diff --git a/include/wolfssl/openssl/bn.h b/include/wolfssl/openssl/bn.h index e360df77..83737d73 100644 --- a/include/wolfssl/openssl/bn.h +++ b/include/wolfssl/openssl/bn.h @@ -1,6 +1,6 @@ /* bn.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -12,6 +12,11 @@ /* bn.h for openssl */ +/*! + \file wolfssl/openssl/bn.h + \brief bn.h for openssl +*/ + #ifndef WOLFSSL_BN_H_ #define WOLFSSL_BN_H_ @@ -96,7 +101,7 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); + WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*); #endif WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); diff --git a/include/wolfssl/openssl/dsa.h b/include/wolfssl/openssl/dsa.h index bdcde8e0..f7a38580 100644 --- a/include/wolfssl/openssl/dsa.h +++ b/include/wolfssl/openssl/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * diff --git a/include/wolfssl/openssl/ec.h b/include/wolfssl/openssl/ec.h index 24e0e3ad..0f677b72 100644 --- a/include/wolfssl/openssl/ec.h +++ b/include/wolfssl/openssl/ec.h @@ -1,6 +1,6 @@ /* ec.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * diff --git a/include/wolfssl/openssl/evp.h b/include/wolfssl/openssl/evp.h index 0f9f4035..6dc65839 100644 --- a/include/wolfssl/openssl/evp.h +++ b/include/wolfssl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -12,8 +12,9 @@ -/* evp.h defines mini evp openssl compatibility layer - * +/*! + \file wolfssl/openssl/evp.h + \brief evp.h defines mini evp openssl compatibility layer */ @@ -255,12 +256,10 @@ WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); -#ifndef NO_MD5 WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*, const WOLFSSL_EVP_MD*, const unsigned char*, const unsigned char*, int, int, unsigned char*, unsigned char*); -#endif WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx); diff --git a/include/wolfssl/openssl/md5.h b/include/wolfssl/openssl/md5.h index 00217c4e..5bde4c16 100644 --- a/include/wolfssl/openssl/md5.h +++ b/include/wolfssl/openssl/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * diff --git a/include/wolfssl/openssl/opensslv.h b/include/wolfssl/openssl/opensslv.h index a48fede1..18d9cca9 100644 --- a/include/wolfssl/openssl/opensslv.h +++ b/include/wolfssl/openssl/opensslv.h @@ -1,6 +1,6 @@ /* opensslv.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -17,7 +17,8 @@ /* api version compatibility */ -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_SIGNAL) +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* version number can be increased for Lighty after compatibility for ECDH is added */ #define OPENSSL_VERSION_NUMBER 0x10001000L diff --git a/include/wolfssl/openssl/ripemd.h b/include/wolfssl/openssl/ripemd.h index a8ba0845..a8e51067 100644 --- a/include/wolfssl/openssl/ripemd.h +++ b/include/wolfssl/openssl/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * diff --git a/include/wolfssl/openssl/rsa.h b/include/wolfssl/openssl/rsa.h index c3e22b00..8cd4f53c 100644 --- a/include/wolfssl/openssl/rsa.h +++ b/include/wolfssl/openssl/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -23,21 +23,9 @@ extern "C" { #endif -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) -#if defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION < 2)) - /* - choice of padding added after fips, so not available when using fips RSA - */ - - /* Padding types */ - #define RSA_PKCS1_PADDING 0 - #define RSA_PKCS1_OAEP_PADDING 1 -#else - #define RSA_PKCS1_PADDING WC_RSA_PKCSV15_PAD - #define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD -#endif /* HAVE_FIPS */ -#endif +/* Padding types */ +#define RSA_PKCS1_PADDING 0 +#define RSA_PKCS1_OAEP_PADDING 1 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ typedef struct WOLFSSL_RSA WOLFSSL_RSA; diff --git a/include/wolfssl/openssl/sha.h b/include/wolfssl/openssl/sha.h index 550a6df9..15d0846c 100644 --- a/include/wolfssl/openssl/sha.h +++ b/include/wolfssl/openssl/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -110,7 +110,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Init wolfSSL_SHA256_Init #define SHA256_Update wolfSSL_SHA256_Update #define SHA256_Final wolfSSL_SHA256_Final -#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS * build. */ #define SHA256 wolfSSL_SHA256 @@ -139,7 +139,11 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; #define SHA384_Init wolfSSL_SHA384_Init #define SHA384_Update wolfSSL_SHA384_Update #define SHA384_Final wolfSSL_SHA384_Final - +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + /* SHA384 is only available in non-fips mode because of SHA384 enum in FIPS + * build. */ + #define SHA384 wolfSSL_SHA384 +#endif #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 @@ -164,7 +168,11 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX; #define SHA512_Init wolfSSL_SHA512_Init #define SHA512_Update wolfSSL_SHA512_Update #define SHA512_Final wolfSSL_SHA512_Final - +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + /* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS + * build. */ + #define SHA512 wolfSSL_SHA512 +#endif #endif /* WOLFSSL_SHA512 */ diff --git a/include/wolfssl/openssl/ssl.h b/include/wolfssl/openssl/ssl.h index 0a094a70..16d7a3f5 100644 --- a/include/wolfssl/openssl/ssl.h +++ b/include/wolfssl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -119,6 +119,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio #define d2i_PrivateKey wolfSSL_d2i_PrivateKey @@ -288,6 +289,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define RAND_seed wolfSSL_RAND_seed #define RAND_cleanup wolfSSL_RAND_Cleanup #define RAND_add wolfSSL_RAND_add +#define RAND_poll wolfSSL_RAND_poll #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle @@ -313,6 +315,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert #define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert +#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl #define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags #define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb #define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free @@ -339,7 +342,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file #define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup -#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_free wolfSSL_X509_STORE_free #define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init #define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup @@ -369,7 +373,13 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj +#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free +#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex +#define ASN1_tag2str wolfSSL_ASN1_tag2str +#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime +#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new +#define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get #define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN @@ -500,8 +510,16 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define sk_X509_free wolfSSL_sk_X509_free #define i2d_X509_bio wolfSSL_i2d_X509_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio +#define d2i_X509_fp wolfSSL_d2i_X509_fp #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 +#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp +#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey +#define d2i_X509_CRL wolfSSL_d2i_X509_CRL +#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp +#define X509_CRL_free wolfSSL_X509_CRL_free #define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data #define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data @@ -517,6 +535,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 #define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX +#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL /*#if OPENSSL_API_COMPAT < 0x10100000L*/ #define CONF_modules_free() @@ -538,7 +557,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_NAME_free wolfSSL_X509_NAME_free #define X509_NAME_new wolfSSL_X509_NAME_new -typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; + typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey @@ -557,10 +576,10 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free #define SHA1 wolfSSL_SHA1 + #define X509_check_private_key wolfSSL_X509_check_private_key #define SSL_dup_CA_list wolfSSL_dup_CA_list - - +#define X509_check_ca wolfSSL_X509_check_ca /* NIDs */ @@ -591,7 +610,7 @@ enum { #define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ #define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX -#ifdef WOLFSSL_HAPROXY +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) #define SSL_get_rbio wolfSSL_SSL_get_rbio #define SSL_get_wbio wolfSSL_SSL_get_wbio #define SSL_do_handshake wolfSSL_SSL_do_handshake @@ -602,7 +621,7 @@ enum { #define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num #define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero #define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value -#endif /* WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh @@ -699,6 +718,7 @@ enum { #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME #define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME +#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS #define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) @@ -815,7 +835,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define ERR_LIB_X509 10 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) #include @@ -866,6 +886,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_get0_session wolfSSL_SSL_get0_session #define X509_check_host wolfSSL_X509_check_host #define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER +#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER #define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data #define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb @@ -894,6 +915,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA #define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password #define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#define OPENSSL_add_all_algorithms_noconf wolfSSL_OPENSSL_add_all_alogrithms_noconf #ifdef __cplusplus } /* extern "C" */ diff --git a/include/wolfssl/ssl.h b/include/wolfssl/ssl.h index 8f0dfe41..4b7881fe 100644 --- a/include/wolfssl/ssl.h +++ b/include/wolfssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -9,8 +9,10 @@ * http://www.wolfssl.com */ - - +/*! + \file ../wolfssl/ssl.h + \brief Header file containing key wolfSSL API +*/ /* wolfSSL API */ @@ -22,6 +24,7 @@ #include #include #include +#include #ifdef HAVE_WOLF_EVENT #include @@ -109,6 +112,7 @@ typedef struct WOLFSSL_X509 WOLFSSL_X509; typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; +typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; @@ -152,7 +156,7 @@ typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER; typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; -typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL; +typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL; typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; typedef struct WOLFSSL_BIO WOLFSSL_BIO; @@ -170,11 +174,17 @@ typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME #define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME +#define WOLFSSL_ASN1_INTEGER_MAX 20 struct WOLFSSL_ASN1_INTEGER { /* size can be increased set at 20 for tag, length then to hold at least 16 * byte type */ - unsigned char data[20]; + unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; /* ASN_INTEGER | LENGTH | hex of number */ + unsigned char negative; /* negative number flag */ + + unsigned char* data; + unsigned int dataMax; /* max size of data buffer */ + unsigned char isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ }; struct WOLFSSL_ASN1_TIME { @@ -283,11 +293,15 @@ struct WOLFSSL_X509_STORE { #ifdef OPENSSL_EXTRA int isDynamic; #endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + WOLFSSL_X509_CRL *crl; +#endif }; #ifdef OPENSSL_EXTRA #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 +#define WOLFSSL_NO_WILDCARDS 0x4 struct WOLFSSL_X509_VERIFY_PARAM { time_t check_time; unsigned long flags; @@ -372,6 +386,7 @@ enum AlertDescription { unsupported_extension = 110, /**< RFC 5246, section 7.2.2 */ unrecognized_name = 112, /**< RFC 6066, section 3 */ bad_certificate_status_response = 113, /**< RFC 6066, section 8 */ + unknown_psk_identity = 115, /**< RFC 4279, section 2 */ no_application_protocol = 120 }; @@ -383,6 +398,8 @@ enum AlertLevel { /* Maximum master key length (SECRET_LEN) */ #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48 +/* Maximum number of groups that can be set */ +#define WOLFSSL_MAX_GROUP_COUNT 10 typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); @@ -478,6 +495,8 @@ WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); #endif WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, const char *file); +WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, + const char *file, int format); WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); @@ -486,6 +505,8 @@ WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int); WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file); +WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*, + const char *file, int format); WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); #ifdef WOLFSSL_DER_LOAD @@ -498,11 +519,6 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); /* load NTRU private key blob */ #endif -#ifndef WOLFSSL_PEMCERT_TODER_DEFINED - WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int); - #define WOLFSSL_PEMCERT_TODER_DEFINED -#endif - #endif /* !NO_FILESYSTEM && !NO_CERTS */ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); @@ -516,12 +532,12 @@ WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority); WOLFSSL_API int wolfSSL_get_ciphers(char*, int); WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); +WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, + const unsigned char); WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); -WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); -WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); /* please see note at top of README if you get an error from connect */ WOLFSSL_API int wolfSSL_connect(WOLFSSL*); WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); @@ -540,6 +556,11 @@ WOLFSSL_API int wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_request_certificate(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_preferred_group(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, + int count); +WOLFSSL_API int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count); + WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*); WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*); @@ -563,12 +584,11 @@ WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); -WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session); -WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); -WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm); -WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char*, - int, int); +WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*); +WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); +WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); +WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); #ifdef SESSION_INDEX WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); @@ -581,7 +601,6 @@ WOLFSSL_API #endif /* SESSION_INDEX && SESSION_CERTS */ typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); -typedef int (pem_password_cb)(char*, int, int, void*); #ifdef OPENSSL_EXTRA typedef void (CallbackInfoState)(const WOLFSSL*, int, int); @@ -637,6 +656,11 @@ WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_set_cipher_list(WOLFSSL*, const char*); /* Nonblocking DTLS helper functions */ +WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int); +WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); +#define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock +#define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock + /* The old names are deprecated. */ WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); @@ -774,6 +798,10 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_add_all_algorithms(void); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_OPENSSL_add_all_algorithms_noconf(void); +#endif + #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); #endif @@ -805,6 +833,7 @@ WOLFSSL_API int wolfSSL_RAND_egd(const char*); WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); +WOLFSSL_API int wolfSSL_RAND_poll(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); @@ -916,6 +945,8 @@ WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( WOLFSSL_X509_REVOKED*,int); WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*); +WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*); +WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void); WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*); @@ -947,7 +978,8 @@ WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, void* userdata); WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb*); - +WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); +WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(const WOLFSSL* ssl, int type, int val)); @@ -961,8 +993,10 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); -WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*, - WOLFSSL_RSA*(*)(WOLFSSL*, int, int)); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); +WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, + WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); @@ -1184,9 +1218,9 @@ enum { /* wolfSSL extension, provide last error from SSL_get_error since not using thread storage error queue */ #include -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp); +WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); #endif #endif @@ -1349,7 +1383,6 @@ enum { WOLFSSL_BIO_UNSET = -2, WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */ }; - #endif WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err, @@ -1401,8 +1434,9 @@ WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_UTCTIME*); WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_GENERALIZEDTIME*); -WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_X509_REVOKED*); -WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED*, int); +WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); +WOLFSSL_API int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*); +WOLFSSL_API void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*, int); /* stunnel 4.28 needs */ WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); @@ -1487,10 +1521,17 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, + const unsigned char *in, int len); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); +#endif +WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); + #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); @@ -1516,6 +1557,10 @@ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, + WOLFSSL_X509_PKCS12** pkcs12); +#endif WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca); @@ -1690,21 +1735,14 @@ WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int); WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); -WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int, - unsigned char*, int, const char*); -WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int, - unsigned char*, int, int); -#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) - #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED - #ifndef NO_FILESYSTEM - WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, - unsigned char* derBuf, int derSz); - #endif - WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, - unsigned char*, int); - #define WOLFSSL_PEMPUBKEY_TODER_DEFINED - #endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */ -#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER*/ + +/* moved to asn.c, old names kept for backwards compatability */ +#define wolfSSL_KeyPemToDer wc_KeyPemToDer +#define wolfSSL_CertPemToDer wc_CertPemToDer +#define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer +#define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer +#define wolfSSL_PemCertToDer wc_PemCertToDer + typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); typedef void (*CbMissingCRL)(const char* url); @@ -1881,6 +1919,7 @@ typedef int (*CallbackRsaVerify)(WOLFSSL* ssl, const unsigned char* keyDer, unsigned int keySz, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify); +WOLFSSL_API void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX*, CallbackRsaVerify); WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl); @@ -1903,6 +1942,8 @@ typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*, CallbackRsaPssVerify); +WOLFSSL_API void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX*, + CallbackRsaPssVerify); WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl); #endif @@ -2112,7 +2153,7 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); @@ -2297,7 +2338,6 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, CallbackSessionTicket, void*); #endif /* NO_WOLFSSL_CLIENT */ -#ifndef NO_WOLFSSL_SERVER #define WOLFSSL_TICKET_NAME_SZ 16 #define WOLFSSL_TICKET_IV_SZ 16 @@ -2310,6 +2350,8 @@ enum TicketEncRet { WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */ }; +#ifndef NO_WOLFSSL_SERVER + typedef int (*SessionTicketEncCb)(WOLFSSL*, unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], unsigned char iv[WOLFSSL_TICKET_IV_SZ], @@ -2412,7 +2454,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, WOLFSSL_API void wolfSSL_cert_service(void); #endif -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Smaller subset of X509 compatibility functions. Avoid increasing the size of * this subset and its memory usage */ @@ -2425,9 +2467,10 @@ struct WOLFSSL_X509_NAME_ENTRY { int set; int size; }; -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#ifdef OPENSSL_EXTRA + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) enum { WOLFSSL_SYS_ACCEPT = 0, @@ -2462,11 +2505,6 @@ WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT WOLFSSL_API void wolfSSL_OBJ_cleanup(void); /* end of object functions */ -#ifndef NO_FILESYSTEM -WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); -WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); -#endif - WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); @@ -2507,6 +2545,10 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, + WOLFSSL_X509** x509); +#endif WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); @@ -2516,12 +2558,14 @@ WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen); WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); -WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); -WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **x, + pem_password_cb *cb, void *u); +#endif /*lighttp compatibility */ @@ -2533,11 +2577,13 @@ struct WOLFSSL_ASN1_BIT_STRING { }; -#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) \ + || defined(OPENSSL_ALL) \ + || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); @@ -2552,17 +2598,28 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); +WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509); -/* end lighttpd*/ -#endif +#ifndef NO_FILESYSTEM +WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); +WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); #endif -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) +#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ + + +#if defined(OPENSSL_ALL) \ + || defined(HAVE_STUNNEL) \ + || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); @@ -2577,8 +2634,11 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) +#if defined(OPENSSL_ALL) \ + || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) #include @@ -2673,10 +2733,11 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); -#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx); @@ -2713,19 +2774,24 @@ WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); #endif -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(OPENSSL_EXTRA) +#if defined(OPENSSL_ALL) \ + || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name); #endif -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* Not an OpenSSL API. */ WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response); /* Not an OpenSSL API. */ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); /* Not an OpenSSL API. */ WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); +#endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c); @@ -2785,7 +2851,7 @@ WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert); -#endif /* WOLFSSL_NGINX */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len); @@ -2818,7 +2884,7 @@ WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsi #ifdef OPENSSL_EXTRA -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); @@ -2835,14 +2901,24 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); +WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); WOLFSSL_API void ERR_load_SSL_strings(void); WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); +WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); +WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out); +WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); #endif /* OPENSSL_EXTRA */ +#ifdef HAVE_PK_CALLBACKS +WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/include/wolfssl/version.h b/include/wolfssl/version.h index 66cc4388..a5c18908 100644 --- a/include/wolfssl/version.h +++ b/include/wolfssl/version.h @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -19,8 +19,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.14.0" -#define LIBWOLFSSL_VERSION_HEX 0x03014000 +#define LIBWOLFSSL_VERSION_STRING "3.15.3" +#define LIBWOLFSSL_VERSION_HEX 0x03015003 #ifdef __cplusplus } diff --git a/include/wolfssl/wolfcrypt/aes.h b/include/wolfssl/wolfcrypt/aes.h index adc67846..2c38bb03 100644 --- a/include/wolfssl/wolfcrypt/aes.h +++ b/include/wolfssl/wolfcrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,10 @@ */ +/*! + \file wolfssl/wolfcrypt/aes.h +*/ + #ifndef WOLF_CRYPT_AES_H #define WOLF_CRYPT_AES_H @@ -49,6 +53,16 @@ extern "C" { #endif +/* these are required for FIPS and non-FIPS */ +enum { + AES_128_KEY_SIZE = 16, /* for 128 bit */ + AES_192_KEY_SIZE = 24, /* for 192 bit */ + AES_256_KEY_SIZE = 32, /* for 256 bit */ + + AES_IV_SIZE = 16, /* always block size */ +}; + + #ifndef HAVE_FIPS /* to avoid redefinition of structures */ #ifdef WOLFSSL_ASYNC_CRYPT @@ -56,11 +70,13 @@ #endif enum { - AES_ENC_TYPE = 1, /* cipher unique type */ + AES_ENC_TYPE = WC_CIPHER_AES, /* cipher unique type */ AES_ENCRYPTION = 0, AES_DECRYPTION = 1, - KEYWRAP_BLOCK_SIZE = 8, - AES_BLOCK_SIZE = 16 + + AES_BLOCK_SIZE = 16, + + KEYWRAP_BLOCK_SIZE = 8, }; @@ -213,226 +229,22 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, #endif /* HAVE_AES_KEYWRAP */ #ifdef WOLFSSL_AES_XTS -/*! - \ingroup AES - \brief This is to help with setting keys to correct encrypt or decrypt type. - - \note Is up to user to call wc_AesXtsFree on aes key when done. - - \return 0 Success - - \param aes AES keys for encrypt/decrypt process - \param key buffer holding aes key | tweak key - \param len length of key buffer in bytes. Should be twice that of key size. - i.e. 32 for a 16 byte key. - \param dir direction, either AES_ENCRYPTION or AES_DECRYPTION - \param heap heap hint to use for memory. Can be NULL - \param devId id to use with async crypto. Can be 0 - - _Example_ - \code - XtsAes aes; - - if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsDecrypt - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key, word32 len, int dir, void* heap, int devId); - -/*! - \ingroup AES - - \brief Same process as wc_AesXtsEncrypt but uses a word64 type as the tweak - value instead of a byte array. This just converts the word64 to a - byte array and calls wc_AesXtsEncrypt. - - \return 0 Success - - \param aes AES keys to use for block encrypt/decrypt - \param out output buffer to hold cipher text - \param in input plain text buffer to encrypt - \param sz size of both out and in buffers - \param sector value to use for tweak - - _Example_ - \code - XtsAes aes; - unsigned char plain[SIZE]; - unsigned char cipher[SIZE]; - word64 s = VALUE; - - //set up keys with AES_ENCRYPTION as dir - - if(wc_AesXtsEncryptSector(&aes, cipher, plain, SIZE, s) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsDecrypt - \sa wc_AesXtsSetKey - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz, word64 sector); - -/*! - \ingroup AES - - \brief Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak - value instead of a byte array. This just converts the word64 to a - byte array. - - \return 0 Success - - \param aes AES keys to use for block encrypt/decrypt - \param out output buffer to hold plain text - \param in input cipher text buffer to decrypt - \param sz size of both out and in buffers - \param sector value to use for tweak - - _Example_ - \code - XtsAes aes; - unsigned char plain[SIZE]; - unsigned char cipher[SIZE]; - word64 s = VALUE; - - //set up aes key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION - - if(wc_AesXtsDecryptSector(&aes, plain, cipher, SIZE, s) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsDecrypt - \sa wc_AesXtsSetKey - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz, word64 sector); - -/*! - \ingroup AES - - \brief AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text - Stealing. - - \return 0 Success - - \param aes AES keys to use for block encrypt/decrypt - \param out output buffer to hold cipher text - \param in input plain text buffer to encrypt - \param sz size of both out and in buffers - \param i value to use for tweak - \param iSz size of i buffer, should always be AES_BLOCK_SIZE but having - this input adds a sanity check on how the user calls the - function. - - _Example_ - \code - XtsAes aes; - unsigned char plain[SIZE]; - unsigned char cipher[SIZE]; - unsigned char i[AES_BLOCK_SIZE]; - - //set up key with AES_ENCRYPTION as dir - - if(wc_AesXtsEncrypt(&aes, cipher, plain, SIZE, i, sizeof(i)) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsDecrypt - \sa wc_AesXtsSetKey - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out, const byte* in, word32 sz, const byte* i, word32 iSz); - -/*! - \ingroup AES - - \brief Same process as encryption but Aes key is AES_DECRYPTION type. - - \return 0 Success - - \param aes AES keys to use for block encrypt/decrypt - \param out output buffer to hold plain text - \param in input cipher text buffer to decrypt - \param sz size of both out and in buffers - \param i value to use for tweak - \param iSz size of i buffer, should always be AES_BLOCK_SIZE but having - this input adds a sanity check on how the user calls the - function. - _Example_ - \code - XtsAes aes; - unsigned char plain[SIZE]; - unsigned char cipher[SIZE]; - unsigned char i[AES_BLOCK_SIZE]; - - //set up key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION - - if(wc_AesXtsDecrypt(&aes, plain, cipher, SIZE, i, sizeof(i)) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsSetKey - \sa wc_AesXtsFree -*/ WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out, const byte* in, word32 sz, const byte* i, word32 iSz); - -/*! - \ingroup AES - - \brief This is to free up any resources used by the XtsAes structure - - \return 0 Success - - \param aes AES keys to free - - _Example_ - \code - XtsAes aes; - - if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0) - { - // Handle error - } - wc_AesXtsFree(&aes); - \endcode - - \sa wc_AesXtsEncrypt - \sa wc_AesXtsDecrypt - \sa wc_AesXtsSetKey -*/ WOLFSSL_API int wc_AesXtsFree(XtsAes* aes); #endif diff --git a/include/wolfssl/wolfcrypt/arc4.h b/include/wolfssl/wolfcrypt/arc4.h index f14216d3..9cf1f0b9 100644 --- a/include/wolfssl/wolfcrypt/arc4.h +++ b/include/wolfssl/wolfcrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,7 +10,9 @@ */ - +/*! + \file wolfssl/wolfcrypt/arc4.h +*/ #ifndef WOLF_CRYPT_ARC4_H #define WOLF_CRYPT_ARC4_H @@ -27,7 +29,8 @@ enum { ARC4_ENC_TYPE = 4, /* cipher unique type */ - ARC4_STATE_SIZE = 256 + ARC4_STATE_SIZE = 256, + RC4_KEY_SIZE = 16, /* always 128bit */ }; /* ARC4 encryption and decryption */ diff --git a/include/wolfssl/wolfcrypt/asn_public.h b/include/wolfssl/wolfcrypt/asn_public.h new file mode 100644 index 00000000..3deb869d --- /dev/null +++ b/include/wolfssl/wolfcrypt/asn_public.h @@ -0,0 +1,458 @@ +/* asn_public.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. + * + * This file is part of wolfSSL. + * + * Contact licensing@wolfssl.com with any questions or comments. + * + * http://www.wolfssl.com + */ + + +/*! + \file wolfssl/wolfcrypt/asn_public.h +*/ + +#ifndef WOLF_CRYPT_ASN_PUBLIC_H +#define WOLF_CRYPT_ASN_PUBLIC_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* guard on redeclaration */ +#ifndef WC_ECCKEY_TYPE_DEFINED + typedef struct ecc_key ecc_key; + #define WC_ECCKEY_TYPE_DEFINED +#endif +#ifndef WC_ED25519KEY_TYPE_DEFINED + typedef struct ed25519_key ed25519_key; + #define WC_ED25519KEY_TYPE_DEFINED +#endif +#ifndef WC_RSAKEY_TYPE_DEFINED + typedef struct RsaKey RsaKey; + #define WC_RSAKEY_TYPE_DEFINED +#endif +#ifndef WC_RNG_TYPE_DEFINED + typedef struct WC_RNG WC_RNG; + #define WC_RNG_TYPE_DEFINED +#endif + +struct WOLFSSL_CTX; + + +/* Certificate file Type */ +enum CertType { + CERT_TYPE = 0, + PRIVATEKEY_TYPE, + DH_PARAM_TYPE, + DSA_PARAM_TYPE, + CRL_TYPE, + CA_TYPE, + ECC_PRIVATEKEY_TYPE, + DSA_PRIVATEKEY_TYPE, + CERTREQ_TYPE, + DSA_TYPE, + ECC_TYPE, + RSA_TYPE, + PUBLICKEY_TYPE, + RSA_PUBLICKEY_TYPE, + ECC_PUBLICKEY_TYPE, + TRUSTED_PEER_TYPE, + EDDSA_PRIVATEKEY_TYPE, + ED25519_TYPE, + PKCS12_TYPE +}; + + +/* Signature type, by OID sum */ +enum Ctc_SigType { + CTC_SHAwDSA = 517, + CTC_MD2wRSA = 646, + CTC_MD5wRSA = 648, + CTC_SHAwRSA = 649, + CTC_SHAwECDSA = 520, + CTC_SHA224wRSA = 658, + CTC_SHA224wECDSA = 523, + CTC_SHA256wRSA = 655, + CTC_SHA256wECDSA = 524, + CTC_SHA384wRSA = 656, + CTC_SHA384wECDSA = 525, + CTC_SHA512wRSA = 657, + CTC_SHA512wECDSA = 526, + CTC_ED25519 = 256 +}; + +enum Ctc_Encoding { + CTC_UTF8 = 0x0c, /* utf8 */ + CTC_PRINTABLE = 0x13 /* printable */ +}; + +#ifndef WC_CTC_MAX_ALT_SIZE + #define WC_CTC_MAX_ALT_SIZE 16384 +#endif + +enum Ctc_Misc { + CTC_COUNTRY_SIZE = 2, + CTC_NAME_SIZE = 64, + CTC_DATE_SIZE = 32, + CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ + CTC_SERIAL_SIZE = 16, +#ifdef WOLFSSL_CERT_EXT + /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum + * We support only hash */ + CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ + CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ + CTC_MAX_CERTPOL_SZ = 64, + CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */ +#endif /* WOLFSSL_CERT_EXT */ +}; + +/* DER buffer */ +typedef struct DerBuffer { + byte* buffer; + void* heap; + word32 length; + int type; /* enum CertType */ + int dynType; /* DYNAMIC_TYPE_* */ +} DerBuffer; + +enum { + IV_SZ = 32, /* max iv sz */ + NAME_SZ = 80, /* max one line */ + + PEM_PASS_READ = 0, + PEM_PASS_WRITE = 1, +}; + + +typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata); + +typedef struct EncryptedInfo { + pem_password_cb* passwd_cb; + void* passwd_userdata; + + long consumed; /* tracks PEM bytes consumed */ + + int cipherType; + word32 keySz; + word32 ivSz; /* salt or encrypted IV size */ + + char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */ + byte iv[IV_SZ]; /* salt or encrypted IV */ + + byte set:1; /* if encryption set */ +} EncryptedInfo; + + +#ifdef WOLFSSL_CERT_GEN + +#ifdef WOLFSSL_EKU_OID + #ifndef CTC_MAX_EKU_NB + #define CTC_MAX_EKU_NB 1 + #endif + #ifndef CTC_MAX_EKU_OID_SZ + #define CTC_MAX_EKU_OID_SZ 30 + #endif +#else + #undef CTC_MAX_EKU_OID_SZ + #define CTC_MAX_EKU_OID_SZ 0 +#endif + + +#ifdef WOLFSSL_MULTI_ATTRIB +#ifndef CTC_MAX_ATTRIB + #define CTC_MAX_ATTRIB 4 +#endif + +/* ASN Encoded Name field */ +typedef struct NameAttrib { + int sz; /* actual string value length */ + int id; /* id of name */ + int type; /* enc of name */ + char value[CTC_NAME_SIZE]; /* name */ +} NameAttrib; +#endif /* WOLFSSL_MULTI_ATTRIB */ + + +typedef struct CertName { + char country[CTC_NAME_SIZE]; + char countryEnc; + char state[CTC_NAME_SIZE]; + char stateEnc; + char locality[CTC_NAME_SIZE]; + char localityEnc; + char sur[CTC_NAME_SIZE]; + char surEnc; + char org[CTC_NAME_SIZE]; + char orgEnc; + char unit[CTC_NAME_SIZE]; + char unitEnc; + char commonName[CTC_NAME_SIZE]; + char commonNameEnc; + char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ +#ifdef WOLFSSL_MULTI_ATTRIB + NameAttrib name[CTC_MAX_ATTRIB]; +#endif +} CertName; + + +/* for user to fill for certificate generation */ +typedef struct Cert { + int version; /* x509 version */ + byte serial[CTC_SERIAL_SIZE]; /* serial number */ + int serialSz; /* serial size */ + int sigType; /* signature algo type */ + CertName issuer; /* issuer info */ + int daysValid; /* validity days */ + int selfSigned; /* self signed flag */ + CertName subject; /* subject info */ + int isCA; /* is this going to be a CA */ + /* internal use only */ + int bodySz; /* pre sign total size */ + int keyType; /* public key type of subject */ +#ifdef WOLFSSL_ALT_NAMES + byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */ + int altNamesSz; /* altNames size in bytes */ + byte beforeDate[CTC_DATE_SIZE]; /* before date copy */ + int beforeDateSz; /* size of copy */ + byte afterDate[CTC_DATE_SIZE]; /* after date copy */ + int afterDateSz; /* size of copy */ +#endif +#ifdef WOLFSSL_CERT_EXT + byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ + int skidSz; /* SKID size in bytes */ + byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */ + int akidSz; /* AKID size in bytes */ + word16 keyUsage; /* Key Usage */ + byte extKeyUsage; /* Extended Key Usage */ +#ifdef WOLFSSL_EKU_OID + /* Extended Key Usage OIDs */ + byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ]; + byte extKeyUsageOIDSz[CTC_MAX_EKU_NB]; +#endif + char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ]; + word16 certPoliciesNb; /* Number of Cert Policy */ +#endif +#ifdef WOLFSSL_CERT_REQ + char challengePw[CTC_NAME_SIZE]; +#endif + void* heap; /* heap hint */ +} Cert; + + + +/* Initialize and Set Certificate defaults: + version = 3 (0x2) + serial = 0 (Will be randomly generated) + sigType = SHA_WITH_RSA + issuer = blank + daysValid = 500 + selfSigned = 1 (true) use subject as issuer + subject = blank + isCA = 0 (false) + keyType = RSA_KEY (default) +*/ +WOLFSSL_API int wc_InitCert(Cert*); +WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, + int keyType, void* key, WC_RNG* rng); +WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, + ecc_key*, WC_RNG*); +#ifdef WOLFSSL_CERT_REQ + WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz, + int, void*); + WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, + RsaKey*, ecc_key*); +#endif +WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer, + word32 buffSz, int keyType, void* key, + WC_RNG* rng); +WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, + word32 derSz, RsaKey*, ecc_key*, WC_RNG*); +WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, + WC_RNG*); +WOLFSSL_API int wc_SetIssuer(Cert*, const char*); +WOLFSSL_API int wc_SetSubject(Cert*, const char*); +#ifdef WOLFSSL_ALT_NAMES + WOLFSSL_API int wc_SetAltNames(Cert*, const char*); +#endif +WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); +WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); + +#ifndef NO_ASN_TIME +WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, + struct tm* after); +#endif + +#ifdef WOLFSSL_CERT_EXT +WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, + void* key); +WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, + ecc_key *eckey); +WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz); +WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file); +WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, + void* key); +WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, + ecc_key *eckey); +WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); + +#ifdef HAVE_NTRU +WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey, + word16 ntruKeySz); +#endif + +/* Set the KeyUsage. + * Value is a string separated tokens with ','. Accepted tokens are : + * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign, + * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly. + * + * nonRepudiation and contentCommitment are for the same usage. + */ +WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value); + +/* Set ExtendedKeyUsage + * Value is a string separated tokens with ','. Accepted tokens are : + * any,serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,OCSPSigning + */ +WOLFSSL_API int wc_SetExtKeyUsage(Cert *cert, const char *value); + + +#ifdef WOLFSSL_EKU_OID +/* Set ExtendedKeyUsage with unique OID + * oid is expected to be in byte representation + */ +WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz, + byte idx, void* heap); +#endif /* WOLFSSL_EKU_OID */ +#endif /* WOLFSSL_CERT_EXT */ + + #ifdef HAVE_NTRU + WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, + const byte* ntruKey, word16 keySz, + WC_RNG*); + #endif + +#endif /* WOLFSSL_CERT_GEN */ + +WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz, + const byte** date, byte* format, int* length); +#ifndef NO_ASN_TIME +WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length, + byte format, struct tm* time); +#endif + +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + + WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header, + const char** footer); + +#endif + +#ifdef WOLFSSL_PEM_TO_DER + WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type, + DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey); + + WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int, + unsigned char*, int, const char*); + WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int, + unsigned char*, int, int); +#endif /* WOLFSSL_PEM_TO_DER */ + +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) + #ifndef NO_FILESYSTEM + WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz); + #endif + + WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int, + unsigned char*, int); +#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ + +#ifdef WOLFSSL_CERT_GEN + #ifndef NO_FILESYSTEM + WOLFSSL_API int wc_PemCertToDer(const char* fileName, + unsigned char* derBuf, int derSz); + #endif +#endif /* WOLFSSL_CERT_GEN */ + +#ifdef WOLFSSL_DER_TO_PEM + WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, + word32 outputSz, int type); + WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, + word32 outputSz, byte *cipherIno, int type); +#endif + +#ifdef HAVE_ECC + /* private key helpers */ + WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*, + ecc_key*, word32); + WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen); + WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, + word32 inLen); + WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, + word32* outLen); + + /* public key helper */ + WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, + ecc_key*, word32); + WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, + word32 inLen, int with_AlgCurve); +#endif + +#ifdef HAVE_ED25519 + /* private key helpers */ + WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*, + ed25519_key*, word32); + WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output, + word32 inLen); + WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, + word32 inLen); + + /* public key helper */ + WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*, + ed25519_key*, word32); + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output, + word32 inLen, int with_AlgCurve); + #endif +#endif + +/* DER encode signature */ +WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, + word32 digSz, int hashOID); +WOLFSSL_API int wc_GetCTC_HashOID(int type); + +WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input, + word32* inOutIdx, word32 sz); +WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz, + byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz); + +#ifndef NO_ASN_TIME +/* Time */ +/* Returns seconds (Epoch/UTC) + * timePtr: is "time_t", which is typically "long" + * Example: + long lTime; + rc = wc_GetTime(&lTime, (word32)sizeof(lTime)); +*/ +WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); +#endif + +#ifdef WOLFSSL_ENCRYPTED_KEYS + WOLFSSL_API int wc_EncryptedInfoGet(EncryptedInfo* info, + const char* cipherInfo); +#endif + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_ASN_PUBLIC_H */ + diff --git a/include/wolfssl/wolfcrypt/des3.h b/include/wolfssl/wolfcrypt/des3.h index 2ba69280..63fb418c 100644 --- a/include/wolfssl/wolfcrypt/des3.h +++ b/include/wolfssl/wolfcrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,9 @@ */ +/*! + \file wolfssl/wolfcrypt/des3.h +*/ #ifndef WOLF_CRYPT_DES3_H #define WOLF_CRYPT_DES3_H @@ -27,6 +30,14 @@ extern "C" { #endif +/* these are required for FIPS and non-FIPS */ +enum { + DES_KEY_SIZE = 8, /* des */ + DES3_KEY_SIZE = 24, /* 3 des ede */ + DES_IV_SIZE = 16, +}; + + #ifndef HAVE_FIPS /* to avoid redefinition of macros */ #ifdef WOLFSSL_ASYNC_CRYPT @@ -34,10 +45,11 @@ #endif enum { - DES_ENC_TYPE = 2, /* cipher unique type */ - DES3_ENC_TYPE = 3, /* cipher unique type */ + DES_ENC_TYPE = WC_CIPHER_DES, /* cipher unique type */ + DES3_ENC_TYPE = WC_CIPHER_DES3, /* cipher unique type */ + DES_BLOCK_SIZE = 8, - DES_KS_SIZE = 32, + DES_KS_SIZE = 32, /* internal DES key buffer size */ DES_ENCRYPTION = 0, DES_DECRYPTION = 1 diff --git a/include/wolfssl/wolfcrypt/ecc.h b/include/wolfssl/wolfcrypt/ecc.h index 1b26ca60..86bfa99d 100644 --- a/include/wolfssl/wolfcrypt/ecc.h +++ b/include/wolfssl/wolfcrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,10 @@ */ +/*! + \file wolfssl/wolfcrypt/ecc.h +*/ + #ifndef WOLF_CRYPT_ECC_H #define WOLF_CRYPT_ECC_H @@ -67,12 +71,12 @@ #define MAX_ECC_BITS 384 #elif defined(HAVE_ECC320) #define MAX_ECC_BITS 320 +#elif !defined(NO_ECC256) + #define MAX_ECC_BITS 256 #elif defined(HAVE_ECC239) #define MAX_ECC_BITS 239 #elif defined(HAVE_ECC224) #define MAX_ECC_BITS 224 -#elif !defined(NO_ECC256) - #define MAX_ECC_BITS 256 #elif defined(HAVE_ECC192) #define MAX_ECC_BITS 192 #elif defined(HAVE_ECC160) @@ -109,9 +113,19 @@ enum { /* max crypto hardware size */ #ifdef WOLFSSL_ATECC508A ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ + ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), #elif defined(PLUTON_CRYPTO_ECC) ECC_MAX_CRYPTO_HW_SIZE = 32, #endif + + /* point encoding type */ + ECC_TYPE_HEX_STR = 1, + ECC_TYPE_UNSIGNED_BIN = 2, + + /* point compression type */ + ECC_POINT_COMP_EVEN = 0x02, + ECC_POINT_COMP_ODD = 0x03, + ECC_POINT_UNCOMP = 0x04, }; /* Curve Types */ @@ -294,15 +308,19 @@ struct ecc_key { mp_int k; /* private key */ #ifdef WOLFSSL_ATECC508A int slot; /* Key Slot Number (-1 unknown) */ - byte pubkey_raw[PUB_KEY_SIZE]; + byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; #endif -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) int devId; #endif #ifdef WOLFSSL_ASYNC_CRYPT mp_int* r; /* sign/verify temps */ mp_int* s; WC_ASYNC_DEV asyncDev; + #ifdef HAVE_CAVIUM_V + mp_int* e; /* Sign, Verify and Shared Secret */ + mp_int* signK; + #endif #ifdef WOLFSSL_CERT_GEN CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ #endif @@ -474,6 +492,9 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, WOLFSSL_API int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen); WOLFSSL_API +int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, + byte* out, word32* outlen); +WOLFSSL_API int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen, byte* s, word32* sLen); WOLFSSL_API @@ -482,6 +503,9 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, WOLFSSL_API int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy, const char* d, int curve_id); +WOLFSSL_API +int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy, + byte* d, int curve_id); #endif /* HAVE_ECC_KEY_IMPORT */ #ifdef HAVE_ECC_KEY_EXPORT @@ -513,6 +537,8 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, WOLFSSL_API int wc_ecc_size(ecc_key* key); WOLFSSL_API +int wc_ecc_sig_size_calc(int sz); +WOLFSSL_API int wc_ecc_sig_size(ecc_key* key); WOLFSSL_API diff --git a/include/wolfssl/wolfcrypt/hash.h b/include/wolfssl/wolfcrypt/hash.h index 6c561fb5..a9be2e14 100644 --- a/include/wolfssl/wolfcrypt/hash.h +++ b/include/wolfssl/wolfcrypt/hash.h @@ -1,6 +1,6 @@ /* hash.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,9 @@ */ +/*! + \file wolfssl/wolfcrypt/hash.h +*/ #ifndef WOLF_CRYPT_HASH_H #define WOLF_CRYPT_HASH_H @@ -34,6 +37,13 @@ #ifdef WOLFSSL_SHA3 #include #endif +#ifndef NO_MD4 + #include +#endif +#ifdef WOLFSSL_MD2 + #include +#endif + #ifdef __cplusplus extern "C" { @@ -44,20 +54,6 @@ #endif -/* Hash types */ -enum wc_HashType { - WC_HASH_TYPE_NONE = 0, - WC_HASH_TYPE_MD2 = 1, - WC_HASH_TYPE_MD4 = 2, - WC_HASH_TYPE_MD5 = 3, - WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ - WC_HASH_TYPE_SHA224 = 9, - WC_HASH_TYPE_SHA256 = 5, - WC_HASH_TYPE_SHA384 = 6, - WC_HASH_TYPE_SHA512 = 7, - WC_HASH_TYPE_MD5_SHA = 8, -}; - typedef union { #ifndef NO_MD5 wc_Md5 md5; @@ -83,29 +79,42 @@ typedef union { Note if this gets up to the size of 80 or over check smallstack build */ #if defined(WOLFSSL_SHA3) #define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA3_224_BLOCK_SIZE /* 224 is the largest block size */ #elif defined(WOLFSSL_SHA512) #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA512_BLOCK_SIZE #elif defined(HAVE_BLAKE2) #define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES + #define WC_MAX_BLOCK_SIZE BLAKE2B_BLOCKBYTES #elif defined(WOLFSSL_SHA384) #define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA384_BLOCK_SIZE #elif !defined(NO_SHA256) #define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA256_BLOCK_SIZE #elif defined(WOLFSSL_SHA224) #define WC_MAX_DIGEST_SIZE WC_SHA224_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA224_BLOCK_SIZE #elif !defined(NO_SHA) #define WC_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_SHA_BLOCK_SIZE #elif !defined(NO_MD5) #define WC_MAX_DIGEST_SIZE WC_MD5_DIGEST_SIZE + #define WC_MAX_BLOCK_SIZE WC_MD5_BLOCK_SIZE #else #define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */ + #define WC_MAX_BLOCK_SIZE 128 #endif #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type); +WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid); #endif +WOLFSSL_API enum wc_HashType wc_HashTypeConvert(int hashType); + WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type); +WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type); WOLFSSL_API int wc_Hash(enum wc_HashType hash_type, const byte* data, word32 data_len, byte* hash, word32 hash_len); diff --git a/include/wolfssl/wolfcrypt/hmac.h b/include/wolfssl/wolfcrypt/hmac.h index d3f8b236..9997b3f9 100644 --- a/include/wolfssl/wolfcrypt/hmac.h +++ b/include/wolfssl/wolfcrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,7 +10,9 @@ */ - +/*! + \file wolfssl/wolfcrypt/hmac.h +*/ #ifndef NO_HMAC @@ -47,63 +49,43 @@ enum { /* If any hash is not enabled, add the ID here. */ #ifdef NO_MD5 - WC_MD5 = 0, + WC_MD5 = WC_HASH_TYPE_MD5, #endif #ifdef NO_SHA - WC_SHA = 1, + WC_SHA = WC_HASH_TYPE_SHA, #endif #ifdef NO_SHA256 - WC_SHA256 = 2, + WC_SHA256 = WC_HASH_TYPE_SHA256, #endif #ifndef WOLFSSL_SHA512 - WC_SHA512 = 4, + WC_SHA512 = WC_HASH_TYPE_SHA512, #endif #ifndef WOLFSSL_SHA384 - WC_SHA384 = 5, + WC_SHA384 = WC_HASH_TYPE_SHA384, #endif #ifndef HAVE_BLAKE2 - BLAKE2B_ID = 7, + BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B, #endif #ifndef WOLFSSL_SHA224 - WC_SHA224 = 8, + WC_SHA224 = WC_HASH_TYPE_SHA224, #endif #ifndef WOLFSSL_SHA3 - WC_SHA3_224 = 10, - WC_SHA3_256 = 11, - WC_SHA3_384 = 12, - WC_SHA3_512 = 13, -#else - /* These values are used for HMAC, not SHA-3 directly. - * They come from from FIPS PUB 202. */ - WC_SHA3_224_BLOCK_SIZE = 144, - WC_SHA3_256_BLOCK_SIZE = 136, - WC_SHA3_384_BLOCK_SIZE = 104, - WC_SHA3_512_BLOCK_SIZE = 72, -#endif - -/* Select the largest available hash for the buffer size. */ -#if defined(WOLFSSL_SHA3) - WC_HMAC_BLOCK_SIZE = WC_SHA3_224_BLOCK_SIZE - /* SHA3-224 has the largest block size */ -#elif defined(WOLFSSL_SHA512) - WC_HMAC_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, -#elif defined(HAVE_BLAKE2) - WC_HMAC_BLOCK_SIZE = BLAKE2B_BLOCKBYTES, -#elif defined(WOLFSSL_SHA384) - WC_HMAC_BLOCK_SIZE = WC_SHA384_BLOCK_SIZE -#elif !defined(NO_SHA256) - WC_HMAC_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE -#elif defined(WOLFSSL_SHA224) - WC_HMAC_BLOCK_SIZE = WC_SHA224_BLOCK_SIZE -#elif !defined(NO_SHA) - WC_HMAC_BLOCK_SIZE = WC_SHA_BLOCK_SIZE, -#elif !defined(NO_MD5) - WC_HMAC_BLOCK_SIZE = WC_MD5_BLOCK_SIZE, -#else - #error "You have to have some kind of hash if you want to use HMAC." + WC_SHA3_224 = WC_HASH_TYPE_SHA3_224, + WC_SHA3_256 = WC_HASH_TYPE_SHA3_256, + WC_SHA3_384 = WC_HASH_TYPE_SHA3_384, + WC_SHA3_512 = WC_HASH_TYPE_SHA3_512, #endif }; +/* Select the largest available hash for the buffer size. */ +#define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE + +#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && !defined(HAVE_BLAKE2) && \ + !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && defined(WOLFSSL_SHA224) && \ + defined(NO_SHA) && defined(NO_MD5) + #error "You have to have some kind of hash if you want to use HMAC." +#endif + /* hash union */ typedef union { @@ -129,7 +111,7 @@ typedef union { Blake2b blake2b; #endif #ifdef WOLFSSL_SHA3 - Sha3 sha3; + wc_Sha3 sha3; #endif } Hash; @@ -146,10 +128,6 @@ typedef struct Hmac { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; word16 keyLen; /* hmac key length (key in ipad) */ - #ifdef HAVE_CAVIUM - byte* data; /* buffered input data for one call */ - word16 dataLen; - #endif /* HAVE_CAVIUM */ #endif /* WOLFSSL_ASYNC_CRYPT */ } Hmac; diff --git a/include/wolfssl/wolfcrypt/integer.h b/include/wolfssl/wolfcrypt/integer.h index 2ab1db1f..ed61a0f3 100644 --- a/include/wolfssl/wolfcrypt/integer.h +++ b/include/wolfssl/wolfcrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * diff --git a/include/wolfssl/wolfcrypt/logging.h b/include/wolfssl/wolfcrypt/logging.h index 8be8f141..d4045cf2 100644 --- a/include/wolfssl/wolfcrypt/logging.h +++ b/include/wolfssl/wolfcrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,10 @@ */ +/*! + \file wolfssl/wolfcrypt/logging.h +*/ + /* submitted by eof */ @@ -32,6 +36,48 @@ enum wc_LogLevels { OTHER_LOG }; +#ifdef WOLFSSL_FUNC_TIME +/* WARNING: This code is only to be used for debugging performance. + * The code is not thread-safe. + * Do not use WOLFSSL_FUNC_TIME in production code. + */ +enum wc_FuncNum { + WC_FUNC_CLIENT_HELLO_SEND = 0, + WC_FUNC_CLIENT_HELLO_DO, + WC_FUNC_SERVER_HELLO_SEND, + WC_FUNC_SERVER_HELLO_DO, + WC_FUNC_ENCRYPTED_EXTENSIONS_SEND, + WC_FUNC_ENCRYPTED_EXTENSIONS_DO, + WC_FUNC_CERTIFICATE_REQUEST_SEND, + WC_FUNC_CERTIFICATE_REQUEST_DO, + WC_FUNC_CERTIFICATE_SEND, + WC_FUNC_CERTIFICATE_DO, + WC_FUNC_CERTIFICATE_VERIFY_SEND, + WC_FUNC_CERTIFICATE_VERIFY_DO, + WC_FUNC_FINISHED_SEND, + WC_FUNC_FINISHED_DO, + WC_FUNC_KEY_UPDATE_SEND, + WC_FUNC_KEY_UPDATE_DO, + WC_FUNC_EARLY_DATA_SEND, + WC_FUNC_EARLY_DATA_DO, + WC_FUNC_NEW_SESSION_TICKET_SEND, + WC_FUNC_NEW_SESSION_TICKET_DO, + WC_FUNC_SERVER_HELLO_DONE_SEND, + WC_FUNC_SERVER_HELLO_DONE_DO, + WC_FUNC_TICKET_SEND, + WC_FUNC_TICKET_DO, + WC_FUNC_CLIENT_KEY_EXCHANGE_SEND, + WC_FUNC_CLIENT_KEY_EXCHANGE_DO, + WC_FUNC_CERTIFICATE_STATUS_SEND, + WC_FUNC_CERTIFICATE_STATUS_DO, + WC_FUNC_SERVER_KEY_EXCHANGE_SEND, + WC_FUNC_SERVER_KEY_EXCHANGE_DO, + WC_FUNC_END_OF_EARLY_DATA_SEND, + WC_FUNC_END_OF_EARLY_DATA_DO, + WC_FUNC_COUNT +}; +#endif + typedef void (*wolfSSL_Logging_cb)(const int logLevel, const char *const logMessage); @@ -57,10 +103,23 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API int wc_SetLoggingHeap(void* h); WOLFSSL_API int wc_ERR_remove_state(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API void wc_ERR_print_errors_fp(FILE* fp); + WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); #endif #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ +#ifdef WOLFSSL_FUNC_TIME + /* WARNING: This code is only to be used for debugging performance. + * The code is not thread-safe. + * Do not use WOLFSSL_FUNC_TIME in production code. + */ + WOLFSSL_API void WOLFSSL_START(int funcNum); + WOLFSSL_API void WOLFSSL_END(int funcNum); + WOLFSSL_API void WOLFSSL_TIME(int count); +#else + #define WOLFSSL_START(n) + #define WOLFSSL_END(n) + #define WOLFSSL_TIME(n) +#endif #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY) #if defined(_WIN32) @@ -93,7 +152,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); #endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */ -#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, diff --git a/include/wolfssl/wolfcrypt/md5.h b/include/wolfssl/wolfcrypt/md5.h index 67e077dc..a7b3e328 100644 --- a/include/wolfssl/wolfcrypt/md5.h +++ b/include/wolfssl/wolfcrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,10 @@ */ +/*! + \file wolfssl/wolfcrypt/md5.h +*/ + #ifndef WOLF_CRYPT_MD5_H #define WOLF_CRYPT_MD5_H @@ -39,12 +43,13 @@ /* in bytes */ enum { - WC_MD5 = 0, /* hash type unique */ + WC_MD5 = WC_HASH_TYPE_MD5, WC_MD5_BLOCK_SIZE = 64, WC_MD5_DIGEST_SIZE = 16, WC_MD5_PAD_SIZE = 56 }; + #ifdef WOLFSSL_MICROCHIP_PIC32MZ #include #endif diff --git a/include/wolfssl/wolfcrypt/mpi_class.h b/include/wolfssl/wolfcrypt/mpi_class.h index d612969d..356d33b0 100644 --- a/include/wolfssl/wolfcrypt/mpi_class.h +++ b/include/wolfssl/wolfcrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * diff --git a/include/wolfssl/wolfcrypt/mpi_superclass.h b/include/wolfssl/wolfcrypt/mpi_superclass.h index 3f61dfaf..cec79b38 100644 --- a/include/wolfssl/wolfcrypt/mpi_superclass.h +++ b/include/wolfssl/wolfcrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * diff --git a/include/wolfssl/wolfcrypt/pwdbased.h b/include/wolfssl/wolfcrypt/pwdbased.h index 5c187afe..75c875a3 100644 --- a/include/wolfssl/wolfcrypt/pwdbased.h +++ b/include/wolfssl/wolfcrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,9 @@ */ +/*! + \file wolfssl/wolfcrypt/pwdbased.h +*/ #ifndef WOLF_CRYPT_PWDBASED_H #define WOLF_CRYPT_PWDBASED_H @@ -18,11 +21,6 @@ #ifndef NO_PWDBASED -#ifndef NO_MD5 - #include /* for hash type */ -#endif - -#include #ifdef __cplusplus extern "C" { @@ -32,6 +30,10 @@ * hashType renamed to typeH to avoid shadowing global declaration here: * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types */ +WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, + const byte* passwd, int passwdLen, + const byte* salt, int saltLen, int iterations, + int hashType, void* heap); WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int typeH); @@ -51,12 +53,6 @@ WOLFSSL_API int wc_scrypt(byte* output, const byte* passwd, int passLen, int blockSize, int parallel, int dkLen); #endif -/* helper functions */ -WOLFSSL_LOCAL int GetDigestSize(int typeH); -WOLFSSL_LOCAL int GetPKCS12HashSizes(int typeH, word32* v, word32* u); -WOLFSSL_LOCAL int DoPKCS12Hash(int typeH, byte* buffer, word32 totalLen, - byte* Ai, word32 u, int iterations); - #ifdef __cplusplus } /* extern "C" */ diff --git a/include/wolfssl/wolfcrypt/random.h b/include/wolfssl/wolfcrypt/random.h index 17bcf7bd..e4e37c60 100644 --- a/include/wolfssl/wolfcrypt/random.h +++ b/include/wolfssl/wolfcrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,10 @@ */ +/*! + \file wolfssl/wolfcrypt/random.h +*/ + #ifndef WOLF_CRYPT_RANDOM_H diff --git a/include/wolfssl/wolfcrypt/settings.h b/include/wolfssl/wolfcrypt/settings.h index 5a22416b..ab4ace05 100644 --- a/include/wolfssl/wolfcrypt/settings.h +++ b/include/wolfssl/wolfcrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -977,7 +977,7 @@ extern void uITRON4_free(void *p) ; #endif #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ - defined(WOLFSSL_STM32F7) + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) #define SIZEOF_LONG_LONG 8 #define NO_DEV_RANDOM @@ -1007,6 +1007,8 @@ extern void uITRON4_free(void *p) ; #include "stm32f4xx_hal.h" #elif defined(WOLFSSL_STM32F7) #include "stm32f7xx_hal.h" + #elif defined(WOLFSSL_STM32F1) + #include "stm32f1xx_hal.h" #endif #ifndef STM32_HAL_TIMEOUT @@ -1031,6 +1033,8 @@ extern void uITRON4_free(void *p) ; #endif #elif defined(WOLFSSL_STM32F7) #include "stm32f7xx.h" + #elif defined(WOLFSSL_STM32F1) + #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ #endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32F7 */ @@ -1551,7 +1555,7 @@ extern void uITRON4_free(void *p) ; #ifndef HAVE_AES_KEYWRAP #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP #endif - #ifndef HAVE_X963_KDF + #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF) #error PKCS7 requires X963 KDF please define HAVE_X963_KDF #endif #endif @@ -1574,7 +1578,7 @@ extern void uITRON4_free(void *p) ; #undef HAVE_GMTIME_R /* don't trust macro with windows */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */ -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION #define OPENSSL_NO_ENGINE #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT @@ -1626,8 +1630,8 @@ extern void uITRON4_free(void *p) ; #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) /* added to have compatibility with SHA256() */ - #if !defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) - #define NO_OLD_SHA256_NAMES + #if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) + #define NO_OLD_SHA_NAMES #endif #endif @@ -1637,7 +1641,39 @@ extern void uITRON4_free(void *p) ; #undef OPENSSL_EXTRA_X509_SMALL #define OPENSSL_EXTRA_X509_SMALL #endif /* OPENSSL_EXTRA */ - + +/* support for converting DER to PEM */ +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || \ + defined(OPENSSL_EXTRA) + #undef WOLFSSL_DER_TO_PEM + #define WOLFSSL_DER_TO_PEM +#endif + +/* keep backwards compatibility enabling encrypted private key */ +#ifndef WOLFSSL_ENCRYPTED_KEYS + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) + #define WOLFSSL_ENCRYPTED_KEYS + #endif +#endif + +/* support for disabling PEM to DER */ +#if !defined(WOLFSSL_NO_PEM) + #undef WOLFSSL_PEM_TO_DER + #define WOLFSSL_PEM_TO_DER +#endif + +/* Parts of the openssl compatibility layer require peer certs */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #undef KEEP_PEER_CERT + #define KEEP_PEER_CERT +#endif + +/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/ +#ifdef WOLFSSL_ARMASM + #undef WOLFSSL_NO_HASH_RAW + #define WOLFSSL_NO_HASH_RAW +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/include/wolfssl/wolfcrypt/sha.h b/include/wolfssl/wolfcrypt/sha.h index 416ec626..d2b36763 100644 --- a/include/wolfssl/wolfcrypt/sha.h +++ b/include/wolfssl/wolfcrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,10 @@ */ +/*! + \file wolfssl/wolfcrypt/sha.h +*/ + #ifndef WOLF_CRYPT_SHA_H #define WOLF_CRYPT_SHA_H @@ -49,9 +53,12 @@ #include #endif +#if !defined(NO_OLD_SHA_NAMES) + #define SHA WC_SHA +#endif + #ifndef NO_OLD_WC_NAMES #define Sha wc_Sha - #define SHA WC_SHA #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE #define SHA_PAD_SIZE WC_SHA_PAD_SIZE @@ -59,7 +66,7 @@ /* in bytes */ enum { - WC_SHA = 1, /* hash type unique */ + WC_SHA = WC_HASH_TYPE_SHA, WC_SHA_BLOCK_SIZE = 64, WC_SHA_DIGEST_SIZE = 20, WC_SHA_PAD_SIZE = 56 @@ -107,6 +114,7 @@ typedef struct wc_Sha { WOLFSSL_API int wc_InitSha(wc_Sha*); WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32); +WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*); WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*); WOLFSSL_API void wc_ShaFree(wc_Sha*); diff --git a/include/wolfssl/wolfcrypt/sha256.h b/include/wolfssl/wolfcrypt/sha256.h index 2a84253a..720a683b 100644 --- a/include/wolfssl/wolfcrypt/sha256.h +++ b/include/wolfssl/wolfcrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,10 @@ */ +/*! + \file wolfssl/wolfcrypt/sha256.h +*/ + /* code submitted by raphael.huck@efixo.com */ @@ -68,9 +72,10 @@ #define SHA256_NOINLINE #endif -#ifndef NO_OLD_SHA256_NAMES +#if !defined(NO_OLD_SHA_NAMES) #define SHA256 WC_SHA256 #endif + #ifndef NO_OLD_WC_NAMES #define Sha256 wc_Sha256 #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE @@ -80,12 +85,13 @@ /* in bytes */ enum { - WC_SHA256 = 2, /* hash type unique */ + WC_SHA256 = WC_HASH_TYPE_SHA256, WC_SHA256_BLOCK_SIZE = 64, WC_SHA256_DIGEST_SIZE = 32, WC_SHA256_PAD_SIZE = 56 }; + #ifdef WOLFSSL_TI_HASH #include "wolfssl/wolfcrypt/port/ti/ti-hash.h" #elif defined(WOLFSSL_IMX6_CAAM) @@ -124,6 +130,7 @@ typedef struct wc_Sha256 { WOLFSSL_API int wc_InitSha256(wc_Sha256*); WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int); WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32); +WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*); WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*); WOLFSSL_API void wc_Sha256Free(wc_Sha256*); @@ -147,12 +154,13 @@ WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32); /* in bytes */ enum { - WC_SHA224 = 8, /* hash type unique */ + WC_SHA224 = WC_HASH_TYPE_SHA224, WC_SHA224_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE, WC_SHA224_DIGEST_SIZE = 28, WC_SHA224_PAD_SIZE = WC_SHA256_PAD_SIZE }; + typedef wc_Sha256 wc_Sha224; #endif /* HAVE_FIPS */ diff --git a/include/wolfssl/wolfcrypt/types.h b/include/wolfssl/wolfcrypt/types.h old mode 100755 new mode 100644 index e9584f8e..42b10682 --- a/include/wolfssl/wolfcrypt/types.h +++ b/include/wolfssl/wolfcrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,7 +10,9 @@ */ - +/*! + \file wolfssl/wolfcrypt/types.h +*/ #ifndef WOLF_CRYPT_TYPES_H #define WOLF_CRYPT_TYPES_H @@ -91,7 +93,7 @@ (defined(LP64) || defined(_LP64)) /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits * and int uses 32 bits. When using Solaris Studio sparc and __sparc are - * avialable for 32 bit detection but __sparc64__ could be missed. This + * available for 32 bit detection but __sparc64__ could be missed. This * uses LP64 for checking 64 bit CPU arch. */ typedef word64 wolfssl_word; #define WC_64BIT_CPU @@ -160,7 +162,7 @@ #if defined(_MSC_VER) #define THREAD_LS_T __declspec(thread) /* Thread local storage only in FreeRTOS v8.2.1 and higher */ - #elif defined(FREERTOS) + #elif defined(FREERTOS) || defined(FREERTOS_TCP) #define THREAD_LS_T #else #define THREAD_LS_T __thread @@ -190,7 +192,7 @@ /* idea to add global alloc override by Moises Guimaraes */ /* default to libc stuff */ /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embeded systems doesn't like free(0) so test */ + /* XFREE on some embedded systems doesn't like free(0) so test */ #if defined(HAVE_IO_POOL) WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); @@ -285,8 +287,12 @@ #define FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) /* nothing to free, its stack */ #endif - #ifndef WOLFSSL_LEANPSK - char* mystrnstr(const char* s1, const char* s2, unsigned int n); + #if !defined(USE_WOLF_STRTOK) && \ + (defined(__MINGW32__) || defined(WOLFSSL_TIRTOS) || defined(WOLF_C99)) + #define USE_WOLF_STRTOK + #endif + #if !defined(USE_WOLF_STRSEP) && (defined(WOLF_C99)) + #define USE_WOLF_STRSEP #endif #ifndef STRING_USER @@ -305,12 +311,22 @@ #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + #ifdef USE_WOLF_STRSEP + #define XSTRSEP(s1,d) wc_strsep((s1),(d)) + #else + #define XSTRSEP(s1,d) strsep((s1),(d)) + #endif + #if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) /* XC32 does not support strncasecmp, so use case sensitive one */ #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) - #elif defined(USE_WINDOWS_API) + #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else + #if defined(HAVE_STRINGS_H) && defined(WOLF_C99) && \ + !defined(WOLFSSL_SGX) + #include + #endif #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) #endif @@ -330,20 +346,23 @@ #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN) /* use only Thread Safe version of strtok */ - #if defined(__MINGW32__) || defined(WOLFSSL_TIRTOS) || \ - defined(USE_WOLF_STRTOK) - #ifndef USE_WOLF_STRTOK - #define USE_WOLF_STRTOK - #endif - #define XSTRTOK wc_strtok + #if defined(USE_WOLF_STRTOK) + #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS) - #define XSTRTOK strtok_s + #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr)) #else - #define XSTRTOK strtok_r + #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr)) #endif #endif #endif + #ifdef USE_WOLF_STRTOK + WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp); + #endif + #ifdef USE_WOLF_STRSEP + WOLFSSL_API char* wc_strsep(char **stringp, const char *delim); + #endif + #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ !defined(NO_STDIO_FILESYSTEM) #ifndef XGETENV @@ -469,6 +488,69 @@ }; + /* Algorithm Types */ + enum wc_AlgoType { + WC_ALGO_TYPE_NONE = 0, + WC_ALGO_TYPE_HASH = 1, + WC_ALGO_TYPE_CIPHER = 2, + WC_ALGO_TYPE_PK = 3, + + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_PK + }; + + /* hash types */ + enum wc_HashType { + WC_HASH_TYPE_NONE = 0, + WC_HASH_TYPE_MD2 = 1, + WC_HASH_TYPE_MD4 = 2, + WC_HASH_TYPE_MD5 = 3, + WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 5, + WC_HASH_TYPE_SHA256 = 6, + WC_HASH_TYPE_SHA384 = 7, + WC_HASH_TYPE_SHA512 = 8, + WC_HASH_TYPE_MD5_SHA = 9, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + + WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2B + }; + + /* cipher types */ + enum wc_CipherType { + WC_CIPHER_NONE = 0, + WC_CIPHER_AES = 1, + WC_CIPHER_AES_CBC = 2, + WC_CIPHER_AES_GCM = 3, + WC_CIPHER_AES_CTR = 4, + WC_CIPHER_AES_XTS = 5, + WC_CIPHER_AES_CFB = 6, + WC_CIPHER_DES3 = 7, + WC_CIPHER_DES = 8, + WC_CIPHER_CHACHA = 9, + WC_CIPHER_HC128 = 10, + WC_CIPHER_IDEA = 11, + + WC_CIPHER_MAX = WC_CIPHER_HC128 + }; + + /* PK=public key (asymmetric) based algorithms */ + enum wc_PkType { + WC_PK_TYPE_NONE = 0, + WC_PK_TYPE_RSA = 1, + WC_PK_TYPE_DH = 2, + WC_PK_TYPE_ECDH = 3, + WC_PK_TYPE_ECDSA_SIGN = 4, + WC_PK_TYPE_ECDSA_VERIFY = 5, + WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_CURVE25519 = 7, + + WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519 + }; + /* settings detection for compile vs runtime math incompatibilities */ enum { diff --git a/include/wolfssl/wolfcrypt/visibility.h b/include/wolfssl/wolfcrypt/visibility.h index 9fa91c25..740a0bf5 100644 --- a/include/wolfssl/wolfcrypt/visibility.h +++ b/include/wolfssl/wolfcrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * diff --git a/include/wolfssl/wolfcrypt/wc_port.h b/include/wolfssl/wolfcrypt/wc_port.h index 7e1b71de..dd3fce8a 100644 --- a/include/wolfssl/wolfcrypt/wc_port.h +++ b/include/wolfssl/wolfcrypt/wc_port.h @@ -1,6 +1,6 @@ /* wc_port.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,7 +10,9 @@ */ - +/*! + \file wolfssl/wolfcrypt/wc_port.h +*/ #ifndef WOLF_CRYPT_PORT_H #define WOLF_CRYPT_PORT_H @@ -22,6 +24,14 @@ extern "C" { #endif +/* Detect if compiler supports C99. "NO_WOLF_C99" can be defined in + * user_settings.h to disable checking for C99 support. */ +#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && \ + !defined(WOLFSSL_ARDUINO) && !defined(NO_WOLF_C99) + #if __STDC_VERSION__ >= 199901L + #define WOLF_C99 + #endif +#endif #ifdef USE_WINDOWS_API #ifdef WOLFSSL_GAME_BUILD @@ -274,7 +284,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XBADFILE NULL #define XFGETS fgets - #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) + #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + && !defined(WOLFSSL_NUCLEUS) #include #include #include @@ -288,7 +299,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define MAX_PATH 256 #endif -#if !defined(NO_WOLFSSL_DIR) +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) typedef struct ReadDirCtx { #ifdef USE_WINDOWS_API WIN32_FIND_DATAA FindFileData; @@ -308,10 +319,6 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif /* !NO_FILESYSTEM */ -#ifdef USE_WOLF_STRTOK - WOLFSSL_LOCAL char* wc_strtok(char *str, const char *delim, char **nextp); -#endif - /* Windows API defines its own min() macro. */ #if defined(USE_WINDOWS_API) #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE) @@ -400,6 +407,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); /* default */ /* uses complete facility */ #include + #if defined(HAVE_SYS_TIME_H) || defined(WOLF_C99) + #include + #endif /* PowerPC time_t is int */ #ifdef __PPC__ @@ -413,7 +423,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XTIME(tl) time((tl)) #endif #if !defined(XGMTIME) && !defined(TIME_OVERRIDES) - #if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) + #if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) || defined(WOLF_C99) #define XGMTIME(c, t) gmtime((c)) #else #define XGMTIME(c, t) gmtime_r((c), (t)) @@ -444,8 +454,18 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #if defined(USE_WOLF_TIME_T) typedef long time_t; #endif +#if defined(USE_WOLF_SUSECONDS_T) + typedef long suseconds_t; +#endif +#if defined(USE_WOLF_TIMEVAL_T) + struct timeval + { + time_t tv_sec; + suseconds_t tv_usec; + }; +#endif -/* forward declarations */ + /* forward declarations */ #if defined(USER_TIME) struct tm* gmtime(const time_t* timer); extern time_t XTIME(time_t * timer); @@ -465,6 +485,16 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #endif /* NO_ASN_TIME */ +#ifndef WOLFSSL_LEANPSK + char* mystrnstr(const char* s1, const char* s2, unsigned int n); +#endif + +#ifndef FILE_BUFFER_SIZE + #define FILE_BUFFER_SIZE 1024 /* default static file buffer size for input, + will use dynamic buffer if not big enough */ +#endif + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/include/wolfssl/wolfcrypt/wolfmath.h b/include/wolfssl/wolfcrypt/wolfmath.h index a72818b4..72adbd04 100644 --- a/include/wolfssl/wolfcrypt/wolfmath.h +++ b/include/wolfssl/wolfcrypt/wolfmath.h @@ -1,6 +1,6 @@ /* wolfmath.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -52,6 +52,7 @@ void wc_bigint_free(WC_BIGINT* a); int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst); + int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz); int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst); #endif /* HAVE_WOLF_BIGINT */ diff --git a/include/wolfssl/wolfio.h b/include/wolfssl/wolfio.h index a224483d..b8007cdf 100644 --- a/include/wolfssl/wolfio.h +++ b/include/wolfssl/wolfio.h @@ -1,6 +1,6 @@ /* io.h * - * Copyright (C) 2006-2017 wolfSSL Inc. All rights reserved. + * Copyright (C) 2006-2018 wolfSSL Inc. All rights reserved. * * This file is part of wolfSSL. * @@ -10,6 +10,9 @@ */ +/*! + \file wolfssl/wolfio.h +*/ #ifndef WOLFSSL_IO_H #define WOLFSSL_IO_H @@ -135,7 +138,6 @@ #define SOCKET_EPIPE WSAEPIPE #define SOCKET_ECONNREFUSED WSAENOTCONN #define SOCKET_ECONNABORTED WSAECONNABORTED - #define close(s) closesocket(s) #elif defined(__PPU) #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK #define SOCKET_EAGAIN SYS_NET_EAGAIN @@ -198,6 +200,23 @@ #endif /* USE_WINDOWS_API */ +#ifdef USE_WINDOWS_API + #define CloseSocket(s) closesocket(s) + #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); } +#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) + extern int closesocket(int); + #define CloseSocket(s) closesocket(s) + #define StartTCP() +#else + #define CloseSocket(s) close(s) + #define StartTCP() + #ifdef FREERTOS_TCP_WINSIM + extern int close(int); + #endif +#endif + + + #ifdef DEVKITPRO /* from network.h */ int net_send(int, const void*, int, unsigned int); @@ -250,6 +269,11 @@ typedef struct hostent HOSTENT; #endif /* HAVE_SOCKADDR */ + /* use gethostbyname for c99 */ + #ifdef WOLF_C99 + #undef HAVE_GETADDRINFO + #endif + #ifdef HAVE_GETADDRINFO typedef struct addrinfo ADDRINFO; #endif @@ -334,8 +358,11 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); /* I/O callbacks */ typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx); typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx); -WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv); -WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX*, CallbackIOSend); +WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv); +WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX*, CallbackIOSend); +/* deprecated old name */ +#define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv +#define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx); WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx); diff --git a/lib/libwolfssl.a b/lib/libwolfssl.a index 1feb160d..722859b3 100644 Binary files a/lib/libwolfssl.a and b/lib/libwolfssl.a differ