Update wolfSSL

This commit is contained in:
wiidev 2020-12-31 19:00:44 +00:00
parent 69de883610
commit 5ee143c499
65 changed files with 2212 additions and 437 deletions

View file

@ -169,6 +169,7 @@ enum wolfSSL_ErrorCodes {
TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */
DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */

View file

@ -146,6 +146,8 @@
/* do nothing, just don't pick Unix */
#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
/* do nothing */
#elif defined(RTTHREAD)
/* do nothing */
#elif defined(EBSNET)
/* do nothing */
#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
@ -1692,6 +1694,11 @@ WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
word32 hashSigAlgoSz);
#ifdef WOLF_CRYPTO_CB
WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* buffer, word32 length,
int hsType, int label, int id,
void* heap, int devId);
#endif
WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
#ifdef HAVE_PK_CALLBACKS
WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
@ -1713,9 +1720,11 @@ WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
int ivSz);
WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#ifdef HAVE_SNI
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
#endif
#endif
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
word16 sz, const byte* aad, word16 aadSz);
@ -1727,6 +1736,7 @@ WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
word32* inOutIdx, word32 helloSz,
byte* extMsgType);
WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl);
#endif
int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
int pLen, int content);
@ -1998,18 +2008,22 @@ struct WOLFSSL_CERT_MANAGER {
#ifndef NO_WOLFSSL_CM_VERIFY
VerifyCallback verifyCallback; /* Verify callback */
#endif
CallbackCACache caCacheCallback; /* CA cache addition callback */
CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL_Mutex caLock; /* CA list lock */
byte crlEnabled; /* is CRL on ? */
byte crlCheckAll; /* always leaf, but all ? */
byte ocspEnabled; /* is OCSP on ? */
byte ocspCheckAll; /* always leaf, but all ? */
byte ocspSendNonce; /* send the OCSP nonce ? */
byte ocspUseOverrideURL; /* ignore cert's responder, override */
byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
CallbackCACache caCacheCallback; /* CA cache addition callback */
CbMissingCRL cbMissingCRL; /* notify thru cb of missing crl */
CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
wolfSSL_Mutex caLock; /* CA list lock */
byte crlEnabled:1; /* is CRL on ? */
byte crlCheckAll:1; /* always leaf, but all ? */
byte ocspEnabled:1; /* is OCSP on ? */
byte ocspCheckAll:1; /* always leaf, but all ? */
byte ocspSendNonce:1; /* send the OCSP nonce ? */
byte ocspUseOverrideURL:1; /* ignore cert responder, override */
byte ocspStaplingEnabled:1; /* is OCSP Stapling on ? */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
byte ocspMustStaple:1; /* server must respond with staple */
#endif
#ifndef NO_RSA
short minRsaKeySz; /* minimum allowed RSA key size */
@ -2017,6 +2031,8 @@ struct WOLFSSL_CERT_MANAGER {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum allowed ECC key size */
#endif
wolfSSL_Mutex refMutex; /* reference count mutex */
int refCount; /* reference count */
};
WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
@ -2158,14 +2174,16 @@ typedef struct Keys {
#ifdef HAVE_TLS_EXTENSIONS
typedef enum {
#ifdef HAVE_SNI
TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
#endif
TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
TLSX_TRUSTED_CA_KEYS = 0x0003,
TLSX_TRUNCATED_HMAC = 0x0004,
TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
TLSX_EC_POINT_FORMATS = 0x000b,
#if !defined(WOLFSSL_NO_SIGALG)
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */
#endif
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
@ -2184,14 +2202,18 @@ typedef enum {
TLSX_EARLY_DATA = 0x002a,
#endif
TLSX_SUPPORTED_VERSIONS = 0x002b,
#ifdef WOLFSSL_SEND_HRR_COOKIE
TLSX_COOKIE = 0x002c,
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
#endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
TLSX_POST_HANDSHAKE_AUTH = 0x0031,
#endif
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
#endif
TLSX_KEY_SHARE = 0x0033,
#endif
TLSX_RENEGOTIATION_INFO = 0xff01
@ -2334,7 +2356,7 @@ typedef struct {
union {
OcspRequest ocsp;
} request;
#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
#if defined(WOLFSSL_TLS13)
buffer response;
#endif
} CertificateStatusRequest;
@ -2620,9 +2642,14 @@ enum SetCBIO {
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
/* contains static ephemeral keys */
typedef struct {
int keyAlgo;
DerBuffer* key;
#ifndef NO_DH
DerBuffer* dhKey;
#endif
#ifdef HAVE_ECC
DerBuffer* ecKey;
#endif
} StaticKeyExchangeInfo_t;
#endif
@ -2644,7 +2671,7 @@ struct WOLFSSL_CTX {
DerBuffer* certificate;
DerBuffer* certChain;
/* chain after self, in DER, with leading size for each cert */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
#endif
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
@ -2656,8 +2683,9 @@ struct WOLFSSL_CTX {
int certChainCnt;
#endif
DerBuffer* privateKey;
byte privateKeyType:7;
byte privateKeyType:6;
byte privateKeyId:1;
byte privateKeyLabel:1;
int privateKeySz;
int privateKeyDevId;
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
@ -2804,13 +2832,11 @@ struct WOLFSSL_CTX {
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY))
CallbackALPNSelect alpnSelect;
void* alpnSelectArg;
#endif
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
#ifdef HAVE_SNI
CallbackSniRecv sniRecvCb;
void* sniRecvCbArg;
#endif
@ -3214,17 +3240,19 @@ struct WOLFSSL_SESSION {
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
byte side; /* Either WOLFSSL_CLIENT_END or
WOLFSSL_SERVER_END */
};
WOLFSSL_LOCAL
WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
WOLFSSL_LOCAL
int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
WOLFSSL_LOCAL void FreeSession(WOLFSSL_SESSION*, int);
typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
#ifndef NO_CLIENT_CACHE
WOLFSSL_LOCAL
WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
#endif
@ -3312,8 +3340,9 @@ typedef struct Buffers {
#ifndef NO_CERTS
DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */
byte keyType:6; /* Type of key: RSA, ECC, Ed25519 */
byte keyId:1; /* Key data is an id not data */
byte keyLabel:1; /* Key data is a label not data */
int keySz; /* Size of RSA key */
int keyDevId; /* Device Id for key */
DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
@ -3597,6 +3626,8 @@ struct WOLFSSL_STACK {
* (safety measure for freeing and shortcut for count) */
#if defined(OPENSSL_ALL)
wolf_sk_compare_cb comp;
wolf_sk_hash_cb hash_fn;
unsigned long hash;
#endif
union {
@ -3608,7 +3639,9 @@ struct WOLFSSL_STACK {
WOLFSSL_CIPHER cipher;
WOLFSSL_ACCESS_DESCRIPTION* access;
WOLFSSL_X509_EXTENSION* ext;
#ifdef OPENSSL_EXTRA
WOLFSSL_CONF_VALUE* conf;
#endif
void* generic;
char* string;
WOLFSSL_GENERAL_NAME* gn;
@ -3629,7 +3662,7 @@ struct WOLFSSL_X509_NAME {
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
WOLFSSL_X509* x509; /* x509 that struct belongs to */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
byte raw[ASN_NAME_MAX];
int rawLen;
#endif
@ -3662,6 +3695,7 @@ struct WOLFSSL_X509 {
#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
#endif /* WOLFSSL_QT || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3731,10 +3765,17 @@ struct WOLFSSL_X509 {
byte subjAltNameCrit:1;
byte authKeyIdSet:1;
byte authKeyIdCrit:1;
byte issuerSet:1;
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef WOLFSSL_CERT_REQ
byte isCSR:1;
#endif
byte serial[EXTERNAL_SERIAL_SIZE];
char subjectCN[ASN_NAME_MAX]; /* common name short cut */
#ifdef WOLFSSL_CERT_REQ
#ifdef OPENSSL_ALL
WOLFSSL_X509_ATTRIBUTE* challengePwAttr;
#endif
char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
#endif
WOLFSSL_X509_NAME issuer;
@ -3743,7 +3784,11 @@ struct WOLFSSL_X509 {
WOLFSSL_X509_ALGOR algor;
WOLFSSL_X509_PUBKEY key;
#endif
byte issuerSet:1;
#if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \
defined(SESSION_CERTS)
byte notBeforeData[CTC_DATE_SIZE];
byte notAfterData[CTC_DATE_SIZE];
#endif
};
@ -4077,6 +4122,9 @@ struct WOLFSSL {
int dtls_timeout_init; /* starting timeout value */
int dtls_timeout_max; /* maximum timeout value */
int dtls_timeout; /* current timeout value, changes */
#ifndef NO_ASN_TIME
word32 dtls_start_timeout;
#endif /* !NO_ASN_TIME */
word32 dtls_tx_msg_list_sz;
word32 dtls_rx_msg_list_sz;
DtlsMsg* dtls_tx_msg_list;
@ -4259,6 +4307,15 @@ struct WOLFSSL {
#ifdef WOLFSSL_STATIC_EPHEMERAL
StaticKeyExchangeInfo_t staticKE;
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
/* Added in libest port: allow applications to get the 'tls-unique' Channel
* Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is
* used in the EST protocol to bind an enrollment to a TLS session through
* 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4
* and https://tools.ietf.org/html/rfc7030#section-3.5). */
byte clientFinished[TLS_FINISHED_SZ];
byte serverFinished[TLS_FINISHED_SZ];
#endif
};
@ -4418,6 +4475,7 @@ WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
@ -4559,6 +4617,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order);
#endif
WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl);
WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out);
@ -4596,6 +4655,7 @@ typedef struct CipherSuiteInfo {
byte minor;
byte major;
#endif
byte flags;
} CipherSuiteInfo;
WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
@ -4617,7 +4677,8 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
byte* cipherSuite);
byte* cipherSuite, int* flags);
enum encrypt_side {
ENCRYPT_SIDE_ONLY = 1,

Binary file not shown.

View file

@ -38,10 +38,12 @@
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\
defined(WOLFSSL_HAPROXY)
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP;
typedef struct OcspRequest WOLFSSL_OCSP_CERTID;
typedef struct OcspEntry WOLFSSL_OCSP_CERTID;
typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP;
typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
@ -62,7 +64,7 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp
OcspEntry *entry, OcspRequest *ocspRequest);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_APACHE_HTTPD)
defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)
WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID *id, int *status, int *reason,
@ -82,8 +84,10 @@ WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags);
WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response);
#ifndef NO_BIO
WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
OcspResponse** response);
#endif
WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
const unsigned char** data, int len);
WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
@ -100,8 +104,20 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request,
WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
WOLFSSL_OCSP_CERTID *cid);
WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*);
#ifndef NO_BIO
WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
WOLFSSL_OCSP_REQUEST *req);
#endif
WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID *, unsigned char **);
WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single);
WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
int *reason,
WOLFSSL_ASN1_TIME **revtime,
WOLFSSL_ASN1_TIME **thisupd,
WOLFSSL_ASN1_TIME **nextupd);
WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs);
WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx);
#endif
#ifdef OPENSSL_EXTRA

View file

@ -42,26 +42,7 @@
* OpenSSL compatibility layer. This makes code working with an AES structure
* to need the size of the structure. */
typedef struct WOLFSSL_AES_KEY {
/* aligned and big enough for Aes from wolfssl/wolfcrypt/aes.h */
ALIGN16 void* holder[(376 + WC_ASYNC_DEV_SIZE)/ sizeof(void*)];
#ifdef GCM_TABLE
/* key-based fast multiplication table. */
ALIGN16 void* M0[4096 / sizeof(void*)];
#endif /* GCM_TABLE */
#if defined(WOLFSSL_DEVCRYPTO) && \
(defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
/* large enough for additional devcrypto information */
void* devKey[288 / sizeof(void*)];
#endif
#ifdef WOLFSSL_AFALG
void* afalg_holder[288 / sizeof(void*)];
#endif
#ifdef HAVE_PKCS11
void* pkcs11_holder[(AES_MAX_ID_LEN + sizeof(int)) / sizeof(void*)];
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
void* async_holder[128 / sizeof(void*)];
#endif
ALIGN16 void *buf[(sizeof(Aes) / sizeof(void *)) + 1];
} WOLFSSL_AES_KEY;
typedef WOLFSSL_AES_KEY AES_KEY;

View file

@ -32,6 +32,10 @@
#define ASN1_STRING_set wolfSSL_ASN1_STRING_set
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
#define ASN1_get_object wolfSSL_ASN1_get_object
#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT
#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT
#define V_ASN1_INTEGER 0x02
#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */
#define V_ASN1_NEG 0x100
@ -66,10 +70,21 @@
#define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define V_ASN1_EOC 0
#define V_ASN1_OBJECT 6
#define V_ASN1_UTF8STRING 12
#define V_ASN1_SEQUENCE 16
#define V_ASN1_SET 17
#define V_ASN1_PRINTABLESTRING 19
#define V_ASN1_T61STRING 20
#define V_ASN1_IA5STRING 22
#define V_ASN1_UTCTIME 23
#define V_ASN1_GENERALIZEDTIME 24
#define V_ASN1_PRINTABLESTRING 19
#define V_ASN1_UNIVERSALSTRING 28
#define V_ASN1_BMPSTRING 30
#define V_ASN1_CONSTRUCTED 0x20
#define ASN1_STRING_FLAG_BITS_LEFT 0x008
#define ASN1_STRING_FLAG_NDEF 0x010
@ -83,6 +98,12 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
int *cls, long inLen);
WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
const unsigned char **pp, long len);
#ifdef OPENSSL_ALL
/* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally
* we don't use this. Some projects use OpenSSL to implement ASN1 types and

View file

@ -40,7 +40,14 @@
#define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
#define BIO_new_fp wolfSSL_BIO_new_fp
#if defined(OPENSSL_ALL) \
|| defined(HAVE_STUNNEL) \
|| defined(HAVE_LIGHTY) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
#define BIO_new_file wolfSSL_BIO_new_file
#endif
#define BIO_new_fp wolfSSL_BIO_new_fp
#define BIO_ctrl wolfSSL_BIO_ctrl
#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending
@ -57,6 +64,7 @@
#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size
#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair
#define BIO_new_fd wolfSSL_BIO_new_fd
#define BIO_set_fp wolfSSL_BIO_set_fp
#define BIO_get_fp wolfSSL_BIO_get_fp
#define BIO_seek wolfSSL_BIO_seek
@ -123,6 +131,7 @@
#define BIO_meth_set_create wolfSSL_BIO_meth_set_create
#define BIO_meth_set_destroy wolfSSL_BIO_meth_set_destroy
#define BIO_snprintf XSNPRINTF
/* BIO CTRL */
#define BIO_CTRL_RESET 1
@ -149,6 +158,7 @@
#define BIO_CTRL_DGRAM_QUERY_MTU 40
#define BIO_FP_TEXT 0x00
#define BIO_NOCLOSE 0x00
#define BIO_CLOSE 0x01

View file

@ -40,7 +40,7 @@
typedef struct WOLFSSL_BIGNUM {
int neg; /* openssh deference */
void *internal; /* our big num */
#ifdef WOLFSSL_SP_MATH
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
sp_int fp;
#elif defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
fp_int fp;
@ -49,7 +49,7 @@ typedef struct WOLFSSL_BIGNUM {
#define BN_ULONG WOLFSSL_BN_ULONG
#define WOLFSSL_BN_ULONG mp_digit
#define WOLFSSL_BN_ULONG unsigned long
typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
@ -113,7 +113,7 @@ WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int);
WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
WOLFSSL_API unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
WOLFSSL_BIGNUM*);

View file

@ -34,12 +34,18 @@
WOLFSSL_API WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void);
WOLFSSL_API int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len);
WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
WOLFSSL_API size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize);
WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize);
#define BUF_MEM_new wolfSSL_BUF_MEM_new
#define BUF_MEM_grow wolfSSL_BUF_MEM_grow
#define BUF_MEM_free wolfSSL_BUF_MEM_free
#define BUF_strdup strdup
#define BUF_strlcpy wolfSSL_strlcpy
#define BUF_strlcat wolfSSL_strlcat
#ifdef __cplusplus
} /* extern "C" */
#endif

View file

@ -28,18 +28,76 @@
extern "C" {
#endif
struct WOLFSSL_CONF_VALUE {
#include <libs/libwolfssl/wolfcrypt/settings.h>
#include <libs/libwolfssl/version.h>
typedef struct WOLFSSL_CONF_VALUE {
char *section;
char *name;
char *value;
};
} WOLFSSL_CONF_VALUE;
struct WOLFSSL_INIT_SETTINGS {
char* appname;
};
/* ssl.h requires WOLFSSL_CONF_VALUE */
#include <libs/libwolfssl/ssl.h>
typedef struct WOLFSSL_CONF_VALUE CONF_VALUE;
typedef struct WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
typedef struct WOLFSSL_CONF {
void *meth_data;
WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data;
} WOLFSSL_CONF;
typedef WOLFSSL_CONF CONF;
typedef WOLFSSL_CONF_VALUE CONF_VALUE;
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void);
WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value);
WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);
WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth);
WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
const char *group, const char *name);
WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
const char *name, long *result);
WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section(
const WOLFSSL_CONF *conf, const char *section);
WOLFSSL_API int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline);
WOLFSSL_API void wolfSSL_NCONF_free(WOLFSSL_CONF *conf);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(
WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *sk, WOLFSSL_CONF_VALUE *data);
WOLFSSL_API int wolfSSL_CONF_modules_load(const WOLFSSL_CONF *cnf, const char *appname,
unsigned long flags);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
const char *section);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf,
const char *section);
#define sk_CONF_VALUE_new wolfSSL_sk_CONF_VALUE_new
#define sk_CONF_VALUE_free wolfSSL_sk_CONF_VALUE_free
#define sk_CONF_VALUE_pop_free(a,b) wolfSSL_sk_CONF_VALUE_free(a)
#define sk_CONF_VALUE_num wolfSSL_sk_CONF_VALUE_num
#define sk_CONF_VALUE_value wolfSSL_sk_CONF_VALUE_value
#define lh_CONF_VALUE_retrieve wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
#define lh_CONF_VALUE_insert wolfSSL_sk_CONF_VALUE_push
#define NCONF_new wolfSSL_NCONF_new
#define NCONF_free wolfSSL_NCONF_free
#define NCONF_get_string wolfSSL_NCONF_get_string
#define NCONF_get_section wolfSSL_NCONF_get_section
#define NCONF_get_number wolfSSL_NCONF_get_number
#define NCONF_load wolfSSL_NCONF_load
#define CONF_modules_load wolfSSL_CONF_modules_load
#define _CONF_new_section wolfSSL_CONF_new_section
#define _CONF_get_section wolfSSL_CONF_get_section
#define X509V3_conf_free wolfSSL_X509V3_conf_free
#endif /* OPENSSL_EXTRA */
#ifdef __cplusplus
} /* extern "C" */

View file

@ -24,22 +24,32 @@
#ifndef WOLFSSL_CRYPTO_H_
#define WOLFSSL_CRYPTO_H_
#include <libs/libwolfssl/openssl/opensslv.h>
#include <libs/libwolfssl/wolfcrypt/settings.h>
#include <libs/libwolfssl/openssl/opensslv.h>
#include <libs/libwolfssl/openssl/conf.h>
#ifdef WOLFSSL_PREFIX
#include "prefix_crypto.h"
#endif
typedef struct WOLFSSL_INIT_SETTINGS {
char* appname;
} WOLFSSL_INIT_SETTINGS;
typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
WOLFSSL_API const char* wolfSSLeay_version(int type);
WOLFSSL_API unsigned long wolfSSLeay(void);
WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void);
#ifdef OPENSSL_EXTRA
#include <stdint.h>
WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
#endif
#define CRYPTO_THREADID void
@ -62,14 +72,16 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
#define OPENSSL_free wolfSSL_OPENSSL_free
#define OPENSSL_malloc wolfSSL_OPENSSL_malloc
#ifdef WOLFSSL_QT
#define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L
#define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L
#define OPENSSL_INIT_LOAD_CONFIG 0x00000040L
#endif
#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0x00000001L
#define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L
#define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L
#define OPENSSL_INIT_LOAD_CONFIG 0x00000040L
#define OPENSSL_init_crypto wolfSSL_OPENSSL_init_crypto
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_EX_DATA)
#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions
#define FIPS_mode wolfSSL_FIPS_mode
#define FIPS_mode_set wolfSSL_FIPS_mode_set
@ -86,6 +98,6 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i
#define CRYPTO_THREAD_r_lock wc_LockMutex
#define CRYPTO_THREAD_unlock wc_UnLockMutex
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */
#endif /* header */

View file

@ -26,6 +26,7 @@
#define WOLFSSL_DH_H_
#include <libs/libwolfssl/openssl/bn.h>
#include <libs/libwolfssl/openssl/opensslv.h>
#ifdef __cplusplus
extern "C" {
@ -58,6 +59,7 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,
WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*);
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes);
WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*);

View file

@ -301,6 +301,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
#define EC_GROUP_order_bits wolfSSL_EC_GROUP_order_bits
#define EC_GROUP_method_of wolfSSL_EC_GROUP_method_of
#ifndef NO_WOLFSSL_STUB
#define EC_GROUP_set_point_conversion_form(...)
#endif
#define EC_METHOD_get_field_type wolfSSL_EC_METHOD_get_field_type

View file

@ -557,6 +557,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer);
WOLFSSL_API int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
const char *name, const char *value);
WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen);
@ -569,11 +572,13 @@ WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap);
WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from);
WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b);
WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid);
WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
@ -825,11 +830,14 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
#define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref
#define EVP_PKEY_size wolfSSL_EVP_PKEY_size
#define EVP_PKEY_copy_parameters wolfSSL_EVP_PKEY_copy_parameters
#define EVP_PKEY_missing_parameters wolfSSL_EVP_PKEY_missing_parameters
#define EVP_PKEY_cmp wolfSSL_EVP_PKEY_cmp
#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id
#define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid
#define EVP_PKEY_id wolfSSL_EVP_PKEY_id
#define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str
#define EVP_SignFinal wolfSSL_EVP_SignFinal
#define EVP_SignInit wolfSSL_EVP_SignInit
#define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex
@ -917,7 +925,6 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4)
#define EVP_PKEY_NONE NID_undef
#define EVP_PKEY_RSA 6
#define EVP_PKEY_RSA2 19
#define EVP_PKEY_DH 28
#define EVP_CIPHER_mode WOLFSSL_CIPHER_mode

View file

@ -1,2 +1,64 @@
/* lhash.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* lhash.h for openSSL */
#ifndef WOLFSSL_lhash_H_
#define WOLFSSL_lhash_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <libs/libwolfssl/openssl/ssl.h>
#ifdef OPENSSL_ALL
#define IMPLEMENT_LHASH_HASH_FN(name, type) \
unsigned long wolfSSL_##name##_LHASH_HASH(const void *arg) \
{ \
const type *a = arg; \
return name##_hash(a); \
}
#define IMPLEMENT_LHASH_COMP_FN(name, type) \
int wolfSSL_##name##_LHASH_COMP(const void *p1, const void *p2) \
{ \
const type *_p1 = p1; \
const type *_p2 = p2; \
return name##_cmp(_p1, _p2); \
}
#define LHASH_HASH_FN(name) wolfSSL_##name##_LHASH_HASH
#define LHASH_COMP_FN(name) wolfSSL_##name##_LHASH_COMP
WOLFSSL_API unsigned long wolfSSL_LH_strhash(const char *str);
WOLFSSL_API void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data);
#define lh_strhash wolfSSL_LH_strhash
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_lhash_H_ */

View file

@ -30,6 +30,7 @@
#define OCSP_REQUEST OcspRequest
#define OCSP_RESPONSE OcspResponse
#define OCSP_BASICRESP WOLFSSL_OCSP_BASICRESP
#define OCSP_SINGLERESP WOLFSSL_OCSP_SINGLERESP
#define OCSP_CERTID WOLFSSL_OCSP_CERTID
#define OCSP_ONEREQ WOLFSSL_OCSP_ONEREQ
@ -76,6 +77,12 @@
#define i2d_OCSP_REQUEST_bio wolfSSL_i2d_OCSP_REQUEST_bio
#define i2d_OCSP_CERTID wolfSSL_i2d_OCSP_CERTID
#define OCSP_SINGLERESP_get0_id wolfSSL_OCSP_SINGLERESP_get0_id
#define OCSP_single_get0_status wolfSSL_OCSP_single_get0_status
#define OCSP_resp_count wolfSSL_OCSP_resp_count
#define OCSP_resp_get0 wolfSSL_OCSP_resp_get0
#endif /* HAVE_OCSP */
#endif /* WOLFSSL_OCSP_H_ */

View file

@ -26,7 +26,11 @@
/* api version compatibility */
#if defined(WOLFSSL_APACHE_HTTPD)
#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
/* valid version */
#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST)
/* For Apache httpd, Use 1.1.0 compatibility */
#define OPENSSL_VERSION_NUMBER 0x10100000L
#elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \

View file

@ -242,6 +242,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey
#define PEM_read_bio_ECPrivateKey wolfSSL_PEM_read_bio_ECPrivateKey
#define PEM_read_bio_EC_PUBKEY wolfSSL_PEM_read_bio_EC_PUBKEY
#ifndef NO_WOLFSSL_STUB
#define PEM_write_bio_ECPKParameters(...) 0
#endif
/* EVP_KEY */
#define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey
#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY

View file

@ -42,6 +42,7 @@
/* wolfSSL level using structs from ssl.h and calls down to wolfCrypt */
#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio
#define PKCS12_parse wolfSSL_PKCS12_parse
#define PKCS12_verify_mac wolfSSL_PKCS12_verify_mac
#define PKCS12_create wolfSSL_PKCS12_create
#define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add

View file

@ -43,6 +43,7 @@ typedef struct WOLFSSL_PKCS7
PKCS7 pkcs7;
unsigned char* data;
int len;
WOLFSSL_STACK* certs;
} WOLFSSL_PKCS7;
@ -53,8 +54,12 @@ WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7);
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in,
int len);
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7);
WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
WOLFSSL_BIO* out);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
WOLFSSL_STACK* certs, int flags);
WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
@ -65,6 +70,7 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
#define PKCS7_SIGNED_free wolfSSL_PKCS7_SIGNED_free
#define d2i_PKCS7 wolfSSL_d2i_PKCS7
#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio
#define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio
#define PKCS7_verify wolfSSL_PKCS7_verify
#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers
#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7

View file

@ -117,9 +117,16 @@ WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, WOLFSSL_RSA*, int);
WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, WOLFSSL_RSA*, int, int);
WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
unsigned int mLen, const unsigned char* sig,
unsigned int sigLen, WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
unsigned int mLen, const unsigned char* sig,
unsigned int sigLen, WOLFSSL_RSA* rsa,
int padding);
WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
unsigned char* to, WOLFSSL_RSA*, int padding);
WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);

View file

@ -0,0 +1,29 @@
/* srp.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_SRP_H_
#define WOLFSSL_SRP_H_
#include <libs/libwolfssl/wolfcrypt/srp.h>
#define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS
#endif /* WOLFSSL_SRP_H_ */

View file

@ -53,6 +53,8 @@
/* all NID_* values are in asn.h */
#include <libs/libwolfssl/wolfcrypt/asn.h>
#include <libs/libwolfssl/openssl/x509.h>
#ifdef __cplusplus
extern "C" {
#endif
@ -67,6 +69,10 @@
#undef ASN1_INTEGER
#endif
#ifdef OPENSSL_EXTRA
#include <stdint.h>
WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
#endif
typedef WOLFSSL SSL;
typedef WOLFSSL_SESSION SSL_SESSION;
@ -100,6 +106,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER;
typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT;
typedef WOLFSSL_ASN1_STRING ASN1_STRING;
typedef WOLFSSL_ASN1_TYPE ASN1_TYPE;
typedef WOLFSSL_X509_ATTRIBUTE X509_ATTRIBUTE;
typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value;
typedef WOLFSSL_BUF_MEM BUF_MEM;
@ -279,9 +286,13 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback
#define SSL_set_verify wolfSSL_set_verify
#define SSL_set_verify_result wolfSSL_set_verify_result
#define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake
#define SSL_set_post_handshake_auth wolfSSL_set_post_handshake_auth
#define SSL_CTX_set_post_handshake_auth wolfSSL_CTX_set_post_handshake_auth
#define SSL_pending wolfSSL_pending
#define SSL_load_error_strings wolfSSL_load_error_strings
#define SSL_library_init wolfSSL_library_init
#define OPENSSL_init_ssl wolfSSL_OPENSSL_init_ssl
#define OpenSSL_add_ssl_algorithms wolfSSL_library_init
#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode
#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list
@ -297,6 +308,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_set_ex_data wolfSSL_set_ex_data
#define SSL_get_shutdown wolfSSL_get_shutdown
#define SSL_get_finished wolfSSL_get_finished
#define SSL_get_peer_finished wolfSSL_get_peer_finished
#define SSL_set_rfd wolfSSL_set_rfd
#define SSL_set_wfd wolfSSL_set_wfd
#define SSL_set_shutdown wolfSSL_set_shutdown
@ -333,6 +346,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_MODE_RELEASE_BUFFERS 0x00000010U
#define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN
#define X509_get_ext wolfSSL_X509_get_ext
#define X509_get_ext_by_OBJ wolfSSL_X509_get_ext_by_OBJ
#define X509_cmp wolfSSL_X509_cmp
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
#define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical
@ -348,11 +362,14 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define DSA_bits wolfSSL_DSA_bits
#define i2d_X509_bio wolfSSL_i2d_X509_bio
#define i2d_X509_REQ_bio wolfSSL_i2d_X509_REQ_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio
#define d2i_X509_REQ_bio wolfSSL_d2i_X509_REQ_bio
#define d2i_X509_fp wolfSSL_d2i_X509_fp
#define i2d_X509 wolfSSL_i2d_X509
#define d2i_X509 wolfSSL_d2i_X509
#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509
#define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ
#define PEM_read_bio_X509_CRL wolfSSL_PEM_read_bio_X509_CRL
#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX
#define PEM_read_X509 wolfSSL_PEM_read_X509
@ -363,10 +380,18 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define i2d_PrivateKey wolfSSL_i2d_PrivateKey
#define i2d_X509_REQ wolfSSL_i2d_X509_REQ
#define d2i_X509_REQ wolfSSL_d2i_X509_REQ
#define X509_REQ_new wolfSSL_X509_REQ_new
#define X509_REQ_free wolfSSL_X509_REQ_free
#define X509_REQ_sign wolfSSL_X509_REQ_sign
#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx
#define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions
#define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID
#define X509_REQ_add1_attr_by_txt wolfSSL_X509_REQ_add1_attr_by_txt
#define X509_REQ_get_attr_by_NID wolfSSL_X509_REQ_get_attr_by_NID
#define X509_REQ_get_attr wolfSSL_X509_REQ_get_attr
#define X509_ATTRIBUTE_get0_type wolfSSL_X509_ATTRIBUTE_get0_type
#define X509_to_X509_REQ wolfSSL_X509_to_X509_REQ
#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name
#define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey
#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ
@ -379,14 +404,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_get_ext_count wolfSSL_X509_get_ext_count
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
#define X509_get0_extensions wolfSSL_X509_get0_extensions
#define X509_get_extensions wolfSSL_X509_get0_extensions
#define X509_REQ_get_extensions wolfSSL_X509_REQ_get_extensions
#define X509_get_ext wolfSSL_X509_get_ext
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
#define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name
#define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_REQ_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore
#define X509_get0_notBefore wolfSSL_X509_get_notBefore
#define X509_get_notAfter wolfSSL_X509_get_notAfter
@ -408,12 +438,22 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_set_notBefore wolfSSL_X509_set_notBefore
#define X509_set_serialNumber wolfSSL_X509_set_serialNumber
#define X509_set_version wolfSSL_X509_set_version
#define X509_REQ_set_version wolfSSL_X509_set_version
#define X509_sign wolfSSL_X509_sign
#define X509_sign_ctx wolfSSL_X509_sign_ctx
#define X509_print wolfSSL_X509_print
#define X509_REQ_print wolfSSL_X509_print
#define X509_print_ex wolfSSL_X509_print_ex
#define X509_print_fp wolfSSL_X509_print_fp
#define X509_REQ_print_fp wolfSSL_X509_print_fp
#define X509_signature_print wolfSSL_X509_signature_print
#define X509_get0_signature wolfSSL_X509_get0_signature
#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string
#define X509_verify_cert wolfSSL_X509_verify_cert
#define X509_verify wolfSSL_X509_verify
#define X509_REQ_verify wolfSSL_X509_REQ_verify
#define X509_check_private_key wolfSSL_X509_check_private_key
#define X509_REQ_check_private_key wolfSSL_X509_check_private_key
#define X509_check_ca wolfSSL_X509_check_ca
#define X509_check_host wolfSSL_X509_check_host
#define X509_check_ip_asc wolfSSL_X509_check_ip_asc
@ -421,6 +461,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup
#define X509_add_ext wolfSSL_X509_add_ext
#define X509_delete_ext wolfSSL_X509_delete_ext
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
@ -452,6 +493,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_INFO_pop wolfSSL_sk_X509_INFO_pop
#define sk_X509_INFO_pop_free wolfSSL_sk_X509_INFO_pop_free
#define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free
#define sk_X509_INFO_shift wolfSSL_sk_X509_INFO_pop
#define i2d_X509_NAME wolfSSL_i2d_X509_NAME
#define d2i_X509_NAME wolfSSL_d2i_X509_NAME
@ -468,9 +510,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry
#define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt
#define X509_NAME_add_entry_by_NID wolfSSL_X509_NAME_add_entry_by_NID
#define X509_NAME_delete_entry wolfSSL_X509_NAME_delete_entry
#define X509_NAME_oneline wolfSSL_X509_NAME_oneline
#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID
#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex
#define X509_NAME_print_ex_fp wolfSSL_X509_NAME_print_ex_fp
#define X509_NAME_digest wolfSSL_X509_NAME_digest
#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
#define X509_cmp_time wolfSSL_X509_cmp_time
@ -511,6 +555,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain
#define X509_STORE_CTX_get1_chain wolfSSL_X509_STORE_CTX_get1_chain
#define X509_STORE_CTX_get0_parent_ctx wolfSSL_X509_STORE_CTX_get0_parent_ctx
#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init
@ -563,6 +608,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
#define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
#define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
#define X509_get0_tbs_sigalg wolfSSL_X509_get0_tbs_sigalg
#define X509_PUBKEY_get0_param wolfSSL_X509_PUBKEY_get0_param
#define X509_PUBKEY_get wolfSSL_X509_PUBKEY_get
@ -610,6 +656,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size
#define BIO_f_ssl wolfSSL_BIO_f_ssl
#define BIO_new_socket wolfSSL_BIO_new_socket
#ifndef NO_WOLFSSL_STUB
#define BIO_new_connect wolfSSL_BIO_new_connect
#define BIO_set_conn_port wolfSSL_BIO_set_conn_port
#define BIO_do_connect wolfSSL_BIO_do_connect
#endif
#define SSL_set_bio wolfSSL_set_bio
#define BIO_set_ssl wolfSSL_BIO_set_ssl
#define BIO_eof wolfSSL_BIO_eof
@ -652,15 +703,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free
#define ASN1_TIME_new wolfSSL_ASN1_TIME_new
#define ASN1_UTCTIME_new wolfSSL_ASN1_TIME_new
#define ASN1_TIME_free wolfSSL_ASN1_TIME_free
#define ASN1_UTCTIME_free wolfSSL_ASN1_TIME_free
#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj
#define ASN1_TIME_print wolfSSL_ASN1_TIME_print
#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string
#define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string
#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print
#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free
#define ASN1_tag2str wolfSSL_ASN1_tag2str
#define a2i_ASN1_INTEGER wolfSSL_a2i_ASN1_INTEGER
#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER
#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER
#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new
@ -673,13 +731,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT
#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT
#define ASN1_STRING_new wolfSSL_ASN1_STRING_new
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
#define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_length wolfSSL_ASN1_STRING_length
#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
#define ASN1_UNIVERSALSTRING_to_string wolfSSL_ASN1_UNIVERSALSTRING_to_string
#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex
#define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y))
#define d2i_DISPLAYTEXT wolfSSL_d2i_DISPLAYTEXT
#ifndef NO_WOLFSSL_STUB
#define ASN1_STRING_set_default_mask_asc(...) 1
#endif
#define ASN1_PRINTABLE_type(...) V_ASN1_PRINTABLESTRING
#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr
@ -800,6 +867,13 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define PEMerr(func, reason) WOLFSSL_ERROR_LINE((reason), \
NULL, __LINE__, __FILE__, NULL)
#endif
#ifndef WOLFCRYPT_ONLY
#define EVPerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_EVP, \
(func), (reason), __FILE__, __LINE__)
#else
#define EVPerr(func, reason) WOLFSSL_ERROR_LINE((reason), \
NULL, __LINE__, __FILE__, NULL)
#endif
#define SSLv23_server_method wolfSSLv23_server_method
#define SSL_CTX_set_options wolfSSL_CTX_set_options
@ -897,6 +971,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find
#define DHparams_dup wolfSSL_DH_dup
#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
@ -924,8 +999,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ERR_LIB_SSL 20
#define SSL_R_SHORT_READ 10
#define ERR_R_PEM_LIB 9
#define V_ASN1_IA5STRING 22
#define V_ASN1_UTF8STRING 12
#define SSL_CTRL_MODE 33
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
@ -1091,6 +1164,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#ifndef NO_WOLFSSL_STUB
#define b2i_PrivateKey_bio(...) NULL
#define b2i_PVK_bio(...) NULL
#endif
#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb
#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata
@ -1128,6 +1207,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#include <libs/libwolfssl/error-ssl.h>
#define OPENSSL_STRING WOLFSSL_STRING
#define OPENSSL_CSTRING WOLFSSL_STRING
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
@ -1164,6 +1244,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define OPENSSL_config wolfSSL_OPENSSL_config
#define OPENSSL_memdup wolfSSL_OPENSSL_memdup
#define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse
#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout
#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh
#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session
@ -1176,7 +1257,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb
#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb
#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs
#define sk_OPENSSL_STRING_num wolfSSL_sk_WOLFSSL_STRING_num
#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value
#define sk_OPENSSL_PSTRING_num wolfSSL_sk_WOLFSSL_STRING_num
#define sk_OPENSSL_PSTRING_value (WOLFSSL_STRING*)wolfSSL_sk_WOLFSSL_STRING_value
#define sk_OPENSSL_STRING_free wolfSSL_sk_free
#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected
#define SSL_select_next_proto wolfSSL_select_next_proto
#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb
@ -1198,8 +1283,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA
#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password
#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username
#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
#define SSL_get0_param wolfSSL_get0_param
#define SSL_get_srp_username wolfSSL_get_srp_username
#define ERR_NUM_ERRORS 16
#define SN_pkcs9_emailAddress "Email"
@ -1231,6 +1318,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define OpenSSL_version(x) wolfSSL_OpenSSL_version()
#ifndef NO_WOLFSSL_STUB
#define OBJ_create_objects(...)
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

View file

@ -28,15 +28,12 @@
extern "C" {
#endif
#include <libs/libwolfssl/openssl/conf.h>
typedef void (*wolfSSL_sk_freefunc)(void *);
WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);
WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *);
WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data);
WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *));
WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk);
WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void);
WOLFSSL_API int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher);

View file

@ -5,6 +5,7 @@
#include <libs/libwolfssl/openssl/dh.h>
#include <libs/libwolfssl/openssl/ec.h>
#include <libs/libwolfssl/openssl/ecdsa.h>
#include <libs/libwolfssl/openssl/pkcs7.h>
/* wolfSSL_X509_print_ex flags */
#define X509_FLAG_COMPAT (0UL)
@ -23,4 +24,21 @@
#define X509_FLAG_NO_IDS (1UL << 12)
#define XN_FLAG_FN_SN 0
#define XN_FLAG_SEP_CPLUS_SPC 2
#define XN_FLAG_ONELINE 0
#define XN_FLAG_COMPAT 0
#define XN_FLAG_RFC2253 1
#define XN_FLAG_SEP_COMMA_PLUS (1 << 16)
#define XN_FLAG_SEP_CPLUS_SPC (2 << 16)
#define XN_FLAG_SEP_SPLUS_SPC (3 << 16)
#define XN_FLAG_SEP_MULTILINE (4 << 16)
#define XN_FLAG_SEP_MASK (0xF << 16)
#define XN_FLAG_DN_REV (1 << 20)
#define XN_FLAG_FN_LN (1 << 21)
#define XN_FLAG_FN_OID (2 << 21)
#define XN_FLAG_FN_NONE (3 << 21)
#define XN_FLAG_FN_MASK (3 << 21)
#define XN_FLAG_SPC_EQ (1 << 23)
#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
#define XN_FLAG_FN_ALIGN (1 << 25)
#define XN_FLAG_MULTILINE 0xFFFF

View file

@ -83,6 +83,8 @@ struct WOLFSSL_X509_EXTENSION {
#define X509V3_CTX WOLFSSL_X509V3_CTX
#define CTX_TEST 0x1
typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
@ -99,6 +101,8 @@ WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
const WOLFSSL_ASN1_STRING *s);
WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx,
const char *section, WOLFSSL_X509 *cert);
#define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free
#define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free
@ -107,11 +111,20 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING
#define X509V3_EXT_get wolfSSL_X509V3_EXT_get
#define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i
#define X509V3_EXT_add_nconf wolfSSL_X509V3_EXT_add_nconf
#ifndef NO_WOLFSSL_STUB
#define X509V3_parse_list(...) NULL
#endif
#define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING
#define X509V3_EXT_print wolfSSL_X509V3_EXT_print
#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid
#define X509V3_set_ctx wolfSSL_X509V3_set_ctx
#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb
#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid
#define X509V3_set_ctx wolfSSL_X509V3_set_ctx
#ifndef NO_WOLFSSL_STUB
#define X509V3_set_nconf(...)
#endif
#define X509V3_set_ctx_test(ctx) wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb
#define X509v3_get_ext_count wolfSSL_sk_num
#ifdef __cplusplus
}

View file

@ -109,7 +109,6 @@
#define GOT_CERT_STATUS_STR 73
#define RSA_KEY_MISSING_STR 74
#define NO_SECURE_RENEGOTIATION 75
#define BAD_SESSION_STATS 76
#define REASSEMBLY_MAX_STR 77
#define DROPPING_LOST_FRAG_STR 78
@ -131,6 +130,7 @@
#define STORE_DATA_FAIL_STR 92
#define CHAIN_INPUT_STR 93
#define GOT_ENC_EXT_STR 94
#define GOT_HELLO_RETRY_REQ_STR 95
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */

View file

@ -40,6 +40,10 @@
#include <libs/libwolfssl/wolfcrypt/wolfevent.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <libs/libwolfssl/wolfcrypt/cryptocb.h>
#endif
/* used internally by wolfSSL while OpenSSL types aren't */
#include <libs/libwolfssl/callbacks.h>
@ -98,6 +102,19 @@
extern "C" {
#endif
/* LHASH is implemented as a stack */
typedef struct WOLFSSL_STACK WOLFSSL_LHASH;
#ifndef WOLF_LHASH_OF
#define WOLF_LHASH_OF(x) WOLFSSL_LHASH
#endif
#ifndef WOLF_STACK_OF
#define WOLF_STACK_OF(x) WOLFSSL_STACK
#endif
#ifndef DECLARE_STACK_OF
#define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
#endif
#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
#define WOLFSSL_WOLFSSL_TYPE_DEFINED
typedef struct WOLFSSL WOLFSSL;
@ -171,7 +188,6 @@ typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
typedef struct WOLFSSL_BIO WOLFSSL_BIO;
typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD;
typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE;
typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX;
@ -185,6 +201,7 @@ typedef struct WOLFSSL_DH WOLFSSL_DH;
#endif
typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE;
typedef struct WOLFSSL_X509_ATTRIBUTE WOLFSSL_X509_ATTRIBUTE;
typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME;
typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID;
@ -314,6 +331,12 @@ struct WOLFSSL_ASN1_TYPE {
} value;
};
struct WOLFSSL_X509_ATTRIBUTE {
WOLFSSL_ASN1_OBJECT *object;
WOLFSSL_ASN1_TYPE *value;
WOLF_STACK_OF(WOLFSSL_ASN1_TYPE) *set;
};
struct WOLFSSL_EVP_PKEY {
void* heap;
int type; /* openssh dereference */
@ -468,6 +491,8 @@ struct WOLFSSL_BIO {
void* heap; /* user heap hint */
void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */
void* usrCtx; /* user set pointer */
const char* ip; /* IP address for wolfIO_TcpConnect */
word16 port; /* Port for wolfIO_TcpConnect */
char* infoArg; /* BIO callback argument */
wolf_bio_info_cb infoCb; /* BIO callback */
int wrSz; /* write buffer size (mem) */
@ -523,11 +548,16 @@ struct WOLFSSL_X509_STORE {
};
#define WOLFSSL_NO_WILDCARDS 0x4
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
defined(WOLFSSL_WPAS_SMALL) || defined(WOLFSSL_IP_ALT_NAME)
#define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_HOST_NAME_MAX 256
#define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
struct WOLFSSL_X509_VERIFY_PARAM {
time_t check_time;
unsigned long flags;
@ -789,8 +819,15 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*,
#ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
#define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE
#endif
WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
#endif /* !NO_CERTS */
#define WOLFSSL_CIPHER_SUITE_FLAG_NONE 0x0
#define WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS 0x1
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
@ -806,9 +843,6 @@ WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *,
const char *file, int format);
WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*,
int);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*,
@ -853,6 +887,8 @@ WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char,
const unsigned char);
WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite(
const unsigned char, const unsigned char);
WOLFSSL_API int wolfSSL_get_cipher_suite_from_name(const char* name,
byte* cipherSuite0, byte* cipherSuite, int* flags);
WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
int len);
WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
@ -974,6 +1010,14 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long);
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
WOLFSSL_API int wolfSSL_verify_client_post_handshake(WOLFSSL*);
WOLFSSL_API int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_set_post_handshake_auth(WOLFSSL*, int);
#endif
WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL*);
@ -1070,20 +1114,6 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
/* extras */
/* for now LHASH is not implemented */
typedef int WOLFSSL_LHASH;
#ifndef WOLF_LHASH_OF
#define WOLF_LHASH_OF(x) WOLFSSL_LHASH
#endif
#ifndef WOLF_STACK_OF
#define WOLF_STACK_OF(x) WOLFSSL_STACK
#endif
#ifndef DECLARE_STACK_OF
#define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
#endif
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
@ -1148,6 +1178,7 @@ WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free(
WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
void (*f)(WOLFSSL_ASN1_OBJECT*));
WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s);
WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
@ -1263,11 +1294,16 @@ WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
#ifndef NO_FILESYSTEM
WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void);
WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag);
#endif
WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port);
WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b);
WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg);
WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg);
@ -1329,6 +1365,13 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset
#endif
WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
unsigned long nmflags, unsigned long cflag);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509);
#endif
WOLFSSL_API int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig);
WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig,
const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509);
WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*,
char*, int);
@ -1353,6 +1396,9 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
WOLFSSL_X509*, unsigned char*, int*);
WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
#endif
WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*,
WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509*,
@ -1369,6 +1415,7 @@ WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509,
WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v);
WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
const WOLFSSL_EVP_MD* md);
WOLFSSL_API int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx);
WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
@ -1383,6 +1430,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* as
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len);
WOLFSSL_API int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b);
WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1);
WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
const void* data, int dataSz);
@ -1412,6 +1460,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
WOLFSSL_X509_STORE_CTX *ctx);
WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
unsigned long flag);
WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
@ -1425,7 +1475,7 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
@ -1580,6 +1630,9 @@ WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl);
WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
@ -1730,7 +1783,6 @@ enum {
* and auto retry */
SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
BIO_FLAGS_BASE64_NO_NL = 1,
BIO_CLOSE = 1,
BIO_NOCLOSE = 0,
@ -1788,12 +1840,6 @@ enum {
X509_R_CERT_ALREADY_IN_HASH_TABLE,
XN_FLAG_SPC_EQ = (1 << 23),
XN_FLAG_SEP_CPLUS_SPC = (2 << 16),
XN_FLAG_ONELINE = 0,
XN_FLAG_RFC2253 = 1,
XN_FLAG_DN_REV = (1 << 20),
CRYPTO_LOCK = 1,
CRYPTO_NUM_LOCKS = 10,
@ -2014,7 +2060,7 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
#if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY)
#if !defined(NO_CHECK_PRIVATE_KEY)
WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
#endif
WOLFSSL_API void wolfSSL_ERR_free_strings(void);
@ -2061,13 +2107,14 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to);
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
#endif
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
(defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL))
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx);
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
@ -2164,6 +2211,10 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
const unsigned char** in, int len);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
#endif
WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
const unsigned char *in, int len);
@ -2182,6 +2233,10 @@ WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
#endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#endif
#ifdef WOLFSSL_SEP
WOLFSSL_API unsigned char*
@ -2209,6 +2264,8 @@ WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
WOLF_STACK_OF(WOLFSSL_X509)** ca);
WOLFSSL_API int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
int pswLen);
WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
WOLF_STACK_OF(WOLFSSL_X509)* ca,
@ -2310,7 +2367,13 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*,
const unsigned char*, long, int, long);
const unsigned char*, long,
int, long);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX*,
const unsigned char*, long,
int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX*, const char*,
int);
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
@ -2324,7 +2387,10 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
long, int);
WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*,
long, int, long);
long, int, long);
WOLFSSL_API int wolfSSL_use_PrivateKey_Id(WOLFSSL*, const unsigned char*,
long, int);
WOLFSSL_API int wolfSSL_use_PrivateKey_Label(WOLFSSL*, const char*, int);
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
@ -2392,7 +2458,7 @@ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void);
WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void);
WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_GetVersion(const WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
/* moved to asn.c, old names kept for backwards compatibility */
@ -2722,6 +2788,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER*);
WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
const char* d);
@ -2772,6 +2839,10 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerEnableOCSPMustStaple(
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSPMustStaple(
WOLFSSL_CERT_MANAGER* cm);
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
#endif
@ -2808,6 +2879,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
CbOCSPIO, CbOCSPRespFree, void*);
WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX*);
#endif /* !NO_CERTS */
@ -2923,7 +2996,7 @@ enum {
WOLFSSL_MAX_ALPN_NUMBER = 257
};
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
unsigned char* outLen, const unsigned char* in, unsigned int inLen,
void *arg);
@ -3233,7 +3306,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
#include <libs/libwolfssl/openssl/asn1.h>
struct WOLFSSL_X509_NAME_ENTRY {
WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */
WOLFSSL_ASN1_OBJECT* object; /* static object just for keeping grp, type */
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
int nid; /* i.e. ASN_COMMON_NAME */
int set;
@ -3290,7 +3363,6 @@ WOLFSSL_LOCAL int NIDToEccEnum(int n);
/* end of object functions */
WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line);
WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt);
WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void));
WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx);
@ -3310,6 +3382,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid,
int type, const unsigned char *bytes,
int len, int loc, int set);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry(
WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
const WOLFSSL_X509_NAME* y);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
@ -3320,6 +3394,11 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
#endif /* !NO_CERTS */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
#endif
#ifdef WOLFSSL_WPAS_SMALL
/* WPA Supplicant requires GEN_ values */
#include <libs/libwolfssl/openssl/x509v3.h>
@ -3337,6 +3416,7 @@ WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
void *data);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
char* value);
@ -3360,7 +3440,11 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b);
WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x);
WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X509 *x);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
const WOLFSSL_ASN1_OBJECT *obj, int lastpos);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void);
@ -3382,6 +3466,9 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#endif
#if !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
WOLFSSL_X509** x509);
@ -3389,6 +3476,10 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s
#endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
WOLFSSL_X509** x509);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio,
WOLFSSL_X509** x509);
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3412,6 +3503,9 @@ WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
#endif
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
@ -3491,6 +3585,7 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c);
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
#define X509_BUFFER_SZ 8192
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
@ -3510,12 +3605,31 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
const WOLFSSL_EVP_MD *md);
WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
WOLFSSL_EVP_MD_CTX* md_ctx);
WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext);
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext_sk);
WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
WOLFSSL_X509_NAME *name);
WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
int nid, int type,
const unsigned char *bytes,
int len);
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos);
WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req,
const char *attrname, int type,
const unsigned char *bytes, int len);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
const WOLFSSL_X509 *req, int loc);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void);
WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr);
WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
WOLFSSL_X509_ATTRIBUTE *attr, int idx);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md);
#endif
@ -3524,9 +3638,6 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
#include <libs/libwolfssl/openssl/crypto.h>
/* SNI received callback type */
typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
@ -3578,8 +3689,9 @@ WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*
void (*f) (WOLFSSL_X509_INFO*));
WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
typedef int (*wolf_sk_compare_cb)(const void* const *a,
const void* const *b);
typedef int (*wolf_sk_compare_cb)(const void* a,
const void* b);
typedef unsigned long (*wolf_sk_hash_cb) (const void *v);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
wolf_sk_compare_cb);
WOLFSSL_API int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
@ -3599,6 +3711,18 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
unsigned long);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int,
unsigned long);
#endif
WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc);
WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk);
WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value(
const struct WOLFSSL_STACK *sk, int i);
WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk,
WOLFSSL_CONF_VALUE* val);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3657,12 +3781,22 @@ WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
#ifdef HAVE_SNI
/* SNI received callback type */
typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
CallbackSniRecv);
WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
CallbackSniRecv);
WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
#endif
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);
@ -3732,6 +3866,7 @@ WOLFSSL_API int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
const unsigned char* protos, unsigned int protos_len);
WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
size_t siz, const char* file, int line);
WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len);
WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
#endif
@ -3761,11 +3896,12 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \
|| defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
@ -3817,8 +3953,12 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *
WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
WOLFSSL_X509 *subject);
WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void);
WOLFSSL_API void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk);
WOLFSSL_API WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(
WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num(
WOLF_STACK_OF(WOLFSSL_STRING)* strings);
#endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
@ -3867,8 +4007,8 @@ WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count);
WOLFSSL_API size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count);
#endif
WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
@ -3887,6 +4027,9 @@ WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, con
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key);
WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key);
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
const unsigned char **der,
long length);
WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
@ -3911,6 +4054,8 @@ WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t);
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
WOLFSSL_ASN1_TIME **out);
WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp);
WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
char *buf, int size);
WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store);
WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);

View file

@ -28,8 +28,8 @@
extern "C" {
#endif
#define LIBWOLFSSL_VERSION_STRING "4.5.0"
#define LIBWOLFSSL_VERSION_HEX 0x04005000
#define LIBWOLFSSL_VERSION_STRING "4.6.0"
#define LIBWOLFSSL_VERSION_HEX 0x04006000
#ifdef __cplusplus
}

View file

@ -79,6 +79,11 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#include <libs/libwolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
#endif
#ifdef WOLFSSL_SILABS_SE_ACCEL
#include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h>
#endif
#if defined(HAVE_AESGCM) && !defined(WC_NO_RNG)
#include <libs/libwolfssl/wolfcrypt/random.h>
#endif
@ -143,7 +148,8 @@ enum {
#endif
#ifdef HAVE_PKCS11
AES_MAX_ID_LEN = 32,
AES_MAX_ID_LEN = 32,
AES_MAX_LABEL_LEN = 32,
#endif
};
@ -171,6 +177,12 @@ struct Aes {
#ifdef GCM_TABLE
/* key-based fast multiplication table. */
ALIGN16 byte M0[256][AES_BLOCK_SIZE];
#elif defined(GCM_TABLE_4BIT)
#if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU)
ALIGN16 byte M0[16][AES_BLOCK_SIZE];
#else
ALIGN16 byte M0[32][AES_BLOCK_SIZE];
#endif
#endif /* GCM_TABLE */
#ifdef HAVE_CAVIUM_OCTEON_SYNC
word32 y0;
@ -186,6 +198,8 @@ struct Aes {
#ifdef HAVE_PKCS11
byte id[AES_MAX_ID_LEN];
int idLen;
char label[AES_MAX_LABEL_LEN];
int labelLen;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
@ -231,6 +245,9 @@ struct Aes {
#endif
#if defined(WOLFSSL_IMXRT_DCP)
dcp_handle_t handle;
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL)
silabs_aes_t ctx;
#endif
void* heap; /* memory hint to use */
};
@ -431,6 +448,8 @@ WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId);
#ifdef HAVE_PKCS11
WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap,
int devId);
WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap,
int devId);
#endif
WOLFSSL_API void wc_AesFree(Aes* aes);

View file

@ -100,6 +100,7 @@ enum ASN_Tags {
ASN_SEQUENCE = 0x10,
ASN_SET = 0x11,
ASN_PRINTABLE_STRING = 0x13,
ASN_IA5_STRING = 0x16,
ASN_UTC_TIME = 0x17,
ASN_OTHER_TYPE = 0x00,
ASN_RFC822_TYPE = 0x01,
@ -142,6 +143,9 @@ enum DN_Tags {
ASN_DOMAIN_COMPONENT = 0x19 /* DC */
};
/* This is the size of the smallest possible PEM header and footer */
extern const int pem_struct_min_sz;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
typedef struct WOLFSSL_ObjectInfo {
int nid;
@ -202,6 +206,7 @@ enum
NID_sha256 = 672,
NID_sha384 = 673,
NID_sha512 = 674,
NID_pkcs9_challengePassword = 54,
NID_hw_name_oid = 73,
NID_id_pkix_OCSP_basic = 74,
NID_any_policy = 75,
@ -228,6 +233,7 @@ enum
NID_inhibit_any_policy = 168, /* 2.5.29.54 */
NID_tlsfeature = 1020, /* id-pe 24 */
NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */
NID_buildingName = 1494,
NID_surname = 0x04, /* SN */
@ -300,7 +306,7 @@ enum Misc_ASN {
#endif
RSA_INTS = 8, /* RSA ints in private key */
DSA_INTS = 5, /* DSA ints in private key */
MIN_DATE_SIZE = 13,
MIN_DATE_SIZE = 12,
MAX_DATE_SIZE = 32,
ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
#ifndef NO_RSA
@ -382,6 +388,9 @@ enum Misc_ASN {
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
MAX_X509_VERSION = 3, /* Max X509 version allowed */
MIN_X509_VERSION = 0, /* Min X509 version allowed */
WOLFSSL_X509_V1 = 0,
WOLFSSL_X509_V2 = 1,
WOLFSSL_X509_V3 = 2,
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
@ -422,6 +431,7 @@ enum Oid_Types {
oidCertNameType = 17,
oidTlsExtType = 18,
oidCrlExtType = 19,
oidCsrAttrType = 20,
oidIgnoreType
};
@ -588,6 +598,14 @@ enum KeyIdType {
};
#endif
#ifdef WOLFSSL_CERT_REQ
enum CsrAttrType {
CHALLENGE_PASSWORD_OID = 659,
SERIAL_NUMBER_OID = 94,
EXTENSION_REQUEST_OID = 666,
};
#endif
/* Key usage extension bits (based on RFC 5280) */
#define KEYUSE_DIGITAL_SIG 0x0080
#define KEYUSE_CONTENT_COMMIT 0x0040
@ -660,7 +678,9 @@ struct SignatureCtx {
byte* digest;
#ifndef NO_RSA
byte* out;
byte* plain;
#endif
#if !(defined(NO_RSA) && defined(NO_DSA))
byte* sigCpy;
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
int verify;
@ -669,6 +689,9 @@ struct SignatureCtx {
#ifndef NO_RSA
struct RsaKey* rsa;
#endif
#ifndef NO_DSA
struct DsaKey* dsa;
#endif
#ifdef HAVE_ECC
struct ecc_key* ecc;
#endif
@ -766,6 +789,7 @@ struct DecodedCert {
DNS_entry* altNames; /* alt names list of dns entries */
#ifndef IGNORE_NAME_CONSTRAINTS
DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
DNS_entry* altDirNames; /* alt names list of DIR entries */
Base_entry* permittedNames; /* Permitted name bases */
Base_entry* excludedNames; /* Excluded name bases */
#endif /* IGNORE_NAME_CONSTRAINTS */
@ -888,6 +912,14 @@ struct DecodedCert {
int extCertPoliciesNb;
#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
#ifdef WOLFSSL_CERT_REQ
/* CSR attributes */
char* cPwd; /* challengePassword */
int cPwdLen;
char* sNum; /* Serial Number */
int sNumLen;
#endif /* WOLFSSL_CERT_REQ */
Signer* ca;
#ifndef NO_CERTS
SignatureCtx sigCtx;
@ -939,7 +971,9 @@ struct DecodedCert {
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
byte extCertPolicyCrit : 1;
#endif
#ifdef WOLFSSL_CERT_REQ
byte isCSR : 1; /* Do we intend on parsing a CSR? */
#endif
};
@ -1036,6 +1070,12 @@ WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
const byte* pubKey, word32 pubKeySz, int pubKeyOID);
#endif /* WOLFSSL_CERT_REQ */
WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
int sigAlgoType);
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
@ -1108,6 +1148,8 @@ WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check);
WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int zeroBits, byte* unusedBits);
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
@ -1142,6 +1184,7 @@ WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
#endif
WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
@ -1154,7 +1197,9 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
byte* serial, int* serialSz, word32 maxIdx);
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx);
WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der);
WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
@ -1162,8 +1207,12 @@ WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
/* ASN sig helpers */
WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
mp_int* s);
WOLFSSL_LOCAL int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen,
const byte* r, word32 rLen, const byte* s, word32 sLen);
WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
mp_int* r, mp_int* s);
WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen,
byte* r, word32* rLen, byte* s, word32* sLen);
#endif
#if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
WOLFSSL_API int EccEnumToNID(int n);
@ -1200,7 +1249,8 @@ enum cert_enums {
NTRU_KEY = 11,
ECC_KEY = 12,
ED25519_KEY = 13,
ED448_KEY = 14
ED448_KEY = 14,
DSA_KEY = 15
};
#endif /* WOLFSSL_CERT_GEN */
@ -1251,6 +1301,9 @@ struct CertStatus {
byte serial[EXTERNAL_SERIAL_SIZE];
int serialSz;
#ifdef OPENSSL_EXTRA
WOLFSSL_ASN1_INTEGER* serialInt;
#endif
int status;
@ -1258,7 +1311,7 @@ struct CertStatus {
byte nextDate[MAX_DATE_SIZE];
byte thisDateFormat;
byte nextDateFormat;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
WOLFSSL_ASN1_TIME thisDateParsed;
WOLFSSL_ASN1_TIME nextDateParsed;
byte* thisDateAsn;
@ -1269,7 +1322,34 @@ struct CertStatus {
word32 rawOcspResponseSz;
};
typedef struct OcspEntry OcspEntry;
#ifdef NO_SHA
#define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#else
#define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#endif
struct OcspEntry
{
OcspEntry *next; /* next entry */
word32 hashAlgoOID; /* hash algo ID */
byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
CertStatus *status; /* OCSP response list */
int totalStatus; /* number on list */
byte* rawCertId; /* raw bytes of the CertID */
int rawCertIdSize; /* num bytes in raw CertID */
/* option bits - using 32-bit for alignment */
word32 isDynamic:1; /* was dynamically allocated */
};
/* TODO: Long-term, it would be helpful if we made this struct and other OCSP
structs conform to the ASN spec as described in RFC 6960. It will help
with readability and with implementing OpenSSL compatibility API
functions, because OpenSSL's OCSP data structures conform to the
RFC. */
struct OcspResponse {
int responseStatus; /* return code from Responder */
@ -1279,8 +1359,6 @@ struct OcspResponse {
byte producedDate[MAX_DATE_SIZE];
/* Date at which this response was signed */
byte producedDateFormat; /* format of the producedDate */
byte* issuerHash;
byte* issuerKeyHash;
byte* cert;
word32 certSz;
@ -1289,7 +1367,7 @@ struct OcspResponse {
word32 sigSz; /* Length in octets for the sig */
word32 sigOID; /* OID for hash used for sig */
CertStatus* status; /* certificate status to fill out */
OcspEntry* single; /* chain of OCSP single responses */
byte* nonce; /* pointer to nonce inside ASN.1 response */
int nonceSz; /* length of the nonce string */
@ -1300,6 +1378,7 @@ struct OcspResponse {
#ifdef OPENSSL_EXTRA
int verifyError;
#endif
void* heap;
};
@ -1320,25 +1399,9 @@ struct OcspRequest {
void* ssl;
};
typedef struct OcspEntry OcspEntry;
#ifdef NO_SHA
#define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#else
#define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#endif
struct OcspEntry
{
OcspEntry *next; /* next entry */
byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
CertStatus *status; /* OCSP response list */
int totalStatus; /* number on list */
};
WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int);
WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, OcspEntry*, CertStatus*, byte*, word32, void*);
WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse*);
WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int);
WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*);
WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*);
@ -1416,12 +1479,13 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
#endif
enum PBESTypes {
PBE_MD5_DES = 0,
PBE_SHA1_RC4_128 = 1,
PBE_SHA1_DES = 2,
PBE_SHA1_DES3 = 3,
PBE_AES256_CBC = 4,
PBE_AES128_CBC = 5,
PBE_MD5_DES = 0,
PBE_SHA1_RC4_128 = 1,
PBE_SHA1_DES = 2,
PBE_SHA1_DES3 = 3,
PBE_AES256_CBC = 4,
PBE_AES128_CBC = 5,
PBE_SHA1_40RC2_CBC = 6,
PBE_SHA1_RC4_128_SUM = 657,
PBE_SHA1_DES3_SUM = 659,

View file

@ -126,6 +126,7 @@ enum CertType {
/* Signature type, by OID sum */
enum Ctc_SigType {
CTC_SHAwDSA = 517,
CTC_SHA256wDSA = 416,
CTC_MD2wRSA = 646,
CTC_MD5wRSA = 648,
CTC_SHAwRSA = 649,

View file

@ -55,6 +55,9 @@ Block counter is located at index 12.
/* Size of IV in bytes*/
#define CHACHA_IV_BYTES 12
#ifdef HAVE_XCHACHA
#define XCHACHA_NONCE_BYTES 24
#endif
/* Size of ChaCha chunks */
#define CHACHA_CHUNK_WORDS 16
@ -92,8 +95,17 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
word32 msglen);
WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
#ifdef HAVE_XCHACHA
WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
const byte *nonce, word32 nonceSz,
word32 counter);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

View file

@ -48,6 +48,7 @@ or Authenticated Encryption with Additional Data (AEAD) algorithm.
#define CHACHA20_POLY1305_AEAD_IV_SIZE 12
#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
#define CHACHA20_POLY1305_MAX 4294967295U
#define XCHACHA20_POLY1305_AEAD_NONCE_SIZE 24
enum {
CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */
@ -123,6 +124,30 @@ WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
#ifdef HAVE_XCHACHA
WOLFSSL_API int wc_XChaCha20Poly1305_Init(
ChaChaPoly_Aead* aead,
const byte *ad, word32 ad_len,
const byte *inKey, word32 inKeySz,
const byte *inIV, word32 inIVSz,
int isEncrypt);
WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt(
byte *dst, const size_t dst_space,
const byte *src, const size_t src_len,
const byte *ad, const size_t ad_len,
const byte *nonce, const size_t nonce_len,
const byte *key, const size_t key_len);
WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt(
byte *dst, const size_t dst_space,
const byte *src, const size_t src_len,
const byte *ad, const size_t ad_len,
const byte *nonce, const size_t nonce_len,
const byte *key, const size_t key_len);
#endif /* HAVE_XCHACHA */
#ifdef __cplusplus
} /* extern "C" */

View file

@ -47,6 +47,8 @@ WOLFSSL_API int wc_Compress_ex(byte* out, word32 outSz, const byte* in,
WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32);
WOLFSSL_API int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in,
word32 inSz, int windowBits);
WOLFSSL_API int wc_DeCompressDynamic(byte** out, int max, int memoryType,
const byte* in, word32 inSz, int windowBits, void* heap);
#ifdef __cplusplus
} /* extern "C" */

View file

@ -34,6 +34,7 @@
#if defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_AESNI)
#define CPUID_AVX1 0x0001
#define CPUID_AVX2 0x0002
#define CPUID_RDRAND 0x0004
@ -59,6 +60,7 @@
WOLFSSL_API void cpuid_select_flags(word32 flags);
WOLFSSL_API void cpuid_set_flag(word32 flag);
WOLFSSL_API void cpuid_clear_flag(word32 flag);
#endif
#ifdef __cplusplus

View file

@ -85,6 +85,11 @@ typedef struct wc_CryptoInfo {
WC_RNG* rng;
} rsakg;
#endif
struct {
RsaKey* key;
const byte* pubKey;
word32 pubKeySz;
} rsa_check;
#endif
#ifdef HAVE_ECC
struct {
@ -115,6 +120,11 @@ typedef struct wc_CryptoInfo {
int* res;
ecc_key* key;
} eccverify;
struct {
ecc_key* key;
const byte* pubKey;
word32 pubKeySz;
} ecc_check;
#endif
};
} pk;
@ -212,7 +222,7 @@ typedef struct wc_CryptoInfo {
typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx);
WOLFSSL_LOCAL void wc_CryptoCb_Init(void);
WOLFSSL_LOCAL int wc_CryptoCb_GetDevIdAtIndex(int startIdx);
WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId);
@ -229,6 +239,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e,
WC_RNG* rng);
#endif /* WOLFSSL_KEY_GEN */
WOLFSSL_LOCAL int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey,
word32 pubKeySz);
#endif /* !NO_RSA */
#ifdef HAVE_ECC
@ -243,6 +256,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
WOLFSSL_LOCAL int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
const byte* hash, word32 hashlen, int* res, ecc_key* key);
WOLFSSL_LOCAL int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
word32 pubKeySz);
#endif /* HAVE_ECC */
#ifndef NO_AES

View file

@ -121,8 +121,8 @@ WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz);
WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
byte* pub, word32* pPubSz);
#endif /* WOLFSSL_DH_EXTRA */
WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst);
#endif
WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz,
int trusted, WC_RNG* rng);

View file

@ -58,6 +58,10 @@
#include <libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h>
#endif
#ifdef WOLFSSL_SILABS_SE_ACCEL
#include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h>
#endif
#ifdef WOLFSSL_HAVE_SP_ECC
#include <libs/libwolfssl/wolfcrypt/sp_int.h>
#endif
@ -125,7 +129,7 @@ enum {
ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */
SIG_HEADER_SZ = 7, /* ECC signature header size (30 81 87 02 42 [R] 02 42 [S]) */
ECC_BUFSIZE = 256, /* for exported keys temp buffer */
ECC_MINSIZE = 20, /* MIN Private Key size */
ECC_MINSIZE = ECC_MIN_KEY_SZ/8, /* MIN Private Key size */
ECC_MAXSIZE = 66, /* MAX Private Key size */
ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/
ECC_MAX_OID_LEN = 16,
@ -137,6 +141,8 @@ enum {
ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
#elif defined(PLUTON_CRYPTO_ECC)
ECC_MAX_CRYPTO_HW_SIZE = 32,
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
ECC_MAX_CRYPTO_HW_SIZE = 32,
#elif defined(WOLFSSL_CRYPTOCELL)
#ifndef CRYPTOCELL_KEY_SIZE
CRYPTOCELL_KEY_SIZE = ECC_MAXSIZE,
@ -152,8 +158,9 @@ enum {
/* Shamir's dual add constants */
SHAMIR_PRECOMP_SZ = 16,
#ifdef HAVE_PKCS11
#ifdef WOLF_CRYPTO_CB
ECC_MAX_ID_LEN = 32,
ECC_MAX_LABEL_LEN = 32,
#endif
};
@ -315,7 +322,8 @@ typedef struct ecc_set_type {
#endif
/* determine buffer size */
#define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT)
/* Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod(). */
#define FP_SIZE_ECC ((FP_MAX_BITS_ECC/DIGIT_BIT) + 1)
/* This needs to match the size of the fp_int struct, except the
@ -395,6 +403,16 @@ struct ecc_key {
#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_CB)
int devId;
#endif
#ifdef WOLFSSL_SILABS_SE_ACCEL
sl_se_command_context_t cmd_ctx;
sl_se_key_descriptor_t key;
/* Used for SiLabs "plaintext" with public X, public Y, and
* private D concatenated. These are respectively at offset `0`,
* offset `keysize`, and offset `2 * keysize`.
*/
byte key_raw[3 * ECC_MAX_CRYPTO_HW_SIZE];
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
mp_int* r; /* sign/verify temps */
mp_int* s;
@ -407,9 +425,11 @@ struct ecc_key {
CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
#endif
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_PKCS11
#ifdef WOLF_CRYPTO_CB
byte id[ECC_MAX_ID_LEN];
int idLen;
char label[ECC_MAX_LABEL_LEN];
int labelLen;
#endif
#if defined(WOLFSSL_CRYPTOCELL)
ecc_context_t ctx;
@ -474,6 +494,9 @@ ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
WOLFSSL_LOCAL
int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R,
mp_int* a, mp_int* modulus, mp_digit mp, int* infinity);
WOLFSSL_LOCAL
int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a,
mp_int* modulus, mp_digit mp);
#endif
@ -541,10 +564,12 @@ WOLFSSL_API
int wc_ecc_init(ecc_key* key);
WOLFSSL_ABI WOLFSSL_API
int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
#ifdef HAVE_PKCS11
#ifdef WOLF_CRYPTO_CB
WOLFSSL_API
int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
int devId);
WOLFSSL_API
int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId);
#endif
#ifdef WOLFSSL_CUSTOM_CURVES
WOLFSSL_LOCAL

View file

@ -46,12 +46,15 @@
#if defined(CURVED448_128BIT)
typedef int64_t fe448;
#ifdef __SIZEOF_INT128__
typedef __uint128_t uint128_t;
typedef __int128_t int128_t;
#else
typedef unsigned long uint128_t __attribute__ ((mode(TI)));
typedef long int128_t __attribute__ ((mode(TI)));
#ifndef WOLFSSL_UINT128_T_DEFINED
#ifdef __SIZEOF_INT128__
typedef __uint128_t uint128_t;
typedef __int128_t int128_t;
#else
typedef unsigned long uint128_t __attribute__ ((mode(TI)));
typedef long int128_t __attribute__ ((mode(TI)));
#endif
#define WOLFSSL_UINT128_T_DEFINED
#endif
#else
typedef int32_t fe448;

View file

@ -94,7 +94,8 @@ enum {
WC_SHA3_512 = WC_HASH_TYPE_SHA3_512,
#endif
#ifdef HAVE_PKCS11
HMAC_MAX_ID_LEN = 32,
HMAC_MAX_ID_LEN = 32,
HMAC_MAX_LABEL_LEN = 32,
#endif
};
@ -153,6 +154,8 @@ struct Hmac {
#ifdef HAVE_PKCS11
byte id[HMAC_MAX_ID_LEN];
int idLen;
char label[HMAC_MAX_LABEL_LEN];
int labelLen;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
word16 keyLen; /* hmac key length (key in ipad) */
@ -174,8 +177,12 @@ WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
WOLFSSL_API int wc_HmacSizeByType(int type);
WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId);
#ifdef HAVE_PKCS11
WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap,
int devId);
WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap,
int devId);
#endif
WOLFSSL_API void wc_HmacFree(Hmac*);
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);

View file

@ -33,7 +33,7 @@
may not be faster on all
*/
#include <libs/libwolfssl/wolfcrypt/types.h> /* will set MP_xxBIT if not default */
#ifdef WOLFSSL_SP_MATH
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
#include <libs/libwolfssl/wolfcrypt/sp_int.h>
#elif defined(USE_FAST_MATH)
#include <libs/libwolfssl/wolfcrypt/tfm.h>
@ -161,7 +161,7 @@ extern "C" {
#define MP_OKAY 0 /* ok result */
#define MP_MEM -2 /* out of mem */
#define MP_VAL -3 /* invalid input */
#define MP_NOT_INF -4 /* point not at infinity */
#define MP_NOT_INF -4 /* point not at infinity */
#define MP_RANGE MP_NOT_INF
#define MP_YES 1 /* yes response */

View file

@ -100,6 +100,10 @@ WOLFSSL_API int wolfSSL_Debugging_ON(void);
/* turn logging off */
WOLFSSL_API void wolfSSL_Debugging_OFF(void);
#ifdef HAVE_WC_INTROSPECTION
WOLFSSL_API const char *wolfSSL_configure_args(void);
WOLFSSL_API const char *wolfSSL_global_cflags(void);
#endif
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
WOLFSSL_LOCAL int wc_LoggingInit(void);
@ -187,6 +191,14 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
#define WOLFSSL_ERROR_MSG(m)
#endif
#ifdef HAVE_STACK_SIZE_VERBOSE
extern WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack;
extern WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSize;
extern WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSizeHWM;
extern WOLFSSL_API THREAD_LS_T size_t *StackSizeCheck_stackSizeHWM_ptr;
extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer;
#endif
#ifdef __cplusplus
}
#endif

View file

@ -76,6 +76,15 @@
long totalBytes; /* total number of bytes allocated */
long peakBytes; /* concurrent max bytes */
long currentBytes; /* total current bytes in use */
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
long peakAllocsTripOdometer; /* peak number of concurrent allocations,
* subject to reset by
* wolfCrypt_heap_peak_checkpoint()
*/
long peakBytesTripOdometer; /* peak concurrent bytes, subject to reset
* by wolfCrypt_heap_peak_checkpoint()
*/
#endif
} memoryStats;
typedef struct memHint {
@ -170,8 +179,17 @@
ourMemStats.totalAllocs++;
ourMemStats.totalBytes += sz;
ourMemStats.currentBytes += sz;
if (ourMemStats.currentBytes > ourMemStats.peakBytes)
ourMemStats.peakBytes = ourMemStats.currentBytes;
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs - ourMemStats.totalDeallocs)
ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - ourMemStats.totalDeallocs;
if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes) {
ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes;
#endif
if (ourMemStats.currentBytes > ourMemStats.peakBytes)
ourMemStats.peakBytes = ourMemStats.currentBytes;
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
}
#endif
#endif
#ifdef DO_MEM_LIST
if (pthread_mutex_lock(&memLock) == 0) {
@ -338,8 +356,12 @@
ourMemStats.totalBytes = 0;
ourMemStats.peakBytes = 0;
ourMemStats.currentBytes = 0;
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
ourMemStats.peakAllocsTripOdometer = 0;
ourMemStats.peakBytesTripOdometer = 0;
#endif
#endif
#ifdef DO_MEM_LIST
XMEMSET(&ourMemList, 0, sizeof(ourMemList));

View file

@ -43,11 +43,23 @@ word32 rotlFixed(word32, word32);
WOLFSSL_LOCAL
word32 rotrFixed(word32, word32);
#ifdef WC_RC2
WOLFSSL_LOCAL
word16 rotlFixed16(word16, word16);
WOLFSSL_LOCAL
word16 rotrFixed16(word16, word16);
#endif
WOLFSSL_LOCAL
word32 ByteReverseWord32(word32);
WOLFSSL_LOCAL
void ByteReverseWords(word32*, const word32*, word32);
WOLFSSL_LOCAL
void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, const wolfssl_word* b,
word32 n);
WOLFSSL_LOCAL
void xorbufout(void*, const void*, const void*, word32);
WOLFSSL_LOCAL
void XorWords(wolfssl_word*, const wolfssl_word*, word32);
WOLFSSL_LOCAL
@ -103,7 +115,9 @@ WOLFSSL_LOCAL byte ctMaskLT(int a, int b);
WOLFSSL_LOCAL byte ctMaskLTE(int a, int b);
WOLFSSL_LOCAL byte ctMaskEq(int a, int b);
WOLFSSL_LOCAL word16 ctMask16GT(int a, int b);
WOLFSSL_LOCAL word16 ctMask16GTE(int a, int b);
WOLFSSL_LOCAL word16 ctMask16LT(int a, int b);
WOLFSSL_LOCAL word16 ctMask16LTE(int a, int b);
WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b);
WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b);
WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b);

View file

@ -53,6 +53,8 @@ WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz);
WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
byte** pkey, word32* pkeySz, byte** cert, word32* certSz,
WC_DerCertList** ca);
WOLFSSL_LOCAL int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12,
const byte* psw, word32 pswSz);
WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz,
char* name, byte* key, word32 keySz, byte* cert, word32 certSz,
WC_DerCertList* ca, int nidKey, int nidCert, int iter, int macIter,

View file

@ -48,8 +48,12 @@
/* Max number of certificates that PKCS7 structure can parse */
#ifndef MAX_PKCS7_CERTS
#ifdef OPENSSL_ALL
#define MAX_PKCS7_CERTS 15
#else
#define MAX_PKCS7_CERTS 4
#endif
#endif
#ifndef MAX_ORI_TYPE_SZ
#define MAX_ORI_TYPE_SZ MAX_OID_SZ
@ -154,8 +158,8 @@ enum Pkcs7_Misc {
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)) || (defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || HAVE_SELFTEST_VERSION < 2))
(HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)))
/* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are
* not in aes.h for use with pkcs7 so enumerate it here outside the fips
* boundary */

View file

@ -116,6 +116,9 @@ WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
/* AEAD Functions */
WOLFSSL_API int wc_Poly1305_Pad(Poly1305* ctx, word32 lenToPad);
WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 dataSz);
#ifdef WORD64_AVAILABLE
WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz, word64 dataSz);
#endif
WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
byte* input, word32 sz, byte* tag, word32 tagSz);

View file

@ -29,10 +29,8 @@
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_ATECC_PKCB)
#undef SHA_BLOCK_SIZE
#define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP
#include <cryptoauthlib.h>
#undef SHA_BLOCK_SIZE
#include <cryptoauthlib.h>
#endif
/* ATECC508A/608A only supports ECC P-256 */

View file

@ -0,0 +1,67 @@
/* silabs_aes.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _SILABS_AES_H_
#define _SILABS_AES_H_
#include <em_device.h>
#if defined(WOLFSSL_SILABS_SE_ACCEL)
#include <libs/libwolfssl/wolfcrypt/types.h>
#include <sl_se_manager.h>
#include <sl_se_manager_cipher.h>
typedef struct {
sl_se_command_context_t cmd_ctx;
sl_se_key_descriptor_t key;
} silabs_aes_t;
typedef struct Aes Aes;
#ifdef HAVE_AESGCM
int wc_AesGcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
int wc_AesGcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
#endif /* HAVE_AESGCM */
#ifdef HAVE_AESCCM
int wc_AesCcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
int wc_AesCcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
#endif /* HAVE_AESCCM */
#endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */
#endif /* _SILABS_AES_H_ */

View file

@ -0,0 +1,63 @@
/* silabs_ecc.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _SILABS_ECC_H_
#define _SILABS_ECC_H_
#if defined(WOLFSSL_SILABS_SE_ACCEL)
#include <libs/libwolfssl/wolfcrypt/types.h>
#include <sl_se_manager.h>
#include <sl_se_manager_defines.h>
#include <sl_se_manager_key_derivation.h>
#include <sl_se_manager_signature.h>
typedef enum ecc_curve_id ecc_curve_id;
typedef struct ecc_key ecc_key;
int silabs_ecc_sign_hash (const byte* in, word32 inlen,
byte* out, word32 *outlen,
ecc_key* key);
int silabs_ecc_verify_hash (const byte* sig, word32 siglen,
const byte* hash, word32 hashlen,
int* stat, ecc_key* key);
int silabs_ecc_make_key(ecc_key* key, int keysize);
int silabs_ecc_import(ecc_key* key, word32 keysize);
int silabs_ecc_import_private(ecc_key* key, word32 keysize);
int silabs_ecc_sig_to_rs(ecc_key* key, word32 keySz);
int silabs_ecc_import_private_raw(ecc_key* key, word32 keySz, const char* d, int encType);
int silabs_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
byte* out, word32* outlen);
#endif /* WOLFSSL_SILABS_SE_ACCEL */
#endif /* _SILABS_ECC_H_ */

View file

@ -0,0 +1,66 @@
/* silabs_hash.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _SILABS_HASH_H_
#define _SILABS_HASH_H_
#include <em_device.h>
#if defined(WOLFSSL_SILABS_SE_ACCEL)
#include <libs/libwolfssl/wolfcrypt/types.h>
#include <sl_se_manager.h>
#include <sl_se_manager_hash.h>
#if defined(SL_SE_HASH_SHA384) && !defined(NO_SHA384)
#define WOLFSSL_SILABS_SHA384
#endif
#if defined(SL_SE_HASH_SHA512) && !defined(NO_SHA384)
#define WOLFSSL_SILABS_SHA512
#endif
typedef struct {
sl_se_hash_streaming_context_t hash_ctx;
sl_se_command_context_t cmd_ctx;
union hash_type_ctx_u {
sl_se_sha1_streaming_context_t sha1_ctx;
sl_se_sha224_streaming_context_t sha224_ctx;
sl_se_sha256_streaming_context_t sha256_ctx;
#ifdef WOLFSSL_SILABS_SHA384
sl_se_sha384_streaming_context_t sha384_ctx;
#endif
#ifdef WOLFSSL_SILABS_SHA512
sl_se_sha512_streaming_context_t sha512_ctx;
#endif
} hash_type_ctx;
} wc_silabs_sha_t;
int wc_silabs_se_hash_init (wc_silabs_sha_t* sha, enum wc_HashType type);
int wc_silabs_se_hash_update (wc_silabs_sha_t* sha, const byte* data, word32 len);
int wc_silabs_se_hash_final (wc_silabs_sha_t* sha, byte* hash);
#endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */
#endif /* _SILABS_HASH_H_ */

View file

@ -0,0 +1,35 @@
/* silabs_random.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _SILABS_RANDOM_H_
#define _SILABS_RANDOM_H_
#if defined(WOLFSSL_SILABS_SE_ACCEL)
#include <libs/libwolfssl/wolfcrypt/types.h>
int silabs_GenerateRand(byte* output, word32 sz);
#endif /* WOLFSSL_SILABS_SE_ACCEL */
#endif /* _SILABS_RANDOM_H_ */

View file

@ -225,7 +225,12 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*);
#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
#if defined(__ghs__) || defined(WC_NO_RNG_SIMPLE)
/* some older compilers do not like macro function in expression */
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
#else
#define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
#endif
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
#endif

View file

@ -141,8 +141,9 @@ enum {
RSA_PSS_SALT_LEN_DISCOVER = -2,
#endif
#ifdef HAVE_PKCS11
#ifdef WOLF_CRYPTO_CB
RSA_MAX_ID_LEN = 32,
RSA_MAX_LABEL_LEN = 32,
#endif
};
@ -184,9 +185,11 @@ struct RsaKey {
byte* mod;
XSecure_Rsa xRsa;
#endif
#ifdef HAVE_PKCS11
#ifdef WOLF_CRYPTO_CB
byte id[RSA_MAX_ID_LEN];
int idLen;
char label[RSA_MAX_LABEL_LEN];
int labelLen;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE)
byte dataIsAlloc;
@ -213,9 +216,11 @@ struct RsaKey {
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
#ifdef HAVE_PKCS11
#ifdef WOLF_CRYPTO_CB
WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
void* heap, int devId);
WOLFSSL_API int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap,
int devId);
#endif
WOLFSSL_API int wc_CheckRsaKey(RsaKey* key);
#ifdef WOLFSSL_XILINX_CRYPT
@ -246,6 +251,9 @@ WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, int pad_type);
WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, int pad_type,
enum wc_HashType hash);
WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
enum wc_HashType hash, int mgf,
RsaKey* key);
@ -367,6 +375,8 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou
int mgf, byte* optLabel, word32 labelLen, int saltLen,
int bits, void* heap);
WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType);
#endif /* HAVE_USER_RSA */
#ifdef __cplusplus

View file

@ -225,10 +225,9 @@
#include "user_settings.h"
#elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
/* STM Configuration File (generated by CubeMX) */
#include "wolfSSL.wolfSSL_conf.h"
#include "wolfSSL.I-CUBE-wolfSSL_conf.h"
#endif
/* make sure old RNG name is used with CTaoCrypt FIPS */
#ifdef HAVE_FIPS
#if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)
@ -358,12 +357,13 @@
#define NO_FILESYSTEM
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MAX
#define NO_BIG_INT
#endif
#ifdef WOLFSSL_MICROCHIP_PIC32MZ
#define WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MAX
#ifndef NO_PIC32MZ_CRYPT
#define WOLFSSL_PIC32MZ_CRYPT
#endif
@ -678,17 +678,17 @@ extern void uITRON4_free(void *p) ;
/* static char* gets(char *buff); */
static char* fgets(char *buff, int sz, XFILE fp) {
char * p = buff;
*p = '\0';
char * s = buff;
*s = '\0';
while (1) {
*p = tm_getchar(-1);
tm_putchar(*p);
if (*p == '\r') {
*s = tm_getchar(-1);
tm_putchar(*s);
if (*s == '\r') {
tm_putchar('\n');
*p = '\0';
*s = '\0';
break;
}
p++;
s++;
}
return buff;
}
@ -1070,7 +1070,9 @@ extern void uITRON4_free(void *p) ;
#define ECC_TIMING_RESISTANT
#undef HAVE_ECC
#ifndef WOLFCRYPT_FIPS_RAND
#define HAVE_ECC
#endif
#ifndef NO_AES
#undef HAVE_AESCCM
#define HAVE_AESCCM
@ -1165,7 +1167,9 @@ extern void uITRON4_free(void *p) ;
#endif
#if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA
#ifndef WOLFCRYPT_FIPS_RAND
#define FREESCALE_LTC_ECC
#endif
#define FREESCALE_LTC_TFM
/* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic.
@ -1215,6 +1219,8 @@ extern void uITRON4_free(void *p) ;
#define USE_CERT_BUFFERS_4096
#undef FP_MAX_BITS
#define FP_MAX_BITS (8192)
#undef SP_INT_BITS
#define SP_INT_BITS (4096)
#undef NO_DH
#define NO_DH
@ -1387,11 +1393,18 @@ extern void uITRON4_free(void *p) ;
#ifdef MICRIUM
#include <stdlib.h>
#include <os.h>
#include <net_cfg.h>
#include <net_sock.h>
#include <net_err.h>
#if defined(RTOS_MODULE_NET_AVAIL) || (APP_CFG_TCPIP_EN == DEF_ENABLED)
#include <net_cfg.h>
#include <net_sock.h>
#if (OS_VERSION < 50000)
#include <net_err.h>
#endif
#endif
#include <lib_mem.h>
#include <lib_math.h>
#include <lib_str.h>
#include <stdio.h>
#include <string.h>
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
@ -1415,7 +1428,7 @@ extern void uITRON4_free(void *p) ;
#define NO_WOLFSSL_DIR
#define NO_WRITEV
#ifndef CUSTOM_RAND_GENERATE
#if ! defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(CUSTOM_RAND_GENERATE)
#define CUSTOM_RAND_TYPE RAND_NBR
#define CUSTOM_RAND_GENERATE Math_Rand
#endif
@ -1445,10 +1458,25 @@ extern void uITRON4_free(void *p) ;
(CPU_SIZE_T)(size)))
#define XMEMCPY(pdest, psrc, size) ((void)Mem_Copy((void *)(pdest), \
(void *)(psrc), (CPU_SIZE_T)(size)))
#define XMEMCMP(pmem_1, pmem_2, size) \
(((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \
(void *)(pmem_2), \
#if (OS_VERSION < 50000)
#define XMEMCMP(pmem_1, pmem_2, size) \
(((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \
(void *)(pmem_2), \
(CPU_SIZE_T)(size))) ? DEF_NO : DEF_YES)
#else
/* Work around for Micrium OS version 5.8 change in behavior
* that returns DEF_NO for 0 size compare
*/
#define XMEMCMP(pmem_1, pmem_2, size) \
(( (size < 1 ) || \
((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \
(void *)(pmem_2), \
(CPU_SIZE_T)(size)) == DEF_YES)) \
? 0 : 1)
#define XSNPRINTF snprintf
#endif
#define XMEMMOVE XMEMCPY
#if (OS_CFG_MUTEX_EN == DEF_DISABLED)
@ -1746,6 +1774,21 @@ extern void uITRON4_free(void *p) ;
#endif
#endif
/* The minimum allowed ECC key size */
/* Note: 224-bits is equivelant to 2048-bit RSA */
#ifndef ECC_MIN_KEY_SZ
#ifdef WOLFSSL_MIN_ECC_BITS
#define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS
#else
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2
/* FIPSv2 and ready (for now) includes 192-bit support */
#define ECC_MIN_KEY_SZ 192
#else
#define ECC_MIN_KEY_SZ 224
#endif
#endif
#endif
/* ECC Configs */
#ifdef HAVE_ECC
/* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
@ -1929,6 +1972,11 @@ extern void uITRON4_free(void *p) ;
#error "FFDHE parameters are too large for FP_MAX_BIT as set"
#endif
#endif
#if defined(HAVE_FFDHE) && defined(SP_INT_BITS)
#if MIN_FFDHE_FP_MAX_BITS > SP_INT_BITS * 2
#error "FFDHE parameters are too large for SP_INT_BIT as set"
#endif
#endif
/* if desktop type system and fastmath increase default max bits */
#ifdef WOLFSSL_X86_64_BUILD
@ -1939,6 +1987,13 @@ extern void uITRON4_free(void *p) ;
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#endif
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(SP_INT_BITS)
#if MIN_FFDHE_FP_MAX_BITS <= 8192
#define SP_INT_BITS 4096
#else
#define PS_INT_BITS MIN_FFDHE_FP_MAX_BITS / 2
#endif
#endif
#endif
/* If using the max strength build, ensure OLD TLS is disabled. */
@ -2118,8 +2173,8 @@ extern void uITRON4_free(void *p) ;
#ifndef USE_WOLF_STRTOK
#define USE_WOLF_STRTOK
#endif
#ifndef WOLFSSL_SP_MOD_WORD_RP
#define WOLFSSL_SP_MOD_WORD_RP
#ifndef WOLFSSL_SP_DIV_WORD_HALF
#define WOLFSSL_SP_DIV_WORD_HALF
#endif
#ifndef WOLFSSL_OLD_PRIME_CHECK
#define WOLFSSL_OLD_PRIME_CHECK
@ -2138,12 +2193,6 @@ extern void uITRON4_free(void *p) ;
#ifndef WOLFSSL_SP_DIV_WORD_HALF
#define WOLFSSL_SP_DIV_WORD_HALF
#endif
#ifndef SP_HALF_SIZE
#define SP_HALF_SIZE 32
#endif
#ifndef SP_HALF_MAX
#define SP_HALF_MAX 4294967295U
#endif
#endif
@ -2154,7 +2203,8 @@ extern void uITRON4_free(void *p) ;
#undef HAVE_GMTIME_R /* don't trust macro with windows */
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(HAVE_LIGHTY)
#define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION
#define OPENSSL_NO_ENGINE
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
@ -2175,7 +2225,7 @@ extern void uITRON4_free(void *p) ;
#endif
#endif
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
#ifdef HAVE_SNI
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
#endif
@ -2248,17 +2298,23 @@ extern void uITRON4_free(void *p) ;
#endif
/* Parts of the openssl compatibility layer require peer certs */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(HAVE_LIGHTY)
#undef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/
#ifdef WOLFSSL_ARMASM
/* RAW hash function APIs are not implemented */
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH)
#undef WOLFSSL_NO_HASH_RAW
#define WOLFSSL_NO_HASH_RAW
#endif
/* XChacha not implemented with ARM assembly ChaCha */
#if defined(WOLFSSL_ARMASM)
#undef HAVE_XCHACHA
#endif
#if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \
!defined(WOLFSSL_SHA3)
#undef WOLFSSL_NO_WORD64_OPS
@ -2297,7 +2353,8 @@ extern void uITRON4_free(void *p) ;
#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
!defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_RSA_PUBLIC_ONLY)
(defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
defined(WOLFSSL_RSA_PUBLIC_ONLY)
#undef WOLFSSL_NO_FORCE_ZERO
#define WOLFSSL_NO_FORCE_ZERO
#endif
@ -2323,6 +2380,13 @@ extern void uITRON4_free(void *p) ;
#undef WOLFSSL_SMALL_STACK
#endif
#ifdef WOLFSSL_SMALL_STACK_STATIC
#undef WOLFSSL_SMALL_STACK_STATIC
#define WOLFSSL_SMALL_STACK_STATIC static
#else
#define WOLFSSL_SMALL_STACK_STATIC
#endif
/* The client session cache requires time for timeout */
#if defined(NO_ASN_TIME) && !defined(NO_SESSION_CACHE)
#define NO_SESSION_CACHE

View file

@ -75,6 +75,9 @@
#ifdef WOLFSSL_IMXRT_DCP
#include <libs/libwolfssl/wolfcrypt/port/nxp/dcp_port.h>
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL)
#include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h>
#endif
#if !defined(NO_OLD_SHA_NAMES)
#define SHA WC_SHA
@ -114,6 +117,8 @@ struct wc_Sha {
ltc_hash_ctx_t ctx;
#elif defined(STM32_HASH)
STM32_HASH_Context stmCtx;
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
wc_silabs_sha_t silabsCtx;
#else
word32 buffLen; /* in bytes */
word32 loLen; /* length in bytes */

View file

@ -88,6 +88,9 @@
#if defined(WOLFSSL_CRYPTOCELL)
#include <libs/libwolfssl/wolfcrypt/port/arm/cryptoCell.h>
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL)
#include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h>
#endif
#if defined(_MSC_VER)
#define SHA256_NOINLINE __declspec(noinline)
@ -138,6 +141,8 @@ struct wc_Sha256 {
ltc_hash_ctx_t ctx;
#elif defined(STM32_HASH_SHA2)
STM32_HASH_Context stmCtx;
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
wc_silabs_sha_t silabsCtx;
#else
/* alignment on digest and buffer speeds up ARMv8 crypto operations */
ALIGN16 word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];

View file

@ -90,7 +90,7 @@ enum {
#else
/* Sha3 digest */
struct Sha3 {
struct wc_Sha3 {
/* State data that is processed for each block. */
word64 s[25];
/* Unprocessed message data. */
@ -109,7 +109,7 @@ struct Sha3 {
};
#ifndef WC_SHA3_TYPE_DEFINED
typedef struct Sha3 wc_Sha3;
typedef struct wc_Sha3 wc_Sha3;
#define WC_SHA3_TYPE_DEFINED
#endif

View file

@ -76,6 +76,10 @@
#ifdef WOLFSSL_ESP32WROOM32_CRYPT
#include <libs/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL)
#include <libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h>
#endif
#if defined(_MSC_VER)
#define SHA512_NOINLINE __declspec(noinline)
#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
@ -136,6 +140,10 @@ struct wc_Sha512 {
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
WC_ESP32SHA ctx;
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL)
wc_silabs_sha_t silabsCtx;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
word32 flags; /* enum wc_HashFlags in hash.h */
#endif

File diff suppressed because it is too large Load diff

View file

@ -154,6 +154,7 @@ decouple library dependencies with standard string, memory and so on.
#ifdef WORD64_AVAILABLE
#define WOLFCRYPT_SLOW_WORD64
#endif
#define WC_32BIT_CPU
#endif
#elif defined(WC_16BIT_CPU)
@ -167,6 +168,7 @@ decouple library dependencies with standard string, memory and so on.
typedef word32 wolfssl_word;
#define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
mp_digit, no 64 bit type so make mp_digit 16 bit */
#define WC_32BIT_CPU
#endif
enum {
@ -493,11 +495,12 @@ decouple library dependencies with standard string, memory and so on.
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
/* strstr, strncmp, and strncat only used by wolfSSL proper,
/* strstr, strncmp, strcmp, and strncat only used by wolfSSL proper,
* not required for wolfCrypt only */
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRCMP(s1,s2) strcmp((s1),(s2))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#ifdef USE_WOLF_STRSEP
@ -647,9 +650,12 @@ decouple library dependencies with standard string, memory and so on.
#include <ctype.h>
#endif
#if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA)
defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \
defined(OPENSSL_EXTRA)
#define XTOUPPER(c) toupper((c))
#define XISALPHA(c) isalpha((c))
#endif
#ifdef OPENSSL_ALL
#define XISALNUM(c) isalnum((c))
#endif
/* needed by wolfSSL_check_domain_name() */
#define XTOLOWER(c) tolower((c))
@ -784,7 +790,8 @@ decouple library dependencies with standard string, memory and so on.
/* hash types */
enum wc_HashType {
#if defined(HAVE_SELFTEST) || defined(HAVE_FIPS)
#if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) && \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))
/* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types.
* Values here are based on old selftest hmac.h enum, with additions.
* These values are fixed for backwards FIPS compatibility */
@ -858,8 +865,10 @@ decouple library dependencies with standard string, memory and so on.
WC_PK_TYPE_CURVE25519 = 7,
WC_PK_TYPE_RSA_KEYGEN = 8,
WC_PK_TYPE_EC_KEYGEN = 9,
WC_PK_TYPE_RSA_CHECK_PRIV_KEY = 10,
WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11,
WC_PK_TYPE_MAX = WC_PK_TYPE_EC_KEYGEN
WC_PK_TYPE_MAX = WC_PK_TYPE_EC_CHECK_PRIV_KEY
};

View file

@ -67,7 +67,6 @@ enum Pkcs11KeyType {
PKCS11_KEY_TYPE_EC,
};
WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library,
void* heap);
WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);

View file

@ -81,6 +81,7 @@
_Pragma("GCC diagnostic ignored \"-Wsign-compare\"");
_Pragma("GCC diagnostic ignored \"-Wpointer-sign\"");
_Pragma("GCC diagnostic ignored \"-Wbad-function-cast\"");
_Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\"");
#include <linux/kconfig.h>
#include <linux/kernel.h>
@ -88,6 +89,7 @@
#include <linux/ctype.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/mm.h>
#ifndef SINGLE_THREADED
#include <linux/kthread.h>
#endif
@ -99,19 +101,52 @@
#else
#include <asm/simd.h>
#endif
#define SAVE_VECTOR_REGISTERS() kernel_fpu_begin()
#define RESTORE_VECTOR_REGISTERS() kernel_fpu_end()
#ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS() kernel_fpu_begin()
#endif
#ifndef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() kernel_fpu_end()
#endif
#elif defined(WOLFSSL_ARMASM)
#include <asm/fpsimd.h>
#define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); })
#define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); })
#ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); })
#endif
#ifndef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); })
#endif
#else
#define SAVE_VECTOR_REGISTERS() ({})
#define RESTORE_VECTOR_REGISTERS() ({})
#ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS() ({})
#endif
#ifndef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() ({})
#endif
#endif
_Pragma("GCC diagnostic pop");
/* Linux headers define these using C expressions, but we need
* them to be evaluable by the preprocessor, for use in sp_int.h.
*/
_Static_assert(sizeof(ULONG_MAX) == 8, "WOLFSSL_LINUXKM supported only on targets with 64 bit long words.");
#undef UCHAR_MAX
#define UCHAR_MAX 255
#undef USHRT_MAX
#define USHRT_MAX 65535
#undef UINT_MAX
#define UINT_MAX 4294967295U
#undef ULONG_MAX
#define ULONG_MAX 18446744073709551615UL
#undef ULLONG_MAX
#define ULLONG_MAX ULONG_MAX
#undef INT_MAX
#define INT_MAX 2147483647
#undef LONG_MAX
#define LONG_MAX 9223372036854775807L
#undef LLONG_MAX
#define LLONG_MAX LONG_MAX
/* remove this multifariously conflicting macro, picked up from
* Linux arch/<arch>/include/asm/current.h.
*/
@ -122,9 +157,17 @@
*/
#define _MM_MALLOC_H_INCLUDED
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
/* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */
#define malloc(x) kvmalloc(x, GFP_KERNEL)
#define free(x) kvfree(x)
void *lkm_realloc(void *ptr, size_t newsize);
#define realloc(x, y) lkm_realloc(x, y)
#else
#define malloc(x) kmalloc(x, GFP_KERNEL)
#define free(x) kfree(x)
#define realloc(x,y) krealloc(x, y, GFP_KERNEL)
#endif
/* min() and max() in linux/kernel.h over-aggressively type-check, producing
* myriad spurious -Werrors throughout the codebase.
@ -157,8 +200,10 @@
#else /* ! WOLFSSL_LINUXKM */
#ifdef BUILDING_WOLFSSL
#ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS() do{}while(0)
#endif
#ifndef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() do{}while(0)
#endif
@ -193,6 +238,8 @@
/* do nothing, just don't pick Unix */
#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
/* do nothing */
#elif defined(RTTHREAD)
/* do nothing */
#elif defined(EBSNET)
/* do nothing */
#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
@ -298,6 +345,9 @@
#include "FreeRTOS.h"
#include "semphr.h"
typedef SemaphoreHandle_t wolfSSL_Mutex;
#elif defined (RTTHREAD)
#include "rtthread.h"
typedef rt_mutex_t wolfSSL_Mutex;
#elif defined(WOLFSSL_SAFERTOS)
typedef struct wolfSSL_Mutex {
signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
@ -409,6 +459,11 @@ WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb);
WOLFSSL_API int wolfCrypt_Init(void);
WOLFSSL_API int wolfCrypt_Cleanup(void);
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
WOLFSSL_API long wolfCrypt_heap_peakAllocs_checkpoint(void);
WOLFSSL_API long wolfCrypt_heap_peakBytes_checkpoint(void);
#endif
/* FILESYSTEM SECTION */
/* filesystem abstraction layer, used by ssl.c */
@ -564,6 +619,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#else
#define XFOPEN fopen
#endif
#define XFDOPEN fdopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND rewind
@ -579,6 +635,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#include <dirent.h>
#include <unistd.h>
#include <sys/stat.h>
#define XWRITE write
#define XREAD read
#define XCLOSE close
#endif
#endif
@ -786,7 +845,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#ifdef BUILDING_WOLFSSL
/* includes are all above, with incompatible warnings masked out. */
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0)
typedef __kernel_time_t time_t;
#else
typedef __kernel_time64_t time_t;

View file

@ -449,7 +449,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
}
PARSE_INT_3(status);
/* get message includig preceding space */
/* get message including preceding space */
if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) {
return NULL;
}