccKeyGen); +WOLFSSL_API void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl); + typedef int (*CallbackEccSign)(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, unsigned char* out, unsigned int* outSz, @@ -1811,7 +1929,6 @@ WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify); WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl); -struct ecc_key; typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey, unsigned char* pubKeyDer, unsigned int* pubKeySz, unsigned char* out, unsigned int* outlen, @@ -1819,6 +1936,7 @@ typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey, WOLFSSL_API void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX*, CallbackEccSharedSecret); WOLFSSL_API void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl); +#endif #ifndef NO_DH /* Public DH Key Callback support */ @@ -1833,6 +1951,7 @@ WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl); #endif /* !NO_DH */ +#ifdef HAVE_ED25519 struct ed25519_key; typedef int (*CallbackEd25519Sign)(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, @@ -1853,8 +1972,17 @@ WOLFSSL_API void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX*, CallbackEd25519Verify); WOLFSSL_API void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl); +#endif +#ifdef HAVE_CURVE25519 struct curve25519_key; + +typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key, + unsigned int keySz, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX*, CallbackX25519KeyGen); +WOLFSSL_API void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl); + typedef int (*CallbackX25519SharedSecret)(WOLFSSL* ssl, struct curve25519_key* otherKey, unsigned char* pubKeyDer, unsigned int* pubKeySz, @@ -1865,7 +1993,9 @@ WOLFSSL_API void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX*, CallbackX25519SharedSecret); WOLFSSL_API void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl); +#endif +#ifndef NO_RSA typedef int (*CallbackRsaSign)(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, unsigned char* out, unsigned int* outSz, @@ -1881,6 +2011,7 @@ typedef int (*CallbackRsaVerify)(WOLFSSL* ssl, const unsigned char* keyDer, unsigned int keySz, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify); +WOLFSSL_API void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX*, CallbackRsaVerify); WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl); @@ -1903,6 +2034,8 @@ typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*, CallbackRsaPssVerify); +WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX*, + CallbackRsaPssVerify); WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl); #endif @@ -1926,7 +2059,8 @@ typedef int (*CallbackRsaDec)(WOLFSSL* ssl, WOLFSSL_API void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec); WOLFSSL_API void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); - +#endif +#endif /* HAVE_PK_CALLBACKS */ #ifndef NO_CERTS WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache); @@ -2112,7 +2246,7 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); @@ -2139,7 +2273,10 @@ enum { WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */ WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */ WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */ - WOLFSSL_MFL_2_13 = 5 /* 8192 bytes *//* wolfSSL ONLY!!! */ + WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */ + WOLFSSL_MFL_2_8 = 6, /* 256 bytes *//* wolfSSL ONLY!!! */ + WOLFSSL_MFL_MIN = WOLFSSL_MFL_2_9, + WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8, }; #ifndef NO_WOLFSSL_CLIENT @@ -2148,7 +2285,7 @@ WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl); WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl); #endif -#endif +#endif /* HAVE_MAX_FRAGMENT */ /* Truncated HMAC */ #ifdef HAVE_TRUNCATED_HMAC @@ -2297,7 +2434,6 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, CallbackSessionTicket, void*); #endif /* NO_WOLFSSL_CLIENT */ -#ifndef NO_WOLFSSL_SERVER #define WOLFSSL_TICKET_NAME_SZ 16 #define WOLFSSL_TICKET_IV_SZ 16 @@ -2310,6 +2446,8 @@ enum TicketEncRet { WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */ }; +#ifndef NO_WOLFSSL_SERVER + typedef int (*SessionTicketEncCb)(WOLFSSL*, unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], unsigned char iv[WOLFSSL_TICKET_IV_SZ], @@ -2412,22 +2550,23 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, WOLFSSL_API void wolfSSL_cert_service(void); #endif -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Smaller subset of X509 compatibility functions. Avoid increasing the size of * this subset and its memory usage */ #include struct WOLFSSL_X509_NAME_ENTRY { - WOLFSSL_ASN1_OBJECT* object; /* not defined yet */ + WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */ WOLFSSL_ASN1_STRING data; WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ int nid; /* i.e. ASN_COMMON_NAME */ int set; int size; }; -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#ifdef OPENSSL_EXTRA + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) enum { WOLFSSL_SYS_ACCEPT = 0, @@ -2457,16 +2596,12 @@ WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n); +WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int n, WOLFSSL_ASN1_OBJECT *arg_obj); WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name); WOLFSSL_API void wolfSSL_OBJ_cleanup(void); /* end of object functions */ -#ifndef NO_FILESYSTEM -WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); -WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); -#endif - WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); @@ -2477,6 +2612,9 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( unsigned char* data, int dataSz); WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set); +WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, + const char *field, int type, const unsigned char *bytes, int len, int loc, + int set); WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); @@ -2486,8 +2624,6 @@ WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len); WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); -WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, - int derSz); WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der, long derSz); @@ -2507,21 +2643,33 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, + WOLFSSL_X509** x509); +#endif WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); +WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio); WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen); WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); -WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); -WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, + WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); +#endif +WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header, + EncryptedInfo* cipher); +WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher, + unsigned char* data, long* len, + pem_password_cb* callback, void* ctx); /*lighttp compatibility */ @@ -2533,11 +2681,13 @@ struct WOLFSSL_ASN1_BIT_STRING { }; -#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) \ + || defined(OPENSSL_ALL) \ + || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); @@ -2552,17 +2702,28 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); +WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509); -/* end lighttpd*/ -#endif +#ifndef NO_FILESYSTEM +WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); +WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); #endif -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) +#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ + + +#if defined(OPENSSL_ALL) \ + || defined(HAVE_STUNNEL) \ + || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); @@ -2576,9 +2737,25 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ +#ifdef OPENSSL_ALL +WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void); +WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req); +WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, + const WOLFSSL_EVP_MD *md); +WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, + WOLFSSL_X509_NAME *name); +WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, + WOLFSSL_EVP_PKEY *pkey); +#endif -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) + +#if defined(OPENSSL_ALL) \ + || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) \ + || defined(HAVE_LIGHTY) #include @@ -2611,6 +2788,7 @@ WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *s); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new(void); WOLFSSL_API int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s); WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, @@ -2621,8 +2799,6 @@ WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); -WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); - WOLFSSL_API int wolfSSL_version(WOLFSSL*); WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); @@ -2652,6 +2828,8 @@ WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*); WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); +WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); + WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, CallbackSniRecv); WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, @@ -2659,10 +2837,13 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); -WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); +WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); + +/* support for depricated old name */ +#define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state #ifndef NO_FILESYSTEM -WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); +WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE fp); #endif WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*)); @@ -2673,10 +2854,11 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); -#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx); @@ -2713,19 +2895,24 @@ WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); #endif -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(OPENSSL_EXTRA) +#if defined(OPENSSL_ALL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name); #endif -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* Not an OpenSSL API. */ WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response); /* Not an OpenSSL API. */ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); /* Not an OpenSSL API. */ WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); +#endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c); @@ -2761,7 +2948,8 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)( WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc)); #endif -#ifdef HAVE_OCSP +#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain); WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, @@ -2785,7 +2973,8 @@ WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert); -#endif /* WOLFSSL_NGINX */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA || HAVE_LIGHTY*/ WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len); @@ -2818,7 +3007,7 @@ WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsi #ifdef OPENSSL_EXTRA -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); @@ -2835,14 +3024,38 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); +WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); WOLFSSL_API void ERR_load_SSL_strings(void); WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); +WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); +WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags); +WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t); +WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out); +WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); +WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store); +WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); + +WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, + int passwdSz, pem_password_cb* cb, void* ctx); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey( + WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length); + #endif /* OPENSSL_EXTRA */ +#ifdef HAVE_PK_CALLBACKS +WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/version.h b/components/ssl/wolfssl/wolfssl/wolfssl/version.h index 66cc4388..3f636b3f 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/version.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/version.h @@ -1,12 +1,12 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -19,8 +19,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.14.0" -#define LIBWOLFSSL_VERSION_HEX 0x03014000 +#define LIBWOLFSSL_VERSION_STRING "3.15.7" +#define LIBWOLFSSL_VERSION_HEX 0x03015007 #ifdef __cplusplus } diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h index adc67846..0361beab 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h @@ -1,15 +1,19 @@ /* aes.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/aes.h +*/ + #ifndef WOLF_CRYPT_AES_H #define WOLF_CRYPT_AES_H @@ -18,8 +22,14 @@ #ifndef NO_AES +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + /* included for fips @wc_fips */ -#ifdef HAVE_FIPS +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #include #if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER) #define WOLFSSL_AES_COUNTER @@ -29,7 +39,12 @@ #endif #endif -#ifndef HAVE_FIPS /* to avoid redefinition of macros */ +#ifndef WC_NO_RNG + #include +#endif +#ifdef STM32_CRYPTO + #include +#endif #ifdef WOLFSSL_AESNI @@ -39,28 +54,67 @@ #endif /* WOLFSSL_AESNI */ + #ifdef WOLFSSL_XILINX_CRYPT #include "xsecure_aes.h" #endif -#endif /* HAVE_FIPS */ +#ifdef WOLFSSL_AFALG +/* included for struct msghdr */ +#include +#endif + +#if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC) +#include +#endif + +#if defined(HAVE_AESGCM) && !defined(WC_NO_RNG) + #include +#endif + #ifdef __cplusplus extern "C" { #endif -#ifndef HAVE_FIPS /* to avoid redefinition of structures */ +/* these are required for FIPS and non-FIPS */ +enum { + AES_128_KEY_SIZE = 16, /* for 128 bit */ + AES_192_KEY_SIZE = 24, /* for 192 bit */ + AES_256_KEY_SIZE = 32, /* for 256 bit */ + + AES_IV_SIZE = 16, /* always block size */ +}; + + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef WOLFSSL_ASYNC_CRYPT #include #endif enum { - AES_ENC_TYPE = 1, /* cipher unique type */ + AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */ AES_ENCRYPTION = 0, AES_DECRYPTION = 1, - KEYWRAP_BLOCK_SIZE = 8, - AES_BLOCK_SIZE = 16 + + AES_BLOCK_SIZE = 16, + + KEYWRAP_BLOCK_SIZE = 8, + + GCM_NONCE_MAX_SZ = 16, /* wolfCrypt's maximum nonce size allowed. */ + GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */ + GCM_NONCE_MIN_SZ = 8, /* wolfCrypt's minimum nonce size allowed. */ + CCM_NONCE_MIN_SZ = 7, + CCM_NONCE_MAX_SZ = 13, + CTR_SZ = 4, + AES_IV_FIXED_SZ = 4, + +#ifdef HAVE_PKCS11 + AES_MAX_ID_LEN = 32, +#endif }; @@ -73,6 +127,10 @@ typedef struct Aes { ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */ +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + word32 invokeCtr[2]; + word32 nonceSz; +#endif #ifdef HAVE_AESGCM ALIGN16 byte H[AES_BLOCK_SIZE]; #ifdef GCM_TABLE @@ -83,6 +141,13 @@ typedef struct Aes { #ifdef WOLFSSL_AESNI byte use_aesni; #endif /* WOLFSSL_AESNI */ +#ifdef WOLF_CRYPTO_DEV + int devId; +#endif +#ifdef HAVE_PKCS11 + byte id[AES_MAX_ID_LEN]; + int idLen; +#endif #ifdef WOLFSSL_ASYNC_CRYPT word32 asyncKey[AES_MAX_KEY_SIZE/8/sizeof(word32)]; /* raw key */ word32 asyncIv[AES_BLOCK_SIZE/sizeof(word32)]; /* raw IV */ @@ -96,6 +161,17 @@ typedef struct Aes { XCsuDma dma; word32 key_init[8]; word32 kup; +#endif +#ifdef WOLFSSL_AFALG + int alFd; /* server socket to bind to */ + int rdFd; /* socket to read from */ + struct msghdr msg; + int dir; /* flag for encrpyt or decrypt */ +#endif +#if defined(WOLFSSL_DEVCRYPTO) && \ + (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) + word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */ + WC_CRYPTODEV ctx; #endif void* heap; /* memory hint to use */ } Aes; @@ -131,10 +207,13 @@ typedef int (*wc_AesAuthDecryptFunc)(Aes* aes, byte* out, WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir); WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv); + +#ifdef HAVE_AES_CBC WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); +#endif #ifdef WOLFSSL_AES_CFB WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out, @@ -164,6 +243,7 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, const byte* iv, int dir); #endif + #ifdef HAVE_AESGCM #ifdef WOLFSSL_XILINX_CRYPT WOLFSSL_API int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, @@ -181,10 +261,31 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); +#ifndef WC_NO_RNG + WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz); + WOLFSSL_API int wc_AesGcmSetIV(Aes* aes, word32 ivSz, + const byte* ivFixed, word32 ivFixedSz, + WC_RNG* rng); + WOLFSSL_API int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, + const byte* in, word32 sz, + byte* ivOut, word32 ivOutSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* WC_NO_RNG */ + WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len); WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, const byte* authIn, word32 authInSz, byte* authTag, word32 authTagSz); +#ifndef WC_NO_RNG + WOLFSSL_API int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, + const byte* authIn, word32 authInSz, + byte* authTag, word32 authTagSz, WC_RNG* rng); + WOLFSSL_API int wc_GmacVerify(const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + const byte* authIn, word32 authInSz, + const byte* authTag, word32 authTagSz); +#endif /* WC_NO_RNG */ WOLFSSL_LOCAL void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, word32 cSz, byte* s, word32 sSz); #endif /* HAVE_AESGCM */ @@ -200,6 +301,13 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* nonce, word32 nonceSz, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); + WOLFSSL_API int wc_AesCcmSetNonce(Aes* aes, + const byte* nonce, word32 nonceSz); + WOLFSSL_API int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, + const byte* in, word32 sz, + byte* ivOut, word32 ivOutSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); #endif /* HAVE_AESCCM */ #ifdef HAVE_AES_KEYWRAP WOLFSSL_API int wc_AesKeyWrap(const byte* key, word32 keySz, @@ -213,233 +321,33 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, #endif /* HAVE_AES_KEYWRAP */ #ifdef WOLFSSL_AES_XTS -/*! - \ingroup AES - \brief This is to help with setting keys to correct encrypt or decrypt type. - - \note Is up to user to call wc_AesXtsFree on aes key when done. - - \return 0 Success - - \param aes AES keys for encrypt/decrypt process - \param key buffer holding aes key | tweak key - \param len length of key buffer in bytes. Should be twice that of key size. - i.e. 32 for a 16 byte key. - \param dir direction, either AES_ENCRYPTION or AES_DECRYPTION - \param heap heap hint to use for memory. Can be NULL - \param devId id to use with async crypto. Can be 0 - - _Example_ - \code - XtsAes aes; - - if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsDecrypt - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key, word32 len, int dir, void* heap, int devId); - -/*! - \ingroup AES - - \brief Same process as wc_AesXtsEncrypt but uses a word64 type as the tweak - value instead of a byte array. This just converts the word64 to a - byte array and calls wc_AesXtsEncrypt. - - \return 0 Success - - \param aes AES keys to use for block encrypt/decrypt - \param out output buffer to hold cipher text - \param in input plain text buffer to encrypt - \param sz size of both out and in buffers - \param sector value to use for tweak - - _Example_ - \code - XtsAes aes; - unsigned char plain[SIZE]; - unsigned char cipher[SIZE]; - word64 s = VALUE; - - //set up keys with AES_ENCRYPTION as dir - - if(wc_AesXtsEncryptSector(&aes, cipher, plain, SIZE, s) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsDecrypt - \sa wc_AesXtsSetKey - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz, word64 sector); - -/*! - \ingroup AES - - \brief Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak - value instead of a byte array. This just converts the word64 to a - byte array. - - \return 0 Success - - \param aes AES keys to use for block encrypt/decrypt - \param out output buffer to hold plain text - \param in input cipher text buffer to decrypt - \param sz size of both out and in buffers - \param sector value to use for tweak - - _Example_ - \code - XtsAes aes; - unsigned char plain[SIZE]; - unsigned char cipher[SIZE]; - word64 s = VALUE; - - //set up aes key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION - - if(wc_AesXtsDecryptSector(&aes, plain, cipher, SIZE, s) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsDecrypt - \sa wc_AesXtsSetKey - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz, word64 sector); - -/*! - \ingroup AES - - \brief AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text - Stealing. - - \return 0 Success - - \param aes AES keys to use for block encrypt/decrypt - \param out output buffer to hold cipher text - \param in input plain text buffer to encrypt - \param sz size of both out and in buffers - \param i value to use for tweak - \param iSz size of i buffer, should always be AES_BLOCK_SIZE but having - this input adds a sanity check on how the user calls the - function. - - _Example_ - \code - XtsAes aes; - unsigned char plain[SIZE]; - unsigned char cipher[SIZE]; - unsigned char i[AES_BLOCK_SIZE]; - - //set up key with AES_ENCRYPTION as dir - - if(wc_AesXtsEncrypt(&aes, cipher, plain, SIZE, i, sizeof(i)) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsDecrypt - \sa wc_AesXtsSetKey - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out, const byte* in, word32 sz, const byte* i, word32 iSz); - -/*! - \ingroup AES - - \brief Same process as encryption but Aes key is AES_DECRYPTION type. - - \return 0 Success - - \param aes AES keys to use for block encrypt/decrypt - \param out output buffer to hold plain text - \param in input cipher text buffer to decrypt - \param sz size of both out and in buffers - \param i value to use for tweak - \param iSz size of i buffer, should always be AES_BLOCK_SIZE but having - this input adds a sanity check on how the user calls the - function. - _Example_ - \code - XtsAes aes; - unsigned char plain[SIZE]; - unsigned char cipher[SIZE]; - unsigned char i[AES_BLOCK_SIZE]; - - //set up key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION - - if(wc_AesXtsDecrypt(&aes, plain, cipher, SIZE, i, sizeof(i)) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsSetKey - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out, const byte* in, word32 sz, const byte* i, word32 iSz); - -/*! - \ingroup AES - - \brief This is to free up any resources used by the XtsAes structure - - \return 0 Success - - \param aes AES keys to free - - _Example_ - \code - XtsAes aes; - - if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsDecrypt - \sa wc_AesXtsSetKey -*/ WOLFSSL_API int wc_AesXtsFree(XtsAes* aes); #endif WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize); -WOLFSSL_API int wc_AesInit(Aes*, void*, int); -WOLFSSL_API void wc_AesFree(Aes*); +WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId); +#ifdef HAVE_PKCS11 +WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, + int devId); +#endif +WOLFSSL_API void wc_AesFree(Aes* aes); #ifdef __cplusplus } /* extern "C" */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h index f14216d3..df9a6180 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h @@ -1,16 +1,18 @@ /* arc4.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ - +/*! + \file wolfssl/wolfcrypt/arc4.h +*/ #ifndef WOLF_CRYPT_ARC4_H #define WOLF_CRYPT_ARC4_H @@ -27,7 +29,8 @@ enum { ARC4_ENC_TYPE = 4, /* cipher unique type */ - ARC4_STATE_SIZE = 256 + ARC4_STATE_SIZE = 256, + RC4_KEY_SIZE = 16, /* always 128bit */ }; /* ARC4 encryption and decryption */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h new file mode 100644 index 00000000..b1971f7c --- /dev/null +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h @@ -0,0 +1,507 @@ +/* asn_public.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. + * + * This file is part of wolfSSL. + * + * Contact licensing@wolfssl.com with any questions or comments. + * + * https://www.wolfssl.com + */ + + +/*! + \file wolfssl/wolfcrypt/asn_public.h +*/ + +#ifndef WOLF_CRYPT_ASN_PUBLIC_H +#define WOLF_CRYPT_ASN_PUBLIC_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* guard on redeclaration */ +#ifndef WC_ECCKEY_TYPE_DEFINED + typedef struct ecc_key ecc_key; + #define WC_ECCKEY_TYPE_DEFINED +#endif +#ifndef WC_ED25519KEY_TYPE_DEFINED + typedef struct ed25519_key ed25519_key; + #define WC_ED25519KEY_TYPE_DEFINED +#endif +#ifndef WC_RSAKEY_TYPE_DEFINED + typedef struct RsaKey RsaKey; + #define WC_RSAKEY_TYPE_DEFINED +#endif +#ifndef WC_RNG_TYPE_DEFINED + typedef struct WC_RNG WC_RNG; + #define WC_RNG_TYPE_DEFINED +#endif + + +/* Certificate file Type */ +enum CertType { + CERT_TYPE = 0, + PRIVATEKEY_TYPE, + DH_PARAM_TYPE, + DSA_PARAM_TYPE, + CRL_TYPE, + CA_TYPE, + ECC_PRIVATEKEY_TYPE, + DSA_PRIVATEKEY_TYPE, + CERTREQ_TYPE, + DSA_TYPE, + ECC_TYPE, + RSA_TYPE, + PUBLICKEY_TYPE, + RSA_PUBLICKEY_TYPE, + ECC_PUBLICKEY_TYPE, + TRUSTED_PEER_TYPE, + EDDSA_PRIVATEKEY_TYPE, + ED25519_TYPE, + PKCS12_TYPE, + PKCS8_PRIVATEKEY_TYPE, + PKCS8_ENC_PRIVATEKEY_TYPE +}; + + +/* Signature type, by OID sum */ +enum Ctc_SigType { + CTC_SHAwDSA = 517, + CTC_MD2wRSA = 646, + CTC_MD5wRSA = 648, + CTC_SHAwRSA = 649, + CTC_SHAwECDSA = 520, + CTC_SHA224wRSA = 658, + CTC_SHA224wECDSA = 523, + CTC_SHA256wRSA = 655, + CTC_SHA256wECDSA = 524, + CTC_SHA384wRSA = 656, + CTC_SHA384wECDSA = 525, + CTC_SHA512wRSA = 657, + CTC_SHA512wECDSA = 526, + CTC_ED25519 = 256 +}; + +enum Ctc_Encoding { + CTC_UTF8 = 0x0c, /* utf8 */ + CTC_PRINTABLE = 0x13 /* printable */ +}; + +#ifndef WC_CTC_NAME_SIZE + #define WC_CTC_NAME_SIZE 64 +#endif +#ifndef WC_CTC_MAX_ALT_SIZE + #define WC_CTC_MAX_ALT_SIZE 16384 +#endif + +enum Ctc_Misc { + CTC_COUNTRY_SIZE = 2, + CTC_NAME_SIZE = WC_CTC_NAME_SIZE, + CTC_DATE_SIZE = 32, + CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ + CTC_SERIAL_SIZE = 16, +#ifdef WOLFSSL_CERT_EXT + /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum + * We support only hash */ + CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ + CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ + CTC_MAX_CERTPOL_SZ = 64, + CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */ +#endif /* WOLFSSL_CERT_EXT */ +}; + +/* DER buffer */ +typedef struct DerBuffer { + byte* buffer; + void* heap; + word32 length; + int type; /* enum CertType */ + int dynType; /* DYNAMIC_TYPE_* */ +} DerBuffer; + +enum { + IV_SZ = 32, /* max iv sz */ + NAME_SZ = 80, /* max one line */ + + PEM_PASS_READ = 0, + PEM_PASS_WRITE = 1, +}; + + +typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata); + +typedef struct EncryptedInfo { + pem_password_cb* passwd_cb; + void* passwd_userdata; + + long consumed; /* tracks PEM bytes consumed */ + + int cipherType; + word32 keySz; + word32 ivSz; /* salt or encrypted IV size */ + + char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */ + byte iv[IV_SZ]; /* salt or encrypted IV */ + + word16 set:1; /* if encryption set */ +} EncryptedInfo; + + +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) +#ifdef WOLFSSL_EKU_OID + #ifndef CTC_MAX_EKU_NB + #define CTC_MAX_EKU_NB 1 + #endif + #ifndef CTC_MAX_EKU_OID_SZ + #define CTC_MAX_EKU_OID_SZ 30 + #endif +#else + #undef CTC_MAX_EKU_OID_SZ + #define CTC_MAX_EKU_OID_SZ 0 +#endif +#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + +#ifdef WOLFSSL_CERT_GEN + +#ifdef WOLFSSL_MULTI_ATTRIB +#ifndef CTC_MAX_ATTRIB + #define CTC_MAX_ATTRIB 4 +#endif + +/* ASN Encoded Name field */ +typedef struct NameAttrib { + int sz; /* actual string value length */ + int id; /* id of name */ + int type; /* enc of name */ + char value[CTC_NAME_SIZE]; /* name */ +} NameAttrib; +#endif /* WOLFSSL_MULTI_ATTRIB */ + + +typedef struct CertName { + char country[CTC_NAME_SIZE]; + char countryEnc; + char state[CTC_NAME_SIZE]; + char stateEnc; + char locality[CTC_NAME_SIZE]; + char localityEnc; + char sur[CTC_NAME_SIZE]; + char surEnc; + char org[CTC_NAME_SIZE]; + char orgEnc; + char unit[CTC_NAME_SIZE]; + char unitEnc; + char commonName[CTC_NAME_SIZE]; + char commonNameEnc; + char serialDev[CTC_NAME_SIZE]; + char serialDevEnc; +#ifdef WOLFSSL_CERT_EXT + char busCat[CTC_NAME_SIZE]; + char busCatEnc; + char joiC[CTC_NAME_SIZE]; + char joiCEnc; + char joiSt[CTC_NAME_SIZE]; + char joiStEnc; +#endif + char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ +#ifdef WOLFSSL_MULTI_ATTRIB + NameAttrib name[CTC_MAX_ATTRIB]; +#endif +} CertName; + + +/* for user to fill for certificate generation */ +typedef struct Cert { + int version; /* x509 version */ + byte serial[CTC_SERIAL_SIZE]; /* serial number */ + int serialSz; /* serial size */ + int sigType; /* signature algo type */ + CertName issuer; /* issuer info */ + int daysValid; /* validity days */ + int selfSigned; /* self signed flag */ + CertName subject; /* subject info */ + int isCA; /* is this going to be a CA */ + /* internal use only */ + int bodySz; /* pre sign total size */ + int keyType; /* public key type of subject */ +#ifdef WOLFSSL_ALT_NAMES + byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */ + int altNamesSz; /* altNames size in bytes */ + byte beforeDate[CTC_DATE_SIZE]; /* before date copy */ + int beforeDateSz; /* size of copy */ + byte afterDate[CTC_DATE_SIZE]; /* after date copy */ + int afterDateSz; /* size of copy */ +#endif +#ifdef WOLFSSL_CERT_EXT + byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ + int skidSz; /* SKID size in bytes */ + byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */ + int akidSz; /* AKID size in bytes */ + word16 keyUsage; /* Key Usage */ + byte extKeyUsage; /* Extended Key Usage */ +#ifdef WOLFSSL_EKU_OID + /* Extended Key Usage OIDs */ + byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ]; + byte extKeyUsageOIDSz[CTC_MAX_EKU_NB]; +#endif + char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ]; + word16 certPoliciesNb; /* Number of Cert Policy */ + byte issRaw[sizeof(CertName)]; /* raw issuer info */ + byte sbjRaw[sizeof(CertName)]; /* raw subject info */ +#endif +#ifdef WOLFSSL_CERT_REQ + char challengePw[CTC_NAME_SIZE]; +#endif + void* heap; /* heap hint */ +} Cert; + + + +/* Initialize and Set Certificate defaults: + version = 3 (0x2) + serial = 0 (Will be randomly generated) + sigType = SHA_WITH_RSA + issuer = blank + daysValid = 500 + selfSigned = 1 (true) use subject as issuer + subject = blank + isCA = 0 (false) + keyType = RSA_KEY (default) +*/ +WOLFSSL_API int wc_InitCert(Cert*); +WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, + int keyType, void* key, WC_RNG* rng); +WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, + ecc_key*, WC_RNG*); +#ifdef WOLFSSL_CERT_REQ + WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz, + int, void*); + WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, + RsaKey*, ecc_key*); +#endif +WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer, + word32 buffSz, int keyType, void* key, + WC_RNG* rng); +WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, + word32 derSz, RsaKey*, ecc_key*, WC_RNG*); +WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, + WC_RNG*); +WOLFSSL_API int wc_SetIssuer(Cert*, const char*); +WOLFSSL_API int wc_SetSubject(Cert*, const char*); +#ifdef WOLFSSL_ALT_NAMES + WOLFSSL_API int wc_SetAltNames(Cert*, const char*); +#endif +WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); + +#ifndef NO_ASN_TIME +WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, + struct tm* after); +#endif + +#ifdef WOLFSSL_CERT_EXT +WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, + void* key); +WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, + ecc_key *eckey); +WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz); +WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file); +WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, + void* key); +WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, + ecc_key *eckey); +WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); +WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert); +WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz); +WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz); + +#ifdef HAVE_NTRU +WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey, + word16 ntruKeySz); +#endif + +/* Set the KeyUsage. + * Value is a string separated tokens with ','. Accepted tokens are : + * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign, + * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly. + * + * nonRepudiation and contentCommitment are for the same usage. + */ +WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value); + +/* Set ExtendedKeyUsage + * Value is a string separated tokens with ','. Accepted tokens are : + * any,serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,OCSPSigning + */ +WOLFSSL_API int wc_SetExtKeyUsage(Cert *cert, const char *value); + + +#ifdef WOLFSSL_EKU_OID +/* Set ExtendedKeyUsage with unique OID + * oid is expected to be in byte representation + */ +WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz, + byte idx, void* heap); +#endif /* WOLFSSL_EKU_OID */ +#endif /* WOLFSSL_CERT_EXT */ + + #ifdef HAVE_NTRU + WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, + const byte* ntruKey, word16 keySz, + WC_RNG*); + #endif + +#endif /* WOLFSSL_CERT_GEN */ + +WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz, + const byte** date, byte* format, int* length); +#ifndef NO_ASN_TIME +WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length, + byte format, struct tm* time); +#endif + +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + + WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header, + const char** footer); + +#endif + +WOLFSSL_API int wc_AllocDer(DerBuffer** pDer, word32 length, int type, void* heap); +WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); + +#ifdef WOLFSSL_PEM_TO_DER + WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type, + DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey); + + WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int, + unsigned char*, int, const char*); + WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int, + unsigned char*, int, int); +#endif /* WOLFSSL_PEM_TO_DER */ + +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) + #ifndef NO_FILESYSTEM + WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz); + #endif + + WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int, + unsigned char*, int); +#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ + +#ifdef WOLFSSL_CERT_GEN + #ifndef NO_FILESYSTEM + WOLFSSL_API int wc_PemCertToDer(const char* fileName, + unsigned char* derBuf, int derSz); + #endif +#endif /* WOLFSSL_CERT_GEN */ + +#ifdef WOLFSSL_DER_TO_PEM + WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, + word32 outputSz, int type); + WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, + word32 outputSz, byte *cipherIno, int type); +#endif + +#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) + WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, + word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz); +#endif + +#ifdef HAVE_ECC + /* private key helpers */ + WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*, + ecc_key*, word32); + WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen); + WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, + word32 inLen); + WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, + word32* outLen); + + /* public key helper */ + WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, + ecc_key*, word32); + WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, + word32 inLen, int with_AlgCurve); +#endif + +#ifdef HAVE_ED25519 + /* private key helpers */ + WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*, + ed25519_key*, word32); + WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output, + word32 inLen); + WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, + word32 inLen); + + /* public key helper */ + WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*, + ed25519_key*, word32); + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output, + word32 inLen, int with_AlgCurve); + #endif +#endif + +/* DER encode signature */ +WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, + word32 digSz, int hashOID); +WOLFSSL_API int wc_GetCTC_HashOID(int type); + +WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input, + word32* inOutIdx, word32 sz); +WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz, + byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz); + +#ifndef NO_ASN_TIME +/* Time */ +/* Returns seconds (Epoch/UTC) + * timePtr: is "time_t", which is typically "long" + * Example: + long lTime; + rc = wc_GetTime(&lTime, (word32)sizeof(lTime)); +*/ +WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); +#endif + +#ifdef WOLFSSL_ENCRYPTED_KEYS + WOLFSSL_API int wc_EncryptedInfoGet(EncryptedInfo* info, + const char* cipherInfo); +#endif + + +#ifdef WOLFSSL_CERT_PIV + +typedef struct _wc_CertPIV { + const byte* cert; + word32 certSz; + const byte* certErrDet; + word32 certErrDetSz; + const byte* nonce; /* Identiv Only */ + word32 nonceSz; /* Identiv Only */ + const byte* signedNonce; /* Identiv Only */ + word32 signedNonceSz; /* Identiv Only */ + + /* flags */ + word16 compression:2; + word16 isX509:1; + word16 isIdentiv:1; +} wc_CertPIV; + +WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz); +#endif /* WOLFSSL_CERT_PIV */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_ASN_PUBLIC_H */ + diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h index 2ba69280..e125c71d 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h @@ -1,15 +1,18 @@ /* des3.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/des3.h +*/ #ifndef WOLF_CRYPT_DES3_H #define WOLF_CRYPT_DES3_H @@ -18,7 +21,13 @@ #ifndef NO_DES3 -#ifdef HAVE_FIPS +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) /* included for fips @wc_fips */ #include #endif @@ -27,17 +36,28 @@ extern "C" { #endif -#ifndef HAVE_FIPS /* to avoid redefinition of macros */ +/* these are required for FIPS and non-FIPS */ +enum { + DES_KEY_SIZE = 8, /* des */ + DES3_KEY_SIZE = 24, /* 3 des ede */ + DES_IV_SIZE = 8, /* should be the same as DES_BLOCK_SIZE */ +}; + + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef WOLFSSL_ASYNC_CRYPT #include #endif enum { - DES_ENC_TYPE = 2, /* cipher unique type */ - DES3_ENC_TYPE = 3, /* cipher unique type */ + DES_ENC_TYPE = WC_CIPHER_DES, /* cipher unique type */ + DES3_ENC_TYPE = WC_CIPHER_DES3, /* cipher unique type */ + DES_BLOCK_SIZE = 8, - DES_KS_SIZE = 32, + DES_KS_SIZE = 32, /* internal DES key buffer size */ DES_ENCRYPTION = 0, DES_DECRYPTION = 1 diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h index 1b26ca60..9dbf0e02 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h @@ -1,15 +1,19 @@ /* ecc.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/ecc.h +*/ + #ifndef WOLF_CRYPT_ECC_H #define WOLF_CRYPT_ECC_H @@ -67,12 +71,12 @@ #define MAX_ECC_BITS 384 #elif defined(HAVE_ECC320) #define MAX_ECC_BITS 320 +#elif !defined(NO_ECC256) + #define MAX_ECC_BITS 256 #elif defined(HAVE_ECC239) #define MAX_ECC_BITS 239 #elif defined(HAVE_ECC224) #define MAX_ECC_BITS 224 -#elif !defined(NO_ECC256) - #define MAX_ECC_BITS 256 #elif defined(HAVE_ECC192) #define MAX_ECC_BITS 192 #elif defined(HAVE_ECC160) @@ -109,9 +113,22 @@ enum { /* max crypto hardware size */ #ifdef WOLFSSL_ATECC508A ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ + ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), #elif defined(PLUTON_CRYPTO_ECC) ECC_MAX_CRYPTO_HW_SIZE = 32, #endif + + /* point compression type */ + ECC_POINT_COMP_EVEN = 0x02, + ECC_POINT_COMP_ODD = 0x03, + ECC_POINT_UNCOMP = 0x04, + + /* Shamir's dual add constants */ + SHAMIR_PRECOMP_SZ = 16, + +#ifdef HAVE_PKCS11 + ECC_MAX_ID_LEN = 32, +#endif }; /* Curve Types */ @@ -177,6 +194,7 @@ typedef byte ecc_oid_t; #endif /* ECC set type defined a GF(p) curve */ +#ifndef USE_WINDOWS_API typedef struct ecc_set_type { int size; /* The size of the curve in octets */ int id; /* id of this curve */ @@ -192,6 +210,31 @@ typedef struct ecc_set_type { word32 oidSum; /* sum of encoded OID bytes */ int cofactor; } ecc_set_type; +#else +/* MSC does something different with the pointers to the arrays than GCC, + * and it causes the FIPS checksum to fail. In the case of windows builds, + * store everything as arrays instead of pointers to strings. */ + +#define MAX_ECC_NAME 16 +#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1) + /* The values are stored as text strings. */ + +typedef struct ecc_set_type { + int size; /* The size of the curve in octets */ + int id; /* id of this curve */ + const char name[MAX_ECC_NAME]; /* name of this curve */ + const char prime[MAX_ECC_STRING]; /* prime that defines the field, curve is in (hex) */ + const char Af[MAX_ECC_STRING]; /* fields A param (hex) */ + const char Bf[MAX_ECC_STRING]; /* fields B param (hex) */ + const char order[MAX_ECC_STRING]; /* order of the curve (hex) */ + const char Gx[MAX_ECC_STRING]; /* x coordinate of the base point on curve (hex) */ + const char Gy[MAX_ECC_STRING]; /* y coordinate of the base point on curve (hex) */ + const ecc_oid_t oid[10]; + word32 oidSz; + word32 oidSum; /* sum of encoded OID bytes */ + int cofactor; +} ecc_set_type; +#endif #ifdef ALT_ECC_SIZE @@ -248,10 +291,15 @@ typedef struct ecc_set_type { * fp_digit array will be shorter. */ typedef struct alt_fp_int { int used, sign, size; - fp_digit dp[FP_SIZE_ECC]; + mp_digit dp[FP_SIZE_ECC]; } alt_fp_int; #endif /* ALT_ECC_SIZE */ +#ifndef WC_ECCKEY_TYPE_DEFINED + typedef struct ecc_key ecc_key; + #define WC_ECCKEY_TYPE_DEFINED +#endif + /* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpreted as affine */ @@ -266,6 +314,9 @@ typedef struct { mp_int* z; /* The z coordinate */ alt_fp_int xyz[3]; #endif +#ifdef WOLFSSL_SMALL_STACK_CACHE + ecc_key* key; +#endif } ecc_point; /* ECC Flags */ @@ -294,25 +345,37 @@ struct ecc_key { mp_int k; /* private key */ #ifdef WOLFSSL_ATECC508A int slot; /* Key Slot Number (-1 unknown) */ - byte pubkey_raw[PUB_KEY_SIZE]; + byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; #endif -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) int devId; #endif #ifdef WOLFSSL_ASYNC_CRYPT mp_int* r; /* sign/verify temps */ mp_int* s; WC_ASYNC_DEV asyncDev; + #ifdef HAVE_CAVIUM_V + mp_int* e; /* Sign, Verify and Shared Secret */ + mp_int* signK; + #endif #ifdef WOLFSSL_CERT_GEN CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ #endif #endif /* WOLFSSL_ASYNC_CRYPT */ -}; - -#ifndef WC_ECCKEY_TYPE_DEFINED - typedef struct ecc_key ecc_key; - #define WC_ECCKEY_TYPE_DEFINED +#ifdef HAVE_PKCS11 + byte id[ECC_MAX_ID_LEN]; + int idLen; #endif +#ifdef WOLFSSL_SMALL_STACK_CACHE + mp_int* t1; + mp_int* t2; +#ifdef ALT_ECC_SIZE + mp_int* x; + mp_int* y; + mp_int* z; +#endif +#endif +}; /* ECC predefined curve sets */ @@ -388,6 +451,11 @@ WOLFSSL_API int wc_ecc_init(ecc_key* key); WOLFSSL_API int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); +#ifdef HAVE_PKCS11 +WOLFSSL_API +int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, + int devId); +#endif #ifdef WOLFSSL_CUSTOM_CURVES WOLFSSL_LOCAL void wc_ecc_free_curve(const ecc_set_type* curve, void* heap); @@ -424,6 +492,8 @@ int wc_ecc_get_curve_id_from_params(int fieldSize, const byte* Bf, word32 BfSz, const byte* order, word32 orderSz, const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor); +WOLFSSL_API +int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len); WOLFSSL_API ecc_point* wc_ecc_new_point(void); @@ -474,6 +544,9 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, WOLFSSL_API int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen); WOLFSSL_API +int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, + byte* out, word32* outlen); +WOLFSSL_API int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen, byte* s, word32* sLen); WOLFSSL_API @@ -482,17 +555,24 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, WOLFSSL_API int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy, const char* d, int curve_id); +WOLFSSL_API +int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy, + byte* d, int curve_id); #endif /* HAVE_ECC_KEY_IMPORT */ #ifdef HAVE_ECC_KEY_EXPORT WOLFSSL_API +int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, + byte* qy, word32* qyLen, byte* d, word32* dLen, + int encType); +WOLFSSL_API int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); WOLFSSL_API int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen, byte* qy, word32* qyLen); WOLFSSL_API int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen, - byte* qy, word32* qyLen, byte* d, word32* dLen); + byte* qy, word32* qyLen, byte* d, word32* dLen); #endif /* HAVE_ECC_KEY_EXPORT */ #ifdef HAVE_ECC_KEY_EXPORT @@ -513,6 +593,8 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, WOLFSSL_API int wc_ecc_size(ecc_key* key); WOLFSSL_API +int wc_ecc_sig_size_calc(int sz); +WOLFSSL_API int wc_ecc_sig_size(ecc_key* key); WOLFSSL_API diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h index 6c561fb5..43760ca5 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h @@ -1,15 +1,18 @@ /* hash.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/hash.h +*/ #ifndef WOLF_CRYPT_HASH_H #define WOLF_CRYPT_HASH_H @@ -34,6 +37,13 @@ #ifdef WOLFSSL_SHA3 #include #endif +#ifndef NO_MD4 + #include +#endif +#ifdef WOLFSSL_MD2 + #include +#endif + #ifdef __cplusplus extern "C" { @@ -44,20 +54,6 @@ #endif -/* Hash types */ -enum wc_HashType { - WC_HASH_TYPE_NONE = 0, - WC_HASH_TYPE_MD2 = 1, - WC_HASH_TYPE_MD4 = 2, - WC_HASH_TYPE_MD5 = 3, - WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ - WC_HASH_TYPE_SHA224 = 9, - WC_HASH_TYPE_SHA256 = 5, - WC_HASH_TYPE_SHA384 = 6, - WC_HASH_TYPE_SHA512 = 7, - WC_HASH_TYPE_MD5_SHA = 8, -}; - typedef union { #ifndef NO_MD5 wc_Md5 md5; @@ -83,29 +79,42 @@ typedef union { Note if this gets up to the size of 80 or over check smallstack build */ #if defined(WOLFSSL_SHA3) #define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA3_224_BLOCK_SIZE /* 224 is the largest block size */ #elif defined(WOLFSSL_SHA512) #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA512_BLOCK_SIZE #elif defined(HAVE_BLAKE2) #define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES + #define WC_MAX_BLOCK_SIZE BLAKE2B_BLOCKBYTES #elif defined(WOLFSSL_SHA384) #define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA384_BLOCK_SIZE #elif !defined(NO_SHA256) #define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA256_BLOCK_SIZE #elif defined(WOLFSSL_SHA224) #define WC_MAX_DIGEST_SIZE WC_SHA224_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA224_BLOCK_SIZE #elif !defined(NO_SHA) #define WC_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA_BLOCK_SIZE #elif !defined(NO_MD5) #define WC_MAX_DIGEST_SIZE WC_MD5_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_MD5_BLOCK_SIZE #else #define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */ + #define WC_MAX_BLOCK_SIZE 128 #endif #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type); +WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid); #endif +WOLFSSL_API enum wc_HashType wc_HashTypeConvert(int hashType); + WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type); +WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type); WOLFSSL_API int wc_Hash(enum wc_HashType hash_type, const byte* data, word32 data_len, byte* hash, word32 hash_len); @@ -116,7 +125,7 @@ WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, word32 dataSz); WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out); - +WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); #ifndef NO_MD5 #include @@ -128,22 +137,24 @@ WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash); WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); #endif +#ifdef WOLFSSL_SHA224 +#include +WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*); +#endif /* defined(WOLFSSL_SHA224) */ + #ifndef NO_SHA256 #include WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); - - #if defined(WOLFSSL_SHA224) - WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*); - #endif /* defined(WOLFSSL_SHA224) */ #endif +#ifdef WOLFSSL_SHA384 +#include +WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); +#endif /* defined(WOLFSSL_SHA384) */ + #ifdef WOLFSSL_SHA512 #include WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); - - #if defined(WOLFSSL_SHA384) - WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); - #endif /* defined(WOLFSSL_SHA384) */ #endif /* WOLFSSL_SHA512 */ #ifdef __cplusplus diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h index d3f8b236..6272da31 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h @@ -1,16 +1,18 @@ /* hmac.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ - +/*! + \file wolfssl/wolfcrypt/hmac.h +*/ #ifndef NO_HMAC @@ -19,17 +21,26 @@ #include -#ifdef HAVE_FIPS -/* for fips */ +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) +/* for fips @wc_fips */ #include #define WC_HMAC_BLOCK_SIZE HMAC_BLOCK_SIZE #endif +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif + #ifdef __cplusplus extern "C" { #endif -#ifndef HAVE_FIPS + +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef WOLFSSL_ASYNC_CRYPT #include @@ -47,63 +58,43 @@ enum { /* If any hash is not enabled, add the ID here. */ #ifdef NO_MD5 - WC_MD5 = 0, + WC_MD5 = WC_HASH_TYPE_MD5, #endif #ifdef NO_SHA - WC_SHA = 1, + WC_SHA = WC_HASH_TYPE_SHA, #endif #ifdef NO_SHA256 - WC_SHA256 = 2, + WC_SHA256 = WC_HASH_TYPE_SHA256, #endif #ifndef WOLFSSL_SHA512 - WC_SHA512 = 4, + WC_SHA512 = WC_HASH_TYPE_SHA512, #endif #ifndef WOLFSSL_SHA384 - WC_SHA384 = 5, + WC_SHA384 = WC_HASH_TYPE_SHA384, #endif #ifndef HAVE_BLAKE2 - BLAKE2B_ID = 7, + BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B, #endif #ifndef WOLFSSL_SHA224 - WC_SHA224 = 8, + WC_SHA224 = WC_HASH_TYPE_SHA224, #endif #ifndef WOLFSSL_SHA3 - WC_SHA3_224 = 10, - WC_SHA3_256 = 11, - WC_SHA3_384 = 12, - WC_SHA3_512 = 13, -#else - /* These values are used for HMAC, not SHA-3 directly. - * They come from from FIPS PUB 202. */ - WC_SHA3_224_BLOCK_SIZE = 144, - WC_SHA3_256_BLOCK_SIZE = 136, - WC_SHA3_384_BLOCK_SIZE = 104, - WC_SHA3_512_BLOCK_SIZE = 72, -#endif - -/* Select the largest available hash for the buffer size. */ -#if defined(WOLFSSL_SHA3) - WC_HMAC_BLOCK_SIZE = WC_SHA3_224_BLOCK_SIZE - /* SHA3-224 has the largest block size */ -#elif defined(WOLFSSL_SHA512) - WC_HMAC_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, -#elif defined(HAVE_BLAKE2) - WC_HMAC_BLOCK_SIZE = BLAKE2B_BLOCKBYTES, -#elif defined(WOLFSSL_SHA384) - WC_HMAC_BLOCK_SIZE = WC_SHA384_BLOCK_SIZE -#elif !defined(NO_SHA256) - WC_HMAC_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE -#elif defined(WOLFSSL_SHA224) - WC_HMAC_BLOCK_SIZE = WC_SHA224_BLOCK_SIZE -#elif !defined(NO_SHA) - WC_HMAC_BLOCK_SIZE = WC_SHA_BLOCK_SIZE, -#elif !defined(NO_MD5) - WC_HMAC_BLOCK_SIZE = WC_MD5_BLOCK_SIZE, -#else - #error "You have to have some kind of hash if you want to use HMAC." + WC_SHA3_224 = WC_HASH_TYPE_SHA3_224, + WC_SHA3_256 = WC_HASH_TYPE_SHA3_256, + WC_SHA3_384 = WC_HASH_TYPE_SHA3_384, + WC_SHA3_512 = WC_HASH_TYPE_SHA3_512, #endif }; +/* Select the largest available hash for the buffer size. */ +#define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE + +#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && !defined(HAVE_BLAKE2) && \ + !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && defined(WOLFSSL_SHA224) && \ + defined(NO_SHA) && defined(NO_MD5) + #error "You have to have some kind of hash if you want to use HMAC." +#endif + /* hash union */ typedef union { @@ -119,17 +110,17 @@ typedef union { #ifndef NO_SHA256 wc_Sha256 sha256; #endif -#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; #endif +#ifdef WOLFSSL_SHA512 wc_Sha512 sha512; #endif #ifdef HAVE_BLAKE2 Blake2b blake2b; #endif #ifdef WOLFSSL_SHA3 - Sha3 sha3; + wc_Sha3 sha3; #endif } Hash; @@ -146,10 +137,6 @@ typedef struct Hmac { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; word16 keyLen; /* hmac key length (key in ipad) */ - #ifdef HAVE_CAVIUM - byte* data; /* buffered input data for one call */ - word16 dataLen; - #endif /* HAVE_CAVIUM */ #endif /* WOLFSSL_ASYNC_CRYPT */ } Hmac; diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h index 2ab1db1f..e5330de8 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h @@ -1,12 +1,12 @@ /* integer.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -62,6 +62,11 @@ extern "C" { /* C++ compilers don't like assigning void * to mp_digit * */ #define OPT_CAST(x) (x *) +#elif defined(_SH3) + +/* SuperH SH3 compiler doesn't like assigning voi* to mp_digit* */ +#define OPT_CAST(x) (x *) + #else /* C on the other hand doesn't care */ @@ -268,6 +273,7 @@ MP_API int mp_unsigned_bin_size(mp_int * a); MP_API int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c); MP_API int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b); MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b); +MP_API int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c); MP_API int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y); /* end functions needed by Rsa */ @@ -354,15 +360,19 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size); #define mp_dump(desc, a, verbose) #endif -#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || \ + !defined(NO_DSA) || !defined(NO_DH) MP_API int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c); #endif #if !defined(NO_DSA) || defined(HAVE_ECC) MP_API int mp_read_radix(mp_int* a, const char* str, int radix); #endif -#ifdef WOLFSSL_KEY_GEN +#if defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) MP_API int mp_prime_is_prime (mp_int * a, int t, int *result); + MP_API int mp_prime_is_prime_ex (mp_int * a, int t, int *result, WC_RNG*); +#endif /* WOLFSSL_KEY_GEN NO_RSA NO_DSA NO_DH */ +#ifdef WOLFSSL_KEY_GEN MP_API int mp_gcd (mp_int * a, mp_int * b, mp_int * c); MP_API int mp_lcm (mp_int * a, mp_int * b, mp_int * c); MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h index 8be8f141..acfafed7 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h @@ -1,15 +1,19 @@ /* logging.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/logging.h +*/ + /* submitted by eof */ @@ -32,6 +36,50 @@ enum wc_LogLevels { OTHER_LOG }; +#ifdef WOLFSSL_FUNC_TIME +/* WARNING: This code is only to be used for debugging performance. + * The code is not thread-safe. + * Do not use WOLFSSL_FUNC_TIME in production code. + */ +enum wc_FuncNum { + WC_FUNC_HELLO_REQUEST_SEND = 0, + WC_FUNC_HELLO_REQUEST_DO, + WC_FUNC_CLIENT_HELLO_SEND, + WC_FUNC_CLIENT_HELLO_DO, + WC_FUNC_SERVER_HELLO_SEND, + WC_FUNC_SERVER_HELLO_DO, + WC_FUNC_ENCRYPTED_EXTENSIONS_SEND, + WC_FUNC_ENCRYPTED_EXTENSIONS_DO, + WC_FUNC_CERTIFICATE_REQUEST_SEND, + WC_FUNC_CERTIFICATE_REQUEST_DO, + WC_FUNC_CERTIFICATE_SEND, + WC_FUNC_CERTIFICATE_DO, + WC_FUNC_CERTIFICATE_VERIFY_SEND, + WC_FUNC_CERTIFICATE_VERIFY_DO, + WC_FUNC_FINISHED_SEND, + WC_FUNC_FINISHED_DO, + WC_FUNC_KEY_UPDATE_SEND, + WC_FUNC_KEY_UPDATE_DO, + WC_FUNC_EARLY_DATA_SEND, + WC_FUNC_EARLY_DATA_DO, + WC_FUNC_NEW_SESSION_TICKET_SEND, + WC_FUNC_NEW_SESSION_TICKET_DO, + WC_FUNC_SERVER_HELLO_DONE_SEND, + WC_FUNC_SERVER_HELLO_DONE_DO, + WC_FUNC_TICKET_SEND, + WC_FUNC_TICKET_DO, + WC_FUNC_CLIENT_KEY_EXCHANGE_SEND, + WC_FUNC_CLIENT_KEY_EXCHANGE_DO, + WC_FUNC_CERTIFICATE_STATUS_SEND, + WC_FUNC_CERTIFICATE_STATUS_DO, + WC_FUNC_SERVER_KEY_EXCHANGE_SEND, + WC_FUNC_SERVER_KEY_EXCHANGE_DO, + WC_FUNC_END_OF_EARLY_DATA_SEND, + WC_FUNC_END_OF_EARLY_DATA_DO, + WC_FUNC_COUNT +}; +#endif + typedef void (*wolfSSL_Logging_cb)(const int logLevel, const char *const logMessage); @@ -57,10 +105,23 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API int wc_SetLoggingHeap(void* h); WOLFSSL_API int wc_ERR_remove_state(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API void wc_ERR_print_errors_fp(FILE* fp); + WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); #endif #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ +#ifdef WOLFSSL_FUNC_TIME + /* WARNING: This code is only to be used for debugging performance. + * The code is not thread-safe. + * Do not use WOLFSSL_FUNC_TIME in production code. + */ + WOLFSSL_API void WOLFSSL_START(int funcNum); + WOLFSSL_API void WOLFSSL_END(int funcNum); + WOLFSSL_API void WOLFSSL_TIME(int count); +#else + #define WOLFSSL_START(n) + #define WOLFSSL_END(n) + #define WOLFSSL_TIME(n) +#endif #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY) #if defined(_WIN32) @@ -93,7 +154,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); #endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */ -#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h index 67e077dc..d43a89bd 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h @@ -1,15 +1,19 @@ /* md5.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/md5.h +*/ + #ifndef WOLF_CRYPT_MD5_H #define WOLF_CRYPT_MD5_H @@ -39,12 +43,13 @@ /* in bytes */ enum { - WC_MD5 = 0, /* hash type unique */ + WC_MD5 = WC_HASH_TYPE_MD5, WC_MD5_BLOCK_SIZE = 64, WC_MD5_DIGEST_SIZE = 16, WC_MD5_PAD_SIZE = 56 }; + #ifdef WOLFSSL_MICROCHIP_PIC32MZ #include #endif diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h index d612969d..6f1c4379 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h @@ -1,12 +1,12 @@ /* mpi_class.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h index 3f61dfaf..173ce0e3 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h @@ -1,12 +1,12 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h index 5c187afe..26982335 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h @@ -1,15 +1,18 @@ /* pwdbased.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/pwdbased.h +*/ #ifndef WOLF_CRYPT_PWDBASED_H #define WOLF_CRYPT_PWDBASED_H @@ -18,11 +21,6 @@ #ifndef NO_PWDBASED -#ifndef NO_MD5 - #include /* for hash type */ -#endif - -#include #ifdef __cplusplus extern "C" { @@ -32,6 +30,10 @@ * hashType renamed to typeH to avoid shadowing global declaration here: * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types */ +WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, + const byte* passwd, int passwdLen, + const byte* salt, int saltLen, int iterations, + int hashType, void* heap); WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int typeH); @@ -51,12 +53,6 @@ WOLFSSL_API int wc_scrypt(byte* output, const byte* passwd, int passLen, int blockSize, int parallel, int dkLen); #endif -/* helper functions */ -WOLFSSL_LOCAL int GetDigestSize(int typeH); -WOLFSSL_LOCAL int GetPKCS12HashSizes(int typeH, word32* v, word32* u); -WOLFSSL_LOCAL int DoPKCS12Hash(int typeH, byte* buffer, word32 totalLen, - byte* Ai, word32 u, int iterations); - #ifdef __cplusplus } /* extern "C" */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h index 17bcf7bd..513317f0 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h @@ -1,15 +1,19 @@ /* random.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/random.h +*/ + #ifndef WOLF_CRYPT_RANDOM_H @@ -17,8 +21,14 @@ #include -#ifdef HAVE_FIPS -/* for fips @wc_fips */ +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +/* included for fips @wc_fips */ +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #include #endif @@ -47,8 +57,8 @@ #endif /* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined - or CUSTOM_RAND_GENERATE_BLOCK is defined*/ -#if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK) + or CUSTOM_RAND_GENERATE_BLOCK is defined */ +#if !defined(WC_NO_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) #undef HAVE_HASHDRBG #define HAVE_HASHDRBG #ifndef WC_RESEED_INTERVAL @@ -57,7 +67,9 @@ #endif -#ifndef HAVE_FIPS /* avoid redefining structs and macros */ +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) /* RNG supports the following sources (in order): * 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and @@ -85,7 +97,9 @@ #include #elif defined(HAVE_WNR) /* allow whitewood as direct RNG source using wc_GenerateSeed directly */ -#else +#elif defined(HAVE_INTEL_RDRAND) + /* Intel RDRAND or RDSEED */ +#elif !defined(WC_NO_RNG) #error No RNG source defined! #endif @@ -138,7 +152,7 @@ struct WC_RNG { #endif }; -#endif /* HAVE_FIPS */ +#endif /* NO FIPS or have FIPS v2*/ /* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts, * can't be used with CTaoCrypt FIPS */ @@ -157,21 +171,42 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); WOLFSSL_API int wc_FreeNetRandom(void); #endif /* HAVE_WNR */ - +#ifndef WC_NO_RNG WOLFSSL_API int wc_InitRng(WC_RNG*); WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId); +WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz); +WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz, + void* heap, int devId); WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); WOLFSSL_API int wc_FreeRng(WC_RNG*); +#else +#include +#define wc_InitRng(rng) NOT_COMPILED_IN +#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN +#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN +#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN +#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN +#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN +#define wc_FreeRng(rng) (void)NOT_COMPILED_IN +#endif + #ifdef HAVE_HASHDRBG WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy, word32 entropySz); + WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz); WOLFSSL_API int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, const byte* entropyB, word32 entropyBSz, byte* output, word32 outputSz); + WOLFSSL_API int wc_RNG_HealthTest_ex(int reseed, + const byte* nonce, word32 nonceSz, + const byte* entropyA, word32 entropyASz, + const byte* entropyB, word32 entropyBSz, + byte* output, word32 outputSz, + void* heap, int devId); #endif /* HAVE_HASHDRBG */ #ifdef __cplusplus diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h index 5a22416b..7f7a1167 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h @@ -1,12 +1,12 @@ /* settings.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -67,6 +67,9 @@ /* Uncomment next line if building wolfSSL for LSR */ /* #define WOLFSSL_LSR */ +/* Uncomment next line if building for Freescale Classic MQX version 4.0 */ +/* #define FREESCALE_MQX_4_0 */ + /* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */ /* #define FREESCALE_MQX */ @@ -76,7 +79,8 @@ /* Uncomment next line if building for Freescale KSDK Bare Metal */ /* #define FREESCALE_KSDK_BM */ -/* Uncomment next line if building for Freescale KSDK FreeRTOS (old name FREESCALE_FREE_RTOS) */ +/* Uncomment next line if building for Freescale KSDK FreeRTOS, */ +/* (old name FREESCALE_FREE_RTOS) */ /* #define FREESCALE_KSDK_FREERTOS */ /* Uncomment next line if using STM32F2 */ @@ -85,6 +89,9 @@ /* Uncomment next line if using STM32F4 */ /* #define WOLFSSL_STM32F4 */ +/* Uncomment next line if using STM32FL */ +/* #define WOLFSSL_STM32FL */ + /* Uncomment next line if using STM32F7 */ /* #define WOLFSSL_STM32F7 */ @@ -153,6 +160,18 @@ /* Uncomment next line if building for using XILINX */ /* #define WOLFSSL_XILINX */ +/* Uncomment next line if building for Nucleus 1.2 */ +/* #define WOLFSSL_NUCLEUS_1_2 */ + +/* Uncomment next line if building for using Apache mynewt */ +/* #define WOLFSSL_APACHE_MYNEWT */ + +/* Uncomment next line if building for using ESP-IDF */ +/* #define WOLFSSL_ESPIDF */ + +/* Uncomment next line if using Espressif ESP32-WROOM-32 */ +/* #define WOLFSSL_ESPWROOM32 */ + #include #ifdef WOLFSSL_USER_SETTINGS @@ -194,6 +213,22 @@ #include #endif +#if defined(WOLFSSL_ESPIDF) + #define FREERTOS + #define WOLFSSL_LWIP + #define NO_WRITEV + #define SIZEOF_LONG_LONG 8 + #define NO_WOLFSSL_DIR + #define WOLFSSL_NO_CURRDIR + + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #define WC_RSA_BLINDING +#if !defined(WOLFSSL_USER_SETTINGS) + #define HAVE_ECC +#endif /* !WOLFSSL_USER_SETTINGS */ +#endif /* WOLFSSL_ESPIDF */ + #if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */ #define WOLFSSL_LWIP #define NO_WRITEV @@ -202,6 +237,22 @@ #define NO_FILESYSTEM #endif +#if defined(WOLFSSL_CONTIKI) + #include + #define WOLFSSL_UIP + #define NO_WOLFSSL_MEMORY + #define NO_WRITEV + #define SINGLE_THREADED + #define WOLFSSL_USER_IO + #define NO_FILESYSTEM + #define CUSTOM_RAND_TYPE uint16_t + #define CUSTOM_RAND_GENERATE random_rand + static inline unsigned int LowResTimer(void) + { + return clock_seconds(); + } +#endif + #if defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_ROWLEY_ARM) #define NO_MAIN_DRIVER #define SINGLE_THREADED @@ -231,9 +282,15 @@ #endif #ifdef WOLFSSL_MICROCHIP_PIC32MZ - #define WOLFSSL_PIC32MZ_CRYPT - #define WOLFSSL_PIC32MZ_RNG - #define WOLFSSL_PIC32MZ_HASH + #ifndef NO_PIC32MZ_CRYPT + #define WOLFSSL_PIC32MZ_CRYPT + #endif + #ifndef NO_PIC32MZ_RNG + #define WOLFSSL_PIC32MZ_RNG + #endif + #ifndef NO_PIC32MZ_HASH + #define WOLFSSL_PIC32MZ_HASH + #endif #endif #ifdef MICROCHIP_TCPIP_V5 @@ -332,7 +389,8 @@ #ifdef VXWORKS_SIM #define TFM_NO_ASM #endif - #define WOLFSSL_PTHREADS + /* For VxWorks pthreads wrappers for mutexes uncomment the next line. */ + /* #define WOLFSSL_PTHREADS */ #define WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MAX #define USE_FAST_MATH @@ -438,6 +496,32 @@ #include "wolfssl_chibios.h" #endif +#ifdef WOLFSSL_PB + /* PB is using older 1.2 version of Nucleus */ + #undef WOLFSSL_NUCLEUS + #define WOLFSSL_NUCLEUS_1_2 +#endif + +#ifdef WOLFSSL_NUCLEUS_1_2 + #define NO_WRITEV + #define NO_WOLFSSL_DIR + + #if !defined(NO_ASN_TIME) && !defined(USER_TIME) + #error User must define XTIME, see manual + #endif + + #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER) + extern void* nucleus_malloc(unsigned long size, void* heap, int type); + extern void* nucleus_realloc(void* ptr, unsigned long size, void* heap, + int type); + extern void nucleus_free(void* ptr, void* heap, int type); + + #define XMALLOC(s, h, type) nucleus_malloc((s), (h), (type)) + #define XREALLOC(p, n, h, t) nucleus_realloc((p), (n), (h), (t)) + #define XFREE(p, h, type) nucleus_free((p), (h), (type)) + #endif +#endif + #ifdef WOLFSSL_NRF5x #define SIZEOF_LONG 4 #define SIZEOF_LONG_LONG 8 @@ -494,7 +578,7 @@ extern void uITRON4_free(void *p) ; #include "tm/tmonitor.h" /* static char* gets(char *buff); */ - static char* fgets(char *buff, int sz, FILE *fp) { + static char* fgets(char *buff, int sz, XFILE fp) { char * p = buff; *p = '\0'; while (1) { @@ -539,7 +623,9 @@ extern void uITRON4_free(void *p) ; #define XMALLOC(s, h, type) pvPortMalloc((s)) #define XFREE(p, h, type) vPortFree((p)) #endif - + #if defined(HAVE_ED25519) || defined(WOLFSSL_ESPIDF) + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + #endif #ifndef NO_WRITEV #define NO_WRITEV #endif @@ -700,6 +786,11 @@ extern void uITRON4_free(void *p) ; #define TFM_TIMING_RESISTANT #endif +#ifdef FREESCALE_MQX_4_0 + /* use normal Freescale MQX port, but with minor changes for 4.0 */ + #define FREESCALE_MQX +#endif + #ifdef FREESCALE_MQX #define FREESCALE_COMMON #include "mqx.h" @@ -716,10 +807,12 @@ extern void uITRON4_free(void *p) ; #include "mutex.h" #endif - #define XMALLOC_OVERRIDE - #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s)) - #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));} - /* Note: MQX has no realloc, using fastmath above */ + #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER) + #define XMALLOC_OVERRIDE + #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s)) + #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));} + /* Note: MQX has no realloc, using fastmath above */ + #endif #endif #ifdef FREESCALE_KSDK_MQX @@ -946,14 +1039,6 @@ extern void uITRON4_free(void *p) ; #undef NO_ECC256 #define HAVE_ECC384 #endif - - /* enable features */ - #undef HAVE_CURVE25519 - #define HAVE_CURVE25519 - #undef HAVE_ED25519 - #define HAVE_ED25519 - #undef WOLFSSL_SHA512 - #define WOLFSSL_SHA512 #endif #endif #endif @@ -977,7 +1062,8 @@ extern void uITRON4_free(void *p) ; #endif #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ - defined(WOLFSSL_STM32F7) + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ + defined(WOLFSSL_STM32L4) #define SIZEOF_LONG_LONG 8 #define NO_DEV_RANDOM @@ -987,10 +1073,17 @@ extern void uITRON4_free(void *p) ; #ifndef NO_STM32_RNG #undef STM32_RNG #define STM32_RNG + #ifdef WOLFSSL_STM32F427_RNG + #include "stm32f427xx.h" + #endif #endif #ifndef NO_STM32_CRYPTO #undef STM32_CRYPTO #define STM32_CRYPTO + + #ifdef WOLFSSL_STM32L4 + #define NO_AES_192 /* hardware does not support 192-bit */ + #endif #endif #ifndef NO_STM32_HASH #undef STM32_HASH @@ -1003,10 +1096,14 @@ extern void uITRON4_free(void *p) ; #ifdef WOLFSSL_STM32_CUBEMX #if defined(WOLFSSL_STM32F2) #include "stm32f2xx_hal.h" + #elif defined(WOLFSSL_STM32L4) + #include "stm32l4xx_hal.h" #elif defined(WOLFSSL_STM32F4) #include "stm32f4xx_hal.h" #elif defined(WOLFSSL_STM32F7) #include "stm32f7xx_hal.h" + #elif defined(WOLFSSL_STM32F1) + #include "stm32f1xx_hal.h" #endif #ifndef STM32_HAL_TIMEOUT @@ -1029,11 +1126,21 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32f4xx_hash.h" #endif + #elif defined(WOLFSSL_STM32L4) + #include "stm32l4xx.h" + #ifdef STM32_CRYPTO + #include "stm32l4xx_cryp.h" + #endif + #ifdef STM32_HASH + #include "stm32l4xx_hash.h" + #endif #elif defined(WOLFSSL_STM32F7) #include "stm32f7xx.h" + #elif defined(WOLFSSL_STM32F1) + #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ -#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32F7 */ +#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */ #ifdef MICRIUM #include @@ -1070,12 +1177,6 @@ extern void uITRON4_free(void *p) ; #define CUSTOM_RAND_TYPE RAND_NBR #define CUSTOM_RAND_GENERATE Math_Rand #endif - - #define WOLFSSL_TYPES - typedef CPU_INT08U byte; - typedef CPU_INT16U word16; - typedef CPU_INT32U word32; - #define STRING_USER #define XSTRLEN(pstr) ((CPU_SIZE_T)Str_Len((CPU_CHAR *)(pstr))) #define XSTRNCPY(pstr_dest, pstr_src, len_max) \ @@ -1172,6 +1273,41 @@ extern void uITRON4_free(void *p) ; #endif #endif /*(WOLFSSL_XILINX_CRYPT)*/ +#if defined(WOLFSSL_APACHE_MYNEWT) + #include "os/os_malloc.h" + #if !defined(WOLFSSL_LWIP) + #include + #endif + + #if !defined(SIZEOF_LONG) + #define SIZEOF_LONG 4 + #endif + #if !defined(SIZEOF_LONG_LONG) + #define SIZEOF_LONG_LONG 8 + #endif + #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) + #define BIG_ENDIAN_ORDER + #else + #undef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER + #endif + #define NO_WRITEV + #define WOLFSSL_USER_IO + #define SINGLE_THREADED + #define NO_DEV_RANDOM + #define NO_DH + #define NO_WOLFSSL_DIR + #define NO_ERROR_STRINGS + #define HAVE_ECC + #define NO_SESSION_CACHE + #define NO_ERROR_STRINGS + #define XMALLOC_USER + #define XMALLOC(sz, heap, type) os_malloc(sz) + #define XREALLOC(p, sz, heap, type) os_realloc(p, sz) + #define XFREE(p, heap, type) os_free(p) + +#endif /*(WOLFSSL_APACHE_MYNEWT)*/ + #ifdef WOLFSSL_IMX6 #ifndef SIZEOF_LONG_LONG #define SIZEOF_LONG_LONG 8 @@ -1232,7 +1368,6 @@ extern void uITRON4_free(void *p) ; #else #define TFM_TIMING_RESISTANT #define NO_WOLFSSL_DIR - #define NO_FILESYSTEM #define NO_WRITEV #define NO_MAIN_DRIVER #define WOLFSSL_LOG_PRINTF @@ -1240,9 +1375,6 @@ extern void uITRON4_free(void *p) ; #endif #else #define HAVE_ECC - #define ECC_TIMING_RESISTANT - #define TFM_TIMING_RESISTANT - #define NO_FILESYSTEM #define NO_WRITEV #define NO_MAIN_DRIVER #define USER_TICKS @@ -1252,6 +1384,10 @@ extern void uITRON4_free(void *p) ; #if !defined(HAVE_FIPS) && !defined(NO_RSA) #define WC_RSA_BLINDING #endif + + #define NO_FILESYSTEM + #define ECC_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT #define SINGLE_THREADED #define NO_ASN_TIME /* can not use headers such as windows.h */ #define HAVE_AESGCM @@ -1414,10 +1550,6 @@ extern void uITRON4_free(void *p) ; #ifndef NO_AES_CBC #undef HAVE_AES_CBC #define HAVE_AES_CBC - #else - #ifndef WOLFCRYPT_ONLY - #error "AES CBC is required for TLS and can only be disabled for WOLFCRYPT_ONLY builds" - #endif #endif #ifdef WOLFSSL_AES_XTS /* AES-XTS makes calls to AES direct functions */ @@ -1433,6 +1565,13 @@ extern void uITRON4_free(void *p) ; #endif #endif +#if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \ + (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \ + !defined(HAVE_CAMELLIA) && !defined(HAVE_IDEA) && \ + !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128)) + #define WOLFSSL_AEAD_ONLY +#endif + /* if desktop type system and fastmath increase default max bits */ #ifdef WOLFSSL_X86_64_BUILD #ifdef USE_FAST_MATH @@ -1499,9 +1638,9 @@ extern void uITRON4_free(void *p) ; #define HAVE_WOLF_EVENT #ifdef WOLFSSL_ASYNC_CRYPT_TEST - #define WC_ASYNC_DEV_SIZE 320+24 + #define WC_ASYNC_DEV_SIZE 328+24 #else - #define WC_ASYNC_DEV_SIZE 320 + #define WC_ASYNC_DEV_SIZE 328 #endif #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \ @@ -1551,7 +1690,7 @@ extern void uITRON4_free(void *p) ; #ifndef HAVE_AES_KEYWRAP #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP #endif - #ifndef HAVE_X963_KDF + #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF) #error PKCS7 requires X963 KDF please define HAVE_X963_KDF #endif #endif @@ -1574,7 +1713,7 @@ extern void uITRON4_free(void *p) ; #undef HAVE_GMTIME_R /* don't trust macro with windows */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */ -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION #define OPENSSL_NO_ENGINE #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT @@ -1614,7 +1753,8 @@ extern void uITRON4_free(void *p) ; #ifndef WC_NO_HARDEN #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ - (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)) + (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \ + !defined(WC_NO_RNG)) #ifndef _MSC_VER #warning "For timing resistance / side-channel attack prevention consider using harden options" @@ -1626,8 +1766,8 @@ extern void uITRON4_free(void *p) ; #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) /* added to have compatibility with SHA256() */ - #if !defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) - #define NO_OLD_SHA256_NAMES + #if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + #define NO_OLD_SHA_NAMES #endif #endif @@ -1637,7 +1777,77 @@ extern void uITRON4_free(void *p) ; #undef OPENSSL_EXTRA_X509_SMALL #define OPENSSL_EXTRA_X509_SMALL #endif /* OPENSSL_EXTRA */ - + +/* support for converting DER to PEM */ +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || \ + defined(OPENSSL_EXTRA) + #undef WOLFSSL_DER_TO_PEM + #define WOLFSSL_DER_TO_PEM +#endif + +/* keep backwards compatibility enabling encrypted private key */ +#ifndef WOLFSSL_ENCRYPTED_KEYS + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) + #define WOLFSSL_ENCRYPTED_KEYS + #endif +#endif + +/* support for disabling PEM to DER */ +#if !defined(WOLFSSL_NO_PEM) + #undef WOLFSSL_PEM_TO_DER + #define WOLFSSL_PEM_TO_DER +#endif + +/* Parts of the openssl compatibility layer require peer certs */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #undef KEEP_PEER_CERT + #define KEEP_PEER_CERT +#endif + +/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/ +#ifdef WOLFSSL_ARMASM + #undef WOLFSSL_NO_HASH_RAW + #define WOLFSSL_NO_HASH_RAW +#endif + +#if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \ + !defined(WOLFSSL_SHA3) + #undef WOLFSSL_NO_WORD64_OPS + #define WOLFSSL_NO_WORD64_OPS +#endif + +#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_CAMELLIA) && \ + defined(NO_PWDBASED) && !defined(HAVE_IDEA) + #undef WOLFSSL_NO_XOR_OPS + #define WOLFSSL_NO_XOR_OPS +#endif + +#if defined(NO_ASN) && defined(WOLFCRYPT_ONLY) + #undef WOLFSSL_NO_INT_ENCODE + #define WOLFSSL_NO_INT_ENCODE + #undef WOLFSSL_NO_INT_DECODE + #define WOLFSSL_NO_INT_DECODE +#endif + +#if defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + defined(WC_NO_RSA_OAEP) + #undef WOLFSSL_NO_CT_OPS + #define WOLFSSL_NO_CT_OPS +#endif + +#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(HAVE_CURVE25519) && \ + defined(WC_NO_RNG) && defined(WC_NO_RSA_OAEP) + #undef WOLFSSL_NO_CONST_CMP + #define WOLFSSL_NO_CONST_CMP +#endif + +#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \ + !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \ + defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_RSA_PUBLIC_ONLY) + #undef WOLFSSL_NO_FORCE_ZERO + #define WOLFSSL_NO_FORCE_ZERO +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h index 416ec626..9d506570 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h @@ -1,15 +1,19 @@ /* sha.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/sha.h +*/ + #ifndef WOLF_CRYPT_SHA_H #define WOLF_CRYPT_SHA_H @@ -18,7 +22,13 @@ #ifndef NO_SHA -#ifdef HAVE_FIPS +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #define wc_Sha Sha #define WC_SHA SHA #define WC_SHA_BLOCK_SIZE SHA_BLOCK_SIZE @@ -37,7 +47,9 @@ extern "C" { #endif -#ifndef HAVE_FIPS /* avoid redefining structs */ +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef WOLFSSL_MICROCHIP_PIC32MZ #include @@ -49,9 +61,12 @@ #include #endif +#if !defined(NO_OLD_SHA_NAMES) + #define SHA WC_SHA +#endif + #ifndef NO_OLD_WC_NAMES #define Sha wc_Sha - #define SHA WC_SHA #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE #define SHA_PAD_SIZE WC_SHA_PAD_SIZE @@ -59,7 +74,7 @@ /* in bytes */ enum { - WC_SHA = 1, /* hash type unique */ + WC_SHA = WC_HASH_TYPE_SHA, WC_SHA_BLOCK_SIZE = 64, WC_SHA_DIGEST_SIZE = 20, WC_SHA_PAD_SIZE = 56 @@ -107,6 +122,7 @@ typedef struct wc_Sha { WOLFSSL_API int wc_InitSha(wc_Sha*); WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32); +WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*); WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*); WOLFSSL_API void wc_ShaFree(wc_Sha*); diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h index 2a84253a..73c9578d 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h @@ -1,15 +1,19 @@ /* sha256.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfcrypt/sha256.h +*/ + /* code submitted by raphael.huck@efixo.com */ @@ -20,7 +24,13 @@ #ifndef NO_SHA256 -#ifdef HAVE_FIPS +#if defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #include +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #define wc_Sha256 Sha256 #define WC_SHA256 SHA256 #define WC_SHA256_BLOCK_SIZE SHA256_BLOCK_SIZE @@ -48,7 +58,9 @@ extern "C" { #endif -#ifndef HAVE_FIPS /* avoid redefinition of structs */ +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef WOLFSSL_MICROCHIP_PIC32MZ #include @@ -59,6 +71,9 @@ #ifdef WOLFSSL_ASYNC_CRYPT #include #endif +#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_DEVCRYPTO_HASH) + #include +#endif #if defined(_MSC_VER) #define SHA256_NOINLINE __declspec(noinline) @@ -68,9 +83,10 @@ #define SHA256_NOINLINE #endif -#ifndef NO_OLD_SHA256_NAMES +#if !defined(NO_OLD_SHA_NAMES) #define SHA256 WC_SHA256 #endif + #ifndef NO_OLD_WC_NAMES #define Sha256 wc_Sha256 #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE @@ -80,16 +96,19 @@ /* in bytes */ enum { - WC_SHA256 = 2, /* hash type unique */ + WC_SHA256 = WC_HASH_TYPE_SHA256, WC_SHA256_BLOCK_SIZE = 64, WC_SHA256_DIGEST_SIZE = 32, WC_SHA256_PAD_SIZE = 56 }; + #ifdef WOLFSSL_TI_HASH #include "wolfssl/wolfcrypt/port/ti/ti-hash.h" #elif defined(WOLFSSL_IMX6_CAAM) #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" +#elif defined(WOLFSSL_AFALG_HASH) + #include "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h" #else /* wc_Sha256 digest */ typedef struct wc_Sha256 { @@ -114,6 +133,15 @@ typedef struct wc_Sha256 { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef WOLFSSL_SMALL_STACK_CACHE + word32* W; +#endif +#ifdef WOLFSSL_DEVCRYPTO_HASH + WC_CRYPTODEV ctx; + byte* msg; + word32 used; + word32 len; +#endif #endif } wc_Sha256; @@ -124,6 +152,7 @@ typedef struct wc_Sha256 { WOLFSSL_API int wc_InitSha256(wc_Sha256*); WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int); WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32); +WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*); WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*); WOLFSSL_API void wc_Sha256Free(wc_Sha256*); @@ -135,7 +164,9 @@ WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32); #endif #ifdef WOLFSSL_SHA224 -#ifndef HAVE_FIPS /* avoid redefinition of structs */ +/* avoid redefinition of structs */ +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifndef NO_OLD_WC_NAMES #define Sha224 wc_Sha224 @@ -147,12 +178,13 @@ WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32); /* in bytes */ enum { - WC_SHA224 = 8, /* hash type unique */ + WC_SHA224 = WC_HASH_TYPE_SHA224, WC_SHA224_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE, WC_SHA224_DIGEST_SIZE = 28, WC_SHA224_PAD_SIZE = WC_SHA256_PAD_SIZE }; + typedef wc_Sha256 wc_Sha224; #endif /* HAVE_FIPS */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h index e9584f8e..f49161a4 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h @@ -1,106 +1,108 @@ /* types.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ - +/*! + \file wolfssl/wolfcrypt/types.h +*/ #ifndef WOLF_CRYPT_TYPES_H #define WOLF_CRYPT_TYPES_H - #include - #include + #include + #include - #ifdef __cplusplus - extern "C" { - #endif + #ifdef __cplusplus + extern "C" { + #endif - #if defined(WORDS_BIGENDIAN) - #define BIG_ENDIAN_ORDER - #endif + #if defined(WORDS_BIGENDIAN) + #define BIG_ENDIAN_ORDER + #endif - #ifndef BIG_ENDIAN_ORDER - #define LITTLE_ENDIAN_ORDER - #endif + #ifndef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER + #endif - #ifndef WOLFSSL_TYPES - #ifndef byte - typedef unsigned char byte; - #endif - typedef unsigned short word16; - typedef unsigned int word32; - typedef byte word24[3]; - #endif + #ifndef WOLFSSL_TYPES + #ifndef byte + typedef unsigned char byte; + #endif + typedef unsigned short word16; + typedef unsigned int word32; + typedef byte word24[3]; + #endif - /* try to set SIZEOF_LONG or LONG_LONG if user didn't */ - #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) - #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) - #if (defined(__alpha__) || defined(__ia64__) || \ - defined(_ARCH_PPC64) || defined(__mips64) || \ - defined(__x86_64__) || \ - ((defined(sun) || defined(__sun)) && \ - (defined(LP64) || defined(_LP64)))) - /* long should be 64bit */ - #define SIZEOF_LONG 8 - #elif defined(__i386__) || defined(__CORTEX_M3__) - /* long long should be 64bit */ - #define SIZEOF_LONG_LONG 8 - #endif - #endif - #endif + /* try to set SIZEOF_LONG or LONG_LONG if user didn't */ + #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) + #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) + #if (defined(__alpha__) || defined(__ia64__) || \ + defined(_ARCH_PPC64) || defined(__mips64) || \ + defined(__x86_64__) || \ + ((defined(sun) || defined(__sun)) && \ + (defined(LP64) || defined(_LP64)))) + /* long should be 64bit */ + #define SIZEOF_LONG 8 + #elif defined(__i386__) || defined(__CORTEX_M3__) + /* long long should be 64bit */ + #define SIZEOF_LONG_LONG 8 + #endif + #endif + #endif - #if defined(_MSC_VER) || defined(__BCPLUSPLUS__) - #define WORD64_AVAILABLE - #define W64LIT(x) x##ui64 - typedef unsigned __int64 word64; - #elif defined(__EMSCRIPTEN__) - #define WORD64_AVAILABLE - #define W64LIT(x) x##ull - typedef unsigned long long word64; - #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 - #define WORD64_AVAILABLE - #define W64LIT(x) x##LL - typedef unsigned long word64; - #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 - #define WORD64_AVAILABLE - #define W64LIT(x) x##LL - typedef unsigned long long word64; - #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 - #define WORD64_AVAILABLE - #define W64LIT(x) x##LL - typedef unsigned long long word64; - #endif + #if defined(_MSC_VER) || defined(__BCPLUSPLUS__) + #define WORD64_AVAILABLE + #define W64LIT(x) x##ui64 + typedef unsigned __int64 word64; + #elif defined(__EMSCRIPTEN__) + #define WORD64_AVAILABLE + #define W64LIT(x) x##ull + typedef unsigned long long word64; + #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long word64; + #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long long word64; + #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long long word64; + #endif #if !defined(NO_64BIT) && defined(WORD64_AVAILABLE) - /* These platforms have 64-bit CPU registers. */ - #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ - defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \ + /* These platforms have 64-bit CPU registers. */ + #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ + defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \ defined(__aarch64__) || defined(__sparc64__) - typedef word64 wolfssl_word; + typedef word64 wolfssl_word; #define WC_64BIT_CPU - #elif (defined(sun) || defined(__sun)) && \ + #elif (defined(sun) || defined(__sun)) && \ (defined(LP64) || defined(_LP64)) /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits * and int uses 32 bits. When using Solaris Studio sparc and __sparc are - * avialable for 32 bit detection but __sparc64__ could be missed. This + * available for 32 bit detection but __sparc64__ could be missed. This * uses LP64 for checking 64 bit CPU arch. */ - typedef word64 wolfssl_word; + typedef word64 wolfssl_word; #define WC_64BIT_CPU #else - typedef word32 wolfssl_word; - #ifdef WORD64_AVAILABLE - #define WOLFCRYPT_SLOW_WORD64 - #endif - #endif + typedef word32 wolfssl_word; + #ifdef WORD64_AVAILABLE + #define WOLFCRYPT_SLOW_WORD64 + #endif + #endif #else #undef WORD64_AVAILABLE typedef word32 wolfssl_word; @@ -108,36 +110,40 @@ mp_digit, no 64 bit type so make mp_digit 16 bit */ #endif - enum { - WOLFSSL_WORD_SIZE = sizeof(wolfssl_word), - WOLFSSL_BIT_SIZE = 8, - WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE - }; + enum { + WOLFSSL_WORD_SIZE = sizeof(wolfssl_word), + WOLFSSL_BIT_SIZE = 8, + WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE + }; - #define WOLFSSL_MAX_16BIT 0xffffU + #define WOLFSSL_MAX_16BIT 0xffffU - /* use inlining if compiler allows */ - #ifndef INLINE - #ifndef NO_INLINE - #ifdef _MSC_VER - #define INLINE __inline - #elif defined(__GNUC__) + /* use inlining if compiler allows */ + #ifndef WC_INLINE + #ifndef NO_INLINE + #ifdef _MSC_VER + #define WC_INLINE __inline + #elif defined(__GNUC__) #ifdef WOLFSSL_VXWORKS - #define INLINE __inline__ + #define WC_INLINE __inline__ #else - #define INLINE inline + #define WC_INLINE inline #endif - #elif defined(__IAR_SYSTEMS_ICC__) - #define INLINE inline - #elif defined(THREADX) - #define INLINE _Inline - #else - #define INLINE - #endif - #else - #define INLINE - #endif - #endif + #elif defined(__IAR_SYSTEMS_ICC__) + #define WC_INLINE inline + #elif defined(THREADX) + #define WC_INLINE _Inline + #else + #define WC_INLINE + #endif + #else + #define WC_INLINE + #endif + #endif + + #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) + #define INLINE WC_INLINE + #endif /* set up rotate style */ @@ -155,47 +161,47 @@ #endif - /* set up thread local storage if available */ - #ifdef HAVE_THREAD_LS - #if defined(_MSC_VER) - #define THREAD_LS_T __declspec(thread) - /* Thread local storage only in FreeRTOS v8.2.1 and higher */ - #elif defined(FREERTOS) - #define THREAD_LS_T - #else - #define THREAD_LS_T __thread - #endif - #else - #define THREAD_LS_T - #endif + /* set up thread local storage if available */ + #ifdef HAVE_THREAD_LS + #if defined(_MSC_VER) + #define THREAD_LS_T __declspec(thread) + /* Thread local storage only in FreeRTOS v8.2.1 and higher */ + #elif defined(FREERTOS) || defined(FREERTOS_TCP) + #define THREAD_LS_T + #else + #define THREAD_LS_T __thread + #endif + #else + #define THREAD_LS_T + #endif /* GCC 7 has new switch() fall-through detection */ #if defined(__GNUC__) #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1))) - #define FALL_THROUGH __attribute__ ((fallthrough)); + #define FALL_THROUGH __attribute__ ((fallthrough)) #endif #endif #ifndef FALL_THROUGH #define FALL_THROUGH #endif - /* Micrium will use Visual Studio for compilation but not the Win32 API */ - #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ - !defined(FREERTOS_TCP) && !defined(EBSNET) && \ + /* Micrium will use Visual Studio for compilation but not the Win32 API */ + #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ + !defined(FREERTOS_TCP) && !defined(EBSNET) && \ !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) - #define USE_WINDOWS_API - #endif + #define USE_WINDOWS_API + #endif - /* idea to add global alloc override by Moises Guimaraes */ - /* default to libc stuff */ - /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embeded systems doesn't like free(0) so test */ - #if defined(HAVE_IO_POOL) - WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); - WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); - WOLFSSL_API void XFREE(void *p, void* heap, int type); - #elif defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA) + /* idea to add global alloc override by Moises Guimaraes */ + /* default to libc stuff */ + /* XREALLOC is used once in normal math lib, not in fast math lib */ + /* XFREE on some embedded systems doesn't like free(0) so test */ + #if defined(HAVE_IO_POOL) + WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); + WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); + WOLFSSL_API void XFREE(void *p, void* heap, int type); + #elif defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA) #include #undef USE_WOLFSSL_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY @@ -208,55 +214,69 @@ #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ #elif defined(XMALLOC_USER) - /* prototypes for user heap override functions */ - #include /* for size_t */ - extern void *XMALLOC(size_t n, void* heap, int type); - extern void *XREALLOC(void *p, size_t n, void* heap, int type); - extern void XFREE(void *p, void* heap, int type); + /* prototypes for user heap override functions */ + #include /* for size_t */ + extern void *XMALLOC(size_t n, void* heap, int type); + extern void *XREALLOC(void *p, size_t n, void* heap, int type); + extern void XFREE(void *p, void* heap, int type); + #elif defined(WOLFSSL_MEMORY_LOG) + #define XMALLOC(n, h, t) xmalloc(n, h, t, __func__, __FILE__, __LINE__) + #define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __func__, __FILE__, __LINE__) + #define XFREE(p, h, t) xfree(p, h, t, __func__, __FILE__, __LINE__) + + /* prototypes for user heap override functions */ + #include /* for size_t */ + #include + extern void *xmalloc(size_t n, void* heap, int type, const char* func, + const char* file, unsigned int line); + extern void *xrealloc(void *p, size_t n, void* heap, int type, + const char* func, const char* file, unsigned int line); + extern void xfree(void *p, void* heap, int type, const char* func, + const char* file, unsigned int line); #elif defined(XMALLOC_OVERRIDE) /* override the XMALLOC, XFREE and XREALLOC macros */ - #elif defined(NO_WOLFSSL_MEMORY) - /* just use plain C stdlib stuff if desired */ - #include - #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} - #define XREALLOC(p, n, h, t) realloc((p), (n)) - #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ - && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ - && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ + #elif defined(NO_WOLFSSL_MEMORY) + /* just use plain C stdlib stuff if desired */ + #include + #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #define XREALLOC(p, n, h, t) realloc((p), (n)) + #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ + && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ + && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ && !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4) - /* default C runtime, can install different routines at runtime via cbs */ - #include + /* default C runtime, can install different routines at runtime via cbs */ + #include #ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) + #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else - #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) + #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ #elif !defined(FREERTOS) && !defined(FREERTOS_TCP) #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) #else - #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) #endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_STATIC_MEMORY */ - #endif + #endif /* declare/free variable handling for async */ #ifdef WOLFSSL_ASYNC_CRYPT #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ - VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, HEAP, DYNAMIC_TYPE_WOLF_BIGINT); + VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); #define DECLARE_VAR_INIT(VAR_NAME, VAR_TYPE, VAR_SIZE, INIT_VALUE, HEAP) \ VAR_TYPE* VAR_NAME = ({ \ - VAR_TYPE* ptr = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, HEAP, DYNAMIC_TYPE_WOLF_BIGINT); \ + VAR_TYPE* ptr = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \ if (ptr && INIT_VALUE) { \ XMEMCPY(ptr, INIT_VALUE, sizeof(VAR_TYPE) * VAR_SIZE); \ } \ @@ -266,13 +286,13 @@ VAR_TYPE* VAR_NAME[VAR_ITEMS]; \ int idx##VAR_NAME; \ for (idx##VAR_NAME=0; idx##VAR_NAME - #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) - #define XMEMSET(b,c,l) memset((b),(c),(l)) - #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) - #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + #ifndef STRING_USER + #include + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) - #define XSTRLEN(s1) strlen((s1)) - #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) - /* strstr, strncmp, and strncat only used by wolfSSL proper, + #define XSTRLEN(s1) strlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + /* strstr, strncmp, and strncat only used by wolfSSL proper, * not required for wolfCrypt only */ - #define XSTRSTR(s1,s2) strstr((s1),(s2)) - #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) - #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) - #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + + #ifdef USE_WOLF_STRSEP + #define XSTRSEP(s1,d) wc_strsep((s1),(d)) + #else + #define XSTRSEP(s1,d) strsep((s1),(d)) + #endif #if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) /* XC32 does not support strncasecmp, so use case sensitive one */ #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) - #elif defined(USE_WINDOWS_API) - #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) + #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) + #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else - #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) - #endif + #if defined(HAVE_STRINGS_H) && defined(WOLF_C99) && \ + !defined(WOLFSSL_SGX) + #include + #endif + #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) + #endif /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when debugging is turned on */ #ifndef USE_WINDOWS_API - #if defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - !defined(NO_STDIO_FILESYSTEM) + #if defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_PKCS7)) && !defined(NO_STDIO_FILESYSTEM) /* case where stdio is not included else where but is needed for * snprintf */ #include @@ -330,19 +365,22 @@ #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN) /* use only Thread Safe version of strtok */ - #if defined(__MINGW32__) || defined(WOLFSSL_TIRTOS) || \ - defined(USE_WOLF_STRTOK) - #ifndef USE_WOLF_STRTOK - #define USE_WOLF_STRTOK - #endif - #define XSTRTOK wc_strtok + #if defined(USE_WOLF_STRTOK) + #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS) - #define XSTRTOK strtok_s + #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr)) #else - #define XSTRTOK strtok_r + #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr)) #endif #endif - #endif + #endif + + #ifdef USE_WOLF_STRTOK + WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp); + #endif + #ifdef USE_WOLF_STRSEP + WOLFSSL_API char* wc_strsep(char **stringp, const char *delim); + #endif #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ !defined(NO_STDIO_FILESYSTEM) @@ -352,20 +390,20 @@ #endif #endif /* OPENSSL_EXTRA */ - #ifndef CTYPE_USER - #include - #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ + #ifndef CTYPE_USER + #include + #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) - #define XTOUPPER(c) toupper((c)) - #define XISALPHA(c) isalpha((c)) - #endif - /* needed by wolfSSL_check_domain_name() */ - #define XTOLOWER(c) tolower((c)) - #endif + #define XTOUPPER(c) toupper((c)) + #define XISALPHA(c) isalpha((c)) + #endif + /* needed by wolfSSL_check_domain_name() */ + #define XTOLOWER(c) tolower((c)) + #endif - /* memory allocation types for user hints */ - enum { + /* memory allocation types for user hints */ + enum { DYNAMIC_TYPE_CA = 1, DYNAMIC_TYPE_CERT = 2, DYNAMIC_TYPE_KEY = 3, @@ -449,60 +487,147 @@ DYNAMIC_TYPE_DIRCTX = 81, DYNAMIC_TYPE_HASHCTX = 82, DYNAMIC_TYPE_SEED = 83, - DYNAMIC_TYPE_SYMETRIC_KEY = 84, + DYNAMIC_TYPE_SYMMETRIC_KEY= 84, DYNAMIC_TYPE_ECC_BUFFER = 85, DYNAMIC_TYPE_QSH = 86, DYNAMIC_TYPE_SALT = 87, DYNAMIC_TYPE_HASH_TMP = 88, DYNAMIC_TYPE_BLOB = 89, DYNAMIC_TYPE_NAME_ENTRY = 90, - }; + }; - /* max error buffer string size */ + /* max error buffer string size */ #ifndef WOLFSSL_MAX_ERROR_SZ - #define WOLFSSL_MAX_ERROR_SZ 80 + #define WOLFSSL_MAX_ERROR_SZ 80 #endif - /* stack protection */ - enum { - MIN_STACK_BUFFER = 8 - }; + /* stack protection */ + enum { + MIN_STACK_BUFFER = 8 + }; + /* Algorithm Types */ + enum wc_AlgoType { + WC_ALGO_TYPE_NONE = 0, + WC_ALGO_TYPE_HASH = 1, + WC_ALGO_TYPE_CIPHER = 2, + WC_ALGO_TYPE_PK = 3, - /* settings detection for compile vs runtime math incompatibilities */ - enum { - #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) - CTC_SETTINGS = 0x0 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) - CTC_SETTINGS = 0x1 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) - CTC_SETTINGS = 0x2 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) - CTC_SETTINGS = 0x4 - #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) - CTC_SETTINGS = 0x8 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) - CTC_SETTINGS = 0x10 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) - CTC_SETTINGS = 0x20 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) - CTC_SETTINGS = 0x40 - #else - #error "bad math long / long long settings" - #endif - }; + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_PK + }; + + /* hash types */ + enum wc_HashType { + #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) + /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types. + * Values here are based on old selftest hmac.h enum, with additions */ + WC_HASH_TYPE_NONE = 15, + WC_HASH_TYPE_MD2 = 16, + WC_HASH_TYPE_MD4 = 17, + WC_HASH_TYPE_MD5 = 0, + WC_HASH_TYPE_SHA = 1, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 8, + WC_HASH_TYPE_SHA256 = 2, + WC_HASH_TYPE_SHA384 = 5, + WC_HASH_TYPE_SHA512 = 4, + WC_HASH_TYPE_MD5_SHA = 18, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + + WC_HASH_TYPE_MAX = WC_HASH_TYPE_MD5_SHA + #else + WC_HASH_TYPE_NONE = 0, + WC_HASH_TYPE_MD2 = 1, + WC_HASH_TYPE_MD4 = 2, + WC_HASH_TYPE_MD5 = 3, + WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 5, + WC_HASH_TYPE_SHA256 = 6, + WC_HASH_TYPE_SHA384 = 7, + WC_HASH_TYPE_SHA512 = 8, + WC_HASH_TYPE_MD5_SHA = 9, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + + WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2B + #endif /* HAVE_SELFTEST */ + }; + + /* cipher types */ + enum wc_CipherType { + WC_CIPHER_NONE = 0, + WC_CIPHER_AES = 1, + WC_CIPHER_AES_CBC = 2, + WC_CIPHER_AES_GCM = 3, + WC_CIPHER_AES_CTR = 4, + WC_CIPHER_AES_XTS = 5, + WC_CIPHER_AES_CFB = 6, + WC_CIPHER_DES3 = 7, + WC_CIPHER_DES = 8, + WC_CIPHER_CHACHA = 9, + WC_CIPHER_HC128 = 10, + WC_CIPHER_IDEA = 11, + + WC_CIPHER_MAX = WC_CIPHER_HC128 + }; + + /* PK=public key (asymmetric) based algorithms */ + enum wc_PkType { + WC_PK_TYPE_NONE = 0, + WC_PK_TYPE_RSA = 1, + WC_PK_TYPE_DH = 2, + WC_PK_TYPE_ECDH = 3, + WC_PK_TYPE_ECDSA_SIGN = 4, + WC_PK_TYPE_ECDSA_VERIFY = 5, + WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_CURVE25519 = 7, + WC_PK_TYPE_RSA_KEYGEN = 8, + WC_PK_TYPE_EC_KEYGEN = 9, + + WC_PK_TYPE_MAX = WC_PK_TYPE_EC_KEYGEN + }; - WOLFSSL_API word32 CheckRunTimeSettings(void); + /* settings detection for compile vs runtime math incompatibilities */ + enum { + #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + CTC_SETTINGS = 0x0 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) + CTC_SETTINGS = 0x1 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) + CTC_SETTINGS = 0x2 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) + CTC_SETTINGS = 0x4 + #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + CTC_SETTINGS = 0x8 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) + CTC_SETTINGS = 0x10 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) + CTC_SETTINGS = 0x20 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) + CTC_SETTINGS = 0x40 + #else + #error "bad math long / long long settings" + #endif + }; - /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long - types need to match at compile time and run time, CheckCtcSettings will - return 1 if a match otherwise 0 */ - #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings()) - /* invalid device id */ - #define INVALID_DEVID -2 + WOLFSSL_API word32 CheckRunTimeSettings(void); + + /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long + types need to match at compile time and run time, CheckCtcSettings will + return 1 if a match otherwise 0 */ + #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings()) + + /* invalid device id */ + #define INVALID_DEVID -2 /* AESNI requires alignment and ARMASM gains some performance from it */ @@ -617,9 +742,16 @@ #define WC_NORETURN #endif + #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) || \ + defined(WOLFSSL_PUBLIC_MP) || defined(OPENSSL_EXTRA) || \ + (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) + #undef WC_MP_TO_RADIX + #define WC_MP_TO_RADIX + #endif - #ifdef __cplusplus - } /* extern "C" */ - #endif + #ifdef __cplusplus + } /* extern "C" */ + #endif #endif /* WOLF_CRYPT_TYPES_H */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h index 9fa91c25..9cf925a0 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h @@ -1,12 +1,12 @@ /* visibility.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -18,7 +18,10 @@ /* for compatibility and so that fips is using same name of macro @wc_fips */ -#ifdef HAVE_FIPS +/* The following visibility wrappers are for old FIPS. New FIPS should use + * the same as a non-FIPS build. */ +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) #include #define WOLFSSL_API CYASSL_API #define WOLFSSL_LOCAL CYASSL_LOCAL @@ -31,19 +34,19 @@ */ #if defined(BUILDING_WOLFSSL) - #if defined(HAVE_VISIBILITY) && HAVE_VISIBILITY - #define WOLFSSL_API __attribute__ ((visibility("default"))) - #define WOLFSSL_LOCAL __attribute__ ((visibility("hidden"))) - #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550) - #define WOLFSSL_API __global - #define WOLFSSL_LOCAL __hidden - #elif defined(_MSC_VER) || defined(__MINGW32__) + #if defined(_MSC_VER) || defined(__MINGW32__) #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllexport) #else #define WOLFSSL_API #endif #define WOLFSSL_LOCAL + #elif defined(HAVE_VISIBILITY) && HAVE_VISIBILITY + #define WOLFSSL_API __attribute__ ((visibility("default"))) + #define WOLFSSL_LOCAL __attribute__ ((visibility("hidden"))) + #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550) + #define WOLFSSL_API __global + #define WOLFSSL_LOCAL __hidden #else #define WOLFSSL_API #define WOLFSSL_LOCAL diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h old mode 100644 new mode 100755 index 7e1b71de..8492fccf --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h @@ -1,16 +1,18 @@ /* wc_port.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ - +/*! + \file wolfssl/wolfcrypt/wc_port.h +*/ #ifndef WOLF_CRYPT_PORT_H #define WOLF_CRYPT_PORT_H @@ -22,6 +24,14 @@ extern "C" { #endif +/* Detect if compiler supports C99. "NO_WOLF_C99" can be defined in + * user_settings.h to disable checking for C99 support. */ +#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && \ + !defined(WOLFSSL_ARDUINO) && !defined(NO_WOLF_C99) + #if __STDC_VERSION__ >= 199901L + #define WOLF_C99 + #endif +#endif #ifdef USE_WINDOWS_API #ifdef WOLFSSL_GAME_BUILD @@ -55,6 +65,8 @@ /* do nothing */ #elif defined(FREESCALE_FREE_RTOS) #include "fsl_os_abstraction.h" +#elif defined(WOLFSSL_VXWORKS) + #include #elif defined(WOLFSSL_uITRON4) #include "stddef.h" #include "kernel.h" @@ -78,6 +90,13 @@ #elif defined(INTIME_RTOS) #include #include +#elif defined(WOLFSSL_NUCLEUS_1_2) + /* NU_DEBUG needed struct access in nucleus_realloc */ + #define NU_DEBUG + #include "plus/nucleus.h" + #include "nucleus.h" +#elif defined(WOLFSSL_APACHE_MYNEWT) + /* do nothing */ #else #ifndef SINGLE_THREADED #define WOLFSSL_PTHREADS @@ -125,6 +144,8 @@ typedef MUTEX_STRUCT wolfSSL_Mutex; #elif defined(FREESCALE_FREE_RTOS) typedef mutex_t wolfSSL_Mutex; + #elif defined(WOLFSSL_VXWORKS) + typedef SEM_ID wolfSSL_Mutex; #elif defined(WOLFSSL_uITRON4) typedef struct wolfSSL_Mutex { T_CSEM sem ; @@ -149,6 +170,8 @@ typedef mutex_t * wolfSSL_Mutex; #elif defined(INTIME_RTOS) typedef RTHANDLE wolfSSL_Mutex; + #elif defined(WOLFSSL_NUCLEUS_1_2) + typedef NU_SEMAPHORE wolfSSL_Mutex; #else #error Need a mutex type in multithreaded mode #endif /* USE_WINDOWS_API */ @@ -254,6 +277,34 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_END FS_SEEK_END #define XBADFILE NULL #define XFGETS(b,s,f) -2 /* Not ported yet */ +#elif defined(WOLFSSL_NUCLEUS_1_2) + #include "fal/inc/fal.h" + #define XFILE FILE* + #define XFOPEN fopen + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND rewind + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END PSEEK_END + #define XBADFILE NULL +#elif defined(WOLFSSL_APACHE_MYNEWT) + #include + #define XFILE struct fs_file* + + #define XFOPEN mynewt_fopen + #define XFSEEK mynewt_fseek + #define XFTELL mynewt_ftell + #define XREWIND mynewt_rewind + #define XFREAD mynewt_fread + #define XFWRITE mynewt_fwrite + #define XFCLOSE mynewt_fclose + #define XSEEK_END 2 + #define XBADFILE NULL + #define XFGETS(b,s,f) -2 /* Not ported yet */ +#elif defined(WOLFSSL_USER_FILESYSTEM) + /* To be defined in user_settings.h */ #else /* stdio, default case */ #include @@ -274,7 +325,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XBADFILE NULL #define XFGETS fgets - #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) + #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) #include #include #include @@ -288,7 +340,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define MAX_PATH 256 #endif -#if !defined(NO_WOLFSSL_DIR) +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \ + !defined(WOLFSSL_NUCLEUS_1_2) typedef struct ReadDirCtx { #ifdef USE_WINDOWS_API WIN32_FIND_DATAA FindFileData; @@ -301,6 +354,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); char name[MAX_FILENAME_SZ]; } ReadDirCtx; + #define WC_READDIR_NOFILE -1 + WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name); WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name); WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx); @@ -308,10 +363,6 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif /* !NO_FILESYSTEM */ -#ifdef USE_WOLF_STRTOK - WOLFSSL_LOCAL char* wc_strtok(char *str, const char *delim, char **nextp); -#endif - /* Windows API defines its own min() macro. */ #if defined(USE_WINDOWS_API) #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE) @@ -367,8 +418,13 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XGMTIME(c, t) gmtime((c)) #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #ifdef FREESCALE_MQX_4_0 + #include + extern time_t mqx_time(time_t* timer); + #else + #define HAVE_GMTIME_R + #endif #define XTIME(t1) mqx_time((t1)) - #define HAVE_GMTIME_R #elif defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS) #include @@ -378,7 +434,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #define XGMTIME(c, t) gmtime((c)) -#elif defined(WOLFSSL_ATMEL) +#elif defined(WOLFSSL_ATMEL) && defined(WOLFSSL_ATMEL_TIME) #define XTIME(t1) atmel_get_curr_time_and_date((t1)) #define WOLFSSL_GMTIME #define USE_WOLF_TM @@ -396,24 +452,46 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XTIME(t1) windows_time((t1)) #define WOLFSSL_GMTIME +#elif defined(WOLFSSL_APACHE_MYNEWT) + #include "os/os_time.h" + #define XTIME(t1) mynewt_time((t1)) + #define WOLFSSL_GMTIME + #define USE_WOLF_TM + #define USE_WOLF_TIME_T #else /* default */ /* uses complete facility */ #include + #if defined(HAVE_SYS_TIME_H) + #include + #endif /* PowerPC time_t is int */ #ifdef __PPC__ - #define TIME_T_NOT_LONG + #define TIME_T_NOT_64BIT #endif #endif +#ifdef SIZEOF_TIME_T + /* check if size of time_t from autoconf is less than 8 bytes (64bits) */ + #if SIZEOF_TIME_T < 8 + #undef TIME_T_NOT_64BIT + #define TIME_T_NOT_64BIT + #endif +#endif +#ifdef TIME_T_NOT_LONG + /* one old reference to TIME_T_NOT_LONG in GCC-ARM example README + * this keeps support for the old macro name */ + #undef TIME_T_NOT_64BIT + #define TIME_T_NOT_64BIT +#endif /* Map default time functions */ #if !defined(XTIME) && !defined(TIME_OVERRIDES) && !defined(USER_TIME) #define XTIME(tl) time((tl)) #endif #if !defined(XGMTIME) && !defined(TIME_OVERRIDES) - #if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) + #if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) || defined(WOLF_C99) #define XGMTIME(c, t) gmtime((c)) #else #define XGMTIME(c, t) gmtime_r((c), (t)) @@ -444,8 +522,18 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #if defined(USE_WOLF_TIME_T) typedef long time_t; #endif +#if defined(USE_WOLF_SUSECONDS_T) + typedef long suseconds_t; +#endif +#if defined(USE_WOLF_TIMEVAL_T) + struct timeval + { + time_t tv_sec; + suseconds_t tv_usec; + }; +#endif -/* forward declarations */ + /* forward declarations */ #if defined(USER_TIME) struct tm* gmtime(const time_t* timer); extern time_t XTIME(time_t * timer); @@ -465,6 +553,16 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #endif /* NO_ASN_TIME */ +#ifndef WOLFSSL_LEANPSK + char* mystrnstr(const char* s1, const char* s2, unsigned int n); +#endif + +#ifndef FILE_BUFFER_SIZE + #define FILE_BUFFER_SIZE 1024 /* default static file buffer size for input, + will use dynamic buffer if not big enough */ +#endif + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h index a72818b4..8be26bc6 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h @@ -1,12 +1,12 @@ /* wolfmath.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ @@ -42,6 +42,14 @@ int get_rand_digit(WC_RNG* rng, mp_digit* d); int mp_rand(mp_int* a, int digits, WC_RNG* rng); + enum { + /* format type */ + WC_TYPE_HEX_STR = 1, + WC_TYPE_UNSIGNED_BIN = 2, + }; + + WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len, + word32 keySz, int encType); #ifdef HAVE_WOLF_BIGINT void wc_bigint_init(WC_BIGINT* a); @@ -52,6 +60,7 @@ void wc_bigint_free(WC_BIGINT* a); int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst); + int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz); int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst); #endif /* HAVE_WOLF_BIGINT */ diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h index a224483d..322225df 100644 --- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h +++ b/components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h @@ -1,15 +1,18 @@ /* io.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * * Contact licensing@wolfssl.com with any questions or comments. * - * http://www.wolfssl.com + * https://www.wolfssl.com */ +/*! + \file wolfssl/wolfio.h +*/ #ifndef WOLFSSL_IO_H #define WOLFSSL_IO_H @@ -18,16 +21,19 @@ extern "C" { #endif -/* OCSP and CRL_IO require HTTP client */ -#if defined(HAVE_OCSP) || defined(HAVE_CRL_IO) - #ifndef HAVE_HTTP_CLIENT - #define HAVE_HTTP_CLIENT +/* Micrium uses NetSock I/O callbacks in wolfio.c */ +#if !defined(WOLFSSL_USER_IO) + /* OCSP and CRL_IO require HTTP client */ + #if defined(HAVE_OCSP) || defined(HAVE_CRL_IO) + #ifndef HAVE_HTTP_CLIENT + #define HAVE_HTTP_CLIENT + #endif #endif #endif #if !defined(WOLFSSL_USER_IO) /* Micrium uses NetSock I/O callbacks in wolfio.c */ - #if !defined(USE_WOLFSSL_IO) && !defined(MICRIUM) + #if !defined(USE_WOLFSSL_IO) && !defined(MICRIUM) && !defined(WOLFSSL_CONTIKI) #define USE_WOLFSSL_IO #endif #endif @@ -40,7 +46,7 @@ #endif #ifndef USE_WINDOWS_API - #ifdef WOLFSSL_LWIP + #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) /* lwIP needs to be configured to use sockets API in this mode */ /* LWIP_SOCKET 1 in lwip/opt.h or in build */ #include "lwip/sockets.h" @@ -68,6 +74,9 @@ #elif defined(WOLFSSL_VXWORKS) #include #include + #elif defined(WOLFSSL_NUCLEUS_1_2) + #include + #include #elif defined(WOLFSSL_ATMEL) #include "socket/include/socket.h" #elif defined(INTIME_RTOS) @@ -92,6 +101,8 @@ #include #elif defined(WOLFSSL_SGX) #include + #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) + #include #elif !defined(WOLFSSL_NO_SOCK) #include #include @@ -105,7 +116,7 @@ #elif defined(EBSNET) #include "rtipapi.h" /* errno */ #include "socket.h" - #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) + #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_CONTIKI) #include #include #include @@ -135,7 +146,6 @@ #define SOCKET_EPIPE WSAEPIPE #define SOCKET_ECONNREFUSED WSAENOTCONN #define SOCKET_ECONNABORTED WSAECONNABORTED - #define close(s) closesocket(s) #elif defined(__PPU) #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK #define SOCKET_EAGAIN SYS_NET_EAGAIN @@ -187,6 +197,14 @@ #define SOCKET_EPIPE FREERTOS_SOCKET_ERROR #define SOCKET_ECONNREFUSED FREERTOS_SOCKET_ERROR #define SOCKET_ECONNABORTED FREERTOS_SOCKET_ERROR +#elif defined(WOLFSSL_NUCLEUS_1_2) + #define SOCKET_EWOULDBLOCK NU_WOULD_BLOCK + #define SOCKET_EAGAIN NU_WOULD_BLOCK + #define SOCKET_ECONNRESET NU_NOT_CONNECTED + #define SOCKET_EINTR NU_NOT_CONNECTED + #define SOCKET_EPIPE NU_NOT_CONNECTED + #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED + #define SOCKET_ECONNABORTED NU_NOT_CONNECTED #else #define SOCKET_EWOULDBLOCK EWOULDBLOCK #define SOCKET_EAGAIN EAGAIN @@ -198,13 +216,15 @@ #endif /* USE_WINDOWS_API */ + + #ifdef DEVKITPRO /* from network.h */ int net_send(int, const void*, int, unsigned int); int net_recv(int, void*, int, unsigned int); #define SEND_FUNCTION net_send #define RECV_FUNCTION net_recv -#elif defined(WOLFSSL_LWIP) +#elif defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) #define SEND_FUNCTION lwip_send #define RECV_FUNCTION lwip_recv #elif defined(WOLFSSL_PICOTCP) @@ -216,6 +236,9 @@ #elif defined(WOLFSSL_VXWORKS) #define SEND_FUNCTION send #define RECV_FUNCTION recv +#elif defined(WOLFSSL_NUCLEUS_1_2) + #define SEND_FUNCTION NU_Send + #define RECV_FUNCTION NU_Recv #else #define SEND_FUNCTION send #define RECV_FUNCTION recv @@ -250,6 +273,11 @@ typedef struct hostent HOSTENT; #endif /* HAVE_SOCKADDR */ + /* use gethostbyname for c99 */ + #ifdef WOLF_C99 + #undef HAVE_GETADDRINFO + #endif + #ifdef HAVE_GETADDRINFO typedef struct addrinfo ADDRINFO; #endif @@ -259,7 +287,7 @@ /* IO API's */ #ifdef HAVE_IO_TIMEOUT WOLFSSL_API int wolfIO_SetBlockingMode(SOCKET_T sockfd, int non_blocking); - WOLFSSL_API void wolfIO_SetTimeout(int to_sec);; + WOLFSSL_API void wolfIO_SetTimeout(int to_sec); WOLFSSL_API int wolfIO_Select(SOCKET_T sockfd, int to_sec); #endif WOLFSSL_API int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, @@ -270,6 +298,28 @@ WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); #endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */ +#ifdef USE_WINDOWS_API + #ifndef CloseSocket + #define CloseSocket(s) closesocket(s) + #endif + #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); } +#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) + #ifndef CloseSocket + extern int closesocket(int); + #define CloseSocket(s) closesocket(s) + #endif + #define StartTCP() +#else + #ifndef CloseSocket + #define CloseSocket(s) close(s) + #endif + #define StartTCP() + #ifdef FREERTOS_TCP_WINSIM + extern int close(int); + #endif +#endif + + WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); #if defined(USE_WOLFSSL_IO) @@ -334,8 +384,11 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); /* I/O callbacks */ typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx); typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx); -WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv); -WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX*, CallbackIOSend); +WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv); +WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX*, CallbackIOSend); +/* deprecated old name */ +#define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv +#define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx); WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx); @@ -364,6 +417,46 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); WOLFSSL_LOCAL int MicriumSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); #endif /* MICRIUM */ +#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) + WOLFSSL_LOCAL int Mynewt_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx); + WOLFSSL_LOCAL int Mynewt_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx); + WOLFSSL_API void wolfSSL_SetIO_Mynewt(WOLFSSL* ssl, struct mn_socket* mnSocket, + struct mn_sockaddr_in* mnSockAddrIn); +#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */ + +#ifdef WOLFSSL_UIP + + struct uip_wolfssl_ctx { + union socket_connector { + struct tcp_socket tcp; + struct udp_socket udp; + } conn; + WOLFSSL_CTX *ctx; + WOLFSSL *ssl; + uint8_t *input_databuf; + uint8_t *output_databuf; + uint8_t *ssl_rx_databuf; + int ssl_rb_len; + int ssl_rb_off; + struct process *process; + tcp_socket_data_callback_t input_callback; + tcp_socket_event_callback_t event_callback; + int closing; + uip_ipaddr_t peer_addr; + uint16_t peer_port; + }; + + typedef struct uip_wolfssl_ctx uip_wolfssl_ctx; + + WOLFSSL_LOCAL int uIPSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); + WOLFSSL_LOCAL int uIPReceive(WOLFSSL* ssl, char* buf, int sz, + void* ctx); + WOLFSSL_LOCAL int uIPReceiveFrom(WOLFSSL* ssl, char* buf, int sz, + void* ctx); + WOLFSSL_LOCAL int uIPSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); + +#endif + #ifdef WOLFSSL_DTLS typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz, void* ctx);